CN111310192B - Data processing method, device, storage medium and processor - Google Patents
Data processing method, device, storage medium and processor Download PDFInfo
- Publication number
- CN111310192B CN111310192B CN202010088886.5A CN202010088886A CN111310192B CN 111310192 B CN111310192 B CN 111310192B CN 202010088886 A CN202010088886 A CN 202010088886A CN 111310192 B CN111310192 B CN 111310192B
- Authority
- CN
- China
- Prior art keywords
- interface
- control module
- platform control
- trusted platform
- tpcm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The invention discloses a data processing method, a data processing device, a storage medium and a processor. The method comprises the following steps: acquiring system service information, wherein the system service information is used for realizing the business function of a trusted platform control module; determining a target interface corresponding to the system service information from at least one interface, wherein the trusted platform control module comprises at least one interface; and converting the system service information into a target function instruction through the target interface, and controlling the trusted platform control module to execute the service function through the target function instruction. The invention solves the technical problem of low adaptability of the trusted platform control module.
Description
Technical Field
The present invention relates to the field of computers, and in particular, to a data processing method, apparatus, storage medium, and processor.
Background
At present, a Trusted Platform Control Module (TPCM) is generally designed as a whole, functions such as integrity measurement, secure storage, Trusted reports, cryptographic services and the like are provided for a Trusted computing Platform, and a hierarchical design is not performed, so that a hardware structure adopted by the Trusted Platform Control module is generally required to be considered when the Trusted Platform Control module realizes a service function, thereby reducing the adaptability of the Trusted Platform Control module, and further failing to meet the requirements of the Trusted Platform Control module for realization in various physical scenes.
Aiming at the technical problem of low adaptability of the trusted platform control module, an effective solution is not provided at present.
Disclosure of Invention
The embodiment of the invention provides a data processing method, a data processing device, a storage medium and a processor, which are used for at least solving the technical problem of low adaptability of a trusted platform control module.
According to an aspect of an embodiment of the present invention, there is provided a data processing method. The method can comprise the following steps: acquiring system service information, wherein the system service information is used for realizing the business function of a trusted platform control module; determining a target interface corresponding to the system service information from at least one interface, wherein the trusted platform control module comprises at least one interface; and converting the system service information into a target function instruction through the target interface, and controlling the trusted platform control module to execute the service function through the target function instruction.
Optionally, the target interface comprises at least one of: the system comprises a first interface, a trusted platform control module and a second interface, wherein the first interface is used for converting system service information into operation function instructions, the target function instructions comprise operation function instructions, and the operation function instructions are used for providing execution environments for the trusted platform control module; the second interface is used for converting the system service information into a driving function instruction, wherein the target function instruction comprises the driving function instruction, and the driving function instruction is used for providing a function of accessing the flash memory for the trusted platform control module; and the third interface is used for converting the system service information into a communication function instruction, wherein the target function instruction comprises the communication function instruction, and the communication function instruction is used for enabling the trusted platform control module to communicate with the host.
Optionally, the first interface is implemented by a constructor function pointer.
Optionally, the first interface comprises at least one of: a host memory access interface for accessing a host memory; the interrupt switch interface is used for receiving a command sent by the host computer in an interrupt mode; the local memory management interface is used for allocating and releasing the memory; the debugging information output interface is used for outputting the formatting information; a random number generation interface for generating a random number; the time acquisition interface is used for acquiring the time of the trusted platform control module after starting; the memory use information acquisition interface is used for returning the memory use information of the trusted platform control module; the information acquisition interface of the central processing unit is used for acquiring the information of the running central processing unit; the system delay interface is used for controlling the running delay target time period of the central processing unit; and the cache cleaning interface of the central processing unit is used for cleaning the cache of the central processing unit.
Optionally, the host memory access interface is configured to perform one of the following steps to access the host memory: mapping a physical address of a host memory into a virtual address of a trusted platform control module for access; and copying the host memory into the memory of the trusted platform control module to simulate mapping access.
Optionally, the interrupt switch interface is configured to turn off when the trusted platform control module performs a critical task.
Optionally, the local memory management interface is configured to allocate and release the memory by: memory is allocated and freed from the heap.
Optionally, the debug information output interface is configured to output the formatted information by: and outputting the formatted information to a debugging port to realize serial port printing.
Optionally, the random number generation interface is configured to generate the random number by: and generating a true random number, wherein the true random number meets the calculation requirement of the trusted password.
Optionally, the time obtaining interface is configured to obtain the time of the trusted platform control module after the booting by: the duration of time, expressed in seconds or milliseconds, after boot-up is obtained for the trusted platform control module.
Optionally, the memory usage information obtaining interface is configured to return the memory usage information of the trusted platform control module by: and returning the total memory quantity of the trusted platform control module and the used memory quantity of the trusted platform control module.
Optionally, the information obtaining interface of the central processing unit is used for obtaining the information of the running central processing unit by the following steps: and acquiring the number of the central processing unit.
Optionally, when the system delay interface controls the delay of the central processing unit, the central processing unit is controlled to continue to operate in response to the interrupt command.
Optionally, the cache cleaning interface of the central processing unit is used for cleaning the cache of the central processing unit by: when the trusted platform control module accesses the host memory, the cache of the central processing unit is cleared under the condition that the cache of the central processing unit is inconsistent with the data of the host memory.
Optionally, the second interface is for implementing the function of accessing the flash memory with the separate data segments, wherein the different data segments are stored on different flash memory chips.
Optionally, the second interface comprises at least one of: the flash memory reading interface is used for reading data with a first preset length; the flash memory writing interface is used for writing data with a second preset length; the flash memory erasing interface is used for erasing the first data; the flash memory erasing interface is used for erasing the second data firstly and then writing the third data in; and the flash memory area length returning interface is used for returning the length of the flash memory area.
Optionally, the flash memory read interface is for reading data of a first predetermined length by: data of a first predetermined length is read in accordance with the first predetermined area and the first offset.
Optionally, the flash memory write interface is for writing data of a second predetermined length by: and writing data of a second predetermined length according to the second predetermined area and the second offset.
Optionally, the flash erase interface is for erasing the first data by: the first data is erased according to the third predetermined area and the third offset.
Optionally, the flash memory interface is configured to erase the second data first and then write the third data by: and erasing the second data in a fourth preset area, and writing the third data in the fourth preset area, wherein the length of the second data is greater than that of the third data.
Optionally, the third interface is used to enable communication between the trusted platform control module and the host.
Optionally, the third interface comprises at least one of: the command processing callback interface is used for interrupting the execution of a main program of the trusted platform control module; the command information description interface is used for storing the command information of the trusted platform control module; a command mapping interface for mapping the input parameter address and the output parameter address to a virtual address accessible by the trusted platform control module; the asynchronous command completion notification interface is used for sending a first notification message to the host when the asynchronous processing command is completed; a command release interface for releasing the resource associated with the command information after the command information processing is completed; a measurement result sending interface for sending a second notification message after the measurement operation is completed; and the message sending interface is used for sending the third notification message to the computing subsystem.
Optionally, the command processing callback interface is for interrupting execution of a main program of the trusted platform control module by: and interrupting the execution of the main program of the trusted platform control module in the interrupt processing function.
Optionally, the command information specification interface is configured to save the command information of the trusted platform control module by the following steps; and storing the command information of the trusted platform control module through the structure body.
Optionally, the command mapping interface is to map the input parameter address and the output parameter address to a virtual address accessible to the trusted platform control module by: in the event that the input parameter address and the output parameter address are not directly accessible, mapping the input parameter address and the output parameter address to a virtual address.
Optionally, the first notification message is obtained by negotiating between the asynchronous command completion notification interface and the driver interface of the host.
Optionally, the command release interface retains data of the command information in the memory.
Optionally, the second notification message is used to wake up the central processor of the host.
Optionally, the message sending interface is configured to send the third notification message to the computing subsystem by: an interrupt request message is sent to a central processor of the compute subsystem.
Optionally, the controlling, by the target function instruction, the trusted platform control module to execute the service function includes: and responding to the target function instruction, and measuring the calculation subsystem to obtain a measurement result.
Optionally, in response to the target function instruction, performing measurement on the computing subsystem to obtain a measurement result, including: acquiring behavior data of a computing subsystem; and responding to the target function instruction, and measuring the computing subsystem through the behavior data to obtain a measurement result.
Optionally, the trusted platform control module adopts a layered design structure and is divided into a system layer and a service layer through at least one interface, wherein the system layer of the trusted platform control module is used for providing system service information, and the service layer of the trusted platform control module is used for controlling the trusted platform control module to execute a service function through the target function instruction.
Optionally, the controlling, by the target function instruction, the trusted platform control module to execute the service function includes: and responding to the target function instruction, and carrying out measurement check and control on the starting process and the running process of the host by a measurement service layer of the trusted platform control module by calling a target interface.
Optionally, the controlling, by the target function instruction, the trusted platform control module to execute the service function includes: and responding to the target function instruction, and providing a trusted password service for the trusted platform control module by calling the target interface by the trusted password service layer of the trusted platform control module.
According to another aspect of the embodiments of the present invention, there is provided a data processing apparatus. The device includes: the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring system service information, and the system service information is used for realizing the business function of a trusted platform control module; the system comprises a determining unit, a trusted platform control module and a processing unit, wherein the determining unit is used for determining a target interface corresponding to system service information from at least one interface, and the trusted platform control module comprises at least one interface; and the conversion unit is used for converting the system service information into a target function instruction through the target interface and controlling the trusted platform control module to execute the service function through the target function instruction.
According to another aspect of embodiments of the present invention, there is provided a storage medium. The storage medium includes a stored program, wherein the apparatus in which the storage medium is located is controlled to execute the data processing method of the embodiment of the present invention when the program runs.
According to another aspect of embodiments of the present invention, a processor is provided. The processor is configured to run a program, wherein the program performs the data processing method of the embodiment of the present invention when running.
In the embodiment, system service information is acquired, wherein the system service information is used for realizing the business function of the trusted platform control module; determining a target interface corresponding to the system service information from at least one interface, wherein the trusted platform control module comprises at least one interface; and converting the system service information into a target function instruction through the target interface, and controlling the trusted platform control module to execute the service function through the target function instruction. That is, the invention sets at least one interface in the TPCM, defines the interaction specification in the TPCM, and separates the service layer and the system layer from the execution function of the TPCM through the at least one interface, so that when the TPCM executes the service function, the system layer provides a necessary environment for the realization of the service function of the service layer, and can shield the difference between the bottom hardware and the communication mechanism, so that the service layer only needs to care about the realization of the service function, but does not need to care about the hardware structure adopted by the TPCM, so as to meet the requirements of the TPCM in various physical scenes, and the TPCM is easier to migrate and maintain, thereby achieving the purpose of improving the adaptability of the TPCM, solving the technical problem of low adaptability of the trusted platform control module, and achieving the technical effect of improving the adaptability of the trusted platform control module.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of a method of data processing according to an embodiment of the invention;
fig. 2 is a schematic diagram of a TPCM in accordance with an embodiment of the present invention;
figure 3 is a schematic diagram of a TPCM system layer framework according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of the overall logical structure in a trusted computing platform, according to an embodiment of the present invention; and
fig. 5 is a schematic diagram of a data processing apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
In accordance with an embodiment of the present invention, there is provided an embodiment of a data processing method, it should be noted that the steps illustrated in the flowchart of the accompanying drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in an order different than that herein.
Fig. 1 is a flow chart of a data processing method according to an embodiment of the present invention. As shown in fig. 1, the method may include the steps of:
step S102, system service information is obtained, wherein the system service information is used for realizing the business function of the trusted platform control module.
In the technical solution provided in step S102 of the present invention, system service information is obtained, and the service information can be obtained from a system layer of the trusted platform control module, where the system service information is used to support implementation of a service function of the trusted platform control module, and may include information of an operating system basic service, information of a communication driver, information of a FLASH memory (FLASH) driver, and the like. The information of the basic service of the operating system may be used to implement providing a basic execution environment, for example, basic functions such as TPCM memory management, accessing host memory, interrupt processing, synchronization mechanism, clock, and counting, the communication-driven information may be used to complete communication between the TPCM and the host, and send messages to the host, the FLASH-driven information may be used to provide a function of accessing FLASH, and data of the TPCM and a Trusted Cryptography Module (TCM, for short) may be stored in FLASH.
And step S104, determining a target interface corresponding to the system service information from the at least one interface, wherein the trusted platform control module comprises the at least one interface.
In the technical solution provided in step S104 of the present invention, the trusted platform control module adopts a layered design structure and is divided into a system layer and a service layer by at least one interface, where the system layer of the trusted platform control module is used to provide system service information, and the service layer of the trusted platform control module is used to control the trusted platform control module to execute a service function through the target function instruction. The trusted platform control module comprises at least one interface, namely a TPCM system layer interface, so that the trusted platform control module is divided into a TPCM system layer and a TPCM service layer through the interface, wherein the TPCM service layer is the upper layer of the TPCM system layer, the realization of TPCM service functions can be separated from system services supporting the realization of the TPCM service functions, and the TPCM service layer can realize interaction with the TPCM system layer by calling the TPCM system layer interface. In the embodiment, the service layer and the system layer are separated through the TPCM system layer interface, so that the TPCM can be more easily migrated and maintained, and the requirement of the TPCM in realization of various physical scenes is met.
After the system service information is obtained, a target interface corresponding to the system service information is determined from at least one interface, and the target interface is an interface for interacting the system service information and a service layer and can be used for defining a specification of interaction between the service layer and the system layer.
And step S106, converting the system service information into a target function instruction through the target interface, and controlling the trusted platform control module to execute the service function through the target function instruction.
In the technical solution provided in step S106 of the present invention, after the target interface corresponding to the system service information is determined from at least one interface, the system service information is converted into the target function instruction through the target interface, which may be a function corresponding to the target interface to convert the system service information into the target function instruction that needs to be output to the service layer, so as to control the TPCM to execute the corresponding service function on the service layer through the target function control instruction, where the service function may be an active defense service function or other trusted service functions.
Through the steps S102 to S106, system service information is acquired, where the system service information is used to implement a business function of the trusted platform control module; determining a target interface corresponding to the system service information from at least one interface, wherein the trusted platform control module comprises at least one interface; and converting the system service information into a target function instruction through the target interface, and controlling the trusted platform control module to execute the service function through the target function instruction. That is, the invention sets at least one interface in the TPCM, defines the interaction specification in the TPCM, and separates the service layer and the system layer from the execution function of the TPCM through the at least one interface, so that when the TPCM executes the service function, the system layer provides a necessary environment for the realization of the service function of the service layer, and can shield the difference between the bottom hardware and the communication mechanism, so that the service layer only needs to care about the realization of the service function, but does not need to care about the hardware structure adopted by the TPCM, and the TPCM is easier to migrate and maintain, thereby satisfying the requirements of the TPCM in various physical scenes, improving the adaptability of the TPCM, solving the technical problem of low adaptability of a trusted platform control module, and achieving the technical effect of improving the adaptability of the trusted platform control module.
The above target interface of this embodiment is further described below.
As an optional implementation, the target interface includes at least one of: the system comprises a first interface, a trusted platform control module and a second interface, wherein the first interface is used for converting system service information into operation function instructions, the target function instructions comprise operation function instructions, and the operation function instructions are used for providing execution environments for the trusted platform control module; the second interface is used for converting the system service information into a driving function instruction, wherein the target function instruction comprises the driving function instruction, and the driving function instruction is used for providing a function of accessing the flash memory for the trusted platform control module; and the third interface is used for converting the system service information into a communication function instruction, wherein the target function instruction comprises the communication function instruction, and the communication function instruction is used for enabling the trusted platform control module to communicate with the host.
In this embodiment, the target interface of the TPCM corresponds to the system service information that the system layer of the TPCM can provide, for example, in the system layer of the TPCM, the system basic service, the communication driver, and the FLASH driver can be implemented, and the system layer of the TPCM accordingly specifies these interfaces. Optionally, the system layer of the TPCM in this embodiment may further include a cryptographic module and a task management module, where the cryptographic module provides a basic function of cryptographic calculation and provides support for implementing the trusted metric and the trusted cryptographic module, the cryptographic module may have two modes, i.e., a software implementation mode and a hardware implementation mode, and the task management module may be configured to implement task management of the system layer of the TPCM. It should be noted that, different TPCM implementations and hardware environments have large differences at the system level.
Optionally, the target interface of this embodiment includes a first interface, for example, the first interface is a system basic service interface, and may be configured to convert the system service information into an operation function instruction, and provide a basic execution environment to the TPCM through the operation function instruction.
Optionally, the target interface of this embodiment further includes a second interface, for example, the second interface is a FLASH driver interface, and may convert the system service information into a driver function instruction, and provide a function of accessing the FLASH memory to the trusted platform control module through the driver function instruction, and optionally, the TPCM data and the TCM data are stored in the FLASH memory.
Optionally, the target interface of this embodiment further includes a third interface, for example, the third interface is a communication driver interface, and is configured to convert the system service information into a communication function instruction, and enable the trusted platform control module to communicate with the host through the communication function instruction, including sending a command and/or receiving a command, and may be implemented with support of the underlying system.
The first interface of this embodiment is described in detail below.
As an alternative implementation, the first interface is implemented by a pointer to a structure function.
The first interface of this embodiment specifies some basic programming interfaces usually provided by an operating system and a C language standard library, and may be defined in a tcp _ sys.h header file, and may have two implementation manners, the first is to directly implement the included interface, and the second is to define an object of a structtpcm _ sys structure, and a member of the structure is a pointer of a set of functions identical to those of the interface described below, that is, a pointer of a structure function, and it is sufficient to assign an appropriate function to the pointer of the object. The advantage of using the structure function pointer is that the existing functions of the underlying system can be directly multiplexed without encapsulating a layer, and the second method can be preferably used to implement the first interface. If the first interface is to be implemented directly, a macro DIRECT IMPL sysdunc needs to be defined.
As an optional implementation, the first interface includes at least one of: a host memory access interface for accessing a host memory; the interrupt switch interface is used for receiving a command sent by the host computer in an interrupt mode; the local memory management interface is used for allocating and releasing the memory; the debugging information output interface is used for outputting the formatting information; a random number generation interface for generating a random number; the time acquisition interface is used for acquiring the time of the trusted platform control module after starting; the memory use information acquisition interface is used for returning the memory use information of the trusted platform control module; the information acquisition interface of the central processing unit is used for acquiring the information of the running central processing unit; the system delay interface is used for controlling the running delay target time period of the central processing unit; and the cache cleaning interface of the central processing unit is used for cleaning the cache of the central processing unit.
In this embodiment, the first interface may include a host memory access interface, and the TPCM may expect that the system layer may provide the first interface for directly accessing the host memory.
As an optional example, the host memory access interface is configured to perform one of the following steps to access the host memory: mapping a physical address of a host memory into a virtual address of a trusted platform control module for access; and copying the host memory into the memory of the trusted platform control module to simulate mapping access.
In this embodiment, accessing the host memory is performed by mapping the physical address of the host memory to the virtual address of the TPCM, and the mapping is released after the access is completed. If the underlying hardware does not support accessing the host memory by mapping, then the mapping access can be simulated by copying the host memory to the TPCM memory.
Optionally, the function of the host memory access interface of this embodiment is defined as follows:
MAPObjecttpcm_sys_map(unsigned long paddr,unsigned
length,void**vadrr);
voidtpcm_sys_unmap(MAPObjectapobj);
wherein tpcm _ sys _ map is used for representing the establishment of mapping; tpcm _ sys _ unmap is used to indicate unmapping; MAPObject is defined as a void pointer for representing a mapping handle, the object is transparent to the upper layer caller, the meaning of the handle is defined by the interface implementer, the caller does not care about the internal definition of MAPobject, and only the handle returned during mapping is returned to the interface implementer as a parameter for removing mapping; paddr is used to indicate the host address of the memory to be accessed, which may be the physical address of the host, but may also be another address where the TPCM agrees with the host-side driver; the vadrr is used for representing the virtual address after mapping; the tpcm _ sys _ map is used for indicating that MAPObject handle is returned when success is achieved and null value is returned when error occurs; tpcm _ sys _ unmap is used to indicate that no value is returned.
In this embodiment, the first interface may further include an interrupt switch interface, configured to receive a command sent by the host in an interrupt manner, where the TPCM generally receives the command sent by the host in the interrupt manner.
As an alternative example, the interrupt switch interface is used to turn off when the trusted platform control module performs critical tasks.
In this embodiment, if an interrupt is sent while the TPCM is accessing critical data, it will cause a system crash, and therefore the TPCM requires that it not be interrupted in the execution of critical tasks.
Optionally, the function of the interrupt switch interface of this embodiment is defined as follows:
voidtpcm_sys_disable_irq(uint64_t*status);
voidtpcm_sys_enable_irq(uint64_t status);
wherein TPCM _ sys _ disable _ irq requires that the underlying system cannot interrupt the execution of the TPCM; TPCM _ sys _ enable _ irq allows the underlying system to interrupt TPCM execution; status is used to save context information, and upper layers will not use and modify this value, but will only pass the value returned by tpcm _ sys _ disable _ irq to tpcm _ sys _ enable _ irq, which the underlying implementer may use or not use as the case may be.
In this embodiment, the first interface may further include a local memory management interface, which is used to implement allocating and releasing the memory.
As an optional example, the local memory management interface is configured to allocate and release the memory by: memory is allocated and freed from the heap.
In this embodiment, the local memory management interface allocates and releases memory from the heap. The use mode of the TPCM to the local memory can be the same as the mode of using malloc and free by a common C program, if the underlying system realizes the malloc, free or similar functions, the function can be realized in the mode of a function pointer of a structure, and only the malloc and free realization functions are endowed with a structtpcm _ sys object pointer.
Optionally, the function of the local memory management interface of this embodiment is defined as follows:
void*tpcm_sys_malloc(unsigned int size);
voidtpcm_sys_free(void*p);
wherein, the tpcm _ sys _ malloc is used for allocating the memory; the tpcm _ sys _ free is used for releasing the memory; the size of the parameter of the tpcm _ sys _ malloc specifies the size of the memory, an address is returned when the allocation is successful, and the return is empty when the allocation is failed; the tpc _ sys _ malloc return value may be used to free memory as a parameter passed to the tpc _ sys _ free.
In this embodiment, the first interface may further include a debug information output interface, configured to output the formatting information.
As an alternative example, the debug information output interface is configured to output the formatted information by: and outputting the formatted information to a debugging port to realize serial port printing.
The debugging information output interface of the embodiment can be used for outputting the formatted information to the debugging port, and can generally realize serial port printing. The parameters of the debug information output interface may be identical to printf output by the C language standard. If the underlying system realizes printf or similar functions, the functions can be realized in a mode of function pointers of the structure body, and the printf realization function is only required to be endowed to the function pointers of the structtpcm _ sys object.
Optionally, the function of the debug information output interface of this embodiment is defined as follows:
voidtpcm_sys_printf(const char*fmt,...);
where fmt is used to represent the formatting string, followed by the formatting parameters.
In this embodiment, the first interface may further include a random number generation interface configured to generate a set of random numbers.
As an alternative example, the random number generation interface is configured to generate the random number by: and generating a true random number, wherein the true random number meets the calculation requirement of the trusted password.
In this embodiment, the random number generation interface is configured to generate a set of random numbers, and to meet the requirements of the trusted cryptography calculation, true random numbers should be generated.
Optionally, the function of the random number generation interface of this embodiment is defined as follows:
inttpcm_sys_rand(unsigned char*buffer,int length);
wherein, the buffer is used for representing a buffer for receiving the random number result; length is used to indicate the number of bytes specifying the generated random number; the function returns 0 when the random number is successfully generated, fills the generated random number in the buffer, and returns non-0 when the random number is failed to be generated, wherein the data of the buffer is uncertain when the random number is failed to be generated.
In this embodiment, the first interface may further include a time obtaining interface, which may be an interface for obtaining the current relative time and is used to obtain the time after the system is started.
As an alternative example, the time obtaining interface is configured to obtain the time of the trusted platform control module after the booting by: the duration of time, expressed in seconds or milliseconds, after boot-up is obtained for the trusted platform control module.
In this embodiment, the time after the trusted platform control module is started may be expressed in seconds or milliseconds, and the returned time structure may be as follows:
structtpcm_sys_time{
uint32_t seconds;
uint32_tmillis;
};
wherein seconds is used to represent the number of seconds elapsed since the storage system booted up; millis is used to represent the number of milliseconds present.
Optionally, the function of the time acquisition interface of this embodiment is defined as follows:
inttpcm_sys_get_time(structtpcm_sys_time*time);
wherein, the time is used for representing that the time is a receiving return time pointer, and the time cannot be null; the function successfully returns 0 and fills the current time value in time, and returns a non-0 on failure.
The first interface of this embodiment may further include a memory usage information obtaining interface, that is, the memory usage information obtaining interface may be configured to return information used by the system memory, may return description information, does not require precision, and may return a coarse value.
As an optional example, the memory usage information obtaining interface is configured to return the memory usage information of the trusted platform control module by: returning the total memory quantity of the trusted platform control module and the used memory quantity of the trusted platform control module, the function definition of the memory use information acquisition interface may be as follows:
voidtpcm_sys_get_memory_status(uint32_t*total,uint32_t*used);
wherein, the total is used for representing the total memory number of the receiving system; the used is used for representing the used memory amount of the receiving system; memory is in bytes.
The first interface of this embodiment may further include an information acquisition interface of the central processing unit, configured to acquire information of the operating central processing unit.
Optionally, the function of the memory use information obtaining interface of this embodiment is defined as follows:
uint32_t tpcm_sys_get_cpu_id(void);
as an optional example, the information obtaining interface of the central processing unit is configured to obtain information of the running central processing unit by: the number of the central processing unit, that is, the number of the CPU running the TPCM, is acquired.
The first interface of this embodiment may further include a system delay interface, configured to control the operation of the central processing unit to delay the target time period, that is, to control the CPU to delay for a period of time.
As an alternative example, when the system delay interface described above controls the central processor delay, the central processor is controlled to continue to operate in response to the interrupt command.
In this embodiment, the TPCM wants the latency period to be as small as possible to reduce CPU power consumption and can be interrupted by commands.
Optionally, the function of the system delay interface of this embodiment is defined as follows:
voidtpcm_sys_udelay(uint32_t us);
voidtpcm_sys_mdelay(uint32_t ms);
wherein tpcm _ sys _ udelay is used for representing the number of microseconds specified by the delay, and tpcm _ sys _ mdelay is used for representing the number of milliseconds specified by the delay; the us and ms parameters specify the number of delays.
The first interface of this embodiment may further include a cache cleaning interface of the central processing unit, configured to clean the cache of the central processing unit, and may clean the cache of the central processing unit when the TPCM accesses the host memory.
As an optional example, the cache cleaning interface of the central processing unit is configured to clean the cache of the central processing unit by: when the trusted platform control module accesses the host memory, the cache of the central processing unit is cleared under the condition that the cache of the central processing unit is inconsistent with the data of the host memory.
In this embodiment, there may be a case where the CPU cache and the host main memory data are not consistent, and at this time, the cache needs to be cleaned up. The cleaning cache can have two directions, clear means to write the dirty data in the CPU cache into the memory of the host; invalidate refers to deletion of CPUcache. Typically, when a TPCM modifies data in shared memory, clear may be invoked. The normal measurement uses Invalidate, and the stale data in the cache is discarded. The flush buffer may be used only in the communication driver.
Optionally, the function of the cache flush interface of this embodiment is defined as follows:
voidtpcm_sys_dcache_cleaninv_range(void*addr,size_tsize);
voidtpcm_sys_dcache_clean_range(void*addr,size_t size);
voidtpcm_sys_dcache_inv_range(void*addr,size_t size);
wherein, tpcm _ sys _ dcache _ clean _ range is used for copying and writing the dirty data into the memory of the host computer; the tpcm _ sys _ dcache _ inv _ range is used for deleting the cache; the tpcm _ sys _ dcache _ clean _ range is used for deleting the cache after the dirty data is written into the main memory; addr is used for designating the address of the cache to be cleared; size is used to specify the size of the cache to be purged; most systems may not implement these several interfaces (i.e., defined as null functions).
The above second interface of this embodiment will be described in detail below.
As an alternative embodiment, the second interface is used to implement the function of accessing the flash memory by using the data segments, wherein different data segments are stored in different flash memory chips.
In this embodiment, the second interface may be a FLASH drive interface, and implement a function of accessing FLASH by segments. Segmentation may be defined as different segments may be stored on top of different FLASH chips, and the underlying implementation may identify the FLASH chip and address offset to access based on the segmentation parameters.
enum{
FLASH_REGIN_CPU_FIRMWARE=0,
FLASH_REGIN_TPCM_DATA,
FLASH_REGIN_BOOT_CODE,//uboot or uefi bios
FLASH_REGIN_BOOT_CONFIG,//bios data
FLASH_REGIN_TPCM,
FLASH_REGIN_MAX
};
Wherein FLASH _ REGIN _ BOOT _ COD 2 represents the code segment of BOIS, UEFI, UBOOT, which is normally stored on top of FLASH, and the TPCM will measure this segment during the BOOT phase; FLASH _ REGIN _ TPCM _ DATA 1 represents the DATA segment of TPCM, TPCM will read and write this segment according to the business processing need; the FLASH _ REGIN _ TPCM segment stores TPCM codes; the upgrade function may modify the FLASH _ REGIN _ TPCM segment, as well as the FLASH _ REGIN _ CPU _ firewire, FLASH _ REGIN _ BOOT _ CODE, etc. segments; and reading and writing of other segments can be unused, and if no segment corresponding to the constant is available in the actual situation, the segment is ignored and cannot be realized, and an error value is returned when the segment which does not exist is read and written.
As an optional implementation, the second interface includes at least one of: the flash memory reading interface is used for reading data with a first preset length; the flash memory writing interface is used for writing data with a second preset length; the flash memory erasing interface is used for erasing the first data; the flash memory erasing interface is used for erasing the second data firstly and then writing the third data in; and the flash memory area length returning interface is used for returning the length of the flash memory area.
The second interface of this embodiment may comprise a flash read interface for reading data of a first predetermined length.
As an alternative example, the flash memory read interface is configured to read data of a first predetermined length by: data of a first predetermined length is read in accordance with the first predetermined area and the first offset.
In this embodiment, the flash read interface may be implemented to read data of a specified length in a specified region and offset.
Optionally, the function of the flash memory read interface of this embodiment is defined as follows:
inttpcm_sys_flash_read(intzone,char*buffer,intoffset,int length);
wherein, zone is used to represent a designated area, and the area may be defined by a constant; the buffer is used for receiving the read data; the offset is used to specify an offset amount with respect to the region; length is used to specify the length of the read; if the read succeeds in returning data of the specified length, the function returns 0. If the area does not exist, reading is not allowed, or the area data is less than the specified length, returning to be not 0; the data returned by the hardware is correct or not, and can be checked by the upper layer, and the bottom-layer driver can not be checked.
The second interface of this embodiment may further include a flash memory write interface for writing data of a second predetermined length.
As an alternative example, the flash memory write interface is configured to write data of a second predetermined length by: and writing data of a second predetermined length according to the second predetermined area and the second offset.
In this embodiment, the flash write interface may write data of a specified length in terms of a specified region and offset.
Optionally, the function of the flash memory write interface of this embodiment is defined as follows:
inttpcm_sys_flash_write(intzone,char*buffer,intoffset,int length);
zone is used to represent a designated area, which may be defined by a constant; the buffer is used for writing data; the offset is used to specify an offset amount with respect to the region; length is used to specify the length of the write; if the write is successful, the function returns 0; if the region does not exist, or writing is not allowed, or the region space is less than a specified length, a non-0 is returned; whether the hardware writes data correctly can be checked by the upper layer, and the bottom layer driver can not be checked.
The second interface of this embodiment may further include a flash erase interface for erasing the first data.
As an alternative example, the flash erase interface is configured to erase the first data by: the first data is erased according to the third predetermined area and the third offset.
In this embodiment, the first data may be erased by a designated area and offset. If the length is greater than a unit of erase, the implementer may execute multiple erase commands.
Optionally, the function of the flash memory erase interface of this embodiment is defined as follows:
inttpcm_sys_flash_erase(intzone,intoffset,int length);
zone is used to represent a designated area, which may be defined by a constant; the offset is used to specify an offset amount with respect to the region; length is used to specify the length of the erasure; if the erase is successful, the function returns 0; if the region does not exist, the erasing boundary and the length are not aligned, or erasing is not allowed, or the region returns to be not 0 when the space is less than the specified length; whether the hardware correctly erases the data can be checked by the upper layer, and the bottom layer driver does not need to check.
The second interface of the embodiment may further include a flash memory interface for erasing the second data first and then writing the third data.
As an alternative example, the flash memory interface is configured to erase the second data and then write the third data by: and erasing the second data in a fourth preset area, and writing the third data in the fourth preset area, wherein the length of the second data is greater than that of the third data.
In this embodiment, the designated area may be erased and written, and the bottom layer may find the data according to the length and offset of the written data and then write. Wherein the actual length of the erase may be greater than the write length. The caller charged by the upper layer does not erase the extraneous region.
Optionally, the function of the flash interface of this embodiment is defined as follows:
inttpcm_sys_flash_write_ex(intzone,char*buffer,intoffset,int length);
zone is used to represent a designated area, which may be defined by a constant; the offset is used to specify an offset amount with respect to the region; length is used to specify the length of the erasure; if the erasing is successful, the function returns to 0; if the area does not exist, the erasing boundaries are not aligned, or erasing is not allowed, or the space of the area is less than the specified length, returning to be not 0; whether the hardware correctly erases data and writes data can be checked by an upper layer, and a bottom layer driver does not need to check.
The above-mentioned second interface of this embodiment may further include a flash region length return interface for returning the length of the specified flash region.
Optionally, the function of the flash memory region length of this embodiment is defined as follows:
inttpcm_sys_flash_size(int zone,uint32_t*length);
wherein, zone is used to represent a designated area, and the area may be defined by a constant; length is used to receive the length return value; the function successfully returns 0, and fails to return non-0; writing the length of the region into length when the region is successful; returning a failure if the region does not exist; length may be filled with 0 when the region is not present.
The above third interface of this embodiment will be described in detail below.
As an optional implementation manner, the third interface is used for implementing communication between the trusted platform control module and the host.
The third interface of this embodiment, that is, the communication driver interface, is used to implement communication between the trusted platform control module and the host, including sending commands to each other, and also being capable of interacting with the service layer of the TPCM.
As an optional implementation, the third interface includes at least one of: the command processing callback interface is used for interrupting the execution of a main program of the trusted platform control module; the command information description interface is used for storing the command information of the trusted platform control module; a command mapping interface for mapping the input parameter address and the output parameter address to a virtual address accessible by the trusted platform control module; the asynchronous command completion notification interface is used for sending a first notification message to the host when the asynchronous processing command is completed; a command release interface for releasing the resource associated with the command information after the command information processing is completed; a measurement result sending interface for sending a second notification message after the measurement operation is completed; and the message sending interface is used for sending the third notification message to the computing subsystem.
In this embodiment, the third interface may include a command processing callback interface for interrupting execution of a main program of the trusted platform control module.
As an alternative example, the command processing callback interface is used to interrupt execution of the main program of the trusted platform control module by: and interrupting the execution of the main program of the trusted platform control module in the interrupt processing function.
In this embodiment, the main program of the TPCM sets a command processing callback function that is called when the communication driver receives a host command. The TPCM reception command is typically responded to by an interrupt, and the command processing callback function is typically executed in an interrupt handling function that interrupts the execution of the main program of the TPCM. The underlying system should also be responsible for restoring the execution context of the interrupted TPCM main program after the command processing function returns.
Optionally, the function of the command processing callback interface of this embodiment is defined as follows:
typedef uint32_t(*COMMAND_NOIFTY)(structcommand_info*info);
voidtpcm_comm_set_notify_handler(COMMAND_NOIFTY func);
wherein, COMMAND _ notify is used for representing the type definition of the callback function; func is used for representing a callback function transmitted to a driver by a TPCM main program and calling when receiving a command; structcommand _ info is used to represent detailed information of the command.
The third interface of this embodiment may further include a command information specification interface, configured to store command information of the trusted platform control module.
As an alternative example, the command information specification interface is configured to save the command information of the trusted platform control module by the following steps; and storing the command information of the trusted platform control module through the structure body.
The structure of this embodiment, that is, the command information structure, is used to store the detailed information of the command.
structcommand_info{
uint32_t cmd_type;
int32_t cmd_length;
uint64_t cmd_sequence;
uint64_t input_addr;
uint64_t output_addr;
uint32_t input_length;
uint32_t output_maxlength;
uint32_t out_length;
uint32_t out_return;
charprivate_data[];//array size=COMMAND_EXTRA_SIZE
};
Wherein the agent 32_ t cmd _ type is used to indicate the type of command; int32_ t cmd _ length is used to indicate the length of the command; the agent 64_ t cmd _ sequence is used for indicating the sequence number of the command, and is used for distinguishing the command, and the upper layer can search the sender by using the sequence number when returning; the uint64_ t input _ addr is used for representing the input address of the command, representing the memory address of the input parameter of the command, and has different meanings according to how the command is transmitted; the uint64_ t output _ addr is used for representing the output address of the command and representing the memory address of the command output parameter, and has different meanings according to how the command is transmitted; the uint32_ t input _ length is used to indicate the length of the command output parameter; the agent 32_ t output _ maxlength is used to indicate the maximum length of the command output buffer; the uint32_ t out _ length is used to represent the command output actual length; the agent 32_ t out _ return is used to represent the return value after command processing; char private _ data [ ] is used to represent extra data used internally by the drive, which is not used by upper layers.
The third interface of this embodiment may further include a command mapping interface to map the input parameter address and the output parameter address to a virtual address accessible to the trusted platform control module.
As an alternative example, the command mapping interface is configured to map the input parameter address and the output parameter address to a virtual address accessible to the trusted platform control module by: in the event that the input parameter address and the output parameter address are not directly accessible, mapping the input parameter address and the output parameter address to a virtual address.
In this embodiment, in the command passed through the communication mechanism, the input parameter address and the output parameter address may not be directly accessible, for example, a physical address may be passed. The command mapping interface may map the input parameter address and the output parameter address to a virtual address accessible by the TPCM.
Optionally, the function of the command mapping interface of this embodiment is defined as follows:
inttpcm_comm_map_address(structcommand_info*info,void**input,void**output);
wherein, info is used to represent basic information of the command, and is driven by the command before and transferred to the command processing function, and the TPCM now maps the data back; input is used for representing the virtual address of the input parameter after mapping is received; output is used for representing the virtual address of the output parameter after mapping is received; returning 0 when the mapping is successful, and returning non-0 when the mapping is failed; usually, an address invalid mapping fails and an error is returned; when mapping, the bottom layer driver can use the private area of the info end to store extra information, and the TPCM service layer does not use the extra area.
The third interface of this embodiment may further include an asynchronous command completion notification interface, configured to send the first notification message to the host when the asynchronous processing command is completed, that is, send the first notification message to the host when the asynchronous processing command is completed.
As an alternative example, the first notification message is obtained by negotiating between the asynchronous command completion notification interface and the driver interface of the host.
The function definition of the asynchronous command completion notification interface of this embodiment may be as follows:
voidtpcm_comm_async_command_handled(structcommand_info*info);
wherein info is used to represent a processed command; no return value; specifically, what first notification message is sent to the host may be determined by an asynchronous command completion notification interface in the communication driver interface negotiating with a driver interface on the host side.
The third interface of this embodiment may further include a command release interface, configured to release the resource associated with the command information after the command information is processed, and may release the resource associated with the command information after the command information is processed, which may include a reverse operation on the command mapping.
As an alternative example, the command releasing interface retains the data of the command information in the memory.
In this embodiment, the command release interface retains the data of the command information in memory, i.e., memory for the command information itself (info) does not need to be released.
Optionally, the meaning of the command release interface of this embodiment is defined as follows:
voidtpcm_comm_release_command(structcommand_info*info);
wherein, info is used for pointing to the command of the resource to be released.
The third interface of this embodiment may further include a measurement result sending interface, configured to send a second notification message after the measurement operation is completed, where the second notification message may be sent after the BIOS measurement is completed.
As an alternative example, the second notification message is used to wake up the central processor of the host.
In this embodiment, the second notification message is primarily to wake up the host CPU.
Optionally, the function of the measurement result sending interface of this embodiment is defined as follows:
voidtpcm_comm_send_bios_measure_result(uint32_tret);
there is no return value.
When ret is 0, the host CPU may be awakened, while in other cases, the CPU may not be awakened.
The third interface of this embodiment may further comprise a message sending interface for sending a third notification message to the computing subsystem
As an alternative example, the above-mentioned message sending interface is used for sending the third notification message to the computing subsystem (computing node) by: an interrupt request message is sent to a central processor of the compute subsystem.
In this embodiment, the message sending interface may send a third notification message to the compute node, which may be an interrupt request message to the compute node CPU.
Optionally, the function definition of the messaging interface of this embodiment may be as follows:
voidtpcm_comm_send_simple_notify(uint32_tnotify_type)
here, notify _ type is used to indicate a notification type, which may be decided by an upper layer.
As an optional implementation manner, in step S106, the controlling, by the target function instruction, the trusted platform control module to execute the service function includes: and responding to the target function instruction, and measuring the calculation subsystem to obtain a measurement result.
In this embodiment, when the target function instruction is used to control the trusted platform control module to execute the service function, the TPCM may respond to the target function instruction, measure the computing subsystem according to the policy, and obtain a measurement result, where the policy and the reference value may be configured by the trusted management center and issued to the TPCM by a terminal tool, and the terminal may also report the reference value to the trusted management center. Optionally, the embodiment may implement the timing metric completely according to policy, and the interception metric requires a Trusted Software Base (TSB) agent to intercept the computing subsystem behavior for coordination. The TSB provides a set of software elements for supporting the credibility of the credible computing platform, and the TSB agent is responsible for intercepting the behaviors of the computing nodes, collecting the behavior and context data and sending the data to the TSB.
As an alternative embodiment, in response to the target function instruction, performing a measurement on the computing subsystem to obtain a measurement result, including: acquiring behavior data of a computing subsystem; and responding to the target function instruction, and measuring the computing subsystem through the behavior data to obtain a measurement result.
In this embodiment, the behavior data of the computing subsystem may be interception behavior (collection behavior) data received by the TPCM from the TSB agent, and the computing node may be measured according to the behavior data and the context data according to the policy in response to the target function instruction, so as to obtain a measurement result.
As an alternative embodiment, in response to the target function instruction, performing a measurement on the computing subsystem to obtain a measurement result, including: responding to the target function instruction, and acquiring host resources from the computing subsystem at the service layer or acquiring the host resources from the computing subsystem through the system layer, wherein the system layer is associated with the service layer through the target interface; and measuring the computing subsystem through the host resources to obtain a measurement result.
In this embodiment, when a measurement service layer (TSB) measurement computing subsystem of the TPCM is configured, the host resource may be accessed through a target interface corresponding to a system layer of the TPCM, and in some cases, if a certain part of the TSB is physically located in the computing subsystem, the TSB may obtain the host resource from the computing subsystem by itself, for example, access the computing node resource by itself, instead of accessing the computing node resource through the system layer of the TPCM. After the host resources are obtained, the computing subsystem is measured through the host resources, and a measurement result is obtained.
As an alternative embodiment, in response to the target function instruction, performing a measurement on the computing subsystem to obtain a measurement result, including: the computational subsystem is measured by cryptographic data provided by the system layer in response to the target function instruction.
In this embodiment, when the computation subsystem is measured in response to the target function instruction and a measurement result is obtained, the computation subsystem may be measured by using the cryptographic data provided by the system layer in response to the target function instruction. The measurement business layer (TSB) of the TPCM can perform the password correlation calculation through a password module provided by the TPCM when the measurement calculation subsystem is used.
In this embodiment, the measurement traffic layer (TSB) of the TPCM may decide how to control the computing subsystem according to the measurement result, the reference value, and the policy.
As an optional implementation manner, in step S106, the controlling, by the target function instruction, the trusted platform control module to execute the service function includes: and responding to the target function instruction, and accessing the host system through the target interface to execute the business function.
In this embodiment, the TSB may directly access the host system for control through a target interface (TPCM system layer interface) to perform a business function, depending on the type of control.
As an optional implementation manner, in step S106, the controlling, by the target function instruction, the trusted platform control module to execute the service function includes: and responding to the target function instruction, and carrying out measurement check and control on the starting process and the running process of the host by a measurement service layer of the trusted platform control module by calling a target interface.
In this embodiment, the service layer of the trusted platform control module includes a measurement service layer (TSB), which is a core function of the TPCM and performs measurement check and control on a start process and a running process of the host by calling a target interface, where the computing subsystem mainly assists the TPCM in performing measurement check on the host, and may include the following contents:
the TSB agent is implanted into the operating system and can acquire more accurate information of the operating system, and the information is data necessary for the TPCM to measure; the TSB agent is also responsible for making precise control; the TSB agent is also responsible for some of the metrology work in case of insufficient TPCM performance. Optionally, the TSB proxy of this embodiment may also be used to implement dynamic metrics, white list metric proxy, log processing, report processing, and the like.
The start-up metric agent, which is implanted within the associated start-up module, functions similarly to the TSB agent described above, but handles only the metrics and control during the start-up phase. Optionally, the launch metrics agent of this embodiment further comprises a GRUB metrics agent and a BOIS metrics.
The TPCM accesses the services, providing interfaces for other modules on the host to access the TPCM functionality and work in coordination. Alternatively, the TPCM access service of this embodiment may implement functions of a TPCM interface service, a TPCM driver, and a communication driver.
And communicating with the management center through the trusted terminal tool, setting a policy and reference library for the TPCM and the TSB agents, and transmitting logs and trusted reports. Optionally, the trusted terminal tool of this embodiment may also be used to implement trusted report uploading, benchmark collection, log uploading, certificate management, policy and benchmark issuing.
As an optional implementation manner, in step S106, the controlling, by the target function instruction, the trusted platform control module to execute the service function includes: and responding to the target function instruction, and providing a trusted password service for the trusted platform control module by calling the target interface by the trusted password service layer of the trusted platform control module.
In this embodiment, the service layer of the trusted platform control module may further include a trusted cryptography service layer (TCM) in addition to the measurement service layer, that is, the TCM service layer may provide a trusted cryptography service for the trusted platform control module by invoking the target interface, for example, process the trusted cryptography module and a function associated with the trusted cryptography module, so as to provide a trusted cryptography support service for the TPCM, where the trusted cryptography module is a support component controlled by the TPCM, and the trusted cryptography service includes the trusted cryptography support service, and the trusted cryptography support service may be used to complete operations such as reference value collection, target measurement, and trusted credential signature, and in addition, the trusted cryptography service of this embodiment may further include, but is not limited to, hashing, signature, encryption, decryption, and random number acquisition. Any security is not divorced with reliable cryptographic support, and TCM is just such an indispensable support module. In other environments, the TCM is computer controlled, and in a dual architecture, the TCM is controlled by the TPCM, and in a dual architecture, the compute nodes may also use the cryptographic functions of the TCM, but should be controlled by the TPCM.
Because the TCM is part of the guard system, its use should be controlled by the TPCM, not by the compute subsystem. Otherwise, the security and credibility of the password function cannot be really achieved. For example, the TPCM and the computing subsystem may both use the secure storage function of the TCM, but the computing subsystem should rely on the measurement result of the TPCM when using the secure storage function. Yet another reason that the compute subsystem uses the functionality of the TCM through the TPCM is that isochronous access often requires coordination.
Optionally, the embodiment may also perform control by sending a control instruction to the TSB agent, where part of the control is controlled by intercepting the metric return value, and part of the control sends a control notification instruction to the TSB agent through a mechanism.
In this embodiment, if TSB agent assistance is required, the TSB agent may take control of the host after receiving the control instruction (or the control instruction returned by the metric).
The metric traffic layer (TSB) of the TPCM of this embodiment may output a trusted log. The terminal tool can upload the credible log to a credible management center, the terminal tool can also acquire a credible report and send the credible report to the management center or acquire credible evidence and send the credible report to a requester, and the management center can analyze the log and the credible report, for example, more valuable credible data of products are analyzed, and the credible data have different purposes, can be used for evaluating credible reading of current nodes and the computing environment of the whole network, predicting the dangerous state of the network and taking corresponding measures, and is used for generating an intelligent control strategy and sending the intelligent control strategy to the terminal tool and the like.
In the related art, the TPCM is not hierarchically designed, and a TPCM system layer interface designed for facilitating the migration and maintenance of the TPCM is not proposed. In this embodiment, in order to facilitate the migration and maintenance of the TPCM, the TPCM is hierarchically designed through the target interface (TPCM system layer interface), and is divided into the TPCM system layer and the TPCM service layer, so that the TPCM service layer can realize interaction with the TPCM system layer by calling the TPCM system layer interface, and the TPCM service layer does not need to care about the hardware structure adopted by the TPCM when actively defending the service, thereby greatly improving the adaptability of the TPCM, solving the technical problem of low adaptability of the trusted platform control module, and achieving the technical effect of improving the adaptability of the trusted platform control module.
Example 2
The technical solutions of the embodiments of the present invention will be illustrated below with reference to preferred embodiments.
The TPCM is applied to a trusted computing platform, the trusted computing platform can comprise a computing subsystem and a defense subsystem which run in parallel, wherein the defense subsystem is formed by the TPCM, a trusted management center and extension and agent parts of the TPCM on a host side, and the trusted management center configures strategies for the defense subsystem and performs data analysis.
Fig. 2 is a schematic structural diagram of a TPCM according to an embodiment of the present invention. As shown in fig. 2, the TPCM includes a TPCM system layer, a TPCM service layer (including TSB, TCM module), and a system layer interface.
The TPCM internal design of this embodiment adopts a concept of a hierarchical design to separate the implementation of TPCM service functions from the system services supporting the implementation of these TPCM service functions. By separating the service layer and the system layer, the TPCM is easier to migrate and maintain, so that the requirements of the TPCM in various physical scenes are met.
The system layer interface of this embodiment allows layering of the TPCM, and may define specifications for interaction between the TPCM business layer and the system layer. The TPCM system layer mainly comprises three parts of an operating system basic service, a communication driver and a FLASH driver, and the system layer interface correspondingly defines the interfaces of the three parts.
Figure 3 is a schematic diagram of a TPCM system layer framework according to an embodiment of the present invention. As shown in fig. 3. The TPCM system layers may include: the TPCM operating system (TPCM OS), the communication driver, the FLASH driver, the password module and the task management module can provide basic execution environments for processing the TCM and the TPCM, and different TPCM implementation modes and hardware environments have larger difference of system layers; the hardware difference of the system layer shielding can enable upper-layer TCM and TPCM service modules to be concentrated on service processing.
In this embodiment, the TPCM operating system (TPCM OS) is used to provide basic execution environments, such as TPCM memory management, access to host memory, interrupt handling, synchronization mechanisms, clocks and counters.
And the FLASH driver is used for providing a function of accessing the FLASH, and the TPCM and TCM data can be stored in the FLASH.
The communication driver is used for finishing communication with the host and sending messages to each other.
The cryptographic module is used for providing basic functions of cryptographic calculation and providing support for the realization of credible measurement and a credible cryptographic module, wherein the cryptographic module has two modes of software realization and hardware realization.
FIG. 4 is a schematic diagram of the overall logical structure in a trusted computing platform, according to an embodiment of the present invention. As shown in fig. 4, the trusted computing platform 40 may include: trusted management center 41, computing subsystem 42, and TPCM 43.
In this embodiment, the computing subsystem 42 mainly assists the TPCM 43 in performing metric checking on the host, and mainly includes:
1) the TSB agent is implanted into the operating system and can acquire more accurate information of the operating system, and the information is data necessary for the TPCM to measure; the TSB agent is also responsible for making precise control; the TSB agent is also responsible for some of the metrology work in case of insufficient TPCM 43 performance. Optionally, the TSB proxy of this embodiment may also be used to implement dynamic metrics, white list metric proxy, log processing, report processing, and the like.
2) The start-up metric agent, which is implanted within the associated start-up module, functions similarly to the TSB agent described above, but handles only the metrics and control during the start-up phase. Optionally, the launch metrics agent of this embodiment further comprises a GRUB metrics agent and a BOIS metrics.
3) The TPCM accesses services providing interfaces for other modules on the host to access TPCM 43 functions and coordinate operations. Alternatively, the TPCM access service of this embodiment may implement functions of a TPCM interface service, a TPCM driver, and a communication driver.
4) The end-point tool, i.e., the trusted end-point tool, is used to communicate with the management center, set policy and reference libraries for the TPCM 43 and TSB agents, and transmit logs and trusted reports. Optionally, the terminal tool of this embodiment may also be used to implement trusted report uploading, benchmark collection, log uploading, certificate management, policy and benchmark issuing.
The TPCM 43 of this embodiment may include a TPCM service layer, a TCM service layer, and a TPCM system layer, where the TPCM service layer may be used to implement startup metrics, dynamic metrics, intercept metrics, trusted reports, policy and benchmark base management; the TPCM system layer may be used to implement task management, communication drivers, functions of cryptographic modules, functions of the TPCM OS, and the like.
In this embodiment, the TCM service layer in the TPCM 43 may mainly process the trusted cryptographic module TCM and related functions of the trusted cryptographic module, and provide trusted cryptographic support for the TPCM 43, where the TCM is a hardware module of the trusted computing platform, provides cryptographic operation function for the trusted computing platform, and has a protected storage space. The service layer of TPCM 43 is the core function of TPCM 43 and is used for metric checking and control of the host startup process and the run-time phase.
The trusted management center 41 and the computing subsystem 42 of this embodiment may be configured to implement transmission of log policy reports, and the computing subsystem 42 and the TPCM 43 may be configured to implement transmission of metric notification commands.
The following describes the execution flow of the trusted computing platform of this embodiment as follows:
s1, the trusted management center 41 configures the policy and the reference value.
And S2, the strategy and the reference value are issued to the TPCM 43 through the terminal tool.
The terminal tool of this embodiment is also responsible for collecting the reference value report of the terminal tool to the trusted management center 41.
S3, TPCM 43 measures computing subsystem 42 according to the policy.
And S4, the TSB agent is responsible for intercepting the behavior of the computing subsystem 42, collecting the behavior and context data and sending the data to the TSB.
S5, TPCM 43 receives the collected behavior and context data transmitted by the TSB agent, and measures the computation subsystem 42 according to the policy.
S6, when the measurement business layer (TSB) measurement computation subsystem 42 of the TPCM is in use, the host resource can be accessed through the service interface provided by the system layer of the TPCM, and in some cases, if some part of the TSB is physically located in the computation subsystem 42, the TSB can access the compute node resource by itself without accessing the compute node resource through the system layer of the TPCM.
S7, when the measurement business layer (TSB) measurement computation subsystem 42 of the TPCM performs the cryptographic correlation computation through the cryptographic module provided by the TPCM 43.
And S8, the measurement service layer (TSB) of the TPCM determines how to control the computing node according to the measurement result, the reference value and the strategy.
Depending on the type of control, the TSB may access the host system directly through the system layer interface of TPCM 43, or may control the TSB by sending control commands to the TSB agents. And part of the control is controlled by intercepting the measurement return value, and part of the control sends a control notification instruction to the TSB agent through a mechanism.
S9, for the case that the TSB agent is needed to assist, the TSB agent can control the host after receiving the control command (or the control command returned by the metric).
S10, the measurement traffic layer (TSB) of the TPCM outputs a trusted log.
S11, the terminal tool may upload the trusted log to the trusted management center 41, and the terminal tool may also obtain a trusted report to be sent to the management center or obtain a trusted credential to be sent to the requester.
And S12, analyzing the log and the credible report by the management center.
The embodiment can analyze the more valuable credible data of the product, the credible data can have different purposes, the credible data can evaluate the credible reading of the current node and the whole network computing environment, can predict the dangerous state of the network and take corresponding measures, and can generate an intelligent control strategy and then send the intelligent control strategy to the terminal.
The embodiment sets a system layer interface inside the TPCM, defines the internal interaction specification of the TPCM, and separates a service layer and a system layer from the execution function of the TPCM through the system layer interface, so that when the TPCM executes the service function, the system layer provides a necessary environment for realizing the service function of the service layer, and can shield the difference between bottom hardware and a communication mechanism, so that the service layer only needs to care about the realization of the service function, but does not need to care about a hardware structure adopted by the TPCM, and the TPCM is easier to migrate and maintain, thereby meeting the requirements of realizing the TPCM in various physical scenes, improving the adaptability of the TPCM, solving the technical problem of low adaptability of a trusted platform control module, and achieving the technical effect of improving the adaptability of the trusted platform control module.
Example 3
The embodiment of the invention also provides a data processing device. It should be noted that the data processing apparatus of this embodiment can be used to execute the data processing method in embodiment 1 of the present invention.
Fig. 5 is a schematic diagram of a data processing apparatus according to an embodiment of the present invention. As shown in fig. 5, the data processing apparatus 50 may include: an acquisition unit 51, a determination unit 52 and a conversion unit 53.
The obtaining unit 51 is configured to obtain system service information, where the system service information is used to implement a service function of the trusted platform control module.
The determining unit 52 is configured to determine a target interface corresponding to the system service information from at least one interface, where the trusted platform control module includes at least one interface.
And the conversion unit 53 is configured to convert the system service information into a target function instruction through the target interface, and control the trusted platform control module to execute a service function through the target function instruction.
The data processing device of the embodiment is provided with at least one interface inside the TPCM, defines the internal interaction specification of the TPCM, and separates a service layer and a system layer from an execution function through the at least one interface, so that when the TPCM executes the service function, the system layer provides a necessary environment for realizing the service function of the service layer, can shield the difference between bottom hardware and a communication mechanism, and only the realization of the service function needs to be concerned by the service layer without the need of concerning the hardware structure adopted by the TPCM, so as to meet the requirements of realizing the TPCM in various physical scenes, so that the TPCM is easier to migrate and maintain, the adaptability of the TPCM is improved, the technical problem of low adaptability of a trusted platform control module is solved, and the technical effect of improving the adaptability of the trusted platform control module is achieved.
Example 4
The embodiment of the invention also provides a storage medium. The storage medium includes a stored program, wherein the apparatus in which the storage medium is located is controlled to execute the data processing method of the embodiment of the present invention when the program runs.
Example 5
The embodiment of the invention also provides a processor. The processor is used for running a program, wherein the program executes the data processing method of the embodiment of the invention when running.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A data processing method, comprising:
acquiring system service information, wherein the system service information is used for realizing the business function of a trusted platform control module;
determining a target interface corresponding to the system service information from at least one interface, wherein the trusted platform control module comprises the at least one interface;
converting the system service information into a target function instruction through the target interface, and controlling the trusted platform control module to execute the business function through the target function instruction;
the trusted platform control module adopts a layered design structure and is divided into a system layer and a business layer through the at least one interface, wherein the system layer of the trusted platform control module is used for providing the system service information, and the business layer of the trusted platform control module is used for controlling the trusted platform control module to execute the business function through the target function instruction;
wherein, the trusted platform control module adopts a layered design structure, and is divided into a system layer and a service layer through the at least one interface, and the method comprises the following steps: setting the at least one interface inside the trusted platform control module; defining an interaction specification inside the trusted platform control module; and separating a service layer and a system layer from the execution function of the trusted platform control module through the at least one interface based on the interaction specification.
2. The method of claim 1, wherein the target interface comprises at least one of:
a first interface, configured to convert the system service information into an operation function instruction, where the target function instruction includes the operation function instruction, and the operation function instruction is used to provide an execution environment for the trusted platform control module;
a second interface, configured to convert the system service information into a drive function instruction, where the target function instruction includes the drive function instruction, and the drive function instruction is used to provide a function of accessing a flash memory to the trusted platform control module;
and a third interface, configured to convert the system service information into a communication function instruction, where the target function instruction includes the communication function instruction, and the communication function instruction is used to enable the trusted platform control module to communicate with a host.
3. The method of claim 2, wherein the first interface comprises at least one of:
a host memory access interface for accessing a host memory;
the interrupt switch interface is used for receiving a command sent by the host computer in an interrupt mode;
the local memory management interface is used for allocating and releasing the memory;
the debugging information output interface is used for outputting the formatting information;
a random number generation interface for generating a random number;
the time acquisition interface is used for acquiring the time of the trusted platform control module after starting;
the memory use information acquisition interface is used for returning the memory use information of the trusted platform control module;
the information acquisition interface of the central processing unit is used for acquiring the information of the running central processing unit;
the system delay interface is used for controlling the running delay target time period of the central processing unit;
and the cache cleaning interface of the central processing unit is used for cleaning the cache of the central processing unit.
4. The method of claim 2, wherein the second interface comprises at least one of:
the flash memory reading interface is used for reading data with a first preset length;
the flash memory writing interface is used for writing data with a second preset length;
the flash memory erasing interface is used for erasing the first data;
the flash memory erasing interface is used for erasing the second data firstly and then writing the third data in;
and the flash memory area length returning interface is used for returning the length of the flash memory area.
5. The method of claim 2, wherein the third interface comprises at least one of:
a command processing callback interface for interrupting the execution of the main program of the trusted platform control module;
the command information description interface is used for storing the command information of the trusted platform control module;
a command mapping interface for mapping an input parameter address and an output parameter address to a virtual address accessible by the trusted platform control module;
the asynchronous command completion notification interface is used for sending a first notification message to the host when the asynchronous processing command is completed;
the command release interface is used for releasing the resources associated with the command information after the command information is processed;
a measurement result sending interface for sending a second notification message after the measurement operation is completed;
and the message sending interface is used for sending the third notification message to the computing subsystem.
6. The method of claim 1, wherein controlling the trusted platform control module to perform the business function via the target function instruction comprises:
and responding to the target function instruction, and carrying out measurement check and control on the starting process and the running process of the host by a measurement service layer of the trusted platform control module by calling the target interface.
7. The method of claim 1, wherein controlling the trusted platform control module to perform the business function via the target function instruction comprises:
and responding to the target function instruction, and providing a trusted password service for the trusted platform control module by calling the target interface by the trusted password service layer of the trusted platform control module.
8. A data processing apparatus, comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring system service information, and the system service information is used for realizing the business function of a trusted platform control module;
the determining unit is used for determining a target interface corresponding to the system service information from at least one interface, wherein the trusted platform control module comprises the at least one interface;
the conversion unit is used for converting the system service information into a target function instruction through the target interface and controlling the trusted platform control module to execute the business function through the target function instruction;
wherein the apparatus further comprises: the dividing unit is used for dividing the trusted platform control module into a system layer and a service layer through the at least one interface, wherein the system layer of the trusted platform control module is used for providing the system service information, and the service layer of the trusted platform control module is used for controlling the trusted platform control module to execute the service function through the target function instruction;
the dividing unit is further configured to adopt a layered design structure for the trusted platform control module through the following steps, and divide the trusted platform control module into a system layer and a service layer through the at least one interface: setting the at least one interface inside the trusted platform control module; defining an interaction specification inside the trusted platform control module; and separating a service layer and a system layer from the execution function of the trusted platform control module through the at least one interface based on the interaction specification.
9. A storage medium, comprising a stored program, wherein the program, when executed, controls an apparatus in which the storage medium is located to perform the method of any one of claims 1 to 7.
10. A processor, characterized in that the processor is configured to run a program, wherein the program when running performs the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010088886.5A CN111310192B (en) | 2020-02-12 | 2020-02-12 | Data processing method, device, storage medium and processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010088886.5A CN111310192B (en) | 2020-02-12 | 2020-02-12 | Data processing method, device, storage medium and processor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111310192A CN111310192A (en) | 2020-06-19 |
| CN111310192B true CN111310192B (en) | 2022-03-15 |
Family
ID=71160078
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010088886.5A Active CN111310192B (en) | 2020-02-12 | 2020-02-12 | Data processing method, device, storage medium and processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111310192B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113821803B (en) * | 2021-11-24 | 2022-02-15 | 飞腾信息技术有限公司 | Security architecture system, security management method and computing device |
| CN114285906B (en) * | 2021-12-24 | 2024-01-23 | 北京天融信网络安全技术有限公司 | Message processing method and device, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN109753453A (en) * | 2018-12-26 | 2019-05-14 | 北京可信华泰信息技术有限公司 | A kind of trusted system of storage isolation |
| CN109918915A (en) * | 2019-03-14 | 2019-06-21 | 沈昌祥 | A kind of dynamic measurement method based on dual Architecture credible calculating platform |
| CN110008708A (en) * | 2019-04-11 | 2019-07-12 | 北京可信华泰信息技术有限公司 | Communication means and system between a kind of host and credible platform control module |
| CN110321714A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | The dynamic measurement method and device of credible calculating platform based on dual Architecture |
| CN110334520A (en) * | 2019-07-08 | 2019-10-15 | 北京可信华泰信息技术有限公司 | The construction method and device of the credible calculating platform of dual Architecture |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110795742B (en) * | 2018-08-02 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Metric processing method, device, storage medium and processor for high-speed cryptographic operation |
-
2020
- 2020-02-12 CN CN202010088886.5A patent/CN111310192B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN109753453A (en) * | 2018-12-26 | 2019-05-14 | 北京可信华泰信息技术有限公司 | A kind of trusted system of storage isolation |
| CN109918915A (en) * | 2019-03-14 | 2019-06-21 | 沈昌祥 | A kind of dynamic measurement method based on dual Architecture credible calculating platform |
| CN110008708A (en) * | 2019-04-11 | 2019-07-12 | 北京可信华泰信息技术有限公司 | Communication means and system between a kind of host and credible platform control module |
| CN110321714A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | The dynamic measurement method and device of credible calculating platform based on dual Architecture |
| CN110334520A (en) * | 2019-07-08 | 2019-10-15 | 北京可信华泰信息技术有限公司 | The construction method and device of the credible calculating platform of dual Architecture |
Non-Patent Citations (2)
| Title |
|---|
| High Performance PCIe Interface for the TPCM based on Linux platform;Wanjun Yu等;《网页在线公开:https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7469164》;20160512;第1-4页 * |
| 基于TPCM的主动动态度量机制的研究与实现;田健生等;《技术研究》;20160714(第6期);第22-27页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111310192A (en) | 2020-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Li et al. | Pond: Cxl-based memory pooling systems for cloud platforms | |
| JP7007425B2 (en) | Memory allocation technology for partially offloaded virtualization managers | |
| US10565104B2 (en) | System and method to manage and share managed runtime memory for JAVA virtual machine | |
| JP6845264B2 (en) | Reducing performance variability with an opportunistic hypervisor | |
| EP2656206B1 (en) | Probe insertion via background virtual machine | |
| JP5680070B2 (en) | Method, apparatus, and program for monitoring computer activity of a plurality of virtual computing devices | |
| US8127092B2 (en) | Migration management based on destination performance information | |
| WO2018085421A1 (en) | Read/write request processing method and apparatus | |
| JP2019525313A (en) | Virtualization manager secure boot process | |
| US7574551B2 (en) | Operating PCI express resources in a logically partitioned computing system | |
| EP1548589A2 (en) | Systems and methods for bimodal device virtualization of actual and idealized hardware-based devices | |
| CN111831588A (en) | Storage device access method, device and system | |
| JP6927375B2 (en) | How to handle deep learning tasks, devices and computer-readable storage media | |
| CN111310192B (en) | Data processing method, device, storage medium and processor | |
| US11544096B2 (en) | Virtual trusted platform modules | |
| WO2010106692A1 (en) | Storage system and its controlling method | |
| CN114595038A (en) | Data processing method, computing device and computer storage medium | |
| CN117032812B (en) | Management method, device and apparatus of server, storage medium and electronic device | |
| CN111310193B (en) | Data processing method, device, storage medium and processor | |
| JP5492731B2 (en) | Virtual machine volume allocation method and computer system using the method | |
| CN117370107A (en) | BIOS log collection method and computing device | |
| Xue et al. | Dapper: An adaptive manager for large-capacity persistent memory | |
| US10379912B2 (en) | Data storage allocation utilizing virtual machine resource allocation | |
| CN116069584A (en) | Extending monitoring services into trusted cloud operator domains | |
| Tong et al. | Experiences in Managing the Performance and Reliability of a {Large-Scale} Genomics Cloud Platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |