CN111967025A - Method, device, equipment and storage medium for encrypting and protecting server starting option - Google Patents
Method, device, equipment and storage medium for encrypting and protecting server starting option Download PDFInfo
- Publication number
- CN111967025A CN111967025A CN202010695750.0A CN202010695750A CN111967025A CN 111967025 A CN111967025 A CN 111967025A CN 202010695750 A CN202010695750 A CN 202010695750A CN 111967025 A CN111967025 A CN 111967025A
- Authority
- CN
- China
- Prior art keywords
- server
- user identity
- option
- identity authentication
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000001960 triggered effect Effects 0.000 claims abstract description 8
- 230000008859 change Effects 0.000 claims abstract description 5
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 abstract description 12
- 230000004048 modification Effects 0.000 abstract description 4
- 238000012986 modification Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 229910044991 metal oxide Inorganic materials 0.000 description 1
- 150000004706 metal oxides Chemical class 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for encrypting and protecting a server starting option, wherein the method comprises the following steps that when the server starting option is changed and a storage request is executed, a south bridge chip triggers an interrupt operation; and transmitting the interrupt information to the controller, executing user identity authentication by the controller, and feeding back an authentication result. The device comprises a south bridge chip, a storage module and a control module, wherein the south bridge chip is used for triggering interrupt operation when a server starting option is changed and a storage request is executed; the controller is used for receiving an interrupt operation triggered by the south bridge chip and executing user identity authentication when the server starting option change is requested to be stored; the power supply module is used for powering off the whole machine when the user identity authentication fails; and the input module is used for inputting the user identity authentication information. The invention avoids the malicious operation of randomly changing an unauthorized system disk, carries out identity verification on the modification of the server starting option, enhances the capability of the server system to resist malicious intrusion, and improves the stability of the system.
Description
Technical Field
The invention relates to the field of server security, in particular to a method, a device, equipment and a storage medium for protecting a server starting option in an encryption manner.
Background
At present, the leakage of network data information is more serious, the security of the data information is more and more important, most data information is stored on a server, and the security encryption of the data of the server is the most important factor.
The Basic Input Output System (BIOS) boot start is the first step in which a server can enter an operating System to operate normally. At present, a BOOT-up item (BOOT) of the server can be selected on a BIOS Setup interface, and the BOOT-up item can select the server to BOOT from a USB flash disk, a hard disk with different operating systems, and the like. At present, most of server BIOS starting boot items are selected without an encryption protection function, and the whole server system has great potential safety hazard. By using a USB flash disk or other optical disk startup disks, the server can be easily guided to load a new operating system, and the password and all system data on the original operating system in the hard disk can be erased; and a new hard disk with an operating system is replaced, the new hard disk is selected to be started in the BIOS, and the server can directly enter the new operating system. Although password protection can be set when the BIOS Setup is entered at present, and the BIOS cannot be loaded and started when the BIOS Setup is powered on without inputting the password, the BIOS password is stored in a Read-Only Memory (ROM) or a Complementary Metal Oxide Semiconductor (CMOS), and the password setting can be cleared by removing a CMOS battery. There is currently no perfect mechanism for password protection for boot-up of a server.
Disclosure of Invention
In order to solve the technical problem, the invention provides a method, a device, equipment and a storage medium for protecting a server starting option in an encryption manner, so that the identity verification of the modification of the server starting option is realized, and the capability of a server system for resisting malicious intrusion is enhanced.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method of cryptographically protecting server boot options, comprising:
when the starting option of the server is changed and the storage request is executed, the south bridge chip triggers an interrupt operation;
and transmitting the interrupt information to the controller, executing user identity authentication by the controller, and feeding back an authentication result.
Further, when the user identity authentication passes, executing a server starting option saving operation; and when the user identity authentication fails, the whole server is triggered to be powered off.
Further, the controller executing the user authentication specifically includes:
the controller receives user identity authentication information through the external information input equipment, and compares the user identity authentication information with original key data in a controller memory for authentication.
Further, when the user authentication fails, the server needs to enter authentication information when being powered on again.
Further, when the south bridge chip triggers the interrupt operation, the operation interface for changing the server start option cannot be operated.
The invention also provides a device for starting options of the encryption protection server, which comprises the following steps:
the south bridge chip is used for triggering interrupt operation when the starting option of the server is changed and the storage request is executed;
the controller is used for receiving an interrupt operation triggered by the south bridge chip and executing user identity authentication when the server starting option change is requested to be stored;
the power supply module is used for powering off the whole machine when the user identity authentication fails;
and the input module is used for inputting the user identity authentication information.
The invention also provides a device for starting options of the encryption protection server, which comprises the following components:
a memory for storing a computer program;
a processor for implementing the steps of the method for cryptographically protecting server boot options as described above when executing the computer program.
The invention also proposes a storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of cryptographically protecting server start-up options as described above.
The invention has the beneficial effects that:
the invention provides a method, a device, equipment and a storage medium for protecting the starting option of a server in an encryption manner, solves the problem that the selection of the BIOS starting boot option of the server does not have the encryption protection function, avoids malicious operation on a system disk through a USB (universal serial bus) disk starting disk and the like under the unauthorized condition, also avoids random replacement of the unauthorized system disk, enhances the capability of the server system for resisting malicious intrusion, and improves the stability of the system.
The invention carries out password protection on BOOT bootstrap item change of the BIOS, avoids malicious operation on the system disk through the USB disk BOOT disk and the like under the unauthorized condition, also avoids random replacement of the unauthorized system disk, enhances the capability of the server system for resisting malicious intrusion, and improves the stability of the system.
Drawings
FIG. 1 is a flow chart illustrating a method for cryptographically protecting a server boot option in accordance with the present invention;
FIG. 2 is a block diagram of an apparatus for protecting server boot options according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a device for protecting a server boot option according to a second embodiment of the present invention.
Detailed Description
In order to clearly explain the technical features of the present invention, the following detailed description of the present invention is provided with reference to the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and procedures are omitted so as to not unnecessarily limit the invention.
The invention discloses a method for starting options of an encryption protection server, which comprises the following steps:
when the starting option of the server is changed and the storage request is executed, the south bridge chip triggers an interrupt operation;
and transmitting the interrupt information to the controller, executing user identity authentication by the controller, and feeding back an authentication result.
The controller may be selected from a Complex Programmable Logic Device (CPLD).
As shown in fig. 1, the specific process of the method for starting the option of the encryption protection server of the present invention includes:
under a BIOS Setup interface, a user modifies BOOT starting item information, when a storage operation is executed, a PCH (Platform Controller Hub) responds to the action and performs interrupt processing, at the moment, the BIOS Setup interface cannot be operated, the PCH sends an enabling signal to drive a CPLD to perform user identity verification, the CPLD receives user identity verification information input by external information input equipment, the user identity verification information is compared with original secret key data in a complex programmable logic device memory for verification, when the user identity verification passes, a server starting option storage operation is executed, and a complete machine reset operation is triggered to enable the modified BOOT information to take effect; when the user authentication fails, the whole server is triggered to be powered off, and authentication information needs to be input when the server is powered on again.
The invention also discloses a device for encrypting and protecting the starting options of the server, which comprises the following steps:
the south bridge chip is used for triggering interrupt operation when the starting option of the server is changed and the storage request is executed;
the controller is used for receiving an interrupt operation triggered by the south bridge chip and executing user identity authentication when the server starting option change is requested to be stored;
the power supply module is used for powering off the whole machine when the user identity authentication fails;
and the input module is used for inputting the user identity authentication information.
Specifically, a schematic structural diagram of an embodiment of the present invention is shown in fig. 2, and includes: the system comprises a server mainboard 101, a PCH chip 102, a Flash chip 103, a CPLD chip 104, an input module 105 and a power supply module 106;
and the server main board 101 is used for bearing the related components of the invention.
After the server is powered on, the PCH chip 102 acquires BIOS data in the Flash chip 103 through an S1 bus to enable the server to be normally started, and a user can set BIOS down options to adjust the working state of the whole server and various I/O configurations on a BIOS Setup interface after the server is started.
And the CPLD chip 104 is used for user identity verification during BOOT option switching.
The input module 105 is an external information input device of the CPLD, including but not limited to a keyboard, keys, fingerprints, face recognition, and other devices that can be used for information input.
And the power supply module 106 is used for supplying power to the whole machine.
When a user switches the BOOT start option at the BIOS Setup interface and executes the 'save' operation, the PCH responds to the action and performs interrupt processing, at the moment, the BIOS Setup interface cannot be operated, and the PCH sends an enabling signal through a data path S2 to drive the CPLD to receive external user identity authentication information; the data information input from the input module is transmitted into the CPLD through the data path S3 for information verification, the verification method includes but is not limited to comparing the input data inside the CPLD with the original secret key data preset in the CPLD memory, after the CPLD verifies that the input data passes through the data path S4, the CPLD feeds back the PCH information, informs that the PCH is verified to be finished, drives the PCH to execute 'saving' operation and triggers one complete machine reset operation to enable the modified BOOT information to take effect; if the input identity information is not verified by the CPLD, the CPLD feeds back information of PCH verification failure through the data path S4, meanwhile, the CPLD drives the power supply module 106 through the data path S5 to perform power-off processing on the whole computer, and simultaneously, the CPLD records the abnormality and requires to record the identity verification information to execute power-on and power-on operations when a power-on request is next time.
Fig. 2 shows a schematic structural diagram of a second embodiment of the present invention, wherein the PCH chip 202 is preferably an Intel LBG-1G series PCH, the Flash chip 203 is preferably an MXIC MX25L51245GMI-08G, the CPLD chip 204 is preferably an Intel MAX10 series CPLD, and the input module 205 is exemplified by an independent key.
The invention also discloses a device for starting the option of the encryption protection server, which comprises the following components:
a memory for storing a computer program;
a processor for implementing the steps of the method for cryptographically protecting server boot options as described above when executing the computer program.
The invention also discloses a storage medium on which a computer program is stored, which, when executed by a processor, implements the steps of the method for cryptographically protecting server start-up options as described above.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, the scope of the present invention is not limited thereto. Various modifications and alterations will occur to those skilled in the art based on the foregoing description. And are neither required nor exhaustive of all embodiments. On the basis of the technical scheme of the invention, various modifications or changes which can be made by a person skilled in the art without creative efforts are still within the protection scope of the invention.
Claims (8)
1. A method for cryptographically protecting server boot options, comprising:
when the starting option of the server is changed and the storage request is executed, the south bridge chip triggers an interrupt operation;
and transmitting the interrupt information to the controller, executing user identity authentication by the controller, and feeding back an authentication result.
2. The method for protecting the server boot option according to claim 1, wherein a server boot option save operation is performed when the user authentication is passed; and when the user identity authentication fails, the whole server is triggered to be powered off.
3. The method for protecting server boot options according to claim 1, wherein the controller performs user authentication specifically as:
the controller receives user identity authentication information through the external information input equipment, and compares the user identity authentication information with original key data in a controller memory for authentication.
4. The method for protecting the server startup option according to claim 2, wherein when the user authentication fails, the server needs to enter authentication information when it is powered on again.
5. The method of claim 1, wherein when the south bridge chip triggers an interrupt operation, the operation interface for changing the server boot option is disabled.
6. An apparatus for cryptographically protecting server boot options, comprising:
the south bridge chip is used for triggering interrupt operation when the starting option of the server is changed and the storage request is executed;
the controller is used for receiving an interrupt operation triggered by the south bridge chip and executing user identity authentication when the server starting option change is requested to be stored;
the power supply module is used for powering off the whole machine when the user identity authentication fails;
and the input module is used for inputting the user identity authentication information.
7. An apparatus for cryptographically protecting server boot options, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method of the cryptographic protection server start-up option of any of claims 1 to 5 when executing said computer program.
8. A storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of cryptographically secured server boot options according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010695750.0A CN111967025A (en) | 2020-07-19 | 2020-07-19 | Method, device, equipment and storage medium for encrypting and protecting server starting option |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010695750.0A CN111967025A (en) | 2020-07-19 | 2020-07-19 | Method, device, equipment and storage medium for encrypting and protecting server starting option |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111967025A true CN111967025A (en) | 2020-11-20 |
Family
ID=73361716
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010695750.0A Withdrawn CN111967025A (en) | 2020-07-19 | 2020-07-19 | Method, device, equipment and storage medium for encrypting and protecting server starting option |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111967025A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113064643A (en) * | 2021-03-16 | 2021-07-02 | 山东英信计算机技术有限公司 | Method, system and medium for instantly-effective modification of BIOS set value |
| CN113111398A (en) * | 2021-04-19 | 2021-07-13 | 龙应斌 | Data security storage method and device for preventing illegal stealing |
-
2020
- 2020-07-19 CN CN202010695750.0A patent/CN111967025A/en not_active Withdrawn
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113064643A (en) * | 2021-03-16 | 2021-07-02 | 山东英信计算机技术有限公司 | Method, system and medium for instantly-effective modification of BIOS set value |
| CN113111398A (en) * | 2021-04-19 | 2021-07-13 | 龙应斌 | Data security storage method and device for preventing illegal stealing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103207975B (en) | The method of protection password and computing machine | |
| AU681588B2 (en) | Protecting programs and data with card reader | |
| US7797729B2 (en) | Pre-boot authentication system | |
| US7900252B2 (en) | Method and apparatus for managing shared passwords on a multi-user computer | |
| US7000249B2 (en) | Pre-boot authentication system | |
| TWI712889B (en) | Memory device and program | |
| CN103164241A (en) | Method of starting a computer using a biometric authentication device | |
| EP1001331A2 (en) | Pre-boot security controller | |
| CN109948310B (en) | Locking method and related electronic equipment | |
| CN111967025A (en) | Method, device, equipment and storage medium for encrypting and protecting server starting option | |
| CN103136485A (en) | Method of realizing computer safety and computer | |
| US9811348B2 (en) | Information processing apparatus | |
| CN112966276B (en) | Method, device and medium for safely starting computer | |
| JP2006031575A (en) | Hard disk security management system and method therefor | |
| JP2000298529A (en) | Personal computer system | |
| CN1997961A (en) | Method and device for booting computer system | |
| CN111625875A (en) | Multi-level cooperative control method for shutdown and recovery of computer peripheral interface | |
| EP3915030B1 (en) | Storage of network credentials | |
| KR19990079740A (en) | How to secure your PC using boot sequence | |
| CN113742737B (en) | Computer main board chip safety management method and device and computer equipment | |
| CN117610089B (en) | Encryption method, system, equipment and storage medium of multi-core heterogeneous chip | |
| CN106776087A (en) | Terminal device and its starting-up method | |
| TWI789142B (en) | Controller, computing device, bios recovery and backup method | |
| CN109376511A (en) | The method for improving end message safety | |
| CN110929283B (en) | Hierarchical protection system of UEFI BIOS and corresponding implementation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201120 |
|
| WW01 | Invention patent application withdrawn after publication |