CN112181459B - CPLD upgrade optimization method and system - Google Patents
CPLD upgrade optimization method and system Download PDFInfo
- Publication number
- CN112181459B CN112181459B CN202011027308.7A CN202011027308A CN112181459B CN 112181459 B CN112181459 B CN 112181459B CN 202011027308 A CN202011027308 A CN 202011027308A CN 112181459 B CN112181459 B CN 112181459B
- Authority
- CN
- China
- Prior art keywords
- upgrade
- cpld
- password
- module
- bmc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000005457 optimization Methods 0.000 title claims abstract description 30
- 238000013524 data verification Methods 0.000 claims abstract description 21
- 238000012790 confirmation Methods 0.000 claims abstract description 20
- 230000002159 abnormal effect Effects 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims description 62
- 230000004044 response Effects 0.000 claims description 10
- 230000007246 mechanism Effects 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 6
- 239000000126 substance Substances 0.000 claims description 6
- 238000013461 design Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 12
- 230000009286 beneficial effect Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 230000003321 amplification Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a CPLD upgrade optimization method and a CPLD upgrade optimization system, wherein the method comprises the following steps: when determining that the CPLD needs to be upgraded, receiving an upgrade password sent by the BMC; when the upgrading password is determined to be legal, the UFM module receives an upgrading file sent by the BMC and temporarily stores the upgrading file; performing data verification on an upgrade file on the UFM module, and receiving an upgrade success instruction sent by the BMC when the data verification is successful; and generating confirmation information according to the upgrade password and the upgrade success instruction, finishing the upgrade of the CPLD when the confirmation information is that the CPLD is successfully upgraded, and avoiding the problem of abnormal system work caused by malicious refreshing of the CPLD through the BMC or successful upgrade of wrong upgrade files.
Description
Technical Field
The invention relates to the technical field of CPLD, in particular to a CPLD upgrading optimization method and a CPLD upgrading optimization system.
Background
In the server design, the design of the CPLD (Complex Programmable Logic Device) realizes the basic Logic design and protocol data analysis of the board, the flexible Logic design can ensure the amplification of the functions of the board and the problem processing, and the CPLD upgrade is inevitable along with the function change of the CPLD on the board. The conventional CPLD can be upgraded by using an I2C link (i.e., an Inter-Integrated Circuit bus), and the BMC (Baseboard Management Controller) can quickly and conveniently upgrade the CPLD through the I2C link. In the prior art, as shown in fig. 1, in an existing server CPLD upgrading scheme, an I2C hardmac of a CPLD is designed to be connected to a BMC, and the BMC reads, writes, and erases data from a CFM through an I2C instruction, thereby upgrading the CPLD. The CPLD internally comprises UFM/CFM flash modules, wherein the CFM is a flash module used for storing the image of the CPLD, the UFM is a flash module readable and writable by a user, and the BMC can read and write the UFM and the CFM through I2C, so that the CPLD is upgraded.
Problems existing in the prior art: 1. the special network port of the BMC is connected with an external network, when the server is attacked, malicious upgrading and tampering of the CPLD can be easily realized through the special network port of the BMC, and as an erasing and refreshing instruction is issued, the malicious instruction is issued to cause system working abnormity, so that the server working abnormity can be caused; 2. by refreshing the image data image of the CPLD with errors, the work of the board card is abnormal, so that the system is crashed.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the art described above. Therefore, a first objective of the present invention is to provide an upgrade optimization method for CPLDs, which can effectively solve the problem that a CPLD is maliciously refreshed by a BMC to cause system work abnormality and the problem that the system work abnormality is caused after an incorrect upgrade file is successfully upgraded after a server is maliciously attacked.
The second purpose of the invention is to provide a CPLD upgrade optimization system.
In order to achieve the above object, an embodiment of a first aspect of the present invention provides a CPLD upgrade optimization method, where the CPLD includes a UFM module and a CFM module, and includes:
when the board card works normally, judging whether the CPLD on the board card needs to be upgraded or not;
when determining that the CPLD on the board card needs to be upgraded, receiving an upgrade password sent by the BMC through an I2C bus, and judging whether the upgrade password is legal;
when the upgrading password is determined to be legal, the UFM module receives an upgrading file sent by the BMC through an I2C bus through an I2C module, and temporarily stores the upgrading file;
performing data verification on the upgrade file temporarily stored on the UFM module, and receiving an upgrade success instruction sent by the BMC through an I2C bus when the data verification is determined to be successful;
and generating confirmation information of whether the CPLD is successfully upgraded or not according to the upgrade password and the upgrade success command, and when the confirmation information indicates that the CPLD is successfully upgraded, further finishing upgrading the CPLD.
According to some embodiments of the present invention, after the confirmation information indicates that the CPLD upgrade is successful, the method further includes:
reading an upgrade file temporarily stored in the UFM module through a wishbone bus;
calculating the SHA256 hash value of the upgrade file, and performing digital signature verification on the upgrade file by using a public key according to the SHA256 hash value;
and when the verification of the digital signature is successful, synchronously updating the upgrade file temporarily stored in the UFM module to the CFM module.
According to some embodiments of the invention, further comprising: when the upgrade password is determined to be illegal, returning an upgrade password exception instruction to the BMC; and the BMC records an upgrade password error log and is used for monitoring the upgrade of the CPLD.
According to some embodiments of the present invention, when it is determined that the data verification fails, an instruction to erase the upgrade file in the UFM module is issued through a wishbone bus, and the upgrade file temporarily stored in the UFM module is deleted.
According to some embodiments of the present invention, when it is determined that the digital signature verification fails, an instruction to erase the upgrade file in the UFM module is issued through a wishbone bus, and the upgrade file temporarily stored in the UFM module is deleted.
According to some embodiments of the invention, the UFM module comprises pages 0-639; wherein the content of the first and second substances,
page0/page1, used for storing the upgrade file signature when the digital signature of the upgrade file is verified;
page2-page639, configured to temporarily store the upgrade file when it is determined that the upgrade password is legal.
According to some embodiments of the invention, the determining whether the upgrade password is legal includes:
the BMC establishes a handshake check mechanism with the CPLD, and sends an upgrade password check request to the CPLD;
the CPLD receives an upgrade password verification request sent by the BMC and performs upgrade password verification response;
the BMC sends an upgrading password to the CPLD;
the CPLD receives an upgrade password sent by the BMC, judges whether the upgrade password is consistent with a preset upgrade password or not, and sends upgrade password verification passing information to the BMC when the upgrade password is determined to be consistent with the preset upgrade password;
the BMC receives upgrade password verification passing information sent by the CPLD and sends an upgrade request to the CPLD;
the CPLD receives an upgrading request sent by the BMC and carries out upgrading response to determine that the upgrading password is legal;
and the BMC performs upgrading operation.
In order to achieve the above object, an embodiment of a second aspect of the present invention provides a CPLD upgrade optimization system, including:
the controller is used for judging whether the CPLD on the board card needs to be upgraded or not when the board card normally works;
the password checking module is connected with the controller and used for receiving an upgrade password sent by the BMC through an I2C bus and judging whether the upgrade password is legal or not when the controller determines that the CPLD on the board card needs to be upgraded;
the UFM module is used for receiving an upgrade file sent by the BMC through an I2C bus and temporarily storing the upgrade file when the password verification module determines that the upgrade password is legal;
the controller is further configured to:
performing data verification on the upgrade file temporarily stored on the UFM module, and receiving an upgrade success instruction sent by the BMC through an I2C bus when the data verification is determined to be successful;
and generating confirmation information whether the CPLD is successfully upgraded or not according to the upgrade password and the upgrade success instruction, and finishing upgrading the CPLD when the confirmation information is that the CPLD is successfully upgraded.
According to some embodiments of the present invention, the CPLD upgrade optimization system further comprises: the system comprises a CFM module, a wishbone bus, an SHA256 module and an ECDSA module; wherein the content of the first and second substances,
the wishbone bus is respectively connected with the controller, the CFM module and the UFM module;
the controller is respectively connected with the SHA256 module and the ECDSA module, and is configured to:
reading the upgrade file temporarily stored in the UFM module through the wishbone bus;
controlling the SHA256 module to calculate an SHA256 hash value of the upgrade file, and controlling the ECDSA module to use a public key to perform digital signature verification on the upgrade file according to the SHA256 hash value;
and when the verification of the digital signature is determined to be successful, synchronously updating the upgrade file temporarily stored in the UFM module to the CFM module.
Has the advantages that:
1. before upgrading the CPLD, the BMC firstly verifies the upgrade password to ensure the safety of the upgrade instruction;
2. the CPLD returns an upgrade password check result for BMC log recording, which is beneficial to monitoring and processing of the CPLD upgrade event;
3. the UFM module of the CPLD is used for storing an upgrade file, the upgrade file is used for verifying the digital signature of the CPLD, the upgrade file is updated into the CFM module after the verification is passed, abnormal data in the UFM module is deleted after the verification fails, and abnormal system work caused by successful upgrade of an error upgrade file is avoided; and the CPLD ensures the correctness of the upgrade file through digital signature verification.
4. If the BMC does not check the upgrade password and directly performs the upgrade operation, the CPLD does not perform digital signature verification and considers that the upgrade file is invalid, thereby ensuring the correctness of the upgrade file.
5. The BMC and the CPLD are communicated through an I2C bus, the CPLD upgrading optimization method provided by the invention can be realized by using the traditional hardware design, the hardware design is consistent with the traditional design, the applicability is wide, the new hardware is prevented from being redesigned, and the cost is reduced;
6. the I2C module with logic design is used for replacing the I2C hardmac design in the traditional design, and is used for carrying out data read-write exchange with the BMC, so that the accuracy of data transmission is improved, and the optimization and the upgrade of the CPLD are facilitated.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of a prior art CPLD upgrade method;
fig. 2 is a flowchart of a CPLD upgrade optimization method according to an embodiment of the present invention;
fig. 3 is a flowchart of a CPLD upgrade optimization method according to yet another embodiment of the present invention;
figure 4 is a schematic diagram of a data format of a UFM module according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an upgrade password verification mechanism, according to one embodiment of the present invention;
fig. 6 is a block diagram of a CPLD upgrade optimization system according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
A CPLD upgrade optimization method and system according to an embodiment of the present invention are described below with reference to fig. 2 to fig. 6.
As shown in fig. 2, an embodiment of the first aspect of the present invention provides a CPLD upgrade optimization method, where the CPLD includes a UFM module and a CFM module, and includes steps S1-S5:
s1, when the board card works normally, judging whether the CPLD on the board card needs to be upgraded;
s2, when determining that the CPLD on the board card needs to be upgraded, receiving an upgrade password sent by the BMC through an I2C bus, and judging whether the upgrade password is legal;
s3, when the upgrade password is determined to be legal, the UFM module receives an upgrade file sent by the BMC through an I2C bus through an I2C module, and temporarily stores the upgrade file;
s4, carrying out data verification on the upgrade file temporarily stored on the UFM module, and receiving an upgrade success instruction sent by the BMC through an I2C bus when the data verification is successful;
and S5, generating confirmation information of whether the CPLD is successfully upgraded according to the upgrade password and the upgrade success instruction, and further completing the upgrade of the CPLD when the confirmation information is that the CPLD is successfully upgraded.
The working principle of the technical scheme is as follows: the board card is a printed circuit board, called PCB for short; when the board card normally works, whether the CPLD on the board card needs to be upgraded is judged, and when the CPLD on the board card needs to be upgraded, the CPLD upgrading optimization method is executed, so that resource waste caused by unnecessary upgrading is avoided, and efficient operation of the CPLD is ensured. An upgrade password verification mechanism is introduced, and when the CPLD is upgraded, the BMC firstly verifies the upgrade password to ensure the legality of an upgrade instruction; when the upgrading password is determined to be legal, the BMC can read the UFM module through the I2C bus and write the upgrading file into the UFM module, so that the UFM module temporarily stores the upgrading file; performing data verification on the upgrade file temporarily stored on the UFM module, and receiving an upgrade success instruction sent by the BMC through an I2C bus when the data verification is determined to be successful; the accuracy of the upgrading file is guaranteed, the CPLD is optimized and upgraded, confirmation information of whether the CPLD is successfully upgraded is generated according to the upgrading password and the upgrading success instruction, and when the confirmation information indicates that the CPLD is successfully upgraded, the CPLD is upgraded.
The beneficial effects of the above technical scheme are that: before upgrading the CPLD, the BMC firstly verifies the upgrade password to ensure the safety of the upgrade instruction; after the upgrade password is legal, the upgrade file is checked, the accuracy of the upgrade file is ensured, the problem that the CPLD is maliciously refreshed by the BMC after the server is maliciously attacked is avoided, the problem that the CPLD works abnormally after the wrong upgrade file is successfully upgraded is avoided, and the reliability and the safety of the CPLD upgrade are improved.
As shown in fig. 3, according to some embodiments of the present invention, after the confirming information is that the CPLD upgrade is successful, the method further includes:
reading an upgrade file temporarily stored in the UFM module through a wishbone bus;
calculating the SHA256 hash value of the upgrade file, and performing digital signature verification on the upgrade file by using a public key according to the SHA256 hash value;
and when the verification of the digital signature is determined to be successful, synchronously updating the upgrade file temporarily stored in the UFM module to the CFM module.
The working principle of the technical scheme is as follows: different from the traditional upgrading mode, the upgrading optimization method provided by the invention uses the UFM module to temporarily store the upgrading file, reads the upgrading file temporarily stored in the UFM module through the wishbone bus after the CPLD is successfully upgraded, calculates the SHA256 hash value of the upgrading file, and performs digital signature verification on the upgrading file by using a public key according to the SHA256 hash value; the accuracy of the upgrade file is guaranteed, the digital signature verification succeeds, the upgrade file is considered to be reliable, and the upgrade file which passes the digital signature verification can be written into the CFM module.
The beneficial effects of the above technical scheme are as follows: the method and the device realize safe and reliable upgrading of the upgrade files (images) in the CPLD, avoid system crash caused by malicious upgrading, and effectively avoid system working abnormity caused by successful upgrading of wrong upgrade files.
According to some embodiments of the invention, further comprising: when the upgrade password is determined to be illegal, returning an upgrade password exception instruction to the BMC; and the BMC records an upgrade password error log and is used for monitoring the upgrade of the CPLD.
The working principle of the technical scheme is as follows: and when the upgrade password is illegal, returning an upgrade password exception instruction to the BMC, wherein the BMC records an upgrade password error log and is used for monitoring the upgrade of the CPLD.
The beneficial effects of the above technical scheme are that: and judging whether malicious operation exists or not according to an upgrade password error log recorded by the BMC, ensuring the optimized processing of CPLD upgrade, monitoring whether malicious attack and other behaviors exist or not, and conveniently and timely taking accurate measures.
According to some embodiments of the present invention, when it is determined that the data verification fails, an instruction to erase the upgrade file in the UFM module is issued through a wishbone bus, and the upgrade file temporarily stored in the UFM module is deleted.
The working principle and the beneficial effects of the technical scheme are as follows: after receiving the upgrade password verification passing command, the BMC writes the upgrade file into the UFM module through the I2C bus, verifies the written upgrade file, sends an upgrade success command to the CPLD through the I2C bus if verification is successful, repeatedly updates and writes if verification is failed, and sends an upgrade failure command through the I2C bus if verification is still failed for three times, and records an upgrade failure log for problem handling; when receiving the verification failure instruction, the CPLD sends an instruction for erasing the temporarily stored upgrade file in the UFM module through the wishbone bus, and eliminates error data; the accuracy of upgrading the file is guaranteed.
According to some embodiments of the present invention, when it is determined that the digital signature verification fails, an instruction to erase the upgrade file in the UFM module is issued through a wishbone bus, and the upgrade file temporarily stored in the UFM module is deleted.
The working principle and the beneficial effects of the technical scheme are as follows: and when the verification of the digital signature is determined to be failed, the source of the upgrading file is considered to be illegal, an instruction for erasing the upgrading file in the UFM module is issued through a wishbone bus, and the upgrading file temporarily stored in the UFM module is deleted. The accuracy of the upgrade file is guaranteed.
As shown in fig. 4, according to some embodiments of the invention, the UFM module includes pages 0-page 639; wherein the content of the first and second substances,
page0/page1, used for storing the upgrade file signature when the digital signature of the upgrade file is verified;
pages 2-639, configured to temporarily store the upgrade file when it is determined that the upgrade password is legal.
The working principle and the beneficial effects of the technical scheme are as follows: the UFM module in the CPLD is composed of multiple pages, and the erasing and reading/writing operations are performed in units of pages, as shown in fig. 4, which is the data format of the UFM module. page0/page1, used for storing the upgrade file signature when the digital signature of the upgrade file is verified; pages 2-639, configured to temporarily store the upgrade file when it is determined that the upgrade password is legal. When the BMC upgrades the CPLD, the upgrade file signature and the upgrade file are updated at the same time. And after the upgrade is successful, the CPLD performs digital signature verification, and after the digital signature verification is successful, the CPLD only updates the contents of the upgrade file into the CFM, so that the accuracy of the data is ensured.
According to some embodiments of the invention, the determining whether the upgrade password is legal includes:
the BMC establishes a handshake check mechanism with the CPLD, and sends an upgrade password check request to the CPLD;
the CPLD receives an upgrade password verification request sent by the BMC and performs upgrade password verification response;
the BMC sends an upgrading password to the CPLD;
the CPLD receives an upgrade password sent by the BMC, judges whether the upgrade password is consistent with a preset upgrade password or not, and sends upgrade password verification passing information to the BMC when the upgrade password is determined to be consistent with the preset upgrade password;
the BMC receives upgrade password verification passing information sent by the CPLD and sends an upgrade request to the CPLD;
the CPLD receives an upgrading request sent by the BMC and carries out upgrading response, and the upgrading password is determined to be legal;
and the BMC performs upgrading operation.
The working principle and the beneficial effects of the technical scheme are as follows: upgrading encryption between the BMC and the CPLD adopts a verification mechanism of handshake between two parties, as shown in FIG. 5, the BMC sends an upgrading password verification request firstly when upgrading the CPLD, and the CPLD responds to allow upgrading password verification after receiving the upgrading password; the BMC sends an upgrade password, and after the CPLD passes the verification, the response BMC passes the verification of the upgrade password at the moment; the BMC sends an upgrade request, the CPLD responds to the upgrade permission after receiving the upgrade request, and the BMC starts to upgrade the UFM module at the moment. When any link has response abnormity, the BMC records an abnormal log for analyzing the abnormal problem, the CPLD considers that the upgrading process is illegal, digital signature verification cannot be executed, abnormal data in the UFM module can be directly deleted, and the safety and the accuracy of CPLD upgrading are improved.
As shown in fig. 6, a second embodiment of the present invention provides a CPLD upgrade optimization system, including:
the controller is used for judging whether the CPLD on the board card needs to be upgraded when the board card works normally;
the password checking module is connected with the controller and used for receiving an upgrade password sent by the BMC through an I2C bus and judging whether the upgrade password is legal or not when the controller determines that the CPLD on the board card needs to be upgraded;
the UFM module is used for receiving an upgrade file sent by the BMC through an I2C bus and temporarily storing the upgrade file when the password verification module determines that the upgrade password is legal;
the controller is further configured to:
performing data verification on the upgrade file temporarily stored on the UFM module, and receiving an upgrade success instruction sent by the BMC through an I2C bus when the data verification is determined to be successful;
and generating confirmation information of whether the CPLD is successfully upgraded or not according to the upgrade password and the upgrade success command, and when the confirmation information indicates that the CPLD is successfully upgraded, further finishing upgrading the CPLD.
The working principle of the technical scheme is as follows: taking a CPLD chip of lattice XO2 as an example, the hardware design of the invention mainly comprises a BMC, a CPLD and the interconnection between the BMC and the CPLD, wherein the BMC and the CPLD are interconnected through an I2C bus; on one hand, the BMC can perform communication interaction with an I2C module inside the CPLD, and on the other hand, the BMC can read and write data in the UFM module inside the CPLD through an I2C bus. An I2C module in the CPLD realizes interactive communication with the BMC, a password checking module realizes checking of an upgrading instruction, the UFM is used for storing a temporary upgrading file, and the controller is used for realizing overall logic control. When the board card normally works, the controller judges whether the CPLD on the board card needs to be upgraded or not, and executes an optimization method for upgrading the CPLD when the CPLD on the board card needs to be upgraded, so that resource waste caused by unnecessary upgrading is avoided, and efficient operation of the CPLD is ensured. An upgrade password verification mechanism is introduced through a password verification module, and when the CPLD is upgraded, the BMC firstly verifies the upgrade password to ensure the validity of an upgrade instruction; when the password verification module determines that the upgrade password is legal, the BMC can read the UFM module through the I2C bus and write the upgrade file into the UFM module, so that the UFM module temporarily stores the upgrade file; performing data verification on the upgrade file temporarily stored on the UFM module, and receiving an upgrade success instruction sent by the BMC through an I2C bus when the data verification is determined to be successful; the accuracy of the upgrading file is guaranteed, the CPLD is optimized and upgraded, confirmation information of whether the CPLD is successfully upgraded is generated according to the upgrading password and the upgrading success instruction, and when the confirmation information indicates that the CPLD is successfully upgraded, the CPLD is upgraded.
The beneficial effects of the above technical scheme are that: the hardware design is consistent with the upgrading design in the prior art, the CPLD upgrading optimization method provided by the invention can be realized by using the traditional hardware design, the hardware design is consistent with the traditional design, the applicability is wide, the new hardware is prevented from being redesigned, and the cost is reduced; an I2C module with logic design is used for replacing an I2C hardmac design in the traditional design, and is used for carrying out data read-write exchange with the BMC, so that the accuracy of data transmission is improved, and the optimization and the upgrade of the CPLD are facilitated. Before upgrading the CPLD, the BMC firstly verifies the upgrade password to ensure the safety of the upgrade instruction; after the upgrade password is legal, the upgrade file is checked, the accuracy of the upgrade file is ensured, the problem that the CPLD is maliciously refreshed by the BMC after the server is maliciously attacked is avoided, the problem that the CPLD works abnormally after the wrong upgrade file is successfully upgraded is avoided, and the reliability and the safety of the CPLD upgrade are improved.
According to some embodiments of the invention, the CPLD upgrade optimization system further comprises: the system comprises a CFM module, a wishbone bus, an SHA256 module and an ECDSA module; wherein the content of the first and second substances,
the wishbone bus is respectively connected with the controller, the CFM module and the UFM module;
the controller is respectively connected with the SHA256 module and the ECDSA module, and is used for:
reading the upgrade file temporarily stored in the UFM module through the wishbone bus;
controlling the SHA256 module to calculate an SHA256 hash value of the upgrade file, and controlling the ECDSA module to use a public key to perform digital signature verification on the upgrade file according to the SHA256 hash value;
and when the verification of the digital signature is determined to be successful, synchronously updating the upgrade file temporarily stored in the UFM module to the CFM module.
The working principle of the technical scheme is as follows: the wishbone bus is used for transmitting data between the UFM and the CFM, the SHA256 module calculates an upgrade file read from the UFM module, and the hash value of the upgrade file (image data) is calculated through the SHA256 module; the ECDSA module is used for carrying out digital signature verification on the upgrade file by using a public key; and the controller synchronously updates the upgrade file temporarily stored in the UFM module to the CFM module when the controller determines that the digital signature verification is successful. The ECDSA module is a digital signature module.
The beneficial effects of the above technical scheme are that: the safe and reliable upgrading of the upgrade files (images) in the CPLD is realized, the system breakdown caused by malicious upgrading is avoided, and the abnormal system operation caused by successful upgrading of wrong upgrade files is effectively avoided.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (6)
1. A CPLD upgrade optimization method comprises a UFM module and a CFM module, and is characterized by comprising the following steps:
when the board card normally works, judging whether the CPLD on the board card needs to be upgraded;
when determining that the CPLD on the board card needs to be upgraded, receiving an upgrade password sent by the BMC through an I2C bus, and judging whether the upgrade password is legal or not;
when the upgrading password is determined to be legal, the UFM module receives an upgrading file sent by the BMC through an I2C bus through an I2C module, and temporarily stores the upgrading file;
performing data verification on the upgrade file temporarily stored on the UFM module, and receiving an upgrade success instruction sent by the BMC through an I2C bus when the data verification is determined to be successful;
generating confirmation information of whether the CPLD is successfully upgraded or not according to the upgrade password and the upgrade success command, and further completing the upgrade of the CPLD when the confirmation information indicates that the CPLD is successfully upgraded;
after the confirmation information is that the CPLD upgrade is successful, the method further includes:
reading an upgrade file temporarily stored in the UFM module through a wishbone bus;
calculating the SHA256 hash value of the upgrade file, and performing digital signature verification on the upgrade file by using a public key according to the SHA256 hash value;
when the digital signature is successfully verified, synchronously updating the upgrade file temporarily stored in the UFM module to the CFM module;
the step of judging whether the upgrade password is legal comprises the following steps:
the BMC establishes a handshake check mechanism with the CPLD, and sends an upgrade password check request to the CPLD;
the CPLD receives an upgrade password verification request sent by the BMC and performs upgrade password verification response;
the BMC sends an upgrading password to the CPLD;
the CPLD receives an upgrade password sent by the BMC, judges whether the upgrade password is consistent with a preset upgrade password or not, and sends upgrade password verification passing information to the BMC when the upgrade password is determined to be consistent with the preset upgrade password;
the BMC receives upgrade password verification passing information sent by the CPLD and sends an upgrade request to the CPLD;
the CPLD receives an upgrading request sent by the BMC and carries out upgrading response, and the upgrading password is determined to be legal;
and the BMC performs upgrading operation.
2. The CPLD upgrade optimization method of claim 1, further comprising: when the upgrading password is determined to be illegal, returning an upgrading password abnormal instruction to the BMC; and the BMC records an upgrade password error log and is used for monitoring the upgrade of the CPLD.
3. The CPLD upgrade optimizing method according to claim 1, wherein when it is determined that the data verification fails, an instruction to erase the upgrade file in the UFM module is issued via a wishbone bus, and the upgrade file temporarily stored in the UFM module is deleted.
4. The CPLD upgrade optimization method according to claim 1, wherein, when it is determined that the digital signature verification fails, an instruction to erase the upgrade file in the UFM module is issued via a wishbone bus, and the upgrade file temporarily stored in the UFM module is deleted.
5. The CPLD upgrade optimization method according to claim 1, wherein said UFM module includes page0-page 639; wherein the content of the first and second substances,
page0/page1, used for storing the upgrade file signature when the digital signature of the upgrade file is verified;
pages 2-639, configured to temporarily store the upgrade file when it is determined that the upgrade password is legal.
6. A CPLD upgrade optimization system, comprising:
the controller is used for judging whether the CPLD on the board card needs to be upgraded or not when the board card normally works;
the password checking module is connected with the controller and used for receiving an upgrading password sent by the BMC through an I2C bus and judging whether the upgrading password is legal or not when the controller determines that the CPLD on the board card needs to be upgraded;
the UFM module is used for receiving an upgrade file sent by the BMC through an I2C bus through an I2C module and temporarily storing the upgrade file when the password verification module determines that the upgrade password is legal;
the controller is further configured to:
performing data verification on the upgrade file temporarily stored on the UFM module, and receiving an upgrade success instruction sent by the BMC through an I2C bus when the data verification is determined to be successful;
generating confirmation information whether the CPLD is successfully upgraded or not according to the upgrade password and the upgrade success instruction, and further finishing upgrading the CPLD when the confirmation information is that the CPLD is successfully upgraded;
further comprising: the system comprises a CFM module, a wishbone bus, an SHA256 module and an ECDSA module; wherein the content of the first and second substances,
the wishbone bus is respectively connected with the controller, the CFM module and the UFM module;
the controller is respectively connected with the SHA256 module and the ECDSA module, and is configured to:
reading the upgrade file temporarily stored in the UFM module through the wishbone bus;
controlling the SHA256 module to calculate an SHA256 hash value of the upgrade file, and controlling the ECDSA module to use a public key to perform digital signature verification on the upgrade file according to the SHA256 hash value;
when the verification of the digital signature is determined to be successful, synchronously updating the upgrade file temporarily stored in the UFM module to the CFM module;
the step of judging whether the upgrade password is legal by the password verification module comprises the following steps:
the BMC establishes a handshake check mechanism with the CPLD, and sends an upgrade password check request to the CPLD;
the CPLD receives an upgrade password verification request sent by the BMC and performs upgrade password verification response;
the BMC sends an upgrading password to the CPLD;
the CPLD receives an upgrade password sent by the BMC, judges whether the upgrade password is consistent with a preset upgrade password or not, and sends upgrade password verification passing information to the BMC when the upgrade password is determined to be consistent with the preset upgrade password;
the BMC receives upgrade password verification passing information sent by the CPLD and sends an upgrade request to the CPLD;
the CPLD receives an upgrading request sent by the BMC and carries out upgrading response, and the upgrading password is determined to be legal;
and the BMC performs upgrading operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011027308.7A CN112181459B (en) | 2020-09-25 | 2020-09-25 | CPLD upgrade optimization method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011027308.7A CN112181459B (en) | 2020-09-25 | 2020-09-25 | CPLD upgrade optimization method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112181459A CN112181459A (en) | 2021-01-05 |
| CN112181459B true CN112181459B (en) | 2022-08-26 |
Family
ID=73943499
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011027308.7A Active CN112181459B (en) | 2020-09-25 | 2020-09-25 | CPLD upgrade optimization method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112181459B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113220321B (en) * | 2021-04-13 | 2023-09-26 | 山东英信计算机技术有限公司 | CPLD high-efficiency upgrading method, system and medium |
| CN113220323A (en) * | 2021-04-23 | 2021-08-06 | 山东英信计算机技术有限公司 | Method, system and medium for improving updating efficiency of CPLD firmware of production line |
| CN115061852B (en) * | 2022-08-15 | 2022-11-18 | 广东科伺智能科技有限公司 | Functional board card, production system of functional board card and use method of servo system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102662701A (en) * | 2012-03-28 | 2012-09-12 | 中兴通讯股份有限公司 | Online CPLD (Complex Programmable Logic Devices) upgrading method, device and business veneer |
| CN105468389A (en) * | 2014-09-04 | 2016-04-06 | 中兴通讯股份有限公司 | CPLD-based remote upgrading control method and apparatus |
| CN111488246A (en) * | 2020-04-17 | 2020-08-04 | 苏州浪潮智能科技有限公司 | CP L D upgrading method and device, electronic equipment and readable storage medium |
-
2020
- 2020-09-25 CN CN202011027308.7A patent/CN112181459B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102662701A (en) * | 2012-03-28 | 2012-09-12 | 中兴通讯股份有限公司 | Online CPLD (Complex Programmable Logic Devices) upgrading method, device and business veneer |
| CN105468389A (en) * | 2014-09-04 | 2016-04-06 | 中兴通讯股份有限公司 | CPLD-based remote upgrading control method and apparatus |
| CN111488246A (en) * | 2020-04-17 | 2020-08-04 | 苏州浪潮智能科技有限公司 | CP L D upgrading method and device, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112181459A (en) | 2021-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112181459B (en) | CPLD upgrade optimization method and system | |
| KR20090024093A (en) | Access control apparatus, access control method and access control program | |
| US9582262B2 (en) | Systems and methods for installing upgraded software on electronic devices | |
| CN111813428A (en) | Method and device for upgrading terminal firmware, electronic equipment and storage medium | |
| CN213276627U (en) | Backup and recovery system for VPD information | |
| US20220171855A1 (en) | Electronic control device and security verification method for electronic control device | |
| CN109766140A (en) | A kind of localization method and device that set-top box starting is abnormal | |
| CN112016092A (en) | TPM (trusted platform Module) -server-based asset information multilayer protection device and method | |
| CN110147354B (en) | Batch data editing method, device, computer equipment and storage medium | |
| CN106935272B (en) | Method and device for opening eMMC back door debugging | |
| CN117391099B (en) | Data downloading and checking method and system for smart card and storage medium | |
| CN112732478B (en) | Modification method, device, equipment and storage medium of server parameters | |
| CN111459496B (en) | Method for generating tamper-proof program file and method for upgrading equipment | |
| CN105869309A (en) | Drive module memory data monitoring method and device | |
| CN111045710B (en) | Method, equipment and medium for upgrading SAS-Expander firmware based on IPMI command | |
| CN110134423B (en) | Firmware updating method and device and computer readable storage medium | |
| CN112558884A (en) | Data protection method and NVMe-based storage device | |
| CN112181444A (en) | DSP multi-core data programming method based on 1553B bus | |
| CN115827069A (en) | Starting control method, system and device for server mainboard | |
| CN115904831A (en) | Starting method of server firmware and terminal | |
| CN114579971A (en) | Starting method of safety control module and related device | |
| CN112860283B (en) | SP upgrade package self-identification upgrade method and device and computer equipment | |
| CN112069009A (en) | Method and device for pressure test in Recovery mode and terminal equipment | |
| CN112269583B (en) | Method for processing equipment operation abnormal file upgrade, server and storage medium | |
| WO2022255005A1 (en) | Monitoring system, monitoring method, monitoring device, and function restricting device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |