CN111158767A - BMC-based server secure starting method and device - Google Patents
BMC-based server secure starting method and device Download PDFInfo
- Publication number
- CN111158767A CN111158767A CN201911358516.2A CN201911358516A CN111158767A CN 111158767 A CN111158767 A CN 111158767A CN 201911358516 A CN201911358516 A CN 201911358516A CN 111158767 A CN111158767 A CN 111158767A
- Authority
- CN
- China
- Prior art keywords
- cpld
- module
- measurement result
- bios
- bmc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The embodiment of the invention provides a method and a device for safely starting a server based on BMC (baseboard management controller), wherein the method comprises the following steps: starting the BMC management system and the trusted password module, calling the trusted password module based on the BMC management system to measure the CPLD and the BIOS module, and acquiring the measurement result of the CPLD and the BIOS module; if the CPLD and the BIOS module are not maliciously damaged according to the measurement results of the CPLD and the BIOS module, controlling the CPLD to electrify the BIOS module; the method comprises the steps that a BIOS module is used for carrying out state detection on host hardware of a server, if the state detection is passed, a trusted password module is called to measure a starting code of a host operating system of the server, a measurement result of the starting code is obtained, and if the starting code is not modified according to the measurement result of the starting code, the host operating system is started. According to the embodiment of the invention, additional load is not required to be added, and the safe starting of the server is realized.
Description
Technical Field
The invention belongs to the technical field of computer security, and particularly relates to a server secure startup method and device based on BMC.
Background
A Baseboard Management Controller (BMC) Management system is an embedded Management system independent of a host operating system on a server motherboard, supports an industry standard IPMI (intelligent platform Management Interface) protocol, and functions to provide a remote Management function for a server by using a virtual keyboard, a mouse, and the like. The user utilizes the BMC to monitor the physical characteristics of the server, such as temperature, voltage, fan operating status, etc. of the components.
The Basic Input Output System (BIOS) is a core software System that is directly fixed on a motherboard, and stores a program of the most important Basic Input and Output of a server, a self-test program after power-on, and a System self-boot program. After the computer is started, the BIOS reads and writes specific information set by a system from a Read-Only Memory (ROM) and other memories, and provides the bottommost and most direct hardware setting and control for the server.
In the prior art, a trusted cryptographic module is added, and the trusted cryptographic module is started preferentially, so that a starting trust chain is constructed, and the trusted starting of a server is realized. After the server is powered on, the trusted password module performs self-checking to determine whether the server works normally. If the device is in an abnormal working state, alarming and shutting down the device. If the CPLD is normal, the trusted cryptography module measures the integrity of codes in the CPLD (Complex programmable Logic Device), determines whether the CPLD is correct, and stores the measurement result of the CPLD in the trusted cryptography module. And if the CPLD is correct, carrying out the next step, otherwise, recovering the CPLD. And then the trusted password module measures the boot layer of the BMC to determine whether the boot layer of the BMC is correct. If the boot layer is correct, the next step is carried out, otherwise, the BMC boot layer is recovered. A trusted measurement module is built in the BMC boot layer, and the operating system image of the BMC is measured through the trusted password module. Proceeding to the next step according to the result. The BMC operating system comprises a credible measurement agent and a credible strategy management module. The trusted measurement agent measures the BIOS through the trusted password module according to the user configuration policy in the trusted policy management module. If the BIOS is correct, the task of the BIOS for performing the credibility measurement is initiatively completed by the credible password module. The BIOS measures the critical hardware of the server. The BIOS measures key equipment such as a hard disk, a display card, a network card and the like by calling an interface of the trusted password module, and prevents the key equipment from being replaced or implanted with trojans without authorization.
In the prior art, a hardware cryptographic module is added to perform trust measurement on the related firmware of the server, so that a trust chain is constructed, and secure startup of the server is realized. Firstly, establishing connection between a Baseboard Management Controller (BMC) and a BIOS (basic input/output system) through an SPI (serial peripheral Interface), establishing connection between the BMC and a Trusted Cryptography Module (TCM) through an LPC (LOW PIN COUNT) bus, and storing an SM3 hash algorithm and a reference value in the TCM; the BMC collects key codes in the BIOS through the SPI bus; calling an SM3 hash algorithm stored in the TCM through an LPC bus to measure the key code to obtain a measurement value; judging whether the measurement value is consistent with a reference value stored in the TCM, if so, sending a control signal to a Central Processing Unit (CPU) to control the CPU to be powered on, and transmitting a trust chain to a key code in the BIOS; otherwise, the CPU is prohibited from starting to realize the trust transfer.
The former method starts the trusted cryptographic module first, but the trusted cryptographic module cannot measure other parts by itself, needs a system program to call, and needs to initialize many hardware, which undoubtedly increases the extra load of the system and also increases the related modification cost. In the latter method, the TCM module is added, so that the TCM module and the BMC are used as the root of trust of the system at the same time to construct a trust chain, but the trust chain construction process does not realize the trust measurement of the CPLD, and the CPLD is used for performing power-on control on each device on the mainboard, so that serious consequences can occur if the CPLD is attacked. Therefore, the trustworthiness of the CPLD is also very important.
Disclosure of Invention
In order to overcome the problems that the existing server secure boot method increases additional load and modification cost and the reliability measurement is incomplete or at least partially solves the problems, embodiments of the present invention provide a server secure boot method and apparatus based on BMC.
According to a first aspect of the embodiments of the present invention, a BMC-based server secure boot method is provided, including:
starting a BMC management system and a trusted password module, calling the trusted password module to measure a CPLD and a BIOS module based on the BMC management system, and acquiring measurement results of the CPLD and the BIOS module;
if the CPLD is known not to be maliciously damaged according to the measurement result of the CPLD and the BIOS module is known not to be maliciously damaged according to the measurement result of the BIOS module, controlling the CPLD to electrify the BIOS module;
the method comprises the steps that a BIOS module is used for carrying out state detection on host hardware of a server, if the state detection is passed, the BMC management system calls a trusted password module to measure a starting code of a host operating system of the server, a measurement result of the starting code is obtained, and if the starting code is not modified according to the measurement result of the starting code, the host operating system is started.
Specifically, the step of calling the trusted cryptography module to measure the CPLD and the BIOS module based on the BMC management system, and obtaining the measurement result of the CPLD and the BIOS module includes:
calling the trusted password module to measure the CPLD based on the BMC management system, and acquiring a measurement result of the CPLD;
if the CPLD is not maliciously damaged according to the measurement result of the CPLD, the trusted password module is called to measure the BIOS module based on the BMC management system, and the measurement result of the BIOS module is obtained.
Specifically, the step of knowing that the CPLD is not maliciously damaged according to the measurement result of the CPLD includes:
comparing the measurement result of the CPLD with a prestored reference measurement value of the CPLD;
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, the CPLD is known not to be maliciously damaged, and the CPLD is allowed to be electrified and controlled;
and if the measurement result of the CPLD is inconsistent with the reference measurement value of the CPLD, the CPLD is not allowed to carry out power-on control.
Specifically, the step of knowing that the BIOS module is not maliciously damaged according to the measurement result of the BIOS module includes:
comparing the measurement result of the BIOS module with a pre-stored reference measurement value of the BIOS module;
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, the fact that the BIOS module is not maliciously damaged is known, and the CPLD is allowed to power on the BIOS module;
and if the measurement result of the BIOS module is inconsistent with the reference measurement value of the BIOS module, the CPLD is not allowed to power on the BIOS module.
Specifically, the step of knowing that the boot code is not modified according to the measurement result of the boot code includes:
comparing a measurement result of boot code of the host operating system with a pre-stored reference measurement value of the boot code;
if the measurement result of the boot code is consistent with the reference measurement value of the boot code, the boot code is known not to be modified, and the control right of the BIOS module is handed to the host operating system;
and if the measurement result of the boot code is inconsistent with the reference measurement value of the boot code, not booting the host operating system.
Specifically, the step of calling the trusted cryptography module to measure the CPLD and the BIOS module based on the BMC management system includes:
based on the BMC management system, measuring the CPLD and the BIOS module by calling a corresponding algorithm in the trusted password module; and the BMC management system is connected with the trusted password module through an LPC bus.
Specifically, the step of comparing the measurement result of the CPLD with the prestored reference measurement value of the CPLD further includes:
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, storing the measurement result of the CPLD in a register of the BMC management system;
after the step of comparing the measurement result of the BIOS module with the pre-stored reference measurement value of the BIOS module, the method further includes:
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, storing the measurement result of the BIOS module behind the measurement result of the CPLD;
the step of comparing the measurement result of the boot code of the host operating system with the pre-stored reference measurement value of the boot code further comprises:
and if the measurement result of the boot code is consistent with the reference measurement value of the boot code, storing the measurement result of the boot code behind the measurement result of the BIOS module.
According to a second aspect of the embodiments of the present invention, there is provided a BMC-based server secure boot apparatus, including:
the measurement module is used for starting the BMC management system and the trusted password module, calling the trusted password module based on the BMC management system to measure the CPLD and the BIOS module, and acquiring the measurement result of the CPLD and the BIOS module;
the power-on module is used for controlling the CPLD to power on the BIOS module if the CPLD is known not to be maliciously damaged according to the measurement result of the CPLD and the BIOS module is known not to be maliciously damaged according to the measurement result of the BIOS module;
the starting module is used for carrying out state detection on host hardware of the server based on the BIOS module, calling the trusted password module to measure a starting code of a host operating system of the server based on the BMC management system if the state detection is passed, acquiring a measurement result of the starting code, and starting the host operating system if the starting code is not modified according to the measurement result of the starting code.
According to a third aspect of the embodiments of the present invention, there is also provided an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor calls the program instruction to be able to execute the BMC-based server secure boot method provided in any one of the various possible implementations of the first aspect.
According to a fourth aspect of the embodiments of the present invention, there is further provided a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the BMC-based server secure booting method provided in any one of the various possible implementations of the first aspect.
The embodiment of the invention provides a safe server starting method and a safe server starting device based on BMC (baseboard management controller). in the method, an added trusted password module and the BMC started in advance are simultaneously used as a trusted root and a source point of a trust chain, so that the trust chain is expanded, the trust root is moved forward, and the safety of the server is improved; meanwhile, in the process of establishing a trusted chain, the BMC calls the trusted password module to measure the CPLD, the BIOS and the starting code of the host operating system, the trusted password module is directly called by the BMC management system without adding extra load, the operation is simplified, the safe starting efficiency of the server is improved, the cost is reduced, the safety and the reliability of the CPLD in work are ensured by adding the integrity measurement of the CPLD, the safe and the credibility of the server in the whole starting process are ensured, and the trusted starting of the server is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flow chart of a BMC-based server secure boot method according to an embodiment of the present invention;
fig. 2 is a schematic view of a complete flow of a BMC-based server secure boot method according to an embodiment of the present invention;
fig. 3 is a structural diagram of a secure server boot in the BMC-based secure server boot method according to the embodiment of the present invention;
fig. 4 is a schematic diagram of a trust chain structure in a server boot process in the BMC-based server secure boot method according to the embodiment of the present invention;
fig. 5 is a schematic structural diagram of a BMC-based server secure boot apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In an embodiment of the present invention, a BMC-based server secure boot method is provided, and fig. 1 is a schematic flow diagram of the BMC-based server secure boot method provided in the embodiment of the present invention, where the method includes: s101, starting a BMC management system and a trusted password module, calling the trusted password module to measure a CPLD and a BIOS module based on the BMC management system, and obtaining the measurement result of the CPLD and the BIOS module;
the trusted cryptography module is stored with a measurement algorithm for performing trusted measurement. In order to realize the safe starting of the server, the BMC management system and the trusted password module are started firstly after the server is powered on. After the two modules are started, the BMC management system calls the trusted password module to measure the CPLD and the BIOS module, for example, the integrity of the firmware of the CPLD and the BIOS module is measured, and the measuring method is not limited in this embodiment. The BMC management system measures the CPLD and the BIOS module by calling a measuring algorithm in the trusted password module.
S102, if the CPLD and the BIOS module are not maliciously damaged according to the measurement result of the CPLD and the BIOS module is not maliciously damaged according to the measurement result of the BIOS module, controlling the CPLD to electrify the BIOS module and starting the BIOS module;
the CPLD is mainly used for controlling the power-on time sequence of a mainboard power supply of the server and is connected with the BMC management system through the LPC bus. And sending a sequential logic control instruction to the CPLD through the BMC management system to electrify the related module, so as to realize the electrifying starting of the related module. The BIOS module is mainly used for detecting hardware before a host operating system of the server is started, the BIOS module is connected with the BMC through the SPI bus, and the BMC reads codes of relevant firmware of the BIOS module before the BIOS module is powered on to measure the BIOS module.
And determining whether the firmware of the CPLD and the BIOS module is maliciously damaged according to the measurement results of the CPLD and the BIOS module. The CPLD is allowed to be powered on and controlled only when the firmware of the CPLD is not maliciously damaged, and the CPLD is allowed to be powered on the BIOS only when the firmware of the BIOS module is not maliciously damaged, namely complete. Under the condition that neither the CPLD nor the BIOS module is maliciously damaged, the CPLD can electrify the BIOS and start the BIOS, and the BIOS can be allowed to control the whole mainboard of the server. If the CPLD and/or the BIOS module are maliciously damaged, the server cannot be powered on, and meanwhile, alarm information is transmitted to a page of the BMC management system to inform management personnel of the server.
S103, detecting the state of the host hardware of the server based on the BIOS module, calling the trusted password module to measure the starting code of the host operating system of the server based on the BMC management system if the detection is passed, acquiring the measurement result of the starting code, and starting the host operating system if the starting code is not modified according to the measurement result of the starting code.
After the BIOS module is powered on and started to obtain the control right, the state of the relevant hardware of the server host is detected, and whether the state of the hardware is normal or not is detected. And if the hardware states are normal, the BMC calls the trusted password module to measure the starting code of the host operating system of the server. And judging whether the boot code is modified according to the measurement result, if not, allowing the server to boot, and handing the control right of the BIOS module to a host operating system of the server. If the host operation system is corrected, the host operation system of the server is not allowed to be started, and the judgment result is sent to the manager of the server to wait for the next instruction. The complete flow of the BMC-based server secure boot is shown in fig. 2.
In the embodiment, the added trusted password module and the BMC started in advance are simultaneously used as the trusted root and the source point of the trust chain, so that the trust chain is expanded, the trust root is moved forward, and the safety of the server is improved; meanwhile, in the process of establishing a trusted chain, the BMC calls the trusted password module to measure the CPLD, the BIOS and the starting code of the host operating system, the trusted password module is directly called by the BMC management system without adding extra load, the operation is simplified, the safe starting efficiency of the server is improved, the cost is reduced, the safety and the reliability of the CPLD in work are ensured by adding the integrity measurement of the CPLD, the safe and the credibility of the server in the whole starting process are ensured, and the trusted starting of the server is realized.
On the basis of the foregoing embodiment, in this embodiment, the step of calling the trusted cryptography module based on the BMC management system to measure the CPLD and the BIOS module and obtaining the measurement result of the CPLD and the BIOS module includes: calling the trusted password module to measure the CPLD based on the BMC management system, and acquiring a measurement result of the CPLD; if the CPLD is not maliciously damaged according to the measurement result of the CPLD, the trusted password module is called to measure the BIOS module based on the BMC management system, and the measurement result of the BIOS module is obtained.
Specifically, firstly, the BMC management system calls the trusted cryptography module to measure the CPLD, and judges whether the CPLD is maliciously damaged according to the measurement result. The CPLD is allowed to be electrified and controlled only under the condition that the CPLD is not maliciously damaged, the BIOS module is required to be measured, and the BIOS model is electrified and started according to the measurement result. And under the condition that the CPLD is maliciously damaged, the CPLD is not allowed to be powered on, and the BIOS model cannot be powered on and started at the moment without measuring the BIOS, so that the resource consumption is reduced.
On the basis of the foregoing embodiment, in this embodiment, the step of knowing that the CPLD is not maliciously destroyed according to the measurement result of the CPLD includes: comparing the measurement result of the CPLD with a prestored reference measurement value of the CPLD; if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, the CPLD is known not to be maliciously damaged, and the CPLD is allowed to be electrified and controlled; and if the measurement result of the CPLD is inconsistent with the reference measurement value of the CPLD, the CPLD is not allowed to carry out power-on control.
The reference measurement value of the CPLD is the result of measuring the normal CPLD by adopting the same method for measuring the current CPLD in advance. Comparing the measurement result of the CPLD with the reference measurement value of the CPLD, and if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, knowing that the CPLD is complete and not maliciously damaged, and allowing the CPLD to perform next power-on control; and if the two are not consistent, the CPLD is not allowed to be electrified and controlled, and meanwhile, alarm information is sent to the BMC management system to inform a manager of the server.
On the basis of the foregoing embodiment, in this embodiment, the step of knowing that the BIOS module is not maliciously damaged according to the measurement result of the BIOS module includes: comparing the measurement result of the BIOS module with a pre-stored reference measurement value of the BIOS module; if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, the fact that the BIOS module is not maliciously damaged is known, and the CPLD is allowed to power on the BIOS module; and if the measurement result of the BIOS module is inconsistent with the reference measurement value of the BIOS module, the CPLD is not allowed to power on the BIOS module.
The reference measurement value of the BIOS module adopts the same method for measuring the current BIOS module in advance to measure the normal BIOS module. Comparing the measurement result of the BIOS module with the reference measurement value of the BIOS module, if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, knowing that the CPLD is complete and not maliciously damaged, and allowing the CPLD to power on the BIOS module so as to start the BIOS module; if the two are not consistent, the CPLD is not allowed to power on the BIOS module, and meanwhile alarm information is sent to a manager of the server.
On the basis of the foregoing embodiment, in this embodiment, the step of knowing that the boot code is not modified according to the measurement result of the boot code includes: comparing a measurement result of boot code of the host operating system with a pre-stored reference measurement value of the boot code; if the measurement result of the boot code is consistent with the reference measurement value of the boot code, the boot code is known not to be modified, and the control right of the BIOS module is handed to the host operating system; and if the measurement result of the boot code is inconsistent with the reference measurement value of the boot code, not booting the host operating system.
The reference measurement value of the boot code of the host operating system adopts the same method for measuring the current boot code in advance to measure the normal boot code. Comparing the measurement result of the starting code of the host operating system with the reference measurement value of the starting code, if the measurement result of the starting code is consistent with the reference measurement value of the starting code, knowing that the starting code is not maliciously tampered, and starting the host operating system of the server; if the two are not consistent, the host operating system of the server can not be started by knowing that the starting code is maliciously tampered.
On the basis of the foregoing embodiment, in this embodiment, the step of calling the trusted cryptography module to measure the CPLD and the BIOS module based on the BMC management system includes: based on the BMC management system, measuring the CPLD and the BIOS module by calling a corresponding algorithm in the trusted password module; and the BMC management system is connected with the trusted password module through an LPC bus.
Specifically, as shown in fig. 3, the architecture diagram for the secure boot of the server includes 7 modules, a BMC management system, a trusted cryptography module, a CPLD, a BIOS module, Flash, and an EEPRAM (electrically Erasable Programmable Random access memory).
The BMC management system is used as a credible measurement root of the system platform, and a register in the BMC management system is used as a storage position of a measurement result, and is started firstly after the server is powered on. The trusted password module is stored with a measurement algorithm, the main function is called to carry out related measurement calculation, the module is connected with the BMC through an LPC bus, and the BMC can access the module after being electrified and started. The CPLD is mainly used for controlling the power-on time sequence of a mainboard power supply of the server, is connected with the BMC through the LPC bus, and can send a time sequence logic control instruction to the CPLD module after the BMC is started to power on the related module so as to realize the starting of the related module. The BIOS module is mainly used for detecting related hardware before a host operating system of the server is started, the BIOS module is connected with the BMC through the SPI bus, and a BMC management system can read related firmware codes of the BIOS module before the BIOS module is powered on to measure the BIOS module. The Flash memory is an off-chip nonvolatile memory of the BMC management system and is used for storing firmware programs related to the BMC management system. The firmware of the BMC management system is stored in the Flash memory and can be started first after the server is powered on. After the BMC is normally started, the trusted password module is called to carry out integrity measurement on the CPLD firmware, the BIOS firmware and the starting code of the host operating system, and the integrity of the program is ensured, so that the whole trust chain for starting the server is established, and the server is ensured to be started in a safe environment.
On the basis of the foregoing embodiment, in this embodiment, after the step of comparing the measurement result of the CPLD with the prestored reference measurement value of the CPLD, the method further includes: if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, storing the measurement result of the CPLD in a register of the BMC management system; after the step of comparing the measurement result of the BIOS module with the pre-stored reference measurement value of the BIOS module, the method further includes: if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, storing the measurement result of the BIOS module behind the measurement result of the CPLD; the step of comparing the measurement result of the boot code of the host operating system with the pre-stored reference measurement value of the boot code further comprises: and if the measurement result of the boot code is consistent with the reference measurement value of the boot code, storing the measurement result of the boot code behind the measurement result of the BIOS module.
Specifically, the starting point of the trust chain model in the trusted computing organization specification is a BIOS module, which is used as the starting point of the trust chain, and in this embodiment, the BMC and the trusted cryptography module are used as the trusted root and are used as the source point of the trust chain at the same time, so that the trust chain is expanded, and the trust root is moved forward, thereby improving the security of the server.
In the process of building the trust chain, the measurement results of all the processes are stored in the same register, and the storage addresses are continuous. Each module needs to perform integrity measurement on the previous module before running, the current module is allowed to be loaded and run as long as the integrity measurement result is consistent, and the relevant register records the running state of the whole starting process of the server. If the middle of the trust chain is disconnected, namely certain modules do not meet the starting condition, the server cannot be started, so that the safety and the credibility of the whole process from power-on to starting of the host operating system of the server are ensured.
In this embodiment, in order to implement Trusted boot of the server, a Trusted Platform Module (TCM) embedded in the server management system is mainly used to perform a Trusted measurement on the entire power-on boot process of the server. The BMC management system and the trusted password module are used as a trust root of the server management system and can actively measure and control a system platform, a trust chain model is shown in FIG. 4, and the trust chain establishing process is as follows:
1. firstly, the BMC management system and the trusted password module are powered on and started, a program in the BMC management system calls the trusted measurement module after the BMC management system is started, the mirror image of the CPLD is measured, a measurement result is compared with a reference measurement value, and if the measurement result is inconsistent with the reference measurement value, the next operation is forbidden; and if the measurement results are consistent, storing the measurement results in a relevant register of the BMC management system, and allowing the next operation to be carried out.
2. After the CPLD allows the power-on, the trusted password module is continuously operated to measure the firmware related to the BIOS module, meanwhile, the measurement result is compared with the reference measurement value, if the measurement result is changed, the BIOS module is prohibited to start, and meanwhile, the alarm information is sent out; if the results are consistent, the measurement result is stored behind the measurement result of the previous step, and the CPLD is allowed to power on the BIOS module.
3. After the BIOS obtains the control right, the state of the relevant hardware of the server host is detected, and after the detection is passed, the system of the BIOS module can be started successfully. Then, the trusted password module is called to measure the starting code of the host operating system, the measurement result is compared with the stored value, and if the fact that the starting code is maliciously tampered is known according to the comparison result, the host server system cannot be started; if the results are consistent, the measurement result is also stored after the measurement result of the previous step, and the host operating system of the server is allowed to start, so that the server can be started normally.
In another embodiment of the present invention, a BMC-based server secure boot apparatus is provided, which is configured to implement the methods in the foregoing embodiments. Therefore, the descriptions and definitions in the embodiments of the BMC-based server secure boot method may be used for understanding the execution modules in the embodiments of the present invention. Fig. 5 is a schematic structural diagram of a BMC-based server secure boot apparatus according to an embodiment of the present invention, where the apparatus includes a measurement module 501, a power-on module 502, and a boot module 503, where:
the measurement module 501 is configured to start a BMC management system and a trusted password module, call the trusted password module based on the BMC management system to measure a CPLD and a BIOS module, and obtain measurement results of the CPLD and the BIOS module;
the trusted cryptography module is stored with a measurement algorithm for performing trusted measurement. In order to realize the safe starting of the server, the BMC management system and the trusted password module are started firstly after the server is powered on. After the two modules are started, the measurement module 501 calls the trusted password module through the BMC management system to measure the CPLD and the BIOS module, for example, the integrity of the firmware of the CPLD and the BIOS module is measured, and the measurement method is not limited in this embodiment. The BMC management system measures the CPLD and the BIOS module by calling a measuring algorithm in the trusted password module.
The power-on module 502 is configured to control the CPLD to power on the BIOS module if the CPLD is known not to be maliciously damaged according to the measurement result of the CPLD and the BIOS module is known not to be maliciously damaged according to the measurement result of the BIOS module;
the power-on module 502 determines whether the firmware of the CPLD and the BIOS module is maliciously damaged according to the measurement results of the CPLD and the BIOS module. The CPLD is allowed to be powered on and controlled only when the firmware of the CPLD is not maliciously damaged, and the CPLD is allowed to be powered on the BIOS only when the firmware of the BIOS module is not maliciously damaged, namely complete. Under the condition that neither the CPLD nor the BIOS module is maliciously damaged, the CPLD can electrify the BIOS and start the BIOS, and the BIOS can be allowed to control the whole mainboard of the server. If the CPLD and/or the BIOS module are maliciously damaged, the server cannot be powered on, and meanwhile, alarm information is transmitted to a page of the BMC management system to inform management personnel of the server.
The start module 503 is configured to perform state detection on host hardware of a server based on the BIOS module, call the trusted password module to measure a start code of a host operating system of the server based on the BMC management system if the state detection passes, obtain a measurement result of the start code, and start the host operating system if it is known that the start code is not modified according to the measurement result of the start code.
After the BIOS module is powered on and started to obtain the control right, the state of the relevant hardware of the server host is detected, and whether the state of the hardware is normal or not is detected. If the hardware states are normal, the boot module 503 calls the trusted cryptography module to measure the boot code of the host operating system of the server through the BMC. And judging whether the boot code is modified according to the measurement result, if not, allowing the server to boot, and handing the control right of the BIOS module to a host operating system of the server. If the host operation system is corrected, the host operation system of the server is not allowed to be started, and the judgment result is sent to the manager of the server to wait for the next instruction.
In the embodiment, the added trusted password module and the BMC started in advance are simultaneously used as the trusted root and the source point of the trust chain, so that the trust chain is expanded, the trust root is moved forward, and the safety of the server is improved; meanwhile, in the process of establishing a trusted chain, the BMC calls the trusted password module to measure the CPLD, the BIOS and the starting code of the host operating system, the trusted password module is directly called by the BMC management system without adding extra load, the operation is simplified, the safe starting efficiency of the server is improved, the cost is reduced, the safety and the reliability of the CPLD in work are ensured by adding the integrity measurement of the CPLD, the safe and the credibility of the server in the whole starting process are ensured, and the trusted starting of the server is realized.
Fig. 6 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 6: a processor (processor)601, a communication Interface (Communications Interface)602, a memory (memory)603 and a communication bus 604, wherein the processor 601, the communication Interface 602 and the memory 603 complete communication with each other through the communication bus 604. The processor 601 may call logic instructions in the memory 603 to perform the following method: starting the BMC management system and the trusted password module, calling the trusted password module based on the BMC management system to measure the CPLD and the BIOS module, and acquiring the measurement result of the CPLD and the BIOS module; if the CPLD and the BIOS module are not maliciously damaged according to the measurement results of the CPLD and the BIOS module, controlling the CPLD to electrify the BIOS module; the method comprises the steps that a BIOS module is used for carrying out state detection on host hardware of a server, if the state detection is passed, a trusted password module is called to measure a starting code of a host operating system of the server, a measurement result of the starting code is obtained, and if the starting code is not modified according to the measurement result of the starting code, the host operating system is started.
In addition, the logic instructions in the memory 603 may be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The present embodiments provide a non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above method embodiments, for example, including: starting the BMC management system and the trusted password module, calling the trusted password module based on the BMC management system to measure the CPLD and the BIOS module, and acquiring the measurement result of the CPLD and the BIOS module; if the CPLD and the BIOS module are not maliciously damaged according to the measurement results of the CPLD and the BIOS module, controlling the CPLD to electrify the BIOS module; the method comprises the steps that a BIOS module is used for carrying out state detection on host hardware of a server, if the state detection is passed, a trusted password module is called to measure a starting code of a host operating system of the server, a measurement result of the starting code is obtained, and if the starting code is not modified according to the measurement result of the starting code, the host operating system is started.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A safe server starting method based on BMC is characterized by comprising the following steps:
starting a BMC management system and a trusted password module, calling the trusted password module to measure a CPLD and a BIOS module based on the BMC management system, and acquiring measurement results of the CPLD and the BIOS module;
if the CPLD is known not to be maliciously damaged according to the measurement result of the CPLD and the BIOS module is known not to be maliciously damaged according to the measurement result of the BIOS module, controlling the CPLD to electrify the BIOS module;
the method comprises the steps that a BIOS module is used for carrying out state detection on host hardware of a server, if the state detection is passed, the BMC management system calls a trusted password module to measure a starting code of a host operating system of the server, a measurement result of the starting code is obtained, and if the starting code is not modified according to the measurement result of the starting code, the host operating system is started.
2. The BMC-based server secure boot method of claim 1, wherein the step of obtaining the measurement result of the CPLD and the BIOS module based on the BMC management system calling the trusted cryptography module to measure the CPLD and the BIOS module comprises:
calling the trusted password module to measure the CPLD based on the BMC management system, and acquiring a measurement result of the CPLD;
if the CPLD is not maliciously damaged according to the measurement result of the CPLD, the trusted password module is called to measure the BIOS module based on the BMC management system, and the measurement result of the BIOS module is obtained.
3. The BMC-based server secure boot method of claim 1, wherein the step of learning from the CPLD metric result that the CPLD is not maliciously destroyed comprises:
comparing the measurement result of the CPLD with a prestored reference measurement value of the CPLD;
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, the CPLD is known not to be maliciously damaged, and the CPLD is allowed to be electrified and controlled;
and if the measurement result of the CPLD is inconsistent with the reference measurement value of the CPLD, the CPLD is not allowed to carry out power-on control.
4. The BMC-based server secure boot method of claim 3, wherein the step of learning from the BIOS module's metrics that the BIOS module is not maliciously destroyed comprises:
comparing the measurement result of the BIOS module with a pre-stored reference measurement value of the BIOS module;
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, the fact that the BIOS module is not maliciously damaged is known, and the CPLD is allowed to power on the BIOS module;
and if the measurement result of the BIOS module is inconsistent with the reference measurement value of the BIOS module, the CPLD is not allowed to power on the BIOS module.
5. The BMC-based server secure boot method of claim 4, wherein the step of learning from the boot code metric result that the boot code has not been modified comprises:
comparing a measurement result of boot code of the host operating system with a pre-stored reference measurement value of the boot code;
if the measurement result of the boot code is consistent with the reference measurement value of the boot code, the boot code is known not to be modified, and the control right of the BIOS module is handed to the host operating system;
and if the measurement result of the boot code is inconsistent with the reference measurement value of the boot code, not booting the host operating system.
6. The BMC-based server secure boot method of any of claims 1-5, wherein the step of invoking the trusted cryptography module to measure CPLD and BIOS based on the BMC management system comprises:
based on the BMC management system, measuring the CPLD and the BIOS module by calling a corresponding algorithm in the trusted password module; and the BMC management system is connected with the trusted password module through an LPC bus.
7. The BMC-based server secure booting method of claim 5, wherein the step of comparing the measurement result of the CPLD with the pre-stored reference measurement value of the CPLD is followed by further comprising:
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, storing the measurement result of the CPLD in a register of the BMC management system;
after the step of comparing the measurement result of the BIOS module with the pre-stored reference measurement value of the BIOS module, the method further includes:
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, storing the measurement result of the BIOS module behind the measurement result of the CPLD;
the step of comparing the measurement result of the boot code of the host operating system with the pre-stored reference measurement value of the boot code further comprises:
and if the measurement result of the boot code is consistent with the reference measurement value of the boot code, storing the measurement result of the boot code behind the measurement result of the BIOS module.
8. A BMC-based server secure boot apparatus, comprising:
the measurement module is used for starting the BMC management system and the trusted password module, calling the trusted password module based on the BMC management system to measure the CPLD and the BIOS module, and acquiring the measurement result of the CPLD and the BIOS module;
the power-on module is used for controlling the CPLD to power on the BIOS module if the CPLD is known not to be maliciously damaged according to the measurement result of the CPLD and the BIOS module is known not to be maliciously damaged according to the measurement result of the BIOS module;
the starting module is used for carrying out state detection on host hardware of the server based on the BIOS module, calling the trusted password module to measure a starting code of a host operating system of the server based on the BMC management system if the state detection is passed, acquiring a measurement result of the starting code, and starting the host operating system if the starting code is not modified according to the measurement result of the starting code.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the BMC-based server secure boot method according to any of claims 1 to 7 are implemented when the processor executes the program.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, performs the steps of the BMC-based server secure boot method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911358516.2A CN111158767B (en) | 2019-12-25 | 2019-12-25 | BMC-based server safe starting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911358516.2A CN111158767B (en) | 2019-12-25 | 2019-12-25 | BMC-based server safe starting method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111158767A true CN111158767A (en) | 2020-05-15 |
| CN111158767B CN111158767B (en) | 2023-10-27 |
Family
ID=70558336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911358516.2A Active CN111158767B (en) | 2019-12-25 | 2019-12-25 | BMC-based server safe starting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111158767B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113282969A (en) * | 2021-05-13 | 2021-08-20 | 中科可控信息产业有限公司 | Device control method, electronic device, and readable storage medium |
| CN113742141A (en) * | 2021-11-04 | 2021-12-03 | 苏州浪潮智能科技有限公司 | Server measuring method and device, computer equipment and storage medium |
| CN113835770A (en) * | 2021-11-30 | 2021-12-24 | 四川华鲲振宇智能科技有限责任公司 | Online replacement method and system for server management module |
| CN114205208A (en) * | 2021-11-05 | 2022-03-18 | 苏州浪潮智能科技有限公司 | Method, device, equipment and medium for starting servers in batches based on remote end |
| WO2022143429A1 (en) * | 2020-12-29 | 2022-07-07 | 华为技术有限公司 | Computer system, trusted functional assembly, and operation method |
| CN116628701A (en) * | 2023-05-25 | 2023-08-22 | 合芯科技有限公司 | TPCM (thermoplastic polyurethane) in-place detection method and device, server starting method and server |
| CN116643640A (en) * | 2023-04-23 | 2023-08-25 | 合芯科技(苏州)有限公司 | Step-by-step power-up method, device, equipment and storage medium of server system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110154010A1 (en) * | 2009-12-17 | 2011-06-23 | Springfield Randall S | Security to extend trust |
| CN107451479A (en) * | 2017-07-31 | 2017-12-08 | 浪潮(北京)电子信息产业有限公司 | The construction method and system of a kind of trust chain |
| CN107506663A (en) * | 2017-08-02 | 2017-12-22 | 中电科技(北京)有限公司 | Server security based on credible BMC starts method |
| CN109726562A (en) * | 2019-01-03 | 2019-05-07 | 北京工业大学 | A kind of starting method that server master board based on credible BMC is credible |
-
2019
- 2019-12-25 CN CN201911358516.2A patent/CN111158767B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110154010A1 (en) * | 2009-12-17 | 2011-06-23 | Springfield Randall S | Security to extend trust |
| CN107451479A (en) * | 2017-07-31 | 2017-12-08 | 浪潮(北京)电子信息产业有限公司 | The construction method and system of a kind of trust chain |
| CN107506663A (en) * | 2017-08-02 | 2017-12-22 | 中电科技(北京)有限公司 | Server security based on credible BMC starts method |
| CN109726562A (en) * | 2019-01-03 | 2019-05-07 | 北京工业大学 | A kind of starting method that server master board based on credible BMC is credible |
Non-Patent Citations (2)
| Title |
|---|
| 孙亮等: "基于可信BMC的服务器安全启动机制" * |
| 苏振宇: "基于国产BMC的服务器安全启动技术研究与实现" * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022143429A1 (en) * | 2020-12-29 | 2022-07-07 | 华为技术有限公司 | Computer system, trusted functional assembly, and operation method |
| CN113282969A (en) * | 2021-05-13 | 2021-08-20 | 中科可控信息产业有限公司 | Device control method, electronic device, and readable storage medium |
| CN113282969B (en) * | 2021-05-13 | 2023-10-31 | 中科可控信息产业有限公司 | Device control method, electronic device, and readable storage medium |
| CN113742141B (en) * | 2021-11-04 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Server measuring method and device, computer equipment and storage medium |
| CN113742141A (en) * | 2021-11-04 | 2021-12-03 | 苏州浪潮智能科技有限公司 | Server measuring method and device, computer equipment and storage medium |
| CN114205208A (en) * | 2021-11-05 | 2022-03-18 | 苏州浪潮智能科技有限公司 | Method, device, equipment and medium for starting servers in batches based on remote end |
| CN114205208B (en) * | 2021-11-05 | 2023-08-18 | 苏州浪潮智能科技有限公司 | Remote-based server batch starting method, device, equipment and medium |
| CN113835770B (en) * | 2021-11-30 | 2022-02-18 | 四川华鲲振宇智能科技有限责任公司 | Online replacement method and system for server management module |
| CN113835770A (en) * | 2021-11-30 | 2021-12-24 | 四川华鲲振宇智能科技有限责任公司 | Online replacement method and system for server management module |
| CN116643640A (en) * | 2023-04-23 | 2023-08-25 | 合芯科技(苏州)有限公司 | Step-by-step power-up method, device, equipment and storage medium of server system |
| CN116643640B (en) * | 2023-04-23 | 2024-01-23 | 合芯科技(苏州)有限公司 | Step-by-step power-up method, device, equipment and storage medium of server system |
| CN116628701A (en) * | 2023-05-25 | 2023-08-22 | 合芯科技有限公司 | TPCM (thermoplastic polyurethane) in-place detection method and device, server starting method and server |
| CN116628701B (en) * | 2023-05-25 | 2023-11-24 | 合芯科技有限公司 | TPCM (thermoplastic polyurethane) in-place detection method and device, server starting method and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111158767B (en) | 2023-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111158767B (en) | BMC-based server safe starting method and device | |
| US11520894B2 (en) | Verifying controller code | |
| US10839080B2 (en) | Hardware-enforced firmware security | |
| EP2989579B1 (en) | Redundant system boot code in a secondary non-volatile memory | |
| CN103718165B (en) | BIOS flash memory attack protection and notice | |
| CN107506663A (en) | Server security based on credible BMC starts method | |
| US20030221114A1 (en) | Authentication system and method | |
| CN111259401B (en) | Trusted measurement method, device, system, storage medium and computer equipment | |
| US20220067165A1 (en) | Security measurement method and security measurement device for startup of server system, and server | |
| CN110659498A (en) | Trusted computing measurement method, system thereof and computer readable storage medium | |
| WO2022028057A1 (en) | Tpm-based apparatus and method for multi-layer protection of server asset information | |
| US20170193220A1 (en) | Method and apparatus for trusted measurement | |
| CN111651769B (en) | Method and device for acquiring measurement of security initiation | |
| US10684904B2 (en) | Information handling systems and methods to selectively control ownership of a hardware based watchdog timer (WDT) | |
| TW201642173A (en) | Embedded controller for secure booting and method thereof | |
| CN113419905A (en) | Method and device for realizing credible verification and security module | |
| CN115618360A (en) | Server tamper-proof safe starting method and device | |
| CN115421793A (en) | Display method of starting state and computing equipment | |
| CN110781517B (en) | Method for realizing data interaction by BIOS and BMC communication | |
| CN111506897B (en) | Data processing method and device | |
| US20200143058A1 (en) | Operational verification | |
| CN114139168B (en) | TPCM measuring method, device and medium | |
| CN111625831B (en) | Trusted security measurement method and device | |
| US11269637B2 (en) | Validating machine-readable instructions using an iterative validation process | |
| US20240037216A1 (en) | Systems And Methods For Creating Trustworthy Orchestration Instructions Within A Containerized Computing Environment For Validation Within An Alternate Computing Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |