CN112256300A - Server in-band management method and device, electronic equipment and readable storage medium - Google Patents
Server in-band management method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN112256300A CN112256300A CN202011120415.4A CN202011120415A CN112256300A CN 112256300 A CN112256300 A CN 112256300A CN 202011120415 A CN202011120415 A CN 202011120415A CN 112256300 A CN112256300 A CN 112256300A
- Authority
- CN
- China
- Prior art keywords
- ipmi
- instruction
- bmc
- server
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 83
- 230000006870 function Effects 0.000 claims description 71
- 238000000034 method Methods 0.000 claims description 45
- 238000004891 communication Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 4
- 238000012423 maintenance Methods 0.000 abstract description 23
- 230000009471 action Effects 0.000 abstract description 18
- 238000013461 design Methods 0.000 description 14
- 230000002093 peripheral effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
Abstract
The application provides a server in-band management method, a device, an electronic device and a readable storage medium, comprising: receiving a first set Intelligent Platform Management Interface (IPMI) instruction sent by an external device, wherein the first set IPMI instruction comprises information representing starting of in-band security management and control; ignoring any command received from the keyboard controller interface KCS interface according to the first set IPMI command. The server can receive the IPMI command sent by the external equipment and judge whether the IPMI command represents the start of in-band security management and control. If so, the server may ignore any instructions received from the KCS interface. When the ordinary user performs the in-band management action of the server, the IPMI command is sent and is received and executed by the BMC through the KCS interface; therefore, any instruction received from the KCS interface is ignored, the in-band management action of the ordinary user on the server can be avoided, and the risk that the server is operated by non-operation and maintenance personnel is reduced.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a server in-band management method and apparatus, an electronic device, and a readable storage medium.
Background
The server in-band management refers to management and maintenance of the server in an operating system of the server without verification measures such as a user name and a password. A common user may perform in-band Management on a server in a manner of sending multiple Intelligent Platform Management Interface (IPMI) instructions, where the multiple IPMI instructions are transmitted through a Low pin count Bus (LPC Bus) and sent to a base Board Management Controller (BMC) through a Keyboard Controller Interface (KCS). Various types of IPMI commands may correspond to, for example: and performing in-band management operations such as powering on and powering off the server, setting a power-on strategy of the server, and creating a user with an administrator right item.
When the user sends the IPMI command, the identity of the user does not need to be verified, and any IPMI command sent by the user and passing through the KCS interface can be received and executed by the BMC, however, the in-band management mode brings potential safety hazards to the management and maintenance of the server. Particularly, today, cloud computing is widely applied, each high-performance server virtualizes a plurality of hosts to be used by different users, and the risk that the servers are operated by non-operation and maintenance personnel is greatly increased.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for in-band management of a server, an electronic device, and a readable storage medium, so as to reduce a risk that the server is operated by a non-operation and maintenance worker.
In a first aspect, an embodiment of the present application provides a server in-band management method, which is applied to a baseboard management controller BMC, and the method includes: receiving a first IPMI setting instruction sent by an external device, wherein the first IPMI setting instruction comprises information for representing the starting of in-band security control; ignoring any command received from the keyboard controller interface KCS interface according to the first set IPMI command.
In the above embodiment, the server may receive an IPMI command sent by the external device, and determine whether the IPMI command indicates that in-band security management is enabled. If so, the server may ignore any instructions received from the KCS interface. When the ordinary user performs the in-band management action of the server, the IPMI command is sent and is received and executed by the BMC through the KCS interface; therefore, any instruction received from the KCS interface is ignored, the in-band management action of the ordinary user on the server can be avoided, and the risk that the server is operated by non-operation and maintenance personnel is reduced.
In one possible design, after receiving the first setting IPMI command sent by the external device, the method further includes: and controlling the BMC to close the upgrading function of the firmware of the BMC according to the first set IPMI instruction.
In the above embodiment, after determining that the IPMI instruction carrying the information indicating that the in-band security management and control is enabled is sent by the external device, in addition to ignoring any instruction received from the KCS interface, the action of closing the upgrade function of the firmware of the BMC may be performed. If the firmware of the BMC is upgraded by a non-operation and maintenance person through the PCIE bus and is upgraded to a software version which does not support the in-band security control, the KCS interface can receive an IPMI instruction, and the risk that the server is operated by the non-operation and maintenance person is increased. Therefore, the control of the BMC to close the upgrading function of the BMC firmware can further reduce the risk that the server is operated by non-operation and maintenance personnel.
In one possible design, after ignoring any commands received from the keyboard controller interface KCS interface according to the first set IPMI command, the method further includes: receiving a second IPMI setting instruction sent by an external device, wherein the second IPMI setting instruction comprises information for representing to stop in-band security control; and according to the second set IPMI command, stopping ignoring the command received from the KCS interface.
In the above-described embodiment, after receiving the second set IPMI instruction transmitted by the external apparatus, the act of ignoring the instruction received from the KCS interface may also be stopped. The server can switch between ignoring the instruction received from the KCS interface or stopping ignoring the instruction received from the KCS interface according to the first set IPMI instruction and the second set IPMI instruction, receive the first set IPMI instruction when the instruction received from the KCS interface needs to be ignored, and ignore the first set IPMI instruction according to the first set IPMI instruction; and when the instruction received from the KCS interface needs to be stopped from being ignored, receiving a second set IPMI instruction, and stopping the omission of the IPMI instruction received by the KCS interface according to the second set IPMI instruction. By the method, the in-band management of the server can be more flexible.
In one possible design, the controlling the BMC to turn off the upgrade function of the firmware of the BMC includes: and rewriting a preset value of a target register in the BMC from a first value to a second value so that the BMC prohibits the software tool from upgrading the firmware of the BMC through the PCIE bus.
In the above embodiment, the prohibition of upgrading the BMC firmware may be realized by rewriting a preset value of a certain register in the BMC from a first value to a second value; the upgrade of the BMC firmware may also be prohibited in other manners, for example, the IPMI instruction may directly include information indicating that the upgrade of the BMC firmware is prohibited, and the specific manner of prohibiting the upgrade of the BMC firmware should not be construed as limiting the present application.
In one possible design, after the controlling the BMC to turn off the upgrade function of the firmware of the BMC according to the first IPMI command, the method further includes: receiving a second IPMI setting instruction sent by an external device, wherein the second IPMI setting instruction comprises information for representing to stop in-band security control; and according to the second set IPMI instruction, stopping ignoring any instruction received from the KCS interface, and controlling the BMC to start the upgrading function of the firmware of the BMC.
In the foregoing embodiment, the server may further receive a second setting IPMI instruction carrying information indicating that the in-band security management and control is to be stopped, which is sent by the external device, and after receiving the second setting IPMI instruction, stop ignoring any instruction received from the KCS interface, and control the BMC to start the upgrade function of the originally closed BMC firmware. The server can switch the opening state or the closing state of the BMC firmware upgrading function according to the first set IPMI instruction and the second set IPMI instruction, and the BMC firmware upgrading function is closed when the BMC firmware upgrading function is required to be closed; and when the BMC firmware upgrading function is required to be started, starting the BMC firmware upgrading function. By the method, the in-band management of the server can be more flexible.
In one possible design, the controlling the BMC to start an upgrade function of firmware of the BMC includes: and changing the preset value of the target register from the second value to the first value so that the BMC starts the function of upgrading the firmware of the BMC by the software tool through the PCIE bus.
In the above embodiment, when the upgrade function of the BMC firmware is turned off, the upgrade function is implemented by changing the preset value from the first value to the second value; therefore, when the upgrading function of the BMC firmware is started, the upgrading method can be realized by changing the preset value from the second value to the first value. It should be understood that the function of upgrading the BMC firmware may be started in other manners, for example, the second IPMI setting instruction may directly include information indicating that upgrading of the BMC firmware is allowed, and the specific manner of allowing upgrading of the BMC firmware should not be construed as limiting the application.
In one possible design, after the receiving of the first setting IPMI command sent by the external device, before the ignoring any command received from the keyboard controller interface KCS interface according to the first setting IPMI command, the method further includes: and checking the validity of the first set IPMI instruction.
To further improve the security of the in-band management of the server, the first IPMI command may be checked to determine that the first IPMI command is from an operation and maintenance person, not a general user.
In one possible design, the receiving a first set intelligent platform management interface IPMI command sent by an external device includes: and receiving a communication message comprising the first IPMI setting instruction through a network interface.
In the above embodiment, the IPMI command controlling the in-band management of the server should be prevented from entering from the KCS interface, otherwise, after ignoring the IPMI command received from the KCS interface, the IPMI command itself carrying the token indicating that the omission of the IPMI command received from the KCS interface is stopped will be ignored. The IPMI commands received by the server to control in-band management of the server may come from communication packets transmitted over the network interface. Alternatively, the first IPMI command may come from the I2C bus. It should be understood that in the case that the IPMI command satisfying the control role for server in-band management is not passed from the KCS interface, the channel through which the IPMI command is sent to the server should not be construed as a limitation of the present application.
In a second aspect, an embodiment of the present application provides a server in-band management device, which is applied to BMC, and the device includes: the first instruction receiving module is used for receiving a first setting IPMI instruction sent by external equipment, wherein the first setting IPMI instruction comprises information for representing the starting of in-band security management and control; and the instruction ignoring module is used for ignoring any instruction received from a keyboard controller type interface KCS interface according to the first set IPMI instruction.
In the above embodiment, the server may receive an IPMI command sent by the external device, and determine whether the IPMI command indicates that in-band security management is enabled. If so, the server may ignore any instructions received from the KCS interface. When the ordinary user performs the in-band management action of the server, the IPMI command is sent and is received and executed by the BMC through the KCS interface; therefore, any instruction received from the KCS interface is ignored, the in-band management action of the ordinary user on the server can be avoided, and the risk that the server is operated by non-operation and maintenance personnel is reduced.
In one possible design, the apparatus further includes: and the upgrading function closing module is used for controlling the BMC to close the upgrading function of the firmware of the BMC according to the first set IPMI instruction.
In the above embodiment, after determining that the IPMI instruction carrying the information indicating that the in-band security management and control is enabled is sent by the external device, in addition to ignoring any instruction received from the KCS interface, the action of closing the upgrade function of the firmware of the BMC may be performed. If the firmware of the BMC is upgraded by a non-operation and maintenance person through the PCIE bus and is upgraded to a software version which does not support the in-band security control, the KCS interface can receive an IPMI instruction, and the risk that the server is operated by the non-operation and maintenance person is increased. Therefore, the control of the BMC to close the upgrading function of the BMC firmware can further reduce the risk that the server is operated by non-operation and maintenance personnel.
In one possible design, the apparatus further includes: the second instruction receiving module is used for receiving a second setting IPMI instruction sent by the external equipment, wherein the second setting IPMI instruction comprises information for representing that in-band safety control is stopped; a stop ignoring module for stopping ignoring any instruction received from the KCS interface according to the second set IPMI instruction.
In the above-described embodiment, after receiving the second set IPMI instruction transmitted by the external apparatus, the act of ignoring the instruction received from the KCS interface may also be stopped. The server can switch between ignoring the instruction received from the KCS interface or stopping ignoring the instruction received from the KCS interface according to the first set IPMI instruction and the second set IPMI instruction, receive the first set IPMI instruction when the instruction received from the KCS interface needs to be ignored, and ignore the first set IPMI instruction according to the first set IPMI instruction; and when the instruction received from the KCS interface needs to be stopped from being ignored, receiving a second set IPMI instruction, and stopping the omission of the IPMI instruction received by the KCS interface according to the second set IPMI instruction. By the method, the in-band management of the server can be more flexible.
In one possible design, the upgrade function shutdown module is specifically configured to rewrite a preset value of a target register in the BMC from a first value to a second value, so that the BMC disables a function of the software tool upgrading the firmware of the BMC through the PCIE bus.
In the above embodiment, the prohibition of upgrading the BMC firmware may be realized by rewriting a preset value of a certain register in the BMC from a first value to a second value; the upgrade of the BMC firmware may also be prohibited in other manners, for example, the IPMI instruction may directly include information indicating that the upgrade of the BMC firmware is prohibited, and the specific manner of prohibiting the upgrade of the BMC firmware should not be construed as limiting the present application.
In one possible design, the apparatus further includes: the system comprises a security control stopping module, a security control stopping module and a security control module, wherein the security control stopping module is used for receiving a second set IPMI instruction sent by external equipment, and the second set IPMI instruction comprises information for representing that in-band security control is stopped; and the upgrading function starting module is used for stopping ignoring any instruction received from the KCS interface according to the second set IPMI instruction and controlling the BMC to start the upgrading function of the firmware of the BMC.
In the foregoing embodiment, the server may further receive a second setting IPMI instruction carrying information indicating that the in-band security management and control is to be stopped, which is sent by the external device, and after receiving the second setting IPMI instruction, stop ignoring any instruction received from the KCS interface, and control the BMC to start the upgrade function of the originally closed BMC firmware. The server can switch the opening state or the closing state of the BMC firmware upgrading function according to the first set IPMI instruction and the second set IPMI instruction, and the BMC firmware upgrading function is closed when the BMC firmware upgrading function is required to be closed; and when the BMC firmware upgrading function is required to be started, starting the BMC firmware upgrading function. By the method, the in-band management of the server can be more flexible.
In one possible design, the upgrade function starting module is specifically configured to change the preset value of the target register from the second value to the first value, so that the BMC starts a function of the software tool upgrading the firmware of the BMC through the PCIE bus.
In the above embodiment, when the upgrade function of the BMC firmware is turned off, the upgrade function is implemented by changing the preset value from the first value to the second value; therefore, when the upgrading function of the BMC firmware is started, the upgrading method can be realized by changing the preset value from the second value to the first value. It should be understood that the function of upgrading the BMC firmware may be started in other manners, for example, the second IPMI setting instruction may directly include information indicating that upgrading of the BMC firmware is allowed, and the specific manner of allowing upgrading of the BMC firmware should not be construed as limiting the application.
In one possible design, the apparatus further includes a command checking module, configured to check validity of the first IPMI command.
In a possible design, the first instruction receiving module is specifically configured to receive, through a network interface, a communication packet including the first IPMI instruction.
In the above embodiment, the IPMI command controlling the in-band management of the server should be prevented from entering from the KCS interface, otherwise, after ignoring the IPMI command received from the KCS interface, the IPMI command itself carrying the token indicating that the omission of the IPMI command received from the KCS interface is stopped will be ignored. The IPMI commands received by the server to control in-band management of the server may come from communication packets transmitted over the network interface. Alternatively, the first IPMI command may come from the I2C bus. It should be understood that in the case that the IPMI command satisfying the control role for server in-band management is not passed from the KCS interface, the channel through which the IPMI command is sent to the server should not be construed as a limitation of the present application.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory storing machine-readable instructions executable by the processor, the machine-readable instructions being executable by the processor to perform the steps of the method described above when the electronic device is run.
In a fourth aspect, the present application provides a readable storage medium having stored thereon an executable program which, when executed by a processor, performs the method of the first aspect or any of the optional implementations of the first aspect.
In a fifth aspect, the present application provides an executable program product which, when run on a computer, causes the computer to perform the method of the first aspect or any possible implementation manner of the first aspect.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a flowchart illustrating a method for in-band server management according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating a part of steps of a server in-band management method according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating a part of steps of a server in-band management method according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating a method for in-band server management according to another embodiment of the present application;
fig. 5 shows a schematic structural block diagram of a server in-band management apparatus provided in an embodiment of the present application;
fig. 6 shows a possible structure of an electronic device provided in an embodiment of the present application.
Detailed Description
In a comparison embodiment, a common user may perform in-band management on the server by sending a plurality of IPMI commands to the server, wherein the plurality of IPMI commands are transmitted through the LPC bus and sent to the BMC through the KCS interface. The in-band management of the server comprises: and performing operations of turning on and off the server, setting a power-on strategy of the server, creating a user with an administrator right item and the like. Different operations correspond to different IPMI instructions respectively.
When a common user sends the above multiple IPMI commands to implement in-band management on the server, the identity of the user does not need to be verified, and any IPMI command transmitted through the KCS interface is received and executed by the BMC.
According to the embodiment of the application, the IPMI instruction carrying the representation starting in-band safety management and control information can be sent to the server through the external equipment by the operation and maintenance personnel, so that the BMC of the server can ignore any instruction received from the KCS interface, the in-band management action of a common user on the server is avoided, and the risk that the server is operated by non-operation and maintenance personnel is reduced.
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Referring to fig. 1, fig. 1 illustrates a server in-band management method provided by an embodiment of the present application, where the method may be performed by an electronic device, and the electronic device may be a server. The method specifically comprises the following steps S110 to S120:
step S110, receiving a first setting intelligent platform management interface IPMI command sent by an external device, where the first setting IPMI command includes information indicating that in-band security management and control are enabled.
Receiving the IPMI command transmitted by the external device may specifically include: receiving an IPMI command through a two-wire serial (I2C) bus; or receive a communication packet including an IPMI instruction through a network interface, where the communication packet may specifically be a network communication packet based on a User Datagram Protocol (UDP).
It should be understood that in the case that the IPMI command satisfying the control role for server in-band management is not passed from the KCS interface, the channel through which the IPMI command is sent to the server should not be construed as a limitation of the present application.
The IPMI command which plays a control role in the in-band management of the server is prevented from being introduced from the KCS interface, otherwise, the IPMI command which is received from the KCS interface and is carried with the representation to stop ignoring is ignored. It should be understood that in the case that the IPMI command satisfying the control role for server in-band management is not passed from the KCS interface, the channel through which the IPMI command is sent to the server should not be construed as a limitation of the present application.
The first setting IPMI command can be customized by the server operator or the operation and maintenance staff, and is not known by the ordinary user. The first IPMI command is sent to the server for starting the in-band security management and control action of the server.
Optionally, in a specific embodiment, after step S110, the following steps may be further included: the validity of the first IPMI command is checked, and the steps can be realized by the following steps:
the identity information corresponding to the first IPMI setting instruction is stored in the server in advance. After receiving an IPMI instruction sent by external equipment, the server can acquire the identification information of the IPMI instruction, and compare the identification information of the currently received IPMI instruction with the identification information of a first set IPMI instruction stored in the server in advance, and if the identification information of the currently received IPMI instruction is consistent with the identification information of the first set IPMI instruction, the source of the currently received first set IPMI instruction can be determined to be legal. The identification information may be a user name and password information.
In another specific embodiment, the validity of the first IPMI setting instruction may be verified by:
the mac addresses of the terminal devices respectively held by each operation and maintenance person are pre-stored in the server. After receiving a communication message carrying a first set IPMI instruction sent by an external device, a server can obtain a source mac address corresponding to the communication message, compare the source mac address with a plurality of mac addresses stored in the server in advance one by one, and judge whether the source mac address is consistent with one of the plurality of mac addresses, if so, it can be determined that the first set IPMI instruction is from an operation and maintenance worker, and the source is legal.
Step S120, according to the first setting IPMI command, ignoring any command received from the keyboard controller type interface KCS interface.
The server can receive the IPMI instruction sent by the external equipment and judge whether the IPMI instruction carries information representing starting of in-band security control. If carried, the server may ignore any instructions received from the KCS interface.
In one embodiment, ignoring any instructions received from the keyboard controller style interface KCS interface may be done by:
analyzing the received IPMI instruction data packet through an IPMI processing module in the BMC to obtain an interface type field corresponding to an interface from which the IPMI instruction data packet comes, judging whether the interface from which the IPMI instruction data packet comes is a KCS interface or not according to the interface type field, and if so, discarding the IPMI instruction data packet.
Because the ordinary user performs the in-band management action of the server by sending the IPMI command, the IPMI command sent by the ordinary user performing the in-band management action is received and executed by the BMC through the KCS interface. Therefore, any instruction received from the KCS interface is ignored, the in-band management action of the ordinary user on the server can be avoided, and the risk that the server is operated by non-operation and maintenance personnel is reduced.
Referring to fig. 2, in an embodiment, after step S120, the method may further include steps S130 to S140 as follows:
step S130, receiving a second IPMI setting command sent by the external device, where the second IPMI setting command includes information indicating that in-band security control is to be stopped.
The second IPMI command may be an IPMI command corresponding to the first IPMI command, and the first and second IPMI commands may be of the same type but different parameters.
Optionally, in an embodiment, the checking the validity of the second IPMI command may be performed by:
and the identity identification information corresponding to the second IPMI instruction is stored in the server in advance. After receiving an IPMI instruction sent by the external equipment, the server can acquire the identification information of the IPMI instruction, and compare the identification information of the currently received IPMI instruction with the identification information of a second set IPMI instruction stored in the server in advance, and if the identification information of the currently received IPMI instruction is consistent with the identification information of the second set IPMI instruction, the source of the currently received second set IPMI instruction can be determined to be legal.
In another specific embodiment, the validity of the second IPMI setting instruction is checked, and the checking may be further implemented by:
the mac addresses of the terminal devices respectively held by each operation and maintenance person are pre-stored in the server. After receiving a communication message carrying a second set IPMI instruction sent by an external device, the server may obtain a source mac address corresponding to the communication message, compare the source mac address with a plurality of mac addresses pre-stored in the server one by one, and determine whether the source mac address is consistent with one of the plurality of mac addresses, if so, further determine whether a first set IPMI instruction from the same mac address exists, and if so, determine that the source of the second set IPMI instruction is legal.
Step S140, according to the second set IPMI command, stopping ignoring the command received from the KCS interface.
The act of ignoring the instruction received from the KCS interface may also be stopped after receiving a second set IPMI instruction transmitted by the external device. The server may switch between ignoring the instruction received from the KCS interface or stop ignoring the instruction received from the KCS interface according to the first set IPMI instruction and the second set IPMI instruction. By the method, the in-band management of the server can be more flexible.
In a specific embodiment, after step S110, the method may further include: and controlling the BMC to close the upgrading function of the firmware of the BMC according to the first set IPMI instruction.
Under the condition that the upgrading function of the BMC firmware is not closed, if non-operation and maintenance personnel upgrade the BMC firmware and upgrade the BMC firmware to a software version which does not support the in-band safety control, the KCS interface can receive the IPMI instruction again. Therefore, the control of the BMC to close the upgrading function of the BMC firmware can further reduce the risk that the server is operated by non-operation and maintenance personnel.
Optionally, the updating function of the BMC firmware may specifically be only closed in an updating manner without a verification process, for example, a manner of updating the BMC firmware by a PCIE manner. For the BMC firmware upgrading mode with the verification process, for example, the BMC firmware upgrading mode through the network may not be turned off.
Optionally, controlling the BMC to close the upgrade function of the firmware of the BMC may specifically be implemented in the following manner:
and rewriting a preset value of a target register in the BMC from a first value to a second value so that the BMC prohibits the function of upgrading the firmware of the BMC by a software tool through a PCIE bus.
The target register may be an SCU _ MISC _ CONTROL register of the asserted 2500 chip, the preset value may be four bits of 25, 24, 23, and 22 bits of the SCU _ MISC _ CONTROL register, and the software tool may be soclash. Specifically, four bits of 25, 24, 23 and 22 of the SCU _ MISC _ CONTROL register of the ASPEED 2500 chip can be changed from 0 to 1.
Optionally, in another specific embodiment, controlling the BMC to close the upgrade function of the firmware of the BMC may specifically be implemented in the following manner:
the first IPMI instruction can directly carry information for representing prohibition of upgrading the BMC firmware, and the server analyzes the first IPMI instruction after receiving the first IPMI instruction to obtain the information for representing prohibition of upgrading the BMC firmware and execute operation for prohibiting upgrading the BMC firmware.
In the following steps: after controlling the BMC to close the upgrade function of the firmware of the BMC according to the first IPMI command, the method may further include steps S210 to S220:
step S210, receiving a second IPMI setting command sent by the external device, where the second IPMI setting command includes information indicating that in-band security control is to be stopped.
Step S220, according to the second setting IPMI instruction, stopping ignoring any instruction received from the KCS interface, and controlling the BMC to start the upgrading function of the firmware of the BMC.
The server can also receive a second setting IPMI instruction which is sent by the external equipment and carries the information for representing the stop of the in-band safety control, and after the second setting IPMI instruction is received, the server stops ignoring any instruction received from the KCS interface, and controls the BMC to start the upgrading function of the originally closed BMC firmware. The server can switch the on state or the off state of the BMC firmware upgrading function according to the first set IPMI instruction and the second set IPMI instruction. By the method, the in-band management of the server can be more flexible.
Optionally, step S220 specifically includes the following steps: and changing the preset value of the target register from the second value to the first value so that the BMC starts the function of upgrading the firmware of the BMC by the software tool through the PCIE bus.
Specifically, the four bits 25, 24, 23, and 22 of the SCU _ MISC _ CONTROL register of the ASPEED 2500 chip may be changed from 1 to 0.
Optionally, in another specific embodiment, controlling the BMC to start an upgrade function of the firmware of the BMC may be specifically implemented in the following manner:
the IPMI instruction can directly carry information representing that upgrading of the BMC firmware is allowed, and the server analyzes the IPMI instruction after receiving the IPMI instruction, obtains the information representing that upgrading of the BMC firmware is allowed, and executes operation allowing upgrading of the BMC firmware.
Optionally, referring to fig. 5, in a specific embodiment, the method for in-band management of a server provided in the embodiment of the present application may specifically include the following steps S310 to S340:
step S310, receiving a first IPMI setting command sent by an external device, wherein the first IPMI setting command comprises information for representing the start of in-band security control.
Step S320, according to the first setting IPMI instruction, ignoring any instruction received from the keyboard controller type interface KCS interface, and controlling the BMC to close the upgrade function of the firmware of the BMC.
Alternatively, after determining that the received IPMI command is the first set IPMI command, the following two actions may be performed simultaneously: ignoring any instruction received from a keyboard controller-mode interface (KCS) interface according to the first set IPMI instruction; and controlling the BMC to close the upgrading function of the firmware of the BMC.
The instruction received from the KCS interface is ignored, the upgrading function of the firmware of the BMC is closed, illegal users are prevented from bypassing the instruction which is received from the KCS interface through upgrading the firmware of the BMC, and in-band management can be achieved more comprehensively and perfectly.
Step S330, receiving a second IPMI setting command sent by the external device, wherein the second IPMI setting command includes information for indicating to stop in-band security control.
Step S340, according to the second setting IPMI command, stopping ignoring any command received from the KCS interface, and controlling the BMC to start the upgrade function of the firmware of the BMC.
Upon determining that the received IPMI command is a second set IPMI command, the following two actions may be performed simultaneously: ceasing to ignore any instructions received from the KCS interface; and controlling the BMC to start the upgrading function of the firmware of the BMC. The method not only stops ignoring the instruction received from the KCS interface, but also starts the upgrading function of the firmware of the BMC, and can comprehensively recover the original function of the server.
Referring to fig. 5, fig. 5 illustrates a server in-band management apparatus provided in an embodiment of the present application, where the apparatus 400 includes:
the first instruction receiving module 410 is configured to receive a first configured intelligent platform management interface IPMI instruction sent by an external device, where the first configured IPMI instruction includes information indicating that in-band security management and control is enabled.
And the instruction ignoring module 420 is used for ignoring any instruction received from a keyboard controller type interface KCS interface according to the first set IPMI instruction.
The first instruction receiving module 410 is specifically configured to receive, through a network interface, a communication packet including the first IPMI setting instruction.
The device further comprises:
and the instruction checking module is used for checking the legality of the first set IPMI instruction.
And the upgrading function closing module is used for controlling the BMC to close the upgrading function of the firmware of the BMC according to the first set IPMI instruction. And the upgrade function closing module is specifically configured to rewrite a preset numerical value of a target register in the BMC from a first value to a second value, so that the BMC prohibits the function of upgrading the firmware of the BMC through the PCIE bus by the software tool.
And the security control stopping module is used for receiving a second setting IPMI instruction sent by the external equipment, wherein the second setting IPMI instruction comprises information for representing that the in-band security control is stopped.
And the upgrading function starting module is used for controlling the BMC to start the upgrading function of the firmware of the BMC according to the second set IPMI instruction.
And the upgrade function starting module is specifically configured to change the preset value of the target register from the second value back to the first value, so that the BMC starts a function of upgrading the firmware of the BMC by the software tool through the PCIE bus.
The second instruction receiving module is used for receiving a second setting IPMI instruction sent by the external equipment, wherein the second setting IPMI instruction comprises information for representing that the in-band security control is stopped.
A stop ignoring module for stopping ignoring any instruction received from the KCS interface according to the second set IPMI instruction.
The server in-band management apparatus provided in the embodiment of the present application is the same as the server in-band management method provided above, and details are not repeated here.
Fig. 6 shows a block schematic of an electronic device. The electronic device 500 may include a memory 510, a memory controller 520, a processor 530, a peripheral interface 540, an input-output unit 550. It will be understood by those of ordinary skill in the art that the structure shown in fig. 6 is merely exemplary and is not intended to limit the structure of the electronic device 500. For example, electronic device 500 may also include more or fewer components than shown in FIG. 6, or have a different configuration than shown in FIG. 6.
The above-mentioned elements of the memory 510, the memory controller 520, the processor 530, the peripheral interface 540 and the input/output unit 550 are electrically connected to each other directly or indirectly to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The processor 530 described above is used to execute executable modules stored in memory.
The Memory 510 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 510 is used for storing a program, and the processor 530 executes the program after receiving an execution instruction, and the method performed by the electronic device 500 defined by the process disclosed in any embodiment of the present application may be applied to the processor 530, or implemented by the processor 530.
The processor 530 may be an integrated circuit chip having signal processing capabilities. The Processor 530 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The peripheral interface 540 couples various input/output devices to the processor 530 and the memory 510. In some embodiments, peripheral interface 540, processor 530, and memory controller 520 may be implemented in a single chip. In other examples, they may be implemented separately from the individual chips.
The input/output unit 550 is used for providing input data to a user. The input/output unit 550 may be, but is not limited to, a mouse, a keyboard, and the like.
The embodiment of the present application further provides a computer-readable storage medium, where computer program instructions are stored on the computer-readable storage medium, and when the computer program instructions are read and executed by a processor of a computer, the server in-band management method provided in the embodiment of the present application is executed. The computer-readable storage medium may be embodied as, for example, memory 510 in electronic device 500 in fig. 6.
The computer program product of the in-band server management method provided in the embodiment of the present application includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute steps of the in-band server management method in the foregoing method embodiment, which may be referred to specifically in the foregoing method embodiment, and are not described herein again.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A server in-band management method is applied to a Baseboard Management Controller (BMC), and comprises the following steps:
receiving a first set Intelligent Platform Management Interface (IPMI) instruction sent by external equipment, wherein the first set IPMI instruction comprises information representing starting of in-band security management and control;
ignoring any command received from the keyboard controller interface KCS interface according to the first set IPMI command.
2. The method of claim 1, wherein after said receiving a first set IPMI command sent by an external device, the method further comprises:
and controlling the BMC to close the upgrading function of the firmware of the BMC according to the first set IPMI instruction.
3. The method of claim 1, wherein after said ignoring any instructions received from a keyboard controller style interface (KCS) interface according to said first set IPMI instruction, the method further comprises:
receiving a second IPMI setting instruction sent by an external device, wherein the second IPMI setting instruction comprises information for representing to stop in-band security control;
and according to the second set IPMI command, stopping ignoring any command received from the KCS interface.
4. The method of claim 2, wherein after controlling the BMC to shut down an upgrade function of firmware of the BMC according to the first set IPMI command, the method further comprises:
receiving a second IPMI setting instruction sent by an external device, wherein the second IPMI setting instruction comprises information for representing to stop in-band security control;
and according to the second set IPMI instruction, stopping ignoring any instruction received from the KCS interface, and controlling the BMC to start the upgrading function of the firmware of the BMC.
5. The method according to claim 1, wherein after said receiving a first set IPMI command sent by an external device, before said ignoring any command received from a keyboard controller style interface KCS interface according to said first set IPMI command, said method further comprises:
and checking the validity of the first set IPMI instruction.
6. The method according to claim 1, wherein receiving a first configure Intelligent Platform Management Interface (IPMI) command sent by an external device comprises:
and receiving a communication message comprising the first IPMI setting instruction through a network interface.
7. An in-band management device for a server, applied to BMC, the device comprising:
the first instruction receiving module is used for receiving a first setting IPMI instruction sent by external equipment, wherein the first setting IPMI instruction comprises information for representing the starting of in-band security management and control;
and the instruction ignoring module is used for ignoring any instruction received from a keyboard controller type interface KCS interface according to the first set IPMI instruction.
8. The apparatus of claim 7, further comprising:
and the upgrading function closing module is used for controlling the BMC to close the upgrading function of the firmware of the BMC according to the first set IPMI instruction.
9. An electronic device, comprising: a processor, a memory storing machine-readable instructions executable by the processor, the machine-readable instructions when executed by the processor performing the steps of the method of any of claims 1 to 6 when the electronic device is run.
10. A readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011120415.4A CN112256300B (en) | 2020-10-19 | 2020-10-19 | Method and device for managing server in band, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011120415.4A CN112256300B (en) | 2020-10-19 | 2020-10-19 | Method and device for managing server in band, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112256300A true CN112256300A (en) | 2021-01-22 |
| CN112256300B CN112256300B (en) | 2024-09-17 |
Family
ID=74244992
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011120415.4A Active CN112256300B (en) | 2020-10-19 | 2020-10-19 | Method and device for managing server in band, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112256300B (en) |
Citations (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1707434A (en) * | 2004-06-09 | 2005-12-14 | 威芯科技股份有限公司 | Intelligent platform management interface system and executing method thereof |
| US20070005828A1 (en) * | 2005-06-30 | 2007-01-04 | Nimrod Diamant | Interrupts support for the KCS manageability interface |
| CN1964282A (en) * | 2005-10-18 | 2007-05-16 | 宏正自动科技股份有限公司 | System and method for remote management |
| CN101030867A (en) * | 2006-02-28 | 2007-09-05 | 联想(北京)有限公司 | System and method for refreshing and upgrading BIOS |
| US20080134168A1 (en) * | 2006-11-02 | 2008-06-05 | Tokyo Electron Limited | Server apparatus, manufacturing apparatus, group management system, information processing method, and storage medium |
| CN102681959A (en) * | 2012-04-28 | 2012-09-19 | 浪潮电子信息产业股份有限公司 | Method for interacting inner-band information and out-of-band information of server |
| CN102904754A (en) * | 2012-09-28 | 2013-01-30 | 浪潮(北京)电子信息产业有限公司 | Method and system for managing server |
| US20140032641A1 (en) * | 2012-07-27 | 2014-01-30 | Vmware, Inc. | Virtual intelligent platform management interface for hardware components |
| US20140109076A1 (en) * | 2012-10-16 | 2014-04-17 | Pieter-Jan Boone | Secure, non-disruptive firmware updating |
| US20140195711A1 (en) * | 2013-01-04 | 2014-07-10 | American Megatrends, Inc. | Pci express channel implementation in intelligent platform management interface stack |
| CN104202195A (en) * | 2014-09-10 | 2014-12-10 | 华为技术有限公司 | Server unified communication method, baseboard management controller (BMC) and server |
| CN105978724A (en) * | 2016-05-12 | 2016-09-28 | 浪潮集团有限公司 | Server management system based on IPMI |
| US20170041200A1 (en) * | 2015-08-05 | 2017-02-09 | American Megatrends, Inc. | Baseboard management controller (bmc) to host communication through device independent universal serial bus (usb) interface |
| US20170102952A1 (en) * | 2015-10-07 | 2017-04-13 | Dell Products, L.P. | Accessing data stored in a remote target using a baseboard management controler (bmc) independently of the status of the remote target's operating system (os) |
| CN109358888A (en) * | 2018-12-18 | 2019-02-19 | 郑州云海信息技术有限公司 | Server firmware upgrade method, device, system and computer readable storage medium |
| CN110069280A (en) * | 2018-01-23 | 2019-07-30 | 纬创资通股份有限公司 | Electronic device and its firmware update |
| CN110399150A (en) * | 2019-06-27 | 2019-11-01 | 苏州浪潮智能科技有限公司 | A kind of bios upgrade method, system, device and computer storage medium |
| CN110413435A (en) * | 2019-07-12 | 2019-11-05 | 苏州浪潮智能科技有限公司 | A kind of communication failure restoration methods, system and associated component |
| CN110532005A (en) * | 2019-08-09 | 2019-12-03 | 苏州浪潮智能科技有限公司 | Baseboard management controller and its construction method |
| CN110633110A (en) * | 2019-08-30 | 2019-12-31 | 苏州浪潮智能科技有限公司 | Server starting method, equipment and storage medium |
| CN110719583A (en) * | 2018-07-12 | 2020-01-21 | 中移(杭州)信息技术有限公司 | Communication method and device |
| CN110943860A (en) * | 2019-11-22 | 2020-03-31 | 苏州浪潮智能科技有限公司 | BMC (baseboard management controller) firmware updating method and system, electronic equipment and storage medium |
| CN111338676A (en) * | 2020-02-27 | 2020-06-26 | 苏州浪潮智能科技有限公司 | BMC (baseboard management controller) firmware upgrading system and method with in-band mode and out-of-band mode |
-
2020
- 2020-10-19 CN CN202011120415.4A patent/CN112256300B/en active Active
Patent Citations (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1707434A (en) * | 2004-06-09 | 2005-12-14 | 威芯科技股份有限公司 | Intelligent platform management interface system and executing method thereof |
| US20070005828A1 (en) * | 2005-06-30 | 2007-01-04 | Nimrod Diamant | Interrupts support for the KCS manageability interface |
| CN1964282A (en) * | 2005-10-18 | 2007-05-16 | 宏正自动科技股份有限公司 | System and method for remote management |
| CN101030867A (en) * | 2006-02-28 | 2007-09-05 | 联想(北京)有限公司 | System and method for refreshing and upgrading BIOS |
| US20080134168A1 (en) * | 2006-11-02 | 2008-06-05 | Tokyo Electron Limited | Server apparatus, manufacturing apparatus, group management system, information processing method, and storage medium |
| CN102681959A (en) * | 2012-04-28 | 2012-09-19 | 浪潮电子信息产业股份有限公司 | Method for interacting inner-band information and out-of-band information of server |
| US20140032641A1 (en) * | 2012-07-27 | 2014-01-30 | Vmware, Inc. | Virtual intelligent platform management interface for hardware components |
| CN102904754A (en) * | 2012-09-28 | 2013-01-30 | 浪潮(北京)电子信息产业有限公司 | Method and system for managing server |
| US20140109076A1 (en) * | 2012-10-16 | 2014-04-17 | Pieter-Jan Boone | Secure, non-disruptive firmware updating |
| US20140195711A1 (en) * | 2013-01-04 | 2014-07-10 | American Megatrends, Inc. | Pci express channel implementation in intelligent platform management interface stack |
| CN104202195A (en) * | 2014-09-10 | 2014-12-10 | 华为技术有限公司 | Server unified communication method, baseboard management controller (BMC) and server |
| US20170041200A1 (en) * | 2015-08-05 | 2017-02-09 | American Megatrends, Inc. | Baseboard management controller (bmc) to host communication through device independent universal serial bus (usb) interface |
| US20170102952A1 (en) * | 2015-10-07 | 2017-04-13 | Dell Products, L.P. | Accessing data stored in a remote target using a baseboard management controler (bmc) independently of the status of the remote target's operating system (os) |
| CN105978724A (en) * | 2016-05-12 | 2016-09-28 | 浪潮集团有限公司 | Server management system based on IPMI |
| CN110069280A (en) * | 2018-01-23 | 2019-07-30 | 纬创资通股份有限公司 | Electronic device and its firmware update |
| CN110719583A (en) * | 2018-07-12 | 2020-01-21 | 中移(杭州)信息技术有限公司 | Communication method and device |
| CN109358888A (en) * | 2018-12-18 | 2019-02-19 | 郑州云海信息技术有限公司 | Server firmware upgrade method, device, system and computer readable storage medium |
| CN110399150A (en) * | 2019-06-27 | 2019-11-01 | 苏州浪潮智能科技有限公司 | A kind of bios upgrade method, system, device and computer storage medium |
| CN110413435A (en) * | 2019-07-12 | 2019-11-05 | 苏州浪潮智能科技有限公司 | A kind of communication failure restoration methods, system and associated component |
| CN110532005A (en) * | 2019-08-09 | 2019-12-03 | 苏州浪潮智能科技有限公司 | Baseboard management controller and its construction method |
| CN110633110A (en) * | 2019-08-30 | 2019-12-31 | 苏州浪潮智能科技有限公司 | Server starting method, equipment and storage medium |
| CN110943860A (en) * | 2019-11-22 | 2020-03-31 | 苏州浪潮智能科技有限公司 | BMC (baseboard management controller) firmware updating method and system, electronic equipment and storage medium |
| CN111338676A (en) * | 2020-02-27 | 2020-06-26 | 苏州浪潮智能科技有限公司 | BMC (baseboard management controller) firmware upgrading system and method with in-band mode and out-of-band mode |
Non-Patent Citations (6)
| Title |
|---|
| INTEL TECHNICAL ADVISORY: "baseboard management controller(BMC) keyboard controller style(KCS) interface advisory", pages 1, Retrieved from the Internet <URL:https://www.intel.cn/content/www/cn/zh/support/articles/000057114/server-products/server-boards.html> * |
| JM-419C: "ipmitool使用心得", pages 1, Retrieved from the Internet <URL:https://www.jianshu.com/p/1d54741d068b> * |
| WEIXIN_34126557: "IPMI的几个问题", pages 1, Retrieved from the Internet <URL:https://blog.csdn.net/weixin_34126557/article/details/94684641?> * |
| 华师傅资讯编著: "注册表与组策略必知必会500招", 31 January 2008, 电脑报电子音像出版社, pages: 1 * |
| 李春明,胡建军,李芍编著: "现代坦克装甲车辆电子综合系统", 30 June 2019, 北京理工大学出版社, pages: 1 * |
| 菜鸟++: "BMC ipmitool 对linux服务器进行IPMI管理 - 菜鸟++ - 博客园", pages 1, Retrieved from the Internet <URL:https://www.cnblogs.com/keystone/p/10767164.html> * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112256300B (en) | 2024-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10725762B2 (en) | Gateway device, in-vehicle network system, and firmware update method | |
| US10747872B1 (en) | System and method for preventing malware evasion | |
| KR100524055B1 (en) | Computer system having the function of remote waking up and method for remote waking up the computer system | |
| US20240053977A1 (en) | Gateway device, in-vehicle network system, and firmware update method | |
| CN102063591B (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
| US20120151231A1 (en) | Power supply switching device, a power supply switching device control method and a power supply control program | |
| EP3241144B1 (en) | Secure boot code cache which may be updated through the network | |
| US20160188868A1 (en) | Technologies for providing hardware subscription models using pre-boot update mechanism | |
| US20170177380A1 (en) | Motherboard and a method for boot-up | |
| WO2016062146A1 (en) | Serial number information update method, device and terminal | |
| CN105653306A (en) | Method and device for displaying start Setup interface | |
| CN110750794B (en) | BIOS (basic input output System) safe starting method and system | |
| CN113420297A (en) | Credibility verification system, credibility verification method, mainboard, miniature board card and storage medium | |
| CN106919845B (en) | System security trust chain construction device and method | |
| US10796002B1 (en) | Method and apparatus for establishing a root-of-trust path for a secure computer | |
| CN114185603A (en) | Control method of intelligent accelerator card, server and intelligent accelerator card | |
| CN106570402A (en) | Encryption module and process trusted measurement method | |
| CN117407065A (en) | Network card pre-start control method, device, equipment, system and storage medium | |
| US11880273B2 (en) | Method for installing a program code packet onto a device, device, and motor vehicle | |
| CN114556343A (en) | Secure installation of baseboard management controller firmware via physical interface | |
| CN112256300A (en) | Server in-band management method and device, electronic equipment and readable storage medium | |
| US11921599B2 (en) | Control method and electronic device | |
| CN107368337B (en) | Application downloading method and device and terminal equipment | |
| CN113626792B (en) | PCIe Switch firmware secure execution method, device, terminal and storage medium | |
| CN115827522A (en) | BIOS setting method, BIOS chip and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20211012 Address after: 100089 building 36, courtyard 8, Dongbeiwang West Road, Haidian District, Beijing Applicant after: Dawning Information Industry (Beijing) Co.,Ltd. Applicant after: ZHONGKE SUGON INFORMATION INDUSTRY CHENGDU Co.,Ltd. Address before: Building 36, yard 8, Dongbei Wangxi Road, Haidian District, Beijing Applicant before: Dawning Information Industry (Beijing) Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant |