CN111241602B - FPGA IP core loading method and device and electronic equipment - Google Patents
FPGA IP core loading method and device and electronic equipment Download PDFInfo
- Publication number
- CN111241602B CN111241602B CN201811449677.8A CN201811449677A CN111241602B CN 111241602 B CN111241602 B CN 111241602B CN 201811449677 A CN201811449677 A CN 201811449677A CN 111241602 B CN111241602 B CN 111241602B
- Authority
- CN
- China
- Prior art keywords
- fpga
- bar space
- space information
- physical machine
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides an IP core loading method and device of an FPGA and electronic equipment, wherein the method comprises the following steps: acquiring BAR space information of an FPGA (field programmable gate array) from a management PF (physical processor) of the FPGA inserted on a physical machine; performing correctness verification on the acquired BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine; and if the verification is passed, transmitting the IP core data to the BAR space of the FPGA, and executing the loading flow of the IP core data by the management PF of the FPGA. According to the scheme provided by the embodiment of the invention, the security of loading the IP core to the FPGA can be improved by ensuring the security of the BAR space of the FPGA in the physical machine for providing services for the FPGA.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an IP core loading method and apparatus for an FPGA, and an electronic device.
Background
In the prior art, in a public cloud platform serving as a Field programmable gate array (Field-Programmable Gate Array, FPGA), it is an important link to safely load (this process is also called "programming") an IP core (Intellectual Property core) into the FPGA. The purpose of safe programming is to prevent the IP core from being stolen and protect the intellectual property of users.
Currently, since most public clouds provide services to users with virtual machines, the management PF in the FPGA is invisible to users in the virtual environment, so the process of programming the IP core to the user PF in the FPGA through the management PF is safe. However, with the gradual use of the elastic physical machine (which is provided to the user with the physical machine as a service), since the FPGA device (including the management PF) of the user CPU under the RC (Root Complex) is visible to the user, the existing IP core loading scheme cannot meet the security requirement of loading the FPGA service platform.
Disclosure of Invention
The invention provides an IP core loading method, an IP core loading device and electronic equipment of an FPGA, which can improve the security of loading an IP core into the FPGA by ensuring the security of the BAR space of the FPGA in a physical machine for providing services for the FPGA.
In order to achieve the above purpose, the embodiment of the present invention adopts the following technical scheme:
in a first aspect, an IP core loading method of an FPGA is provided, including:
acquiring BAR space information of an FPGA (field programmable gate array) from a management PF (physical processor) of the FPGA inserted on a physical machine;
performing correctness verification on the acquired BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine;
and if the verification is passed, transmitting the IP core data to the BAR space of the FPGA so that the management PF of the FPGA executes the loading flow of the IP core data.
In a second aspect, another method for loading an IP core of an FPGA is provided, including:
the method comprises the steps of sending BAR space information of an FPGA to management equipment inserted on a physical machine, wherein the FPGA is inserted on the physical machine;
receiving IP core data transmitted to the BAR space of the FPGA by the management equipment, and executing a loading flow of the IP core data;
the IP core data is sent after the management equipment verifies the correctness of the received BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
In a third aspect, an IP core loading apparatus of an FPGA is provided, including:
the information acquisition module is used for acquiring BAR space information of the FPGA from a management PF (physical processor) of the FPGA which is spliced on the physical machine;
the information verification module is used for verifying the correctness of the acquired BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine;
and the data sending module is used for transmitting the IP core data to the BAR space of the FPGA if the verification is passed, so that the management PF of the FPGA executes the loading flow of the IP core data.
In a fourth aspect, another IP core loading apparatus of an FPGA is provided, including:
the information sending module is used for sending BAR space information of the FPGA to the management equipment inserted on the physical machine, and the FPGA is inserted on the physical machine;
and the data processing module is used for receiving the IP core data transmitted to the BAR space of the FPGA by the management equipment and executing the loading flow of the IP core data.
The IP core data is sent after the management equipment verifies the correctness of the received BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
In a fifth aspect, there is provided an electronic device comprising:
a memory for storing a program;
a processor coupled to the memory for executing the program for:
acquiring BAR space information of an FPGA (field programmable gate array) from a management PF (physical processor) of the FPGA inserted on a physical machine;
performing correctness verification on the acquired BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine;
and if the verification is passed, transmitting the IP core data to the BAR space of the FPGA so that the management PF of the FPGA executes the loading flow of the IP core data.
In a sixth aspect, there is provided another electronic device comprising:
a memory for storing a program;
a processor coupled to the memory for executing the program for:
the method comprises the steps of sending BAR space information of an FPGA to management equipment inserted on a physical machine, wherein the FPGA is inserted on the physical machine;
and receiving the IP core data transmitted to the BAR space of the FPGA by the management equipment, and executing the loading flow of the IP core data.
The IP core data is sent after the management equipment verifies the correctness of the received BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
The invention provides an IP core loading method, an IP core loading device and electronic equipment of an FPGA, which are characterized in that before IP core data is transmitted to a BAR space in a management PF of the FPGA inserted on a physical machine, BAR space information stored in the management PF is acquired, correctness verification is carried out on the acquired BAR space information based on original BAR space information configured to the FPGA by an operating system of the physical machine, after verification is passed, the IP core data is transmitted to the BAR space of the FPGA, so that the management PF of the FPGA executes a loading flow of the IP core data, the safety of the whole loading process is improved, and intellectual property of the IP core cannot be maliciously stolen due to modification of the BAR space information.
The foregoing description is only an overview of the technical solutions of the present application, and may be implemented according to the content of the specification in order to make the technical means of the present application more clearly understood, and in order to make the above-mentioned and other objects, features and advantages of the present application more clearly understood, the following detailed description of the present application will be given.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 is a schematic diagram of an IP core loading scheme of an FPGA according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for loading an IP core of an FPGA according to an embodiment of the present invention;
FIG. 3 is a flowchart II of an IP core loading method of an FPGA according to an embodiment of the present invention;
FIG. 4 is a flowchart III of an IP core loading method of an FPGA according to an embodiment of the present invention;
FIG. 5 is a flowchart of a method for loading IP cores of an FPGA according to an embodiment of the present invention;
FIG. 6 is a block diagram of an IP core loader of an FPGA according to an embodiment of the present invention;
FIG. 7 is a second block diagram of an IP core loader of an FPGA according to an embodiment of the present invention;
FIG. 8 is a third block diagram of an IP core loader of an FPGA according to an embodiment of the present invention;
FIG. 9 is a fourth block diagram of an IP core loader of an FPGA according to an embodiment of the present invention;
FIG. 10 is a schematic diagram of an electronic device according to an embodiment of the present invention;
fig. 11 is a schematic diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The embodiment of the invention improves the defect that potential safety hazards exist in the process of loading the IP core to the FPGA because the FPGA equipment (including the management PF) under RC of a CPU (Central processing Unit) of the user is visible to the user when the FPGA is used as a public cloud platform serving the FPGA and a physical machine spliced with the FPGA is used as the service in the prior art, and has the core ideas that before loading the IP core to the FPGA, the BAR space information of the FPGA is acquired, the correctness verification is carried out on the BAR space information, and under the condition that the BAR space information is correct, the IP core data is transmitted to the BAR space of the FPGA, so that the management PF of the FPGA executes the loading flow of the IP core data, the safety of the whole loading process is improved, and the intellectual property of the IP core cannot be maliciously stolen due to the change of the BAR space information.
Based on the above-mentioned scheme idea of loading the IP core of the FPGA, fig. 1 is a schematic diagram of the scheme of loading the IP core of the FPGA according to the embodiment of the present invention. The loading scheme is implemented on a physical machine that can provide services to users through remote links. The physical machine includes: the User CPU is arranged on the management equipment and the FPGA on the physical machine in a plugging mode, and the management equipment and the FPGA can realize mutual access and data transmission through an RC (remote control) channel in the User CPU. The FPGA mainly comprises two physical device areas: managing the PF and the user PF; the management PF manages and controls the user PF, such as loading IP core data for the user PF to update and reconstruct processing logic of the user PF; the user PF is used for providing FPGA service to the user. The management PF and the user PF are both visible to the user when the user is served with a physical machine.
The specific loading process comprises the following steps: after a user initiates loading of IP core data to an FPGA (the user carries out logic updating on a user PF) on a physical machine to a background management server of a cloud, the management equipment needs to transmit the IP core data to a management PF in the FPGA so that the management PF realizes a subsequent IP core loading process; in order to prevent any intervention operation of a User on the FPGA in the process of IP core data transmission and loading, the management equipment can send a pause instruction to the User CPU through an out-of-band channel and suspend the User CPU; the management equipment acquires BAR space information pre-configured to the FPGA by an operating system of the physical machine from a management PF of the FPGA through an RC (remote control) channel, and in order to ensure the safety of the BAR space information in the transmission process, the BAR space information can be encrypted through an encryption module (Encryptor) in the FPGA; after receiving the encrypted BAR space information, the management equipment can decrypt the encrypted BAR space information through a decryption module (Deccrypter), and compares and verifies the decrypted BAR space information with the original BAR space information, if the two BAR space information are consistent, the BAR space address of the FPGA is not tampered, and the FPGA is safe; the management equipment transmits the IP core data to the BAR space corresponding to the FPGA so that the management PF loads the IP core data to realize updating and reconstruction of the user PF.
The technical solution of the present application is further described below by a plurality of embodiments.
Example 1
Based on the above-mentioned scheme idea of the IP core loading of the FPGA, as shown in fig. 2, it is a flowchart of an IP core loading method of the FPGA shown in the embodiment of the present invention, and an execution body of the method may be the management device shown in fig. 1. As shown in fig. 2, the method for loading the IP core of the FPGA includes the following steps:
s210, BAR space information of the FPGA is obtained from a management PF of the FPGA inserted on the physical machine.
The physical machine in the scheme can be a physical machine used for providing services for users in public cloud, and the physical machine is inserted with an FPGA for accelerating the services. The management PF of the FPGA plugged onto the physical machine is visible to the user when providing services to the user in the form of physical machines (as distinguished from virtual machines).
Specifically, before loading the IP core into the FPGA is controlled by the management device plugged into the same physical machine, the management device needs to obtain the BAR space information of the FPGA from the management PF of the FPGA plugged into the same physical machine, so as to confirm whether the BAR space information stored in the management PF in the FPGA is still the original BAR space information configured to the FPGA by the physical machine operating system, so as to confirm the security of the BAR space.
For example, the management device may obtain BAR space information of the FPGA from the management PF of the FPGA plugged into the physical machine through an RC channel of the user CPU in the physical machine. The RC channel of the user CPU is a CPU self-contained functional module and is mainly used for an external board card inserted on a physical machine, for example, the management equipment and the FPGA in the embodiment realize mutual access and data transmission without passing through control logic of the CPU.
S220, verifying the correctness of the acquired BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
After the management device obtains the BAR space information of the FPGA from the management PF of the FPGA inserted on the physical machine, the BAR space information can be compared and verified with the original BAR space information configured to the FPGA by the operating system of the physical machine so as to identify whether the BAR space information stored in the management PF is tampered or not. Once the BAR space information stored in the management PF is tampered, the management device will transmit the BAR space information to the modified BAR space address when transmitting the IP core data, where the address may be a space address that the user can access, so that the user can have a chance to steal the IP core data, resulting in leakage of the IP core data. Therefore, before transmitting the IP core data to the BAR space corresponding to the FPGA, the BAR space information needs to be verified safely.
S230, if the verification is passed, the IP core data is transmitted to the BAR space of the FPGA so that the management PF of the FPGA executes the loading flow of the IP core data.
If the BAR space information stored in the management PF is consistent with the original BAR space information configured by the system to the FPGA, the BAR space pointed by the BAR space information stored in the management PF is safe, namely, verification is passed. The management device can transmit the IP core data to the BAR space of the FPGA so that the management PF of the FPGA executes the loading flow of the IP core data to realize updating and reconstruction of the user PF.
If the acquired BAR space information is inconsistent with the original BAR space information configured to the FPGA by the system, the subsequent IP core data transmission and loading operation is not performed.
Regarding the loading flow of the management PF executing the IP core data, the present solution is not particularly limited to this process, and any loading method described in the prior art may be adopted.
According to the IP core loading method of the FPGA, before IP core data is transmitted to the BAR space in the management PF of the FPGA inserted on the physical machine, the BAR space information stored in the management PF is obtained, the correctness of the obtained BAR space information is verified based on the original BAR space information configured to the FPGA by the operating system of the physical machine, after the verification is passed, the IP core data is transmitted to the BAR space of the FPGA, so that the management PF of the FPGA executes the loading flow of the IP core data, the safety of the whole loading process is improved, and the intellectual property of the IP core cannot be maliciously stolen due to the change of the BAR space information.
Example two
As shown in fig. 3, a flowchart of an IP core loading method of an FPGA according to an embodiment of the present invention is different from the method shown in fig. 2 in that a preferred embodiment of acquiring BAR space information of the FPGA from a management PF of the FPGA plugged into the physical machine is adopted. As shown in fig. 3, the IP core loading method in the FPGA may initially perform the following steps:
s310, BAR space information of the FPGA encrypted by the management PF is obtained from the management PF.
In order to ensure the safety of the BAR space information in the transmission process, the management PF can encrypt the BAR space information corresponding to the FPGA through an encryption module after extracting the BAR space information from the local area, and send the encrypted BAR space information to the management equipment through an RC channel.
The specific method of encryption is not limited in this embodiment.
S320, decrypting the encrypted BAR space information of the FPGA to obtain the BAR space information of the FPGA.
After receiving the encrypted BAR spatial information, the management device decrypts the encrypted BAR spatial information by using a preset key to obtain decrypted BAR spatial information.
After step S320, steps S220 to S230 may be continuously performed.
If decryption fails or the BAR spatial information obtained after decryption is inconsistent with the original BAR spatial information configured to the FPGA by the system, the subsequent IP core data transmission and loading operation is not performed.
In addition, as shown in fig. 4, in order to ensure that the user cannot intercept the transmitted information or data in the process of acquiring the BAR space information of the FPGA and in the process of transmitting the subsequent IP core data, the following steps may be performed before step S210 or S310:
s410, a pause instruction is sent to the user CPU through an out-of-band channel communicated with the user CPU of the physical machine, and the user CPU is suspended.
Before the management device obtains the BAR space information of the FPGA from the management PF of the FPGA inserted on the physical machine, the management device can initiate a pause instruction (pause instruction) to the user CPU through an out-of-band channel (a data transmission channel provided by a non-operating system) to suspend the user CPU, thereby prohibiting the user from performing any operation on the physical machine, ensuring that the whole loading process is not interfered by the user, and improving the security of IP core loading.
Compared with the method shown in fig. 2, the method further includes obtaining the BAR space information of the FPGA encrypted by the management PF from the management PF, and decrypting the BAR space information of the FPGA encrypted to obtain the BAR space information of the FPGA, so as to ensure the security of the BAR space information of the FPGA in the transmission process.
Further, before the BAR space information of the FPGA is acquired from the management PF of the FPGA inserted on the physical machine, a pause instruction is initiated to the user CPU through an out-of-band channel communicated with the user CPU of the physical machine, the user CPU is suspended, any operation of the physical machine by a user is forbidden, the whole loading process is ensured not to be interfered by the user, and the security of loading the IP core is improved.
Example III
Based on the above-mentioned scheme idea of loading the IP core of the FPGA, as shown in fig. 5, which is a flowchart of a method for loading the IP core of the FPGA shown in the embodiment of the present invention, an execution body of the method may be the FPGA shown in fig. 1, and specifically may be a management PF in the FPGA. As shown in fig. 5, the IP core loading method of the FPGA includes the following steps:
s510, sending BAR space information of the FPGA to management equipment plugged on the physical machine, wherein the FPGA is plugged on the physical machine.
The physical machine in the scheme can be a physical machine used for providing services for users in public cloud, and the physical machine is inserted with an FPGA for accelerating the services. The management PF of the FPGA plugged onto the physical machine is visible to the user when providing services to the user in the form of physical machines (as distinguished from virtual machines).
Specifically, before loading the IP core into the FPGA is controlled by the management device plugged into the same physical machine, the management device needs to obtain the BAR space information of the FPGA from the management PF of the FPGA plugged into the same physical machine, so as to confirm whether the BAR space information stored in the management PF in the FPGA is still the original BAR space information configured to the FPGA by the physical machine operating system, so as to confirm the security of the BAR space.
For example, the management device may send a request to the management PF of the FPGA to obtain BAR space information stored in the management PF through an RC channel of the user CPU in the physical machine. After receiving the request, the management PF obtains BAR space information of the FPGA locally and sends the BAR space information to the management equipment through an RC channel of a user CPU in the physical machine. The RC channel of the user CPU is a CPU self-contained functional module and is mainly used for an external board card inserted on a physical machine, for example, the management equipment and the FPGA in the embodiment realize mutual access and data transmission without passing through control logic of the CPU.
S520, receiving the IP core data transmitted to the BAR space of the FPGA by the management equipment, and executing the loading flow of the IP core data.
The IP core data is sent after the received BAR space information is subjected to correctness verification based on the original BAR space information configured to the FPGA by the operating system of the physical machine by the management equipment.
Specifically, after the management device obtains the BAR space information of the FPGA from the management PF of the FPGA plugged in the physical machine, the management device can compare and verify the BAR space information with the original BAR space information configured to the FPGA by the operating system of the physical machine, so as to identify whether the BAR space information stored in the management PF is tampered. Once the BAR space information stored in the management PF is tampered, the management device will transmit the BAR space information to the modified BAR space address when transmitting the IP core data, where the address may be a space address that the user can access, so that the user can have a chance to steal the IP core data, resulting in leakage of the IP core data. Therefore, before transmitting the IP core data to the BAR space corresponding to the FPGA, the BAR space information needs to be verified safely.
If the BAR space information stored in the management PF is consistent with the original BAR space information configured by the system to the FPGA, the BAR space pointed by the BAR space information stored in the management PF is safe, namely, verification is passed. The management device can transmit the IP core data to the BAR space of the FPGA so that the management PF of the FPGA executes the loading flow of the IP core data to realize updating and reconstruction of the user PF.
If the BAR space information acquired by the management equipment is inconsistent with the original BAR space information configured to the FPGA by the system, the verification fails, and the subsequent transmission of the IP core data and the loading operation of the IP core data are not performed.
Thus, if the management PF receives IP core data that the management device transmits to the BAR space of the FPGA, it indicates that the BAR space information of the FPGA previously sent to the management device is correct. The management PF executes a loading flow of the IP core data based on the IP core data sent to the BAR space by the management device.
Regarding the loading flow of the management PF executing the IP core data, the present solution is not particularly limited to this process, and any loading method described in the prior art may be adopted.
Further, in order to ensure the safety of the BAR space information in the transmission process, the management PF may encrypt the BAR space information corresponding to the FPGA by an encryption module after extracting the BAR space information from the local place, and send the encrypted BAR space information to the management device through, for example, an RC path.
The specific method of encryption is not limited in this embodiment.
The management equipment decrypts the received encrypted BAR space information, and verifies the correctness of the decrypted BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine. And if the verification is passed, transmitting the IP core data to the BAR space of the FPGA so that the management PF of the FPGA executes the loading flow of the IP core data.
According to the IP core loading method of the FPGA, the BAR space information of the FPGA is sent to the management equipment inserted on the physical machine, and the FPGA is inserted on the physical machine; receiving IP core data transmitted to the BAR space of the FPGA by the management equipment, and executing a loading flow of the IP core data; the IP core data is sent after the received BAR space information is subjected to correctness verification based on the original BAR space information configured to the FPGA by the operating system of the physical machine by the management equipment. The scheme can improve the safety of the whole loading process, and ensures that the intellectual property of the IP core cannot be maliciously stolen due to the change of BAR space information.
Further, the BAR space information of the FPGA encrypted by the management PF is sent to the management equipment, so that the management equipment decrypts the BAR space information of the encrypted FPGA to obtain the BAR space information of the FPGA, and the security of the BAR space information of the FPGA in the transmission process is ensured.
Example IV
As shown in fig. 6, a first structure diagram of an IP core loading device of an FPGA according to an embodiment of the present invention is shown, where the IP core loading device of the FPGA may be disposed in the management device shown in fig. 1, and is configured to perform the method steps shown in fig. 2, and includes:
the information acquisition module 610 is configured to acquire BAR space information of an FPGA from a management PF of the FPGA plugged into the physical machine;
the information verification module 620 is configured to verify the correctness of the obtained BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine;
and the data sending module 630 is configured to, if the verification is passed, transmit the IP core data to the BAR space of the FPGA, so that the management PF of the FPGA executes a loading procedure of the IP core data.
Further, the information obtaining module 610 may be specifically configured to obtain, through an RC channel of a user CPU in the physical machine, BAR space information of the FPGA from a management PF of the FPGA plugged into the physical machine.
Further, as shown in fig. 7, the information obtaining module 610 may include:
an information obtaining unit 710, configured to obtain BAR space information of the FPGA encrypted by the management PF from the management PF;
and the information decryption unit 720 is configured to decrypt the BAR space information of the encrypted FPGA to obtain the BAR space information of the FPGA.
The IP core loading device of the FPGA shown in fig. 7 may be used to perform the method steps as shown in fig. 3.
Further, as shown in fig. 8, the IP core loading device of the FPGA may further include:
the CPU suspension module 810 is configured to initiate a suspension instruction to the user CPU through an out-of-band path that is in communication with the user CPU of the physical machine, and suspend the user CPU.
The IP core loading device of the FPGA shown in fig. 8 may be used to perform the method steps shown in fig. 4.
According to the IP core loading device of the FPGA, before IP core data is transmitted to the BAR space in the management PF of the FPGA inserted on the physical machine, the BAR space information stored in the management PF is obtained, the correctness of the obtained BAR space information is verified based on the original BAR space information configured to the FPGA by the operating system of the physical machine, after the verification is passed, the IP core data is transmitted to the BAR space of the FPGA, so that the management PF of the FPGA executes the loading flow of the IP core data, the safety of the whole loading process is improved, and the intellectual property of the IP core cannot be maliciously stolen due to the change of the BAR space information.
Further, the BAR space information of the FPGA encrypted by the management PF is obtained from the management PF, and the encrypted BAR space information of the FPGA is decrypted to obtain the BAR space information of the FPGA, so that the safety of the BAR space information of the FPGA in the transmission process is ensured.
Further, before the BAR space information of the FPGA is acquired from the management PF of the FPGA inserted on the physical machine, a pause instruction is initiated to the user CPU through an out-of-band channel communicated with the user CPU of the physical machine, the user CPU is suspended, any operation of the physical machine by a user is forbidden, the whole loading process is ensured not to be interfered by the user, and the security of loading the IP core is improved.
Example five
As shown in fig. 9, a structure diagram of an IP core loading device of an FPGA according to an embodiment of the present invention is four, where the IP core loading device of the FPGA may be disposed in the FPGA shown in fig. 1, and is configured to perform the method steps shown in fig. 5, and includes:
the information sending module 910 is configured to send BAR space information of the FPGA to a management device plugged on the physical machine, where the FPGA is plugged on the physical machine;
the data processing module 920 is configured to receive the IP core data transmitted by the management device to the BAR space of the FPGA, and execute a loading procedure of the IP core data.
The IP core data is sent out after the management equipment verifies the correctness of the received BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
Further, the information sending module 910 may be specifically configured to send BAR space information of the FPGA to a management device plugged into the physical machine through an RC channel of a user CPU in the physical machine.
Further, the information sending module 910 may be specifically configured to send BAR space information of the encrypted FPGA to a management device plugged on the physical machine;
correspondingly, the IP core data is sent after the management equipment decrypts the received encrypted BAR space information, and the correctness of the decrypted BAR space information is verified based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
According to the IP core loading device of the FPGA, the FPGA is spliced on the physical machine by sending the BAR space information of the FPGA to the management equipment spliced on the physical machine; receiving IP core data transmitted to the BAR space of the FPGA by the management equipment, and executing a loading flow of the IP core data; the IP core data is sent after the received BAR space information is subjected to correctness verification based on the original BAR space information configured to the FPGA by the operating system of the physical machine by the management equipment. The scheme can improve the safety of the whole loading process, and ensures that the intellectual property of the IP core cannot be maliciously stolen due to the change of BAR space information.
Further, the BAR space information of the FPGA encrypted by the management PF is sent to the management equipment, so that the management equipment decrypts the BAR space information of the encrypted FPGA to obtain the BAR space information of the FPGA, and the security of the BAR space information of the FPGA in the transmission process is ensured.
Example six
The fourth embodiment describes the overall architecture of the IP core loading device of the FPGA, and the functions of the device may be completed by means of an electronic device, as shown in fig. 10, which is a schematic structural diagram of the electronic device according to the embodiment of the present invention, and specifically includes: a memory 101 and a processor 102.
A memory 101 for storing a program.
In addition to the programs described above, the memory 101 may also be configured to store various other data to support operations on the electronic device. Examples of such data include instructions for any application or method operating on the electronic device, contact data, phonebook data, messages, pictures, videos, and the like.
The memory 101 may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
A processor 102, coupled to the memory 101, for executing programs in the memory 101 for:
acquiring BAR space information of the FPGA from a management PF of the FPGA inserted on the physical machine;
the method comprises the steps that based on original BAR space information configured to an FPGA by an operating system of a physical machine, correctness verification is carried out on the obtained BAR space information;
and if the verification is passed, transmitting the IP core data to the BAR space of the FPGA so that the management PF of the FPGA executes the loading flow of the IP core data.
The specific processing operations described above have been described in detail in the previous embodiments, and are not repeated here.
Further, as shown in fig. 10, the electronic device may further include: communication component 103, power component 104, audio component 105, display 106, and other components. Only some of the components are schematically shown in fig. 10, which does not mean that the electronic device only comprises the components shown in fig. 10.
The communication component 103 is configured to facilitate communication between the electronic device and other devices, either wired or wireless. The electronic device may access a wireless network based on a communication standard, such as WiFi,2G, or 3G, or a combination thereof. In one exemplary embodiment, the communication component 103 receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 103 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
A power supply assembly 104 provides power to the various components of the electronic device. The power components 104 can include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for electronic devices.
The audio component 105 is configured to output and/or input audio signals. For example, the audio component 105 includes a Microphone (MIC) configured to receive external audio signals when the electronic device is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signal may be further stored in the memory 101 or transmitted via the communication component 103. In some embodiments, the audio component 105 further comprises a speaker for outputting audio signals.
The display 106 includes a screen, which may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or sliding action, but also the duration and pressure associated with the touch or sliding operation.
Example seven
The fifth embodiment describes the overall architecture of the IP core loading device of the FPGA, and the functions of the device may be implemented by means of an electronic device, as shown in fig. 11, which is a schematic structural diagram of the electronic device according to the embodiment of the present invention, and specifically includes: a memory 111 and a processor 112.
A memory 111 for storing a program.
In addition to the programs described above, the memory 111 may also be configured to store other various data to support operations on the electronic device. Examples of such data include instructions for any application or method operating on the electronic device, contact data, phonebook data, messages, pictures, videos, and the like.
The memory 111 may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
A processor 112 coupled to the memory 111 for executing programs in the memory 111 for:
the method comprises the steps of sending BAR space information of an FPGA to management equipment inserted on a physical machine, wherein the FPGA is inserted on the physical machine;
and receiving the IP core data transmitted to the BAR space of the FPGA by the management equipment, and executing the loading flow of the IP core data.
The IP core data is sent after the received BAR space information is subjected to correctness verification based on the original BAR space information configured to the FPGA by the operating system of the physical machine by the management equipment.
The specific processing operations described above have been described in detail in the previous embodiments, and are not repeated here.
Further, as shown in fig. 11, the electronic device may further include: communication component 113, power component 114, audio component 115, display 116, and other components. Only some of the components are schematically shown in fig. 11, which does not mean that the electronic device only comprises the components shown in fig. 11.
The communication component 113 is configured to facilitate communication between the electronic device and other devices, either wired or wireless. The electronic device may access a wireless network based on a communication standard, such as WiFi,2G, or 3G, or a combination thereof. In one exemplary embodiment, the communication component 113 receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 113 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
A power supply assembly 114 provides power to the various components of the electronic device. The power components 114 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for electronic devices.
The audio component 115 is configured to output and/or input audio signals. For example, the audio component 115 includes a Microphone (MIC) configured to receive external audio signals when the electronic device is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 111 or transmitted via the communication component 113. In some embodiments, audio component 115 further comprises a speaker for outputting audio signals.
The display 116 includes a screen, which may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or sliding action, but also the duration and pressure associated with the touch or sliding operation.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
Claims (16)
1. An IP core loading method of an FPGA, comprising:
acquiring BAR space information of an FPGA from management physical functions of the FPGA inserted on a physical machine;
performing correctness verification on the acquired BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine;
and if the verification is passed, transmitting the IP core data to the BAR space of the FPGA so that the management physical function of the FPGA executes the loading flow of the IP core data.
2. The method of claim 1, wherein the obtaining BAR space information of the FPGA from a management physical function of the FPGA plugged onto a physical machine comprises:
and acquiring BAR space information of the FPGA from the management physical function of the FPGA inserted on the physical machine through an RC channel of a user CPU in the physical machine.
3. The method according to claim 1 or 2, wherein the acquiring BAR space information of the FPGA from the management physical function of the FPGA plugged on the physical machine comprises:
acquiring BAR space information of the FPGA encrypted by the management physical function from the management physical function;
and decrypting the encrypted BAR space information of the FPGA to obtain the BAR space information of the FPGA.
4. The method according to claim 1 or 2, wherein before the BAR space information of the FPGA is obtained from the management physical function of the FPGA plugged into the physical machine, the method further comprises:
and initiating a pause instruction to the user CPU through an out-of-band channel communicated with the user CPU of the physical machine, and suspending the user CPU.
5. An IP core loading method of an FPGA, comprising:
the method comprises the steps of sending BAR space information of an FPGA to management equipment inserted on a physical machine, wherein the FPGA is inserted on the physical machine;
receiving IP core data transmitted to the BAR space of the FPGA by the management equipment, and executing a loading flow of the IP core data;
the IP core data is sent after the management equipment verifies the correctness of the received BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
6. The method of claim 5, wherein the sending BAR space information of the FPGA to a management device plugged onto the physical machine comprises:
and sending BAR space information of the FPGA to management equipment inserted on the physical machine through an RC channel of a user CPU in the physical machine.
7. The method of claim 5 or 6, wherein the sending BAR space information of the FPGA to the management device plugged onto the physical machine comprises:
sending the encrypted BAR space information of the FPGA to the management equipment inserted on the physical machine;
the IP core data is sent after the management equipment decrypts the received encrypted BAR space information, and the decrypted BAR space information is subjected to correctness verification based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
8. An IP core loading apparatus of an FPGA, comprising:
the information acquisition module is used for acquiring BAR space information of the FPGA from management physical functions of the FPGA inserted on the physical machine;
the information verification module is used for verifying the correctness of the acquired BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine;
and the data sending module is used for transmitting the IP core data to the BAR space of the FPGA if the verification is passed, so that the management physical function of the FPGA executes the loading flow of the IP core data.
9. The device of claim 8, wherein the information obtaining module is specifically configured to obtain, through an RC channel of a user CPU in the physical machine, BAR space information of the FPGA from a management physical function of the FPGA plugged into the physical machine.
10. The apparatus of claim 8 or 9, wherein the information acquisition module comprises:
an information obtaining unit, configured to obtain BAR space information of the FPGA encrypted by the management physical function from the management physical function;
and the information decryption unit is used for decrypting the encrypted BAR space information of the FPGA to obtain the BAR space information of the FPGA.
11. The apparatus according to claim 8 or 9, wherein the apparatus further comprises:
and the CPU suspension module is used for initiating a suspension instruction to the user CPU through an out-of-band channel communicated with the user CPU of the physical machine and suspending the user CPU.
12. An IP core loading apparatus of an FPGA, comprising:
the information sending module is used for sending BAR space information of the FPGA to the management equipment inserted on the physical machine, and the FPGA is inserted on the physical machine;
the data processing module is used for receiving the IP core data transmitted to the BAR space of the FPGA by the management equipment and executing the loading flow of the IP core data;
the IP core data is sent after the management equipment verifies the correctness of the received BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
13. The device of claim 12, wherein the information sending module is specifically configured to send BAR space information of the FPGA to a management device plugged into the physical machine through an RC channel of a user CPU in the physical machine.
14. The device according to claim 12 or 13, wherein the information sending module is specifically configured to send the BAR space information of the FPGA after encryption to the management apparatus plugged on the physical machine;
the IP core data is sent after the management equipment decrypts the received encrypted BAR space information, and the decrypted BAR space information is subjected to correctness verification based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
15. An electronic device, comprising:
a memory for storing a program;
a processor coupled to the memory for executing the program for:
acquiring BAR space information of an FPGA from management physical functions of the FPGA inserted on a physical machine;
performing correctness verification on the acquired BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine;
and if the verification is passed, transmitting the IP core data to the BAR space of the FPGA so that the management physical function of the FPGA executes the loading flow of the IP core data.
16. An electronic device, comprising:
a memory for storing a program;
a processor coupled to the memory for executing the program for:
the method comprises the steps of sending BAR space information of an FPGA to management equipment inserted on a physical machine, wherein the FPGA is inserted on the physical machine;
receiving IP core data transmitted to the BAR space of the FPGA by the management equipment, and executing a loading flow of the IP core data;
the IP core data is sent after the management equipment verifies the correctness of the received BAR space information based on the original BAR space information configured to the FPGA by the operating system of the physical machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811449677.8A CN111241602B (en) | 2018-11-29 | 2018-11-29 | FPGA IP core loading method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811449677.8A CN111241602B (en) | 2018-11-29 | 2018-11-29 | FPGA IP core loading method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111241602A CN111241602A (en) | 2020-06-05 |
| CN111241602B true CN111241602B (en) | 2023-05-02 |
Family
ID=70863818
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811449677.8A Active CN111241602B (en) | 2018-11-29 | 2018-11-29 | FPGA IP core loading method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111241602B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7788502B1 (en) * | 2005-03-10 | 2010-08-31 | Xilinx, Inc. | Method and system for secure exchange of IP cores |
| US7971072B1 (en) * | 2005-03-10 | 2011-06-28 | Xilinx, Inc. | Secure exchange of IP cores |
| CN103473508A (en) * | 2013-09-17 | 2013-12-25 | 肖楠 | Security verification method during kernel operation of operation system |
| CN103530169A (en) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | Method for protecting virtual machine files and user terminal |
| CN103714034A (en) * | 2013-12-26 | 2014-04-09 | 中国船舶重工集团公司第七0九研究所 | SOC applied to PC system |
| CN104169897A (en) * | 2012-03-02 | 2014-11-26 | 国际商业机器公司 | Decode data for fast pci express multi-function device address decode |
| CN105208380A (en) * | 2015-10-20 | 2015-12-30 | 硅谷数模半导体(北京)有限公司 | Verification platform and system |
| CN106815031A (en) * | 2017-02-22 | 2017-06-09 | 百度在线网络技术(北京)有限公司 | Kernel module loading method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10248468B2 (en) * | 2016-01-11 | 2019-04-02 | International Business Machines Corporation | Using hypervisor for PCI device memory mapping |
-
2018
- 2018-11-29 CN CN201811449677.8A patent/CN111241602B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7788502B1 (en) * | 2005-03-10 | 2010-08-31 | Xilinx, Inc. | Method and system for secure exchange of IP cores |
| US7971072B1 (en) * | 2005-03-10 | 2011-06-28 | Xilinx, Inc. | Secure exchange of IP cores |
| CN104169897A (en) * | 2012-03-02 | 2014-11-26 | 国际商业机器公司 | Decode data for fast pci express multi-function device address decode |
| CN103473508A (en) * | 2013-09-17 | 2013-12-25 | 肖楠 | Security verification method during kernel operation of operation system |
| CN103530169A (en) * | 2013-10-22 | 2014-01-22 | 中国联合网络通信集团有限公司 | Method for protecting virtual machine files and user terminal |
| CN103714034A (en) * | 2013-12-26 | 2014-04-09 | 中国船舶重工集团公司第七0九研究所 | SOC applied to PC system |
| CN105208380A (en) * | 2015-10-20 | 2015-12-30 | 硅谷数模半导体(北京)有限公司 | Verification platform and system |
| CN106815031A (en) * | 2017-02-22 | 2017-06-09 | 百度在线网络技术(北京)有限公司 | Kernel module loading method and device |
Non-Patent Citations (1)
| Title |
|---|
| 姚洁 ; 孔祥营 ; 王桂强 ; .一种基于Avalon总线PCI从设备IP核设计.电子测量技术.2016,(第02期),第148-152页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111241602A (en) | 2020-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10715654B1 (en) | Methods and devices for secure authentication to a compute device | |
| CN108595970B (en) | Configuration method and device of processing assembly, terminal and storage medium | |
| US10361857B2 (en) | Electronic stamp system for security intensification, control method thereof, and non-transitory computer readable storage medium having computer program recorded thereon | |
| US10275581B2 (en) | Method and apparatus for sharing content between electronic devices | |
| CN105391840B (en) | Automatically create destination application | |
| KR101941049B1 (en) | Method and system for encrypted communications | |
| US10880736B2 (en) | Method and apparatus for transmitting and receiving encrypted message between terminals | |
| CN102780689B (en) | Service is played up for remote access to application | |
| CN104954126B (en) | Sensitive operation verification method, device and system | |
| TW201214145A (en) | Booting and configuring a subsystem securely from non-local storage | |
| CN104115152A (en) | Method and apparatus for protecting digital content using device authentication | |
| US20170060595A1 (en) | Computing device to securely activate or revoke a key | |
| CN107124279B (en) | Method and device for erasing terminal data | |
| KR20170124953A (en) | Method and system for automating user authentication with decrypting encrypted OTP using fingerprint in mobile phone | |
| KR20150067876A (en) | display appratus and user terminal device and method for communicating the same | |
| CN105516136A (en) | Authority management method, device and system | |
| CN114760112A (en) | Wireless local area network-oriented intelligent household equipment network access method, system, equipment and storage medium | |
| CN113055169B (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN111130805B (en) | Secure transmission method, electronic device, and computer-readable storage medium | |
| CN109474929B (en) | Power consumption mode adjusting method and device, electronic equipment and computer readable storage medium | |
| CN111241602B (en) | FPGA IP core loading method and device and electronic equipment | |
| CN113472737B (en) | Data processing method and device of edge equipment and electronic equipment | |
| US20200272769A1 (en) | Methods and apparatus for performing secure back-up and restore | |
| CN112054890B (en) | Screen configuration file export and import method and device and broadcasting control equipment | |
| KR102403759B1 (en) | System for providing electronic payment by authenticating patient and using card information, method thereof and non-transitory computer readable medium having computer program recorded thereon |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |