CN112463224A - System start control method, device, equipment and readable storage medium - Google Patents
System start control method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN112463224A CN112463224A CN202011256577.0A CN202011256577A CN112463224A CN 112463224 A CN112463224 A CN 112463224A CN 202011256577 A CN202011256577 A CN 202011256577A CN 112463224 A CN112463224 A CN 112463224A
- Authority
- CN
- China
- Prior art keywords
- kernel
- image
- mirror image
- hash value
- bmc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 230000008569 process Effects 0.000 claims abstract description 26
- 238000004422 calculation algorithm Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 238000012795 verification Methods 0.000 description 5
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 3
- 230000007123 defense Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 102000003918 Hyaluronan Synthases Human genes 0.000 description 1
- 108090000320 Hyaluronan Synthases Proteins 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a system startup control method, a device, equipment and a readable storage medium, wherein the method comprises the following steps: loading a BMC kernel mirror image to a memory in the system starting process; analyzing the BMC kernel mirror image to obtain an executable kernel mirror image and a signature head; determining whether the executable kernel image is complete using the signature header; and if the executable kernel image is not complete, stopping starting the system. According to the method, under the condition that the BMC is attacked, the integrity of the executable kernel image is detected, and when the integrity is detected, the system is stopped to be started to avoid the data information of the system from being attacked, so that malicious attacks can be effectively blocked in the system starting stage.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for controlling system startup.
Background
With the rapid development of information technology, various industries bring convenience to enjoy the information technology, and meanwhile, the back of the industries is accompanied with the problem of endless information security. The information era enjoys the high efficiency, convenience and great benefit of creation, and is also troubled by information safety. Various types of physical servers and white box switches are widely distributed in various large data centers at present, and computing and storage capacities are provided for different fields of medical treatment, education, communication and the like.
However, the server or switch has limited protection against internal attacks during the boot phase. For example, when an attack is made on a key board-level firmware such as BMC during the system boot process, the system is often hard to detect, and the defense against the attack is not mentioned.
In summary, how to effectively solve the problems of security defense and the like in the system starting process is a technical problem which needs to be solved urgently by those skilled in the art at present.
Disclosure of Invention
The invention aims to provide a system starting control method, a system starting control device, system starting control equipment and a readable storage medium, which can perform security defense in the system starting process.
In order to solve the technical problems, the invention provides the following technical scheme:
a system startup control method, comprising:
loading a BMC kernel mirror image to a memory in the system starting process;
analyzing the BMC kernel mirror image to obtain an executable kernel mirror image and a signature head;
determining whether the executable kernel image is complete using the signature header;
and if the executable kernel image is not complete, stopping starting the system.
Preferably, determining whether the executable kernel image is complete using the signature header comprises:
extracting a reference mirror hash value from the signature header;
calculating a hash value of the executable kernel mirror image to obtain an actual mirror image hash value;
and if the reference mirror image hash value is consistent with the actual mirror image hash value, determining that the executable kernel mirror image is complete.
Preferably, extracting a reference mirror hash value from the signature header includes:
reading a reference mirror image hash value ciphertext from the signature head;
decrypting the reference mirror image hash value ciphertext by using a preset key;
if the decryption fails, determining that the source of the BMC kernel image is not credible, and stopping starting the system;
and if the decryption is successful, obtaining the reference mirror image hash value.
Preferably, before starting the system this time, the method further includes:
compiling the kernel of the BMC original system to generate the executable kernel mirror image when the system is in the running state;
and adding the signature head before the executable kernel mirror image to obtain the BMC kernel mirror image.
Preferably, the compiling the BMC original system kernel to generate the executable kernel image includes:
compiling the BMC original system kernel to generate a linux kernel image, a file system image and a device tree image;
and determining the linux kernel image, the file system image and the device tree image as the executable kernel image.
Preferably, adding the signature header before the executable kernel image to obtain the BMC kernel image includes:
obtaining a reference mirror image hash value ciphertext, creation time, a mirror image size and a kernel loading address;
determining the creation time, the mirror size, the kernel load address, and the reference mirror hash value ciphertext as the signature header;
and obtaining the BMC kernel mirror image before adding the signature head to the executable kernel mirror image.
Preferably, the obtaining of the reference mirror hash value ciphertext includes:
calculating a hash value of the executable kernel mirror image by using a secure hash algorithm to obtain a reference mirror image hash value;
and encrypting the reference mirror image hash value by using a preset key to obtain the reference mirror image hash value ciphertext.
A system start-up control device comprising:
the kernel loading module is used for loading the BMC kernel mirror image to the memory in the system starting process;
the kernel analysis module is used for analyzing the BMC kernel mirror image to obtain an executable kernel mirror image and a signature head;
the image detection module is used for determining whether the executable kernel image is complete or not by utilizing the signature head;
and the starting control module is used for stopping starting the system if the executable kernel mirror image is incomplete.
An electronic device, comprising:
a memory for storing a computer program;
and the processor is used for realizing the steps of the system starting control method when executing the computer program.
A readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the above-described system startup control method.
By applying the method provided by the embodiment of the invention, the BMC kernel mirror image is loaded to the memory in the system starting process; analyzing a system starting control BMC kernel mirror image to obtain an executable kernel mirror image and a signature head; determining whether the system startup control executable kernel mirror image is complete or not by using the system startup control signature head; and if the executable kernel mirror image of the system start control is incomplete, stopping starting the system start control system.
It is considered that the integrity of the executable kernel image of the BMC is affected after the BMC is attacked. Based on this, in the method, the signature head is added in the BMC kernel mirror image, and the BMC kernel mirror image is analyzed after being loaded in the system starting process to obtain the executable kernel mirror image and the signature head. The integrity of the executable kernel image is then detected using the signature header. And stopping starting the system under the condition that the executable kernel image is determined to be incomplete. Therefore, under the condition that the BMC is attacked, the integrity of the executable kernel image is detected, and when the integrity is detected, the system is stopped to be started to avoid the data information of the system from being attacked, so that malicious attacks can be effectively stopped at the system starting stage.
Accordingly, embodiments of the present invention further provide a system start control device, an apparatus, and a readable storage medium corresponding to the system start control method, which have the above technical effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or technical solutions in related arts, the drawings used in the description of the embodiments or related arts will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating a system startup control method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating a BMC kernel mirror generation according to an embodiment of the invention;
FIG. 3 is a schematic diagram illustrating kernel image verification according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a system start control device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating a system boot control method according to an embodiment of the present invention, which can be applied to a system (or device) having BMC firmware, such as a server, a switch, and the like.
The BMC firmware is a key component of a server or a switch, can enable an instruction of an upper layer to be transmitted to a hardware layer, and instructs the hardware layer to perform key operations such as power-on and power-off; when the device is powered on and starts to run, i.e. during system boot, the first instruction of the system is executed in the BMC firmware. It can be seen that the BMC firmware will be the earliest component in the master system controller, which plays a very important role in the security of the device. For example, it is assumed that the corresponding back door program is set in the firmware, so that the important data information of the system can be obtained in a hidden manner.
Based on this, in order to solve the problem of secure boot of the system with the BMC firmware, the system boot control method provided in the embodiment of the present invention may start from the most basic boot process, and ensure that the key firmware in the device boot process is trusted. The method comprises the following steps:
s101, loading a BMC kernel image to a memory in the system starting process.
The system can be any system which has a BMC and needs to effectively guarantee the safety of data information in the starting process of the system.
The BMC kernel image is the kernel image required by the running of the BMC firmware. It should be noted that in the embodiment of the present invention, the BMC kernel image specifically refers to having a signature header before the image.
S102, analyzing the system to start and control the BMC kernel mirror image to obtain an executable kernel mirror image and a signature head.
And analyzing the BMC kernel image, namely analyzing the executable kernel image and the signature head from the BMC kernel image according to the coding rule.
The signature header specifically includes information that can be used to verify whether the executable kernel image is complete, such as at least one of an image size, a creation time, a load address, and a unique identifier corresponding to the executable kernel image (e.g., a hash value of the executable kernel image).
S103, determining whether the system startup control executable kernel mirror image is complete by using the system startup control signature header.
After parsing out the signature header and the executable kernel image, the signature header can be utilized to determine whether the executable kernel image is complete. Specifically, if the signature header includes the size of the image, it may be determined whether the size of the executable kernel image is consistent with the size of the image, and if not, it may be determined that the executable kernel image is incomplete; if the signature header comprises creation time, whether the creation time of the executable kernel mirror image is consistent with the creation time in the signature header can be judged, and if not, the executable kernel mirror image is determined to be incomplete; if the signature head comprises a kernel loading address, whether the actual loading address of the executable kernel mirror image is consistent with the kernel loading address or not can be judged, and if the actual loading address of the executable kernel mirror image is not consistent with the kernel loading address, the executable kernel mirror image is determined to be incomplete; if the signature header comprises a unique identifier corresponding to the executable kernel image, and the unique identifier is not matched with the analyzed executable kernel image, the executable kernel image can be determined to be incomplete.
And S104, if the executable kernel image of the system start control is incomplete, stopping starting the system start control system.
If the executable kernel image is not complete, it indicates that the executable kernel image may be incomplete due to malicious attack and other applications, and at this time, the system is continuously started, which may cause immeasurable loss. Thus, in the event that it is determined that the executable kernel image is incomplete, the boot system may be stopped.
By applying the method provided by the embodiment of the invention, the BMC kernel mirror image is loaded to the memory in the system starting process; analyzing a system starting control BMC kernel mirror image to obtain an executable kernel mirror image and a signature head; determining whether the system startup control executable kernel mirror image is complete or not by using the system startup control signature head; and if the executable kernel mirror image of the system start control is incomplete, stopping starting the system start control system.
It is considered that the integrity of the executable kernel image of the BMC is affected after the BMC is attacked. Based on this, in the method, the signature head is added in the BMC kernel mirror image, and the BMC kernel mirror image is analyzed after being loaded in the system starting process to obtain the executable kernel mirror image and the signature head. The integrity of the executable kernel image is then detected using the signature header. And stopping starting the system under the condition that the executable kernel image is determined to be incomplete. Therefore, under the condition that the BMC is attacked, the integrity of the executable kernel image is detected, and when the integrity is detected, the system is stopped to be started to avoid the data information of the system from being attacked, so that malicious attacks can be effectively stopped at the system starting stage.
It should be noted that, based on the above embodiments, the embodiments of the present invention also provide corresponding improvements. In the preferred/improved embodiment, the same steps as those in the above embodiment or corresponding steps may be referred to each other, and corresponding advantageous effects may also be referred to each other, which are not described in detail in the preferred/improved embodiment herein.
In an embodiment of the present invention, the step S103 of determining whether the system boot control executable kernel image is complete by using the system boot control signature header includes:
step one, extracting a reference mirror image hash value from a system starting control signature head.
That is, the reference mirror hash value is included in the signature header. The hash value is a hash value, and a hash algorithm may be used to perform a hash calculation (i.e., hash value calculation) on the complete executable kernel image to obtain a reference image hash value.
Further, the first step may specifically include:
step 1, reading a reference mirror image hash value ciphertext from a system starting control signature head;
step 2, decrypting the system startup control reference mirror image hash value ciphertext by using a preset key;
step 3, if the decryption fails, determining that the source of the kernel image of the system boot control BMC is not credible, and stopping booting the system boot control system;
and 4, if the decryption is successful, obtaining a system startup control reference mirror image hash value.
The hash value of the reference image can be stored in the signature header in an encryption mode, and whether the source of the BMC kernel image is credible or not can be determined through decryption. Specifically, if the reference mirror image hash value ciphertext cannot be decrypted by using the preset key, it is indicated that the source of the BMC kernel mirror image is not trusted, and at this time, the system can be directly stopped from being started, so as to avoid the system security from being threatened due to the BMC kernel mirror image of which the source is not trusted. Of course, in the case of successful decryption, the reference image hash value is obtained. It should be noted that the preset key for encrypting and decrypting the reference mirror hash value should correspond. For example, if a symmetric key is used, the same key is used for both encryption and decryption; if an asymmetric key is adopted, the corresponding public key and private key are respectively adopted for encryption. In this embodiment, the specific form of the preset key is not limited.
And step two, performing hash value calculation on the executable kernel mirror image of the system start control to obtain an actual mirror image hash value.
After the executable kernel mirror image is obtained through analysis, the hash value of the executable kernel mirror image can be calculated to obtain the actual mirror image hash value. It should be noted that the reference mirror hash value is a result obtained by performing hash value calculation on the complete executable kernel image, and the actual mirror hash value is a result obtained by performing hash value calculation on the parsed executable kernel image. The algorithm used for calculating the reference mirror hash value and the actual mirror hash value should be the same algorithm, and may be calculated using, for example, the SHA1 algorithm (a secure hash algorithm).
And step three, if the hash value of the reference mirror image for system startup control is consistent with the hash value of the actual mirror image for system startup control, determining that the executable kernel mirror image for system startup control is complete.
If the reference mirror hash value is consistent with the actual mirror hash value, based on the hash calculation characteristics, it can be determined that the executable kernel image obtained by parsing is complete. Accordingly, if the reference mirror hash value is not consistent with the actual mirror hash value, it may be determined that the parsed executable kernel mirror is not complete. It should be noted that, in the present embodiment, the executable kernel image is incomplete, which may be specific to the executable kernel image relative to the normal executable kernel image, including but not limited to the case where there is a missing, adding, modifying, etc. that results in a difference from the registered kernel image.
In a specific embodiment of the present invention, before starting the system start control system this time, that is, before executing step S101, a specific implementation process of generating a BMC kernel image includes:
step one, compiling the kernel of the BMC original system when the system start control system is in a running state, and generating an executable kernel mirror image of the system start control.
That is, before the system is restarted, in the running state, the kernel of the BMC original system needs to be compiled to generate an executable kernel image.
The compiling of the original system kernel of the BMC by the system start control to generate an executable kernel mirror image of the system start control may include:
step 1, compiling an original system kernel of a system startup control BMC to generate a linux kernel image, a file system image and a device tree image;
and 2, determining the system startup control linux kernel image, the system startup control file system image and the system startup control device tree image as the system startup control executable kernel image.
That is, the executable kernel image specifically includes a linux kernel image, a file system image, and a device tree image. For the specific process of how to compile the BMC original system kernel to obtain the linux kernel image, the file system image, and the device tree image, reference may be made to a mirror compilation generation rule and implementation, which are not described in detail herein.
And step two, adding a system start control signature head before the system start control executable kernel mirror image to obtain a system start control BMC kernel mirror image.
Compared with the difference that the executable kernel image is the BMC kernel image in the related art, in the embodiment of the invention, the BMC kernel image not only comprises the executable kernel image, but also comprises the signature head, and the signature head is positioned in front of the executable kernel image.
In practical applications, the second step may specifically include:
step 1, obtaining a reference mirror image hash value ciphertext, creation time, mirror image size and a kernel loading address.
The reference mirror image hash value ciphertext, the creation time, the mirror image size and the kernel loading address all correspond to a normal executable kernel mirror image, and under the condition that the reference mirror image hash value ciphertext, the creation time, the mirror image size and the kernel loading address do not correspond to the normal executable kernel mirror image, the executable kernel mirror image can be determined to be incomplete.
And the mirror image hash value ciphertext is referred to, namely the mirror image hash value is referred to for encryption to obtain the ciphertext. The system starting control obtaining the reference mirror image hash value ciphertext may specifically include:
step 1.1, performing hash value calculation on the system startup control executable kernel mirror image by using a secure hash algorithm to obtain a reference mirror image hash value;
and step 1.2, encrypting the system startup control reference mirror image hash value by using a preset secret key to obtain a system startup control reference mirror image hash value ciphertext.
For example, the SHA1 algorithm (a secure hash algorithm) may be used to perform a scatter calculation on the executable kernel image to obtain the reference image hash value. Then, the reference mirror image hash value is signed (i.e. encrypted) by using a private key corresponding to an RSA algorithm (an asymmetric key), so as to obtain an encrypted (or called signed) reference mirror image hash value ciphertext.
And 2, determining system boot control creation time, system boot control mirror image size, system boot control kernel loading address and system boot control reference mirror image hash value ciphertext as a system boot control signature head.
That is, the signature header may include creation time, system boot control image size, system boot control kernel load address, and system boot control reference image hash value ciphertext.
And 3, adding the system start control signature head to the system start control executable kernel mirror image to obtain a system start control BMC kernel mirror image.
That is, the BMC kernel image includes a signature header and an executable kernel image.
In order to better understand the system start control method provided by the embodiment of the present invention, a detailed description is given below to the system start control method by taking a specific application scenario as an example.
The BMC kernel layer mainly comprises two modules, namely a U _ Boot module and an operating system kernel module, wherein the U _ Boot module is used as a first section of execution code after the BMC is powered on, and the main functions comprise closing a watchdog, initializing SDRAM, reading Flash, starting the operating system kernel and the like; after the system starting control method provided by the embodiment of the invention is adopted, a BMC kernel check module can be added on the basis of the original function of the U _ Boot, the kernel image integrity check function in the starting stage is realized, and the starting credibility of the system is ensured.
The method comprises the steps that a signature header is added in front of an original executable linux kernel image zImage, the signature header comprises parameters such as self signature information, a header check value, creation time and an image size, the signature header can be obtained when the linux kernel is loaded, and whether the image is damaged or not is determined through detection of the signature header.
Specifically, please refer to fig. 2 and fig. 3, wherein fig. 2 is a schematic diagram illustrating BMC kernel image generation according to an embodiment of the present invention, and fig. 3 is a schematic diagram illustrating kernel image verification according to an embodiment of the present invention.
After the system start control method provided by the embodiment of the invention is adopted, the BMC kernel mirror image generation process includes:
1. firstly, compiling a BMC original system kernel to generate an original system mirror image zImage (namely an executable kernel mirror image), wherein the mirror image content comprises a linux kernel mirror image, a file system mirror image and a device tree mirror image.
2. The original system image is subjected to hash calculation through the SHA1 algorithm, and the hash value V-SHA1 (namely the reference image hash value) of the original image is obtained.
3. And signing the V-sha1 by using a private key through an RSA algorithm to obtain a signed original mirror hash value RV-sha1 (namely reference mirror hash value ciphertext).
4. And finally, integrating information (namely a signature header) such as RV-sha1, mirror creation time, mirror size and loading address with the original system image zImage to generate a new mirror (namely a BMC kernel image).
After the system Boot control method provided by the embodiment of the invention is adopted, the verification process of the kernel image, namely the verification of the BMC kernel image by the U _ Boot, of the system Boot process mainly comprises the following steps:
1. and loading the BMC kernel mirror image into a memory, and then analyzing the RV-sha1 and the original mirror image zImage according to mirror image header information.
2. The RV-sha1 is decrypted using the RSA public key.
The RSA public key may specifically be input by a BMC administrator through a terminal, or may be directly read from a storage medium. If the image is input by a BMC administrator through a terminal, according to the characteristic of the RSA asymmetric encryption algorithm, if the public key input by the BMC administrator can finish decryption, the RV-sha1 information in the mirror image header is credible, and the V-sha1 can be obtained through decryption; if the decryption fails, the source of the image is illegal, the BMC kernel image is not credible, and the failure operation (namely, the system is stopped to be started) is executed. Particularly, when the decryption fails, the decryption may be performed again until the preset number of times of decryption is reached, for example, 3 times, the decryption failure may be determined and the failure operation may be performed.
3. Carrying out hash calculation on the analyzed zImage original mirror image by adopting the same HAS1 algorithm, and obtaining a hash value (namely an actual mirror image hash value) of the original mirror image again and comparing the hash value with V-sha 1; if the two are equal, the executable kernel mirror image content is complete, so that the source of the whole BMC kernel mirror image can be determined to be real, and the content is complete; if the two are not equal, the image is tampered, and the integrity characteristic is naturally not possessed, and the failure operation is executed.
Therefore, in practical application, the BMC kernel image detection at the U-Boot stage can discover the malicious tampering or damage risk of the kernel image to the maximum extent in advance, and provide a corresponding processing mechanism to prevent more serious damage. The BMC kernel encrypts and verifies the stringency and integrity of the process. Namely, the integrity of system startup is improved through the verification of the BMC kernel image in the U-Boot stage, serious faults caused by firmware attack in the startup process are avoided, and great help is provided for improving the overall safety of products.
Corresponding to the above method embodiment, the embodiment of the present invention further provides a system start control device, and the system start control device described below and the system start control method described above may be referred to in correspondence.
Referring to fig. 4, the apparatus includes the following modules:
the kernel loading module 101 is used for loading the BMC kernel image to the memory in the system starting process;
the kernel analysis module 102 is used for analyzing the kernel image of the BMC started by the system to obtain an executable kernel image and a signature head;
the image detection module 103 is configured to determine whether a system boot control executable kernel image is complete by using the system boot control signature header;
and the starting control module 104 is configured to stop starting the system starting control system if the executable kernel image of the system starting control is incomplete.
By applying the device provided by the embodiment of the invention, the BMC kernel mirror image is loaded to the memory in the system starting process; analyzing a system starting control BMC kernel mirror image to obtain an executable kernel mirror image and a signature head; determining whether the system startup control executable kernel mirror image is complete or not by using the system startup control signature head; and if the executable kernel mirror image of the system start control is incomplete, stopping starting the system start control system.
It is considered that the integrity of the executable kernel image of the BMC is affected after the BMC is attacked. Based on this, in the device, by adding the signature header in the BMC kernel image, in the system starting process, after the BMC kernel image is loaded, the BMC kernel image is analyzed to obtain the executable kernel image and the signature header. The integrity of the executable kernel image is then detected using the signature header. And stopping starting the system under the condition that the executable kernel image is determined to be incomplete. Therefore, under the condition that the BMC is attacked, the integrity of the executable kernel image is detected, and when the integrity is detected, the system is stopped to be started to avoid the data information of the system from being attacked, so that malicious attacks can be effectively stopped at the system starting stage.
In an embodiment of the present invention, the mirror image detection module 103 is specifically configured to extract a reference mirror image hash value from the system start control signature header; calculating a hash value of the executable kernel mirror image of the system startup control to obtain an actual mirror image hash value; and if the hash value of the system startup control reference mirror image is consistent with the hash value of the system startup control actual mirror image, determining that the executable kernel mirror image of the system startup control is complete.
In an embodiment of the present invention, the mirror image detection module 103 is specifically configured to read a reference mirror image hash value ciphertext from a system boot control signature header; decrypting the system startup control reference mirror image hash value ciphertext by using a preset key; if the decryption fails, determining that the source of the kernel image of the system boot control BMC is not credible, and stopping booting the system boot control system; and if the decryption is successful, obtaining the hash value of the system startup control reference mirror image.
In one embodiment of the present invention, the method further comprises: the BMC kernel mirror image compiling module is used for compiling the kernel of the BMC original system to generate a system start control executable kernel mirror image when the system start control system is in an operating state before the system start control system is started at this time; and adding a system start control signature head before the system start control executable kernel mirror image to obtain a system start control BMC kernel mirror image.
In a specific embodiment of the present invention, the BMC kernel image compiling module is specifically configured to compile a system boot control BMC original system kernel to generate a linux kernel image, a file system image, and a device tree image; and determining the system startup control linux kernel image, the system startup control file system image and the system startup control device tree image as the system startup control executable kernel image.
In a specific embodiment of the present invention, the BMC kernel mirror compiling module is specifically configured to obtain a reference mirror hash value ciphertext, creation time, a mirror size, and a kernel loading address; determining system startup control creation time, system startup control mirror image size, system startup control kernel loading address and system startup control reference mirror image hash value ciphertext as a system startup control signature head; and adding the system start control signature head to the executable kernel mirror image of the system start control to obtain the kernel mirror image of the system start control BMC.
In a specific embodiment of the present invention, the BMC kernel image compiling module is specifically configured to perform hash value calculation on a system startup control executable kernel image by using a secure hash algorithm to obtain a reference image hash value; and encrypting the system startup control reference mirror image hash value by using a preset key to obtain a system startup control reference mirror image hash value ciphertext.
Corresponding to the above method embodiment, an embodiment of the present invention further provides an electronic device, and a system start control method described above and an electronic device described below may be referred to in correspondence with each other.
Referring to fig. 5, the electronic device includes:
a memory 332 for storing a computer program;
and a processor 322 for implementing the steps of the system start control method of the above-mentioned method embodiment when executing the computer program.
Specifically, referring to fig. 6, a specific structural diagram of an electronic device provided in this embodiment is shown, where the electronic device may generate a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, where the memory 332 stores one or more computer applications 342 or data 344. Memory 332 may be, among other things, transient or persistent storage. The program stored in memory 332 may include one or more modules (not shown), each of which may include a sequence of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the memory 332 to execute a series of instruction operations in the memory 332 on the electronic device 301.
The electronic device 301 may also include one or more power sources 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341.
The steps in the system start-up control method described above may be implemented by the structure of the electronic device.
Corresponding to the above method embodiment, the embodiment of the present invention further provides a readable storage medium, and a readable storage medium described below and a system start control method described above may be referred to in correspondence with each other.
A readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the system startup control method of the above-mentioned method embodiment.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Claims (10)
1. A system startup control method, comprising:
loading a BMC kernel mirror image to a memory in the system starting process;
analyzing the BMC kernel mirror image to obtain an executable kernel mirror image and a signature head;
determining whether the executable kernel image is complete using the signature header;
and if the executable kernel image is not complete, stopping starting the system.
2. The system boot control method of claim 1, wherein determining whether the executable kernel image is complete using the signature header comprises:
extracting a reference mirror hash value from the signature header;
calculating a hash value of the executable kernel mirror image to obtain an actual mirror image hash value;
and if the reference mirror image hash value is consistent with the actual mirror image hash value, determining that the executable kernel mirror image is complete.
3. The system boot control method according to claim 2, wherein extracting a reference mirror hash value from the signature header includes:
reading a reference mirror image hash value ciphertext from the signature head;
decrypting the reference mirror image hash value ciphertext by using a preset key;
if the decryption fails, determining that the source of the BMC kernel image is not credible, and stopping starting the system;
and if the decryption is successful, obtaining the reference mirror image hash value.
4. The system start-up control method according to claim 1, further comprising, before starting up the system this time:
compiling the kernel of the BMC original system to generate the executable kernel mirror image when the system is in the running state;
and adding the signature head before the executable kernel mirror image to obtain the BMC kernel mirror image.
5. The system boot control method of claim 4, wherein the compiling the BMC native system kernel to generate the executable kernel image comprises:
compiling the BMC original system kernel to generate a linux kernel image, a file system image and a device tree image;
and determining the linux kernel image, the file system image and the device tree image as the executable kernel image.
6. The system boot control method of claim 4, wherein adding the signature header before the executable kernel image to obtain the BMC kernel image comprises:
obtaining a reference mirror image hash value ciphertext, creation time, a mirror image size and a kernel loading address;
determining the creation time, the mirror size, the kernel load address, and the reference mirror hash value ciphertext as the signature header;
and obtaining the BMC kernel mirror image before adding the signature head to the executable kernel mirror image.
7. The system boot control method according to claim 6, wherein the obtaining of the reference mirror hash value ciphertext comprises:
calculating a hash value of the executable kernel mirror image by using a secure hash algorithm to obtain a reference mirror image hash value;
and encrypting the reference mirror image hash value by using a preset key to obtain the reference mirror image hash value ciphertext.
8. A system start-up control device, comprising:
the kernel loading module is used for loading the BMC kernel mirror image to the memory in the system starting process;
the kernel analysis module is used for analyzing the BMC kernel mirror image to obtain an executable kernel mirror image and a signature head;
the image detection module is used for determining whether the executable kernel image is complete or not by utilizing the signature head;
and the starting control module is used for stopping starting the system if the executable kernel mirror image is incomplete.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the system start-up control method according to any one of claims 1 to 7 when executing said computer program.
10. A readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the system startup control method according to any one of claims 1 to 7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011256577.0A CN112463224A (en) | 2020-11-11 | 2020-11-11 | System start control method, device, equipment and readable storage medium |
| PCT/CN2021/089877 WO2022100014A1 (en) | 2020-11-11 | 2021-04-26 | Method and apparatus for controlling system startup, device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011256577.0A CN112463224A (en) | 2020-11-11 | 2020-11-11 | System start control method, device, equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112463224A true CN112463224A (en) | 2021-03-09 |
Family
ID=74825511
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011256577.0A Withdrawn CN112463224A (en) | 2020-11-11 | 2020-11-11 | System start control method, device, equipment and readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112463224A (en) |
| WO (1) | WO2022100014A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022100014A1 (en) * | 2020-11-11 | 2022-05-19 | 苏州浪潮智能科技有限公司 | Method and apparatus for controlling system startup, device and readable storage medium |
| CN115858251A (en) * | 2023-01-18 | 2023-03-28 | 苏州浪潮智能科技有限公司 | Control method and device for substrate control unit, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104156659A (en) * | 2014-08-14 | 2014-11-19 | 电子科技大学 | Embedded system secure start method |
| CN106384052A (en) * | 2016-08-26 | 2017-02-08 | 浪潮电子信息产业股份有限公司 | BMC U-boot trusted starting control method |
| CN109766134A (en) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | System start method, device, electronic equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100062844A1 (en) * | 2003-03-05 | 2010-03-11 | Bally Gaming, Inc. | Authentication and validation systems for gaming devices |
| CN109376550A (en) * | 2018-11-01 | 2019-02-22 | 郑州云海信息技术有限公司 | A kind of starting control method, device and the equipment of target component |
| CN112463224A (en) * | 2020-11-11 | 2021-03-09 | 苏州浪潮智能科技有限公司 | System start control method, device, equipment and readable storage medium |
-
2020
- 2020-11-11 CN CN202011256577.0A patent/CN112463224A/en not_active Withdrawn
-
2021
- 2021-04-26 WO PCT/CN2021/089877 patent/WO2022100014A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104156659A (en) * | 2014-08-14 | 2014-11-19 | 电子科技大学 | Embedded system secure start method |
| CN106384052A (en) * | 2016-08-26 | 2017-02-08 | 浪潮电子信息产业股份有限公司 | BMC U-boot trusted starting control method |
| CN109766134A (en) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | System start method, device, electronic equipment and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022100014A1 (en) * | 2020-11-11 | 2022-05-19 | 苏州浪潮智能科技有限公司 | Method and apparatus for controlling system startup, device and readable storage medium |
| CN115858251A (en) * | 2023-01-18 | 2023-03-28 | 苏州浪潮智能科技有限公司 | Control method and device for substrate control unit, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022100014A1 (en) | 2022-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9690498B2 (en) | Protected mode for securing computing devices | |
| KR102105020B1 (en) | Dynamic self mutation system using virtual machine based code transformation technology | |
| US8694763B2 (en) | Method and system for secure software provisioning | |
| CN110990084B (en) | Chip secure starting method and device, storage medium and terminal | |
| US20170262656A1 (en) | Method and device for providing verifying application integrity | |
| US20130031371A1 (en) | Software Run-Time Provenance | |
| EP3026560A1 (en) | Method and device for providing verifying application integrity | |
| US20170262658A1 (en) | Method and device for providing verifying application integrity | |
| US20210367781A1 (en) | Method and system for accelerating verification procedure for image file | |
| CN112463224A (en) | System start control method, device, equipment and readable storage medium | |
| KR20170089352A (en) | Firmware integrity verification for performing the virtualization system | |
| CN115248919A (en) | Method and device for calling function interface, electronic equipment and storage medium | |
| CN112511306A (en) | Safe operation environment construction method based on mixed trust model | |
| CN111597558B (en) | Trusted boot method and system of embedded operating system based on multiple mirror images of file | |
| JP7439067B2 (en) | File system verification and installation | |
| CN113127873A (en) | Credible measurement system of fortress machine and electronic equipment | |
| US20210216636A1 (en) | Determining Authenticity of Binary Images | |
| CN115357908A (en) | Network equipment kernel credibility measurement and automatic restoration method | |
| CN112054895A (en) | Trusted root construction method and application | |
| CN113360914A (en) | BIOS updating method, system, equipment and medium | |
| CN115543694B (en) | Flash device switching method and device, computer equipment and storage medium | |
| CN116956364B (en) | Virtualized product integrity verification method, device and system and electronic equipment | |
| Papakotoulas et al. | Sustaining the Trust of an IoT Infrastructure | |
| CN114721693A (en) | Microprocessor, BIOS firmware updating method, computer equipment and storage medium | |
| Juhász et al. | Secure remote firmware update on embedded IoT devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210309 |
|
| WW01 | Invention patent application withdrawn after publication |