CN111158767B - BMC-based server safe starting method and device - Google Patents
BMC-based server safe starting method and device Download PDFInfo
- Publication number
- CN111158767B CN111158767B CN201911358516.2A CN201911358516A CN111158767B CN 111158767 B CN111158767 B CN 111158767B CN 201911358516 A CN201911358516 A CN 201911358516A CN 111158767 B CN111158767 B CN 111158767B
- Authority
- CN
- China
- Prior art keywords
- cpld
- measurement result
- module
- bios
- bios module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The embodiment of the invention provides a server safe starting method and device based on BMC, wherein the method comprises the following steps: starting a BMC management system and a trusted cryptographic module, and calling the trusted cryptographic module to measure the CPLD and the BIOS module based on the BMC management system to obtain measurement results of the CPLD and the BIOS module; if the CPLD and the BIOS module are not maliciously destroyed according to the measurement results of the CPLD and the BIOS module, controlling the CPLD to power on the BIOS module; and (3) carrying out state detection on the host hardware of the server based on the BIOS module, if the state detection is passed, calling the trusted cryptography module to measure the starting code of the host operating system of the server, obtaining the measurement result of the starting code, and if the starting code is not modified according to the measurement result of the starting code, starting the host operating system. In the embodiment of the invention, no extra load is needed to be added, and the safe starting of the server is realized.
Description
Technical Field
The invention belongs to the technical field of computer security, and particularly relates to a server security starting method and device based on BMC.
Background
The baseboard management controller (Baseboard Management Controller, BMC) management system is an embedded management system independent of a host operating system on a server motherboard, supports an industry standard IPMI (Intelligent Platform Management Interface ) protocol, and is used for providing a remote management function for a server by utilizing a virtual keyboard, a mouse and the like. The user monitors physical characteristics of the server, such as temperature, voltage, fan operation status, etc., of each component using the BMC.
The basic input/output system (Basic Input Output System, BIOS) is a core software system directly solidified on the main board, and stores the most important basic input/output program of the server, the self-checking program after starting up and the system self-starting program. The BIOS reads and writes specific information of system setting from a ROM (Read-Only Memory) and other memories after starting up, and provides the bottommost and most direct hardware setting and control for the server.
In the prior art, by adding a trusted cryptographic module and preferentially starting the trusted cryptographic module, a starting trust chain is constructed, and the trusted starting of the server is realized. After the server is powered on, the trusted cryptography module performs self-checking to determine whether the server works normally. And if the device is in an abnormal working state, alarming and shutting down. The trusted cryptography module performs integrity measurement on codes in the CPLD (Complex Programmable Logic Device ) if normal, determines whether the CPLD is correct, and stores CPLD measurement results in the trusted cryptography module. If the CPLD is correct, the next step is carried out, otherwise, the CPLD is recovered. The trusted cryptography module then measures the boot layer of the BMC to determine if the boot layer of the BMC is correct. If the guiding layer is correct, the next step is carried out, otherwise, the BMC guiding layer is restored. The BMC guiding layer is internally provided with a trusted measurement module, and the trusted cryptographic module measures the image of the BMC operating system. And continuing to the next step according to the result. The BMC operating system comprises a trusted measurement agent and a trusted policy management module. The trusted metrics agent will measure the BIOS through the trusted cryptography module according to the user configuration policy in the trusted policy management module. If the BIOS is correct, the task of the BIOS for trusted measurement is actively completed by the trusted cryptography module. The BIOS measures the critical hardware of the server. The BIOS measures key devices such as a hard disk, a display card, a network card and the like by calling an interface of the trusted cryptography module, and prevents the key devices from being replaced by unauthorized or implanted into Trojan horse.
Still other prior art techniques implement trusted metrics on relevant firmware of a server by incorporating hardware cryptographic modules to build a chain of trust and implement secure startup of the server. Firstly, constructing connection between a baseboard management controller BMC and a BIOS through an SPI (Serial Peripheral Interface ) bus, constructing connection between the BMC and a trusted cryptography module (Trusted Cryptography Module, TCM) through an LPC (Low PIN COUNT) bus, and storing an SM3 hash algorithm and a reference value in the TCM; the BMC collects key codes in the BIOS through the SPI bus; the SM3 hash algorithm stored in the TCM is called through the LPC bus, and the key codes are measured to obtain a measurement value; judging whether the measurement value is consistent with a reference value stored in the TCM, if so, sending a control signal to a CPU (Central Processing Unit ) to control the CPU to be electrified and transmitting a trust chain to a key code in the BIOS; otherwise, the CPU is prohibited from starting to realize trust transfer.
The former method starts the trusted cryptography module firstly, but the trusted cryptography module cannot measure other parts by itself, needs to have a system program to call, and needs to initialize a lot of hardware, which certainly increases the extra load of the system and the related transformation cost. The latter method is to add a TCM module to make it and BMC serve as the trusted root of the system at the same time to construct a trust chain, but the trust chain construction process does not realize the trusted measurement of CPLD, which is used for powering on each device on the motherboard, and if it is attacked, serious consequences will occur. Thus, the confidence measure of the CPLD is also very important.
Disclosure of Invention
In order to solve the problems of extra load and transformation cost increase or incomplete trusted measurement of the existing server secure starting method or at least partially solve the problems, the embodiment of the invention provides a BMC-based server secure starting method and device.
According to a first aspect of an embodiment of the present invention, there is provided a server secure boot method based on BMC, including:
starting a BMC management system and a trusted cryptographic module, and calling the trusted cryptographic module to measure a CPLD and a BIOS module based on the BMC management system to obtain measurement results of the CPLD and the BIOS module;
if the CPLD is not maliciously damaged according to the measurement result of the CPLD, and the BIOS module is not maliciously damaged according to the measurement result of the BIOS module, the CPLD is controlled to power on the BIOS module;
and carrying out state detection on host hardware of the server based on the BIOS module, if the state detection is passed, measuring a starting code of a host operating system of the server based on the BMC management system calling the trusted cryptographic module, obtaining a measuring result of the starting code, and if the starting code is not modified according to the measuring result of the starting code, starting the host operating system.
Specifically, the step of calling the trusted cryptographic module to measure the CPLD and the BIOS module based on the BMC management system, and obtaining the measurement results of the CPLD and the BIOS module includes:
based on the BMC management system, invoking the trusted cryptographic module to measure the CPLD, and obtaining a measurement result of the CPLD;
and if the CPLD is not maliciously damaged according to the measurement result of the CPLD, the BMC management system calls the trusted cryptographic module to measure the BIOS module, and the measurement result of the BIOS module is obtained.
Specifically, the step of knowing that the CPLD is not maliciously damaged according to the measurement result of the CPLD includes:
comparing the measurement result of the CPLD with a prestored reference measurement value of the CPLD;
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, the CPLD is known not to be maliciously destroyed, and the CPLD is allowed to be electrified;
and if the measurement result of the CPLD is inconsistent with the reference measurement value of the CPLD, the CPLD is not allowed to be electrified.
Specifically, the step of knowing that the BIOS module is not maliciously damaged according to the measurement result of the BIOS module includes:
Comparing the measurement result of the BIOS module with a prestored reference measurement value of the BIOS module;
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, the BIOS module is known not to be maliciously destroyed, and the CPLD is allowed to electrify the BIOS module;
and if the measurement result of the BIOS module is inconsistent with the reference measurement value of the BIOS module, the CPLD is not allowed to power on the BIOS module.
Specifically, the step of knowing that the boot code is unmodified according to the measurement result of the boot code includes:
comparing the measurement result of the starting code of the host operating system with a pre-stored reference measurement value of the starting code;
if the measurement result of the starting code is consistent with the reference measurement value of the starting code, the starting code is known to be unmodified, and the control right of the BIOS module is handed to the host operating system;
and if the measurement result of the starting code is inconsistent with the reference measurement value of the starting code, not starting the host operating system.
Specifically, the step of invoking the trusted cryptographic module to measure the CPLD and the BIOS module based on the BMC management system includes:
Based on the BMC management system, measuring CPLD and BIOS modules by calling corresponding algorithms in the trusted cryptographic module; and the BMC management system is connected with the trusted cryptographic module through an LPC bus.
Specifically, the step of comparing the measurement result of the CPLD with the pre-stored reference measurement value of the CPLD further includes:
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, storing the measurement result of the CPLD in a register of the BMC management system;
the step of comparing the measurement result of the BIOS module with the pre-stored reference measurement value of the BIOS module further comprises:
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, storing the measurement result of the BIOS module at the back of the measurement result of the CPLD;
the step of comparing the measurement result of the boot code of the host operating system with the pre-stored reference measurement value of the boot code further comprises:
and if the measurement result of the starting code is consistent with the reference measurement value of the starting code, storing the measurement result of the starting code behind the measurement result of the BIOS module.
According to a second aspect of the embodiment of the present invention, there is provided a server security starting apparatus based on BMC, including:
the measurement module is used for starting a BMC management system and a trusted cryptographic module, and calling the trusted cryptographic module to measure the CPLD and the BIOS module based on the BMC management system to obtain measurement results of the CPLD and the BIOS module;
the power-on module is used for controlling the CPLD to power on the BIOS module if the CPLD is not maliciously damaged according to the measurement result of the CPLD and the BIOS module is not maliciously damaged according to the measurement result of the BIOS module;
and the starting module is used for detecting the state of the host hardware of the server based on the BIOS module, if the state detection is passed, the starting code of the host operating system of the server is measured based on the BMC management system calling the trusted cryptographic module, the measurement result of the starting code is obtained, and if the starting code is not modified according to the measurement result of the starting code, the host operating system is started.
According to a third aspect of the embodiments of the present invention, there is further provided an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor invoking the program instructions to be able to perform the BMC-based server security boot method provided by any of the various possible implementations of the first aspect.
According to a fourth aspect of embodiments of the present invention, there is further provided a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the method for secure startup of a BMC-based server provided by any one of the various possible implementations of the first aspect.
The embodiment of the invention provides a server safe starting method and device based on BMC, wherein the method uses an added trusted cryptographic module and a BMC started in advance as a trusted root simultaneously, and simultaneously as a source point of a trust chain, the trust chain is expanded, the trusted root is moved forward, and the safety of the server is improved; meanwhile, in the process of constructing the trusted chain, the BMC calls the trusted cryptographic module to measure the starting codes of the CPLD, the BIOS and the host operating system, the trusted cryptographic module is directly called by the BMC management system, no additional load is added to realize the operation, the safe starting efficiency of the server is improved, the cost is reduced, the safety and the reliability of the CPLD in the working process are ensured by adding the integrity measurement of the CPLD, the safe and the trusted in the whole starting process of the server are ensured, and the trusted starting of the server is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a secure startup method of a BMC-based server according to an embodiment of the present invention;
fig. 2 is a complete flow diagram of a secure startup method of a BMC-based server according to an embodiment of the present invention;
fig. 3 is a structural diagram of a server security start architecture in a BMC-based server security start method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a trust chain structure in a server startup process in a BMC-based server security startup method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a BMC-based server secure boot device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In one embodiment of the present invention, a server security starting method based on BMC is provided, and fig. 1 is a schematic flow chart of a server security starting method based on BMC provided in the embodiment of the present invention, where the method includes: s101, starting a BMC management system and a trusted cryptographic module, and calling the trusted cryptographic module to measure a CPLD and a BIOS module based on the BMC management system to obtain measurement results of the CPLD and the BIOS module;
the trusted cryptography module stores a measurement algorithm for performing trusted measurement. In order to realize safe starting of the server, after the server is powered on, a BMC management system and a trusted cryptographic module are started first. After the CPLD and the BIOS are started, the BMC management system calls the trusted cryptographic module to measure the CPLD and the BIOS, for example, the firmware integrity of the CPLD and the BIOS is measured, and the measuring method is not limited in the embodiment. The BMC management system measures the CPLD and the BIOS module by calling a measurement algorithm in the trusted cryptography module.
S102, if the CPLD and the BIOS module are not maliciously damaged according to the measurement results of the CPLD and the BIOS module, and the BIOS module is not maliciously damaged according to the measurement results of the BIOS module, controlling the CPLD to power on the BIOS module, and starting the BIOS module;
The CPLD is mainly used for controlling the power-on time sequence of a main board power supply of the server and is connected with the BMC management system through an LPC bus. And the BMC management system sends a sequential logic control instruction to the CPLD to power up the related module, so that the power-up starting of the related module is realized. The BIOS module is mainly used for detecting hardware before a host operating system of the server is started, the BIOS module is connected with the BMC through an SPI bus, and the BMC reads codes of firmware related to the BIOS module before the BIOS module is powered on to measure the BIOS module.
And determining whether the firmware of the CPLD and the BIOS module is maliciously destroyed according to the measurement results of the CPLD and the BIOS module. The CPLD is allowed to power on only when the firmware of the CPLD is not maliciously destroyed, and is allowed to power on the BIOS only when the firmware of the BIOS module is not maliciously destroyed, namely the firmware is complete. Under the condition that the CPLD and the BIOS module are not damaged maliciously, the CPLD can power on the BIOS and start the BIOS, so that the BIOS can be allowed to control the whole mainboard of the server. If the CPLD and/or the BIOS module is maliciously destroyed, the server cannot be powered on, and meanwhile, alarm information is transmitted to a page of the BMC management system to inform a manager of the server.
S103, detecting the state of host hardware of a server based on a BIOS module, if the state is detected to pass, measuring a starting code of a host operating system of the server based on the BMC management system calling the trusted cryptography module, obtaining a measuring result of the starting code, and if the starting code is not modified according to the measuring result of the starting code, starting the host operating system.
After the BIOS module is powered on and started and the control right is obtained, state detection is carried out on related hardware of the server host, and whether the state of the hardware is normal or not is detected. And if the states of the hardware are normal, the BMC is used for calling the trusted cryptographic module to measure the starting code of the host operating system of the server. Judging whether the startup code is modified according to the measurement result, if not, allowing the server to start, and giving control right of the BIOS module to a host operating system of the server. If the judgment result is corrected, the host operating system of the server is not allowed to start, and the judgment result is sent to the manager of the server to wait for the next instruction. The complete flow of secure startup of a BMC-based server is shown in FIG. 2.
According to the embodiment, the added trusted cryptography module and the BMC started in advance are used as the trusted root at the same time, and meanwhile, the trusted root is expanded by being used as a source point of the trusted chain, so that the security of the server is improved; meanwhile, in the process of constructing the trusted chain, the BMC calls the trusted cryptographic module to measure the starting codes of the CPLD, the BIOS and the host operating system, the trusted cryptographic module is directly called by the BMC management system, no additional load is added to realize the operation, the safe starting efficiency of the server is improved, the cost is reduced, the safety and the reliability of the CPLD in the working process are ensured by adding the integrity measurement of the CPLD, the safe and the trusted in the whole starting process of the server are ensured, and the trusted starting of the server is realized.
Based on the above embodiment, in this embodiment, the step of calling the trusted cryptographic module to measure the CPLD and the BIOS module based on the BMC management system, and obtaining the measurement results of the CPLD and the BIOS module includes: based on the BMC management system, invoking the trusted cryptographic module to measure the CPLD, and obtaining a measurement result of the CPLD; and if the CPLD is not maliciously damaged according to the measurement result of the CPLD, the BMC management system calls the trusted cryptographic module to measure the BIOS module, and the measurement result of the BIOS module is obtained.
Specifically, firstly, the BMC management system calls a trusted cryptographic module to measure the CPLD, and judges whether the CPLD is maliciously destroyed according to the measurement result. And only if the CPLD is not maliciously destroyed, the CPLD is allowed to be electrified, the BIOS module is measured, and the BIOS module is electrified and started according to the measurement result. Under the condition that the CPLD is maliciously destroyed, the CPLD is not allowed to perform power-on operation, at the moment, the BIOS model cannot be powered on, and the BIOS is not required to be measured, so that the resource consumption is reduced.
Based on the above embodiment, the step of obtaining that the CPLD is not maliciously damaged according to the measurement result of the CPLD in this embodiment includes: comparing the measurement result of the CPLD with a prestored reference measurement value of the CPLD; if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, the CPLD is known not to be maliciously destroyed, and the CPLD is allowed to be electrified; and if the measurement result of the CPLD is inconsistent with the reference measurement value of the CPLD, the CPLD is not allowed to be electrified.
The reference metric value of the CPLD is a result of measuring the normal CPLD by adopting the same method of measuring the current CPLD in advance. Comparing the measurement result of the CPLD with a reference measurement value of the CPLD, and if the measurement result of the CPLD and the reference measurement value are consistent, obtaining that the CPLD is complete and not maliciously damaged, and allowing the CPLD to conduct next power-on control; if the two are inconsistent, the CPLD is not allowed to conduct power-on control, and meanwhile, alarm information is sent to the BMC management system to inform management personnel of the server.
Based on the above embodiment, the step of obtaining that the BIOS module is not maliciously damaged according to the measurement result of the BIOS module in this embodiment includes: comparing the measurement result of the BIOS module with a prestored reference measurement value of the BIOS module; if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, the BIOS module is known not to be maliciously destroyed, and the CPLD is allowed to electrify the BIOS module; and if the measurement result of the BIOS module is inconsistent with the reference measurement value of the BIOS module, the CPLD is not allowed to power on the BIOS module.
The basic measurement value of the BIOS module adopts the measurement result of the normal BIOS module by the same method as that of the current BIOS module in advance. Comparing the measurement result of the BIOS module with the reference measurement value of the BIOS module, if the measurement result and the reference measurement value are consistent, obtaining that the CPLD is complete and not maliciously destroyed, and allowing the CPLD to electrify the BIOS module so as to start the BIOS module; if the two are inconsistent, the CPLD is not allowed to power on the BIOS module, and alarm information is sent to a manager of the server.
Based on the above embodiment, the step of knowing that the boot code is not modified according to the measurement result of the boot code in this embodiment includes: comparing the measurement result of the starting code of the host operating system with a pre-stored reference measurement value of the starting code; if the measurement result of the starting code is consistent with the reference measurement value of the starting code, the starting code is known to be unmodified, and the control right of the BIOS module is handed to the host operating system; and if the measurement result of the starting code is inconsistent with the reference measurement value of the starting code, not starting the host operating system.
The standard measurement value of the starting code of the host operating system adopts the result of measuring the normal starting code by the same method of measuring the current starting code in advance. Comparing the measurement result of the starting code of the host operating system with the reference measurement value of the starting code, and if the measurement result is consistent with the reference measurement value of the starting code, obtaining that the starting code is not tampered maliciously, and starting the host operating system of the server; if the two are inconsistent, the starting code is known to be tampered maliciously, and the host operating system of the server cannot be started.
Based on the above embodiment, the step of measuring the CPLD and the BIOS module based on the BMC management system invoking the trusted cryptographic module in this embodiment includes: based on the BMC management system, measuring CPLD and BIOS modules by calling corresponding algorithms in the trusted cryptographic module; and the BMC management system is connected with the trusted cryptographic module through an LPC bus.
Specifically, as shown in fig. 3, the architecture structure of the server secure boot includes 7 modules, a BMC management system, a trusted cryptography module, a CPLD, a BIOS module, flash, and EEPRAM (Erasable Programmable Random Access Memory, electrically erasable programmable random access memory).
The BMC management system is used as a trusted measurement root of the system platform, a register in the BMC management system is used as a storage position of a measurement result, and the BMC management system is started firstly after the server is powered on. The trusted cryptographic module stores a measurement algorithm, and the main function is to be called for relevant measurement calculation, and the module is connected with the BMC through an LPC bus, and the BMC can access the trusted cryptographic module after power-on. The CPLD is mainly used for controlling the power-on time sequence of a main board power supply of the server, is connected with the BMC through an LPC bus, and can send a time sequence logic control instruction to the CPLD module after the BMC is started so as to power on the related module, thereby realizing the starting of the related module. The BIOS module is mainly used for detecting relevant hardware before a host operating system of the server is started, the BIOS module is connected with the BMC through an SPI bus, and the BMC management system can read relevant firmware codes before the BIOS module is powered on to measure the BIOS module. The Flash memory is an off-chip nonvolatile memory of the BMC management system and is used for storing firmware programs related to the BMC management system. Firmware of the BMC management system is stored in a Flash memory, and is started after the server is powered on. After normal starting, the BMC can call the trusted cryptographic module to measure the integrity of the CPLD firmware, the BIOS firmware and the starting codes of the host operating system, so that the integrity of the program is ensured, the whole trust chain for starting the server is built, and the server is ensured to be started in a safe environment.
On the basis of the above embodiment, the step of comparing the measurement result of the CPLD with the pre-stored reference measurement value of the CPLD in this embodiment further includes: if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, storing the measurement result of the CPLD in a register of the BMC management system; the step of comparing the measurement result of the BIOS module with the pre-stored reference measurement value of the BIOS module further comprises: if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, storing the measurement result of the BIOS module at the back of the measurement result of the CPLD; the step of comparing the measurement result of the boot code of the host operating system with the pre-stored reference measurement value of the boot code further comprises: and if the measurement result of the starting code is consistent with the reference measurement value of the starting code, storing the measurement result of the starting code behind the measurement result of the BIOS module.
Specifically, the starting point of the trust chain model in the trusted computing organization specification is a BIOS module, the BIOS module is used as the starting point of the trust chain, and the BMC and the trusted cryptography module are used as the trusted root in the embodiment, and meanwhile, the trusted root is expanded and advanced as the source point of the trust chain, so that the security of the server can be improved.
In constructing the trust chain, the measurement results of all processes are stored in the same register, and the storage addresses are consecutive. Each module needs to carry out integrity measurement on the previous module before operation, the current module is allowed to load and operate as long as the integrity measurement results are consistent, and the related registers can record the operation state of the whole starting process of the server. If the middle of the trust chain is disconnected, that is, certain modules cannot start the server unless the starting condition is met, the whole process from power-on to starting of the host operating system is ensured to be safe and reliable.
In order to achieve the trusted start of the server in this embodiment, the trusted cryptographic module (Trusted Platform Module, TCM) embedded in the server management system is mainly used to measure the trusted power-on process of the whole server. The BMC management system and the trusted cryptography module are used as a trust root of the server management system, can actively measure and control the system platform, and a trust chain model is shown in fig. 4, and the trust chain establishment process is as follows:
1. firstly, a BMC management system and a trusted cryptography module are firstly electrified and started, after the startup, a program in the BMC management system calls a trusted measurement module to measure the mirror image of the CPLD, the measurement result is compared with a reference measurement value, and if the measurement result is inconsistent with the reference measurement value, the next operation is forbidden; if the measurement results are consistent, the measurement results are stored in the relevant registers of the BMC management system, and the next operation is allowed.
2. After the CPLD is allowed to be electrified, the trusted cryptography module is continuously operated to measure the firmware related to the BIOS module, meanwhile, the measurement result is compared with the reference measurement value, if the measurement result is changed, the BIOS module is forbidden to be started, and meanwhile, alarm information is sent out; if the results are consistent, the measurement result is stored behind the measurement result of the last step, and the CPLD is allowed to power on the BIOS module.
3. After the BIOS obtains control right, firstly, the state detection is carried out on the related hardware of the server host, and after the detection passes, the system of the BIOS module can be successfully started. Then, the trusted cryptography module is called to measure the starting code of the host operating system, the measurement result is also compared with the stored value, and if the starting code is known to have malicious tampering according to the comparison result, the host server system cannot be started; if the results are consistent, the measurement results are also stored after the measurement results of the last step, and the host operating system of the server is allowed to start, so that the server can start normally.
In another embodiment of the present invention, a server security boot device based on BMC is provided, where the device is used to implement the method in the foregoing embodiments. Therefore, the descriptions and definitions in the foregoing embodiments of the secure boot method for a BMC-based server may be used for understanding the respective execution modules in the embodiments of the present invention. Fig. 5 is a schematic structural diagram of a BMC-based server secure boot device according to an embodiment of the present invention, where the device includes a measurement module 501, a power-on module 502, and a boot module 503, where:
The measurement module 501 is used for starting a BMC management system and a trusted cryptographic module, and based on the BMC management system, invoking the trusted cryptographic module to measure a CPLD and a BIOS module, and obtaining measurement results of the CPLD and the BIOS module;
the trusted cryptography module stores a measurement algorithm for performing trusted measurement. In order to realize safe starting of the server, after the server is powered on, a BMC management system and a trusted cryptographic module are started first. After the two modules are started, the measurement module 501 invokes the trusted cryptographic module through the BMC management system to measure the CPLD and the BIOS module, for example, measure the firmware integrity of the CPLD and the BIOS module, and the measurement method is not limited in this embodiment. The BMC management system measures the CPLD and the BIOS module by calling a measurement algorithm in the trusted cryptography module.
The power-on module 502 is configured to control the CPLD to power on the BIOS module if the CPLD is known not to be maliciously damaged according to the measurement result of the CPLD, and the BIOS module is known not to be maliciously damaged according to the measurement result of the BIOS module;
the power-on module 502 determines whether the firmware of the CPLD and the BIOS module is maliciously corrupted according to the metrics of both. The CPLD is allowed to power on only when the firmware of the CPLD is not maliciously destroyed, and is allowed to power on the BIOS only when the firmware of the BIOS module is not maliciously destroyed, namely the firmware is complete. Under the condition that the CPLD and the BIOS module are not damaged maliciously, the CPLD can power on the BIOS and start the BIOS, so that the BIOS can be allowed to control the whole mainboard of the server. If the CPLD and/or the BIOS module is maliciously destroyed, the server cannot be powered on, and meanwhile, alarm information is transmitted to a page of the BMC management system to inform a manager of the server.
The starting module 503 is configured to perform state detection on host hardware of a server based on the BIOS module, and if the state detection passes, measure a starting code of a host operating system of the server based on the BMC management system invoking the trusted cryptographic module, obtain a measurement result of the starting code, and if it is known that the starting code is not modified according to the measurement result of the starting code, start the host operating system.
After the BIOS module is powered on and started and the control right is obtained, state detection is carried out on related hardware of the server host, and whether the state of the hardware is normal or not is detected. If the hardware states are normal, the boot module 503 invokes the trusted cryptographic module through the BMC to measure the boot code of the host operating system of the server. Judging whether the startup code is modified according to the measurement result, if not, allowing the server to start, and giving control right of the BIOS module to a host operating system of the server. If the judgment result is corrected, the host operating system of the server is not allowed to start, and the judgment result is sent to the manager of the server to wait for the next instruction.
According to the embodiment, the added trusted cryptography module and the BMC started in advance are used as the trusted root at the same time, and meanwhile, the trusted root is expanded by being used as a source point of the trusted chain, so that the security of the server is improved; meanwhile, in the process of constructing the trusted chain, the BMC calls the trusted cryptographic module to measure the starting codes of the CPLD, the BIOS and the host operating system, the trusted cryptographic module is directly called by the BMC management system, no additional load is added to realize the operation, the safe starting efficiency of the server is improved, the cost is reduced, the safety and the reliability of the CPLD in the working process are ensured by adding the integrity measurement of the CPLD, the safe and the trusted in the whole starting process of the server are ensured, and the trusted starting of the server is realized.
Fig. 6 illustrates a physical schematic diagram of an electronic device, as shown in fig. 6, which may include: processor 601, communication interface (Communications Interface) 602, memory 603 and communication bus 604, wherein processor 601, communication interface 602, memory 603 complete the communication between each other through communication bus 604. The processor 601 may call logic instructions in the memory 603 to perform the following method: starting a BMC management system and a trusted cryptographic module, and calling the trusted cryptographic module to measure the CPLD and the BIOS module based on the BMC management system to obtain measurement results of the CPLD and the BIOS module; if the CPLD and the BIOS module are not maliciously destroyed according to the measurement results of the CPLD and the BIOS module, controlling the CPLD to power on the BIOS module; and (3) carrying out state detection on the host hardware of the server based on the BIOS module, if the state detection is passed, calling the trusted cryptography module to measure the starting code of the host operating system of the server, obtaining the measurement result of the starting code, and if the starting code is not modified according to the measurement result of the starting code, starting the host operating system.
Further, the logic instructions in the memory 603 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The present embodiment provides a non-transitory computer readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above-described method embodiments, for example, including: starting a BMC management system and a trusted cryptographic module, and calling the trusted cryptographic module to measure the CPLD and the BIOS module based on the BMC management system to obtain measurement results of the CPLD and the BIOS module; if the CPLD and the BIOS module are not maliciously destroyed according to the measurement results of the CPLD and the BIOS module, controlling the CPLD to power on the BIOS module; and (3) carrying out state detection on the host hardware of the server based on the BIOS module, if the state detection is passed, calling the trusted cryptography module to measure the starting code of the host operating system of the server, obtaining the measurement result of the starting code, and if the starting code is not modified according to the measurement result of the starting code, starting the host operating system.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (5)
1. The server safe starting method based on the BMC is characterized by comprising the following steps of:
starting a BMC management system and a trusted cryptographic module, and calling the trusted cryptographic module to measure a CPLD and a BIOS module based on the BMC management system to obtain measurement results of the CPLD and the BIOS module;
if the CPLD is not maliciously damaged according to the measurement result of the CPLD, and the BIOS module is not maliciously damaged according to the measurement result of the BIOS module, the CPLD is controlled to power on the BIOS module;
based on a BIOS module, detecting the state of host hardware of a server, if the state detection is passed, calling the trusted cryptographic module to measure the starting code of a host operating system of the server based on the BMC management system, obtaining a measurement result of the starting code, and if the starting code is not modified according to the measurement result of the starting code, starting the host operating system;
The step of calling the trusted cryptographic module to measure the CPLD and the BIOS based on the BMC management system and obtaining the measurement results of the CPLD and the BIOS comprises the following steps:
based on the BMC management system, invoking the trusted cryptographic module to measure the CPLD, and obtaining a measurement result of the CPLD;
if the CPLD is not maliciously destroyed according to the measurement result of the CPLD, the CPLD is allowed to be electrified, and the trusted cryptographic module is called to measure the BIOS module based on the BMC management system, so as to obtain the measurement result of the BIOS module;
the step of knowing that the CPLD is not maliciously destroyed according to the measurement result of the CPLD includes:
comparing the measurement result of the CPLD with a prestored reference measurement value of the CPLD;
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, the CPLD is known not to be maliciously destroyed, and the CPLD is allowed to be electrified;
if the measurement result of the CPLD is inconsistent with the reference measurement value of the CPLD, the CPLD is not allowed to conduct power-on control;
the step of obtaining that the BIOS module is not maliciously destroyed according to the measurement result of the BIOS module comprises the following steps:
Comparing the measurement result of the BIOS module with a prestored reference measurement value of the BIOS module;
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, the BIOS module is known not to be maliciously destroyed, and the CPLD is allowed to electrify the BIOS module;
if the measurement result of the BIOS module is inconsistent with the reference measurement value of the BIOS module, the CPLD is not allowed to electrify the BIOS module;
the step of knowing that the boot code is unmodified according to the measurement result of the boot code comprises:
comparing the measurement result of the starting code of the host operating system with a pre-stored reference measurement value of the starting code;
if the measurement result of the starting code is consistent with the reference measurement value of the starting code, the starting code is known to be unmodified, and the control right of the BIOS module is handed to the host operating system;
if the measurement result of the starting code is inconsistent with the reference measurement value of the starting code, not starting the host operating system;
the step of comparing the measurement result of the CPLD with the pre-stored reference measurement value of the CPLD further comprises:
If the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, storing the measurement result of the CPLD in a register of the BMC management system;
the step of comparing the measurement result of the BIOS module with the pre-stored reference measurement value of the BIOS module further comprises:
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, storing the measurement result of the BIOS module at the back of the measurement result of the CPLD;
the step of comparing the measurement result of the boot code of the host operating system with the pre-stored reference measurement value of the boot code further comprises:
and if the measurement result of the starting code is consistent with the reference measurement value of the starting code, storing the measurement result of the starting code behind the measurement result of the BIOS module.
2. The BMC-based server secure boot method of claim 1, wherein the step of invoking the trusted cryptographic module based on the BMC management system to measure CPLD and BIOS modules comprises:
based on the BMC management system, measuring CPLD and BIOS modules by calling corresponding algorithms in the trusted cryptographic module; and the BMC management system is connected with the trusted cryptographic module through an LPC bus.
3. A BMC-based server security boot device, comprising:
the measurement module is used for starting a BMC management system and a trusted cryptographic module, and calling the trusted cryptographic module to measure the CPLD and the BIOS module based on the BMC management system to obtain measurement results of the CPLD and the BIOS module;
the power-on module is used for controlling the CPLD to power on the BIOS module if the CPLD is not maliciously damaged according to the measurement result of the CPLD and the BIOS module is not maliciously damaged according to the measurement result of the BIOS module;
the starting module is used for detecting the state of the host hardware of the server based on the BIOS module, if the state detection is passed, the starting code of the host operating system of the server is measured based on the BMC management system calling the trusted cryptographic module, the measurement result of the starting code is obtained, and if the starting code is not modified according to the measurement result of the starting code, the host operating system is started;
the step of calling the trusted cryptographic module to measure the CPLD and the BIOS based on the BMC management system and obtaining the measurement results of the CPLD and the BIOS comprises the following steps:
Based on the BMC management system, invoking the trusted cryptographic module to measure the CPLD, and obtaining a measurement result of the CPLD;
if the CPLD is not maliciously destroyed according to the measurement result of the CPLD, the CPLD is allowed to be electrified, and the trusted cryptographic module is called to measure the BIOS module based on the BMC management system to obtain the measurement result of the BIOS module;
the step of knowing that the CPLD is not maliciously destroyed according to the measurement result of the CPLD includes:
comparing the measurement result of the CPLD with a prestored reference measurement value of the CPLD;
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, the CPLD is known not to be maliciously destroyed, and the CPLD is allowed to be electrified;
if the measurement result of the CPLD is inconsistent with the reference measurement value of the CPLD, the CPLD is not allowed to conduct power-on control;
the step of obtaining that the BIOS module is not maliciously destroyed according to the measurement result of the BIOS module comprises the following steps:
comparing the measurement result of the BIOS module with a prestored reference measurement value of the BIOS module;
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, the BIOS module is known not to be maliciously destroyed, and the CPLD is allowed to electrify the BIOS module;
If the measurement result of the BIOS module is inconsistent with the reference measurement value of the BIOS module, the CPLD is not allowed to electrify the BIOS module;
the step of knowing that the boot code is unmodified according to the measurement result of the boot code comprises:
comparing the measurement result of the starting code of the host operating system with a pre-stored reference measurement value of the starting code;
if the measurement result of the starting code is consistent with the reference measurement value of the starting code, the starting code is known to be unmodified, and the control right of the BIOS module is handed to the host operating system;
if the measurement result of the starting code is inconsistent with the reference measurement value of the starting code, not starting the host operating system;
the step of comparing the measurement result of the CPLD with the pre-stored reference measurement value of the CPLD further comprises:
if the measurement result of the CPLD is consistent with the reference measurement value of the CPLD, storing the measurement result of the CPLD in a register of the BMC management system;
if the measurement result of the BIOS module is consistent with the reference measurement value of the BIOS module, storing the measurement result of the BIOS module at the back of the measurement result of the CPLD;
The step of comparing the measurement result of the boot code of the host operating system with the pre-stored reference measurement value of the boot code further comprises:
and if the measurement result of the starting code is consistent with the reference measurement value of the starting code, storing the measurement result of the starting code behind the measurement result of the BIOS module.
4. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the BMC-based server secure boot method of claim 1 or 2 when the program is executed by the processor.
5. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the BMC-based server secure boot method according to claim 1 or 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911358516.2A CN111158767B (en) | 2019-12-25 | 2019-12-25 | BMC-based server safe starting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911358516.2A CN111158767B (en) | 2019-12-25 | 2019-12-25 | BMC-based server safe starting method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111158767A CN111158767A (en) | 2020-05-15 |
| CN111158767B true CN111158767B (en) | 2023-10-27 |
Family
ID=70558336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911358516.2A Active CN111158767B (en) | 2019-12-25 | 2019-12-25 | BMC-based server safe starting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111158767B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114692159A (en) * | 2020-12-29 | 2022-07-01 | 华为技术有限公司 | Computer system, trusted functional component and operation method |
| CN113282969B (en) * | 2021-05-13 | 2023-10-31 | 中科可控信息产业有限公司 | Device control method, electronic device, and readable storage medium |
| CN113742141B (en) * | 2021-11-04 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Server measuring method and device, computer equipment and storage medium |
| CN114205208B (en) * | 2021-11-05 | 2023-08-18 | 苏州浪潮智能科技有限公司 | Remote-based server batch starting method, device, equipment and medium |
| CN113835770B (en) * | 2021-11-30 | 2022-02-18 | 四川华鲲振宇智能科技有限责任公司 | Online replacement method and system for server management module |
| CN116643640B (en) * | 2023-04-23 | 2024-01-23 | 合芯科技(苏州)有限公司 | Step-by-step power-up method, device, equipment and storage medium of server system |
| CN116628701B (en) * | 2023-05-25 | 2023-11-24 | 合芯科技有限公司 | TPCM (thermoplastic polyurethane) in-place detection method and device, server starting method and server |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451479A (en) * | 2017-07-31 | 2017-12-08 | 浪潮(北京)电子信息产业有限公司 | The construction method and system of a kind of trust chain |
| CN107506663A (en) * | 2017-08-02 | 2017-12-22 | 中电科技(北京)有限公司 | Server security based on credible BMC starts method |
| CN109726562A (en) * | 2019-01-03 | 2019-05-07 | 北京工业大学 | A kind of starting method that server master board based on credible BMC is credible |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8341393B2 (en) * | 2009-12-17 | 2012-12-25 | Lenovo (Singapore) Pte. Ltd. | Security to extend trust |
-
2019
- 2019-12-25 CN CN201911358516.2A patent/CN111158767B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451479A (en) * | 2017-07-31 | 2017-12-08 | 浪潮(北京)电子信息产业有限公司 | The construction method and system of a kind of trust chain |
| CN107506663A (en) * | 2017-08-02 | 2017-12-22 | 中电科技(北京)有限公司 | Server security based on credible BMC starts method |
| CN109726562A (en) * | 2019-01-03 | 2019-05-07 | 北京工业大学 | A kind of starting method that server master board based on credible BMC is credible |
Non-Patent Citations (2)
| Title |
|---|
| 孙亮等.基于可信BMC的服务器安全启动机制.山东大学学报(理学版).2018,第第53卷卷(第第1期期),第89-94页. * |
| 苏振宇.基于国产BMC的服务器安全启动技术研究与实现.信息安全研究.2017,第第3卷卷(第第9期期),第823-831页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111158767A (en) | 2020-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111158767B (en) | BMC-based server safe starting method and device | |
| US11520894B2 (en) | Verifying controller code | |
| US10839080B2 (en) | Hardware-enforced firmware security | |
| EP2989579B1 (en) | Redundant system boot code in a secondary non-volatile memory | |
| CN103718165B (en) | BIOS flash memory attack protection and notice | |
| TWI522838B (en) | Configuring a system | |
| CN102509046B (en) | The operating system effectively measured with the overall situation of dormancy support is started | |
| CN111259401B (en) | Trusted measurement method, device, system, storage medium and computer equipment | |
| US8838952B2 (en) | Information processing apparatus with secure boot capability capable of verification of configuration change | |
| CN110659498A (en) | Trusted computing measurement method, system thereof and computer readable storage medium | |
| CN111950014A (en) | Security measurement method and device for starting server system and server | |
| US9928367B2 (en) | Runtime verification | |
| CN110069361A (en) | Method and device for TPM (trusted platform Module) failover | |
| CN111651769B (en) | Method and device for acquiring measurement of security initiation | |
| EP3185166A1 (en) | Trusted metric method and device | |
| CN111125707A (en) | BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module | |
| CN114692160A (en) | Processing method and device for safe and trusted starting of computer | |
| CN115618360A (en) | Server tamper-proof safe starting method and device | |
| CN110781517B (en) | Method for realizing data interaction by BIOS and BMC communication | |
| CN111506897B (en) | Data processing method and device | |
| US20200143058A1 (en) | Operational verification | |
| CN111625831B (en) | Trusted security measurement method and device | |
| US11269637B2 (en) | Validating machine-readable instructions using an iterative validation process | |
| CN114139168B (en) | TPCM measuring method, device and medium | |
| CN117170721A (en) | FPGA firmware processing method and device based on BMC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |