CN112702182A - Trusted management method, device, system, equipment and storage medium - Google Patents

Trusted management method, device, system, equipment and storage medium Download PDF

Info

Publication number
CN112702182A
CN112702182A CN201911007916.9A CN201911007916A CN112702182A CN 112702182 A CN112702182 A CN 112702182A CN 201911007916 A CN201911007916 A CN 201911007916A CN 112702182 A CN112702182 A CN 112702182A
Authority
CN
China
Prior art keywords
trusted
server
trusted management
measurement
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911007916.9A
Other languages
Chinese (zh)
Inventor
杨新苗
陈敏时
高楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN201911007916.9A priority Critical patent/CN112702182A/en
Publication of CN112702182A publication Critical patent/CN112702182A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Environmental & Geological Engineering (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the application discloses a trusted management method, a trusted management device, a trusted management system, equipment and a storage medium, wherein the trusted management method comprises the following steps: an independent trusted management agent is built inside a BMC module of the server; the trusted management agent performs trusted management on the server; wherein, the trusted management agent performs trusted management on the server at least comprises one of the following steps: the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted mode.

Description

Trusted management method, device, system, equipment and storage medium
Technical Field
The present application relates to the field of communications, and relates to, but is not limited to, a trusted management method, apparatus, system, device, and storage medium.
Background
In the server, in the prior art, a manner of executing Trusted Boot and constructing a Trusted chain based on Trusted root technologies such as a Trusted Platform Module (TPM), a Trusted Cryptography Module (TCM), or a Trusted Platform Control Module (TPCM) is to sequentially perform static measurement on each Boot Module step by step, where a Boot Module includes a base Board Management Controller (BMC) Module, a Basic Input Output System (BIOS) Module, an initialization program (Boot Loader) Module, an operating System kernel (OS kernel) Module, and an application program (APP) Module, and stores measurement results in a TPM/TPCM chip. In the process of sequentially and gradually carrying out static measurement on each starting module, if the measurement results of all the modules accord with the expected values, the starting process of the server is smoothly finished, and the trusted chain is transmitted to the application program layer. At this time, the interface layer and the management module related to the TPM/TPCM may be loaded on the application layer, so as to implement the call of TPM/TPCM service, for example, the query of measurement result, the use of cryptographic function, etc.
However, when the measurement result of any module in the startup process does not meet the expected value, the startup process is terminated, and the server CPU is also forced to be shut down, which causes the measurement result/state stored in the TPM/TPCM chip to be unreadable, thereby causing the server administrator to have difficulty in accurately determining the failure point in the server startup process, and also failing to repair the server.
Disclosure of Invention
In view of this, embodiments of the present application provide a trusted management method, apparatus, system, device, and storage medium.
The technical scheme of the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a trusted management method, where the method includes: an independent trusted management agent is built in a BMC module of a server, and the trusted management agent performs trusted management on the server;
wherein, the trusted management agent performs trusted management on the server at least comprises one of the following steps:
the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted mode.
In a second aspect, an embodiment of the present application provides a trusted management device, where the trusted management device includes:
the building unit is used for building an independent trusted management agent in the BMC module of the server;
the trusted management agent is used for performing trusted management on the server, wherein the trusted management agent performs trusted management on the server at least comprises the following steps: the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted mode.
In a third aspect, an embodiment of the present application provides a trusted management system, where the system includes: a BMC module of the server, a trusted management agent, a trusted management platform, wherein,
the trusted management agent runs inside a BMC module of the server and is used for performing trusted management on the server;
wherein, the trusted management agent performs trusted management on the server at least comprises one of the following steps: the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted manner;
the trusted management platform and the trusted management agent implement remote communication.
In a fourth aspect, an embodiment of the present application provides a trusted management device, which includes a memory and a processor, where the memory stores a computer program that is executable on the processor, and the processor implements the steps in the above method when executing the program.
In a fifth aspect, embodiments of the present application provide a computer-readable storage medium having computer-executable instructions stored therein, where the computer-executable instructions are configured to perform the above-mentioned trusted management method.
The embodiment of the application provides a trusted management method, a trusted management device, a trusted management system, equipment and a storage medium, wherein an independent trusted management agent is built inside a BMC (baseboard management controller) module of a server; the trusted management agent performs trusted management on the server; wherein, the trusted management agent performs trusted management on the server at least comprises one of the following steps: the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted manner; because the trusted management agent is built in the BMC module of the server, as long as the server is plugged in, even when the CPU of the server is in a closed state, the BMC continues to operate, and simultaneously, because the BMC has a single function, a closed environment and independent network connection, the BMC can keep safe and stable operation, so that the trusted management agent built in the BMC can continuously and safely work, is not influenced by the operation state of a main system of the server, and guarantees that a measurement result/state is timely read out, so that a server administrator can judge a fault point in the starting process of the server.
Drawings
In the drawings, which are not necessarily drawn to scale, like reference numerals may describe similar components in different views. Like reference numerals having different letter suffixes may represent different examples of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed herein.
FIG. 1 is a diagram illustrating a trusted management method in the related art;
fig. 2A is a schematic flowchart of a trusted management method according to an embodiment of the present application;
fig. 2B is a schematic flowchart of a trusted management method according to an embodiment of the present application;
fig. 2C is a schematic flowchart of a TPM/TPCM chip reading process applied to a server by the trusted management method according to the embodiment of the present disclosure;
fig. 2D is a schematic flowchart of a trusted management method applied to perform trusted update on firmware/software of a server according to an embodiment of the present application;
fig. 2E is a schematic flowchart of a trusted management method applied to execute trusted boot measurement on a server according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating a server startup process according to an embodiment of the present application;
fig. 4 is a schematic diagram illustrating an abnormal flow situation of trusted network connection detection provided in an embodiment of the present application;
fig. 5 is a schematic flowchart illustrating a process of updating a Boot Loader code according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a trusted management system according to an embodiment of the present application;
fig. 7 is a schematic structural diagram illustrating a remote diagnosis of a server startup exception according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a diagnosis of a server startup exception according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of updating Boot Loader code according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a trusted management device according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a trusted management system according to an embodiment of the present application.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The equivalent structure or equivalent flow conversion made by the content of the specification and the attached drawings, or directly or indirectly applied to other related technical fields, are all included in the protection scope of the patent of the application.
In order to better understand the trusted management method provided in the embodiment of the present application, an analysis of the trusted management method in the related art is first described.
Referring to fig. 1, a schematic diagram of a trusted management structure used in the related art is shown, where trusted boot is executed and a trusted chain is constructed based on a root of trust technology such as a TPM/TPCM chip in the related art, where a boot mode is that each boot module sequentially performs static measurement step by step, and a specific static process is as follows: the BMC module 20 performs static measurement on the BIOS module 30, and if the measurement is successful, writes a measurement result into the TPM/TPCM chip; meanwhile, the BIOS module 30 performs static measurement on the Boot Loader module 40, and if the measurement is successful, writes the measurement result into the TPM/TPCM chip 10; meanwhile, the Boot Loader module 40 performs static measurement on the OS kernel module 50, and if the measurement is successful, the measurement result is written into the TPM/TPCM chip 10; meanwhile, the OS kernel module 50 measures the APP module 60, and if the measurement is successful, the measurement result is written into the TPM/TPCM chip 10.
In the process of sequentially and gradually performing static measurement by each starting module, the starting process of the server can be smoothly completed only when the measurement values of all the modules meet the expected values, that is, the measurement values of all the starting modules are successful. However, when the metric value of any module in the boot process does not meet the expected value, the boot process will be terminated and the server CPU will be forced to shut down.
Therefore, in the trusted management method in the related art, the termination of the boot process may cause the measurement result/state stored in the TPM/TPCM chip to be unreadable, thereby causing difficulty for a server administrator to determine a failure point and repair the server in the boot process of the server.
Example one
Based on the problems in the related art, the embodiments of the present application provide a trusted management method, which performs trusted management on a server by constructing a trusted management agent inside a BMC module of the server, so as to perform trusted management on the server.
Fig. 2A is a schematic view of an implementation flow of a trusted management method provided in an embodiment of the present application, and referring to fig. 2A, the method includes:
step S201, an independent trusted management agent is built inside the BMC module of the server.
Here, the BMC module is a dedicated service processor, monitors the operation state of a computer device, web server, or other hardware driver using a sensor, and can communicate with a system administrator through a separate connection line. The BMC module is part of an Intelligent Platform control Interface (IPMI), and is typically contained in a template or main circuit board of the device being monitored. The power supply of the BMC module is independent of the power supply of the CPU of the server, and as long as the server is plugged in, the BMC module can keep running even when the CPU of the server is in a closed state.
Step S202, the trusted management agent performs trusted management on the server.
Here, the trusted management agent operates inside the BMC module, and the trusted management agent may communicate through an independent connection line, thereby implementing remote trusted management of a system of a server.
In this embodiment of the application, the trusted management of the server by the trusted management agent at least includes one of the following: the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted mode.
Here, since the trusted management agent runs inside the BMC module of the server, the trusted management agent implements that the trusted boot measurement is performed on the server safely and stably, and a problem that a measurement result/state stored in the TPM/TPCM chip cannot be read due to boot termination does not occur; meanwhile, when any needed firmware/software module is repaired or upgraded in the server starting process, the trusted management agent can update the firmware/software of the server in a trusted mode.
It should be noted that the measurement result includes the measurement status, and the measurement status is used to indicate that the trusted management agent performs measurement on the server successfully or fails to perform measurement.
In the embodiment of the application, because the trusted management agent is built inside the BMC module of the server, as long as the server is plugged in, even when the CPU of the server is in a closed state, the BMC continues to operate, and meanwhile, because the BMC has a single function and is closed in environment and has an independent network connection, the BMC can keep safe and stable operation, so that the trusted management agent built inside the BMC can continuously and safely operate, is not affected by the operating state of the main system of the server, and ensures that the measurement result/state can be read out in time, so that a server administrator can judge a fault point in the starting process of the server.
Example two
The embodiment of the application provides a trusted management method, which is used for performing trusted management on a server through a trusted management agent built in a BMC module of the server, so that the trusted management on the server is realized.
Fig. 2B is a schematic flowchart of a trusted management method according to an embodiment of the present application, and with reference to fig. 2B, the method includes the following steps:
step S211, an independent trusted management agent is built inside the BMC module of the server.
Step S212, the trusted management agent establishes a trusted network connection with the trusted management platform by using the independent network connection channel of the BMC module.
Here, the trusted management platform is a server that assists the trusted management agent in implementing remote management.
Because the BMC module has an independent network connection channel, the trusted management agent can establish a more trusted and secure network connection with the trusted management platform by using the independent network connection channel of the BMC module.
Step S213, the trusted management agent provides a trusted secure data transmission channel for trusted management of the server through the trusted network connection, so as to implement trusted management of the server.
Here, when a trusted secure data transmission channel is provided for trusted management of a server through the trusted network connection to implement trusted management of the server, a docking operation of some signals, instructions, and the like may be performed between the trusted management platform and the trusted management agent.
In the embodiment of the application, the channel is connected through the independent network using the BMC module, so that the data transmission channel between the trusted management agent and the trusted management platform is safer and more trusted, and the trusted management work of the server is facilitated.
EXAMPLE III
An embodiment of the present application provides a trusted management method, configured to implement trusted management on a server when the trusted management on the server includes managing a TPM/TPCM chip in the server, where fig. 2C is a schematic process flow diagram of a process of reading a measurement result in the TPM/TPCM chip in the server by using the trusted management method provided in the embodiment of the present application, with reference to fig. 2C, and the method includes the following steps:
step S221, an independent trusted management agent is built inside the BMC module of the server.
Step S222, the trusted management agent establishes a trusted network connection with the trusted management platform by using the independent network connection channel of the BMC module.
Step S223, the trusted management agent receives, through the trusted network connection, an instruction for reading a measurement state sent by the trusted management platform.
Here, since the measurement state in the server startup process is read in the server startup process, so that an administrator can grasp the measurement state in the server startup process in time, the trusted management agent may receive an instruction sent by the trusted management platform for reading the measurement state.
Step S224, in response to the instruction for reading the measurement state, the trusted management agent reads the measurement state in the server boot process from the TPM/TPCM chip through a relevant protocol.
Here, after the trusted management agent receives an instruction sent by the trusted management platform to read a metric state, the trusted management agent may read the corresponding metric state through a relevant protocol. Wherein the relevant protocol refers to a protocol for enabling the trusted management agent to read the measurement state in the server boot process from the TPM/TPCM chip.
Step S225, sending the measurement status to the trusted management platform through the trusted network connection.
Here, after the trusted management agent reads the metric state in the server boot process, the metric state needs to be sent to the trusted management platform to assist the trusted management platform in performing remote management.
In the embodiment of the application, the trusted management agent can monitor the measurement state in the starting process of the server, and is favorable for trusted management work of the server system.
Example four
An embodiment of the present application provides a trusted management method, configured to implement trusted management on a server when performing trusted management on the server includes performing trusted update on firmware/software of the server, where fig. 2D is a schematic flow diagram of the trusted management method provided in this embodiment of the present application for performing trusted update on firmware/software of the server, and with reference to fig. 2D, the implementation step includes:
step S231, an independent trusted management agent is built inside the BMC module of the server.
Step S232, the trusted management agent establishes trusted network connection with the trusted management platform by using the independent network connection channel of the BMC module.
Step S233, the trusted management agent receives, through the trusted network connection, an instruction for reading a measurement state sent by the trusted management platform.
Here, during the trusted management work of the server, it is often necessary to perform some firmware or software update, and the trusted management agent may receive an instruction for firmware/software update sent by the server management platform.
Step S234, in response to the instruction for reading the measurement state, the trusted management agent reads the measurement state in the server boot process from the TPM/TPCM chip through a relevant protocol.
And after the trusted management agent receives the updating instruction sent by the server management platform, the trusted management agent receives the corresponding firmware/software binary code sent by the server management platform, and then updates the firmware/software through the server updating interface.
Here, the server management platform may be responsible for overall planning and management of all applications running on the BMC module, and may also be responsible for sending update instructions and codes.
In the embodiment of the application, when firmware/software repair or upgrade is needed in the server starting process, the trusted management agent can update the firmware/software to complete repair or upgrade work, and smooth completion of the firmware/software repair or upgrade work related in the server system is facilitated.
EXAMPLE five
An embodiment of the present application provides a trusted management method, configured to implement trusted management on a server when performing trusted management on the server to execute a trusted boot measurement on the server, where fig. 2E is a flowchart of a method for executing the trusted boot measurement on the server, provided in an embodiment of the present application, and with reference to fig. 2E, the implementation steps include:
step S241, an independent trusted management agent is built inside the BMC module of the server.
Step S242, the trusted management agent establishes a trusted network connection with the trusted management platform by using the independent network connection channel of the BMC module.
And step S243, the trusted management agent receives, through the trusted network connection, a metric expected value updating instruction sent by the trusted management platform, where the metric expected value updating instruction includes a new metric expected value.
It should be noted that, when firmware/software update is performed, the trusted management agent further needs to send the code to be updated, which is received from the server management platform, to the trusted management platform, and the trusted management platform needs to calculate a metric expected value of the code to be updated, so as to obtain a new metric expected value.
It should be noted that, when firmware/software update is performed, the trusted management agent further needs to send the code to be updated, which is received from the server management platform, to the trusted management platform, and the trusted management platform needs to calculate a metric expected value of the code to be updated, so as to obtain a new metric expected value.
The trusted management agent receives a metric expectation value updating instruction sent by the trusted management platform through the trusted network connection, wherein the metric expectation value updating instruction comprises a new metric expectation value.
Step S244, in response to the metric expectation updating instruction, the trusted management agent writes the new metric expectation value into the TPM/TPCM chip through a relevant protocol.
Here, after the trusted management agent receives the metric expectation value updating command, the trusted management agent writes the new metric expectation value into the TPM/TPCM chip through a relevant protocol. It should be noted that the relevant protocol herein is a protocol for writing the new metric expected value into the TPM/TPCM chip.
In the embodiment of the application, the trusted management agent stores the new measurement expected value into the TPM/TPCM through the trusted network connection, so that the expected value is updated, and the measurement verification of the code to be updated in the process of the server starting process is facilitated.
EXAMPLE six
The embodiment of the application provides a trusted management method, which is used for implementing trusted management on a server when the trusted management on the server includes executing trusted starting measurement on the server. Fig. 3 is a schematic diagram of a server startup process provided in an embodiment of the present application. Referring to fig. 3, the execution operation flow in the starting process of the server includes:
step S301, an independent trusted management agent is built inside the BMC module of the server.
Step S302, the trusted management agent establishes trusted network connection with the trusted management platform by using the independent network connection channel of the BMC module.
Step S303, performing static measurement on the BMC APP of the server.
Here, the BMC APP of the server is some applications running in the BMC module, for example, these applications may implement measuring physical variables inside the server, such as: temperature, humidity, supply voltage, fan speed, communication parameters, operating system functions, and the like. And performing static measurement on the application program running in the BMC module, realizing deep trusted measurement, and providing a safer and more trusted running environment for the interior of the BMC module.
Step S304, the trusted management agent writes the BMC APP metric value into the TPM/TPCM chip through a relevant protocol.
Here, after performing static measurement on the BMC APP of the server, obtaining a measurement value, writing the BMC APP measurement value into the TPM/TPCM chip, and comparing the TPM/TPCM chip with an expected BMC APP measurement value stored in the TPM/TPCM chip to obtain a measurement state of the BMC APP, where the measurement state includes measurement success and measurement failure.
It should be noted that, the BMC APP metric value is written into the TPM/TPCM chip through a related protocol, where the related protocol refers to a protocol for writing the BMC APP metric value into the TPM/TPCM chip.
It should be noted that the BMC module may be divided into a BMC U-boot, a BMC OS Kernel, and a BMC APP, and in other embodiments, before the trusted management agent performs static measurement on the BMC APP, the method further includes sequentially measuring the BMC U-boot and the BMC OS Kernel to achieve deep measurement, so as to further ensure security and reliability of trusted management of the server.
Step S305, if the measurement state of the BMC APP is successful, measuring the code of the BIOS of the server.
Here, when the metric value obtained by performing static measurement on the BMC APP is expected, that is, the measurement result in step 303 is successful, the code of the BIOS of the server is measured.
In other embodiments, before the measuring of the code of the BIOS of the server, the static measurement of the BMC APP may not be included, that is, the step 303 and the step 304 may be omitted, and the static measurement of the code of the BIOS of the server is directly performed.
Step S306, the trusted management agent writes the measurement value of the BIOS into the TPM/TPCM chip through a relevant protocol to obtain the measurement state of the BMC APP.
Here, after writing the measurement value of the BIOS into the TPM/TPCM chip, the TPM/TPCM chip obtains the measurement status of the BIOS by comparing the measurement value with the expected measurement value of the BIOS stored in the TPM/TPCM chip, and the measurement status of the BIOS may include measurement success or measurement failure.
It should be noted that, the metric value of the BIOS is written into the TPM/TPCM chip, where the relevant protocol refers to a protocol for writing the metric value of the BIOS into the TPM/TPCM chip.
Step S307, if the measurement state of the BIOS is successful, the BMC module is informed to give the control right of the CPU of the server to the BIOS, and the measurement state of the BIOS is obtained.
It should be noted that the BIOS module is a first step in the CPU start-up process of the server, and when the BIOS measurement is successful, it is proved that the BIOS can safely enter the start-up process of the server.
In the embodiment of the application, the success of the measurement of the BMC APP is determined, the operating environment of the trusted management agent built in the BMC module of the server is guaranteed, and then the starting process of the server is started at the moment, so that the starting process is safer and more reliable.
In other embodiments, the providing a trusted secure data transmission channel for trusted management of a server through the trusted network connection to implement trusted management of the server further includes monitoring a metric value of a firmware/software module of the server during a server boot process; if the measured value of the firmware/software module of the server is not in accordance with the expectation, reporting the monitored abnormal condition that the measured value is not in accordance with the expectation through the trusted network connection so as to realize the remote trusted monitoring and fault positioning of the trusted boot abnormality of the server.
It should be noted that the firmware/software module of the server may be any one of a BIOS, a Boot Loader, and an OS Kernel.
In the process of starting the server, there may be a case that the measurement is not in accordance with the expectation due to abnormal tampering of the firmware/software module of the server, then the starting of the server is terminated, and subsequently, the trusted management agent may implement reporting of the abnormal condition, at the same time.
Based on the above embodiments, when it is necessary to report the abnormality that the monitored metric value does not meet the expectation through the trusted network connection, fig. 4 is a schematic diagram of an abnormality detection flow of the trusted network connection provided in the embodiments of the present application, and refer to fig. 4:
step S401, receiving information of measurement failure sent by the TPM/TPCM chip, where the information of measurement failure is used to characterize that the server fails in the starting process.
As in the foregoing embodiment, in the process of performing measurement, after the measurement value is written into the TPM/TPCM chip, the TPM/TPCM chip feeds back the measurement status, and when the measurement status is measurement failure, the TPM/TPCM chip sends information of the measurement failure, and meanwhile, the trusted management agent receives the information of the measurement failure, where the information of the measurement failure may include a message of start failure and a specific location of start failure.
Step S402, the trusted management platform is informed of the measurement failure information through the trusted network connection.
And the trusted management agent sends the information of the measurement failure to the trusted management platform, so that the trusted management platform can monitor the measurement state in the starting process in real time.
Step S403, informing a server management platform of the abnormal condition of the failed start of the server and the fault position of the server through the BMC APP.
Here, the trusted management agent further informs the server management platform of the information of the measurement failure through the BMC APP, so as to facilitate the overall planning and management work of the server management platform.
For example, in a process of starting measurement, when the BIOS module measures the Boot Loader, measurement fails, a result of the measurement failure is stored in a TPM/TPCM chip, and the TPM/TPCM chip sends information of the measurement failure to the trusted management agent, and further, the trusted management agent informs the trusted management platform and the server management platform of the information of the measurement failure.
Based on the above embodiment, when the trusted management agent needs to update the code of the corresponding module after notifying the trusted management platform and the server management platform of the information of the metric failure, referring to fig. 5, the steps further include:
step S501, the trusted management agent receives an update instruction forwarded by a server management platform through a BMC APP of the server, and the update instruction comprises a code to be updated.
It should be noted that, when the server management platform needs to update the firmware or the software module in the server, the server management platform sends an update instruction to the BMC APP, and the BMC APP forwards the update instruction to the trusted management agent.
Here, the trusted management agent receives the update instruction, and the code to be updated includes Boot Loader code, BIOS code, and OS Kernel code.
When the Boot Loader module needs to be updated, the update instruction may include a Boot Loader code.
In other embodiments, when the BIOS module needs to be updated, the update instructions may include BIOS code.
In other embodiments, when the OS Kernel module needs to be updated, the update instruction may include an OS Kernel code.
Step S502, the trusted management agent sends the code to be updated to the trusted management platform through the trusted network connection.
The trusted management agent may send the code to be updated included in the update instruction to the trusted management platform through the trusted network connection, where the trusted management agent sends the Boot Loader code to the trusted management platform.
In other embodiments, the Boot Loader code is sent to the trusted management platform through the trusted network connection.
In other embodiments, the trusted management agent sends the BIOS code to the trusted management platform.
In other embodiments, the trusted management agent sends the OS Kernel code to the trusted management platform.
Step S503, the trusted management agent receives, through the trusted network connection, a new metric expected value returned by the trusted management platform for the code to be updated.
Here, the trusted management agent may receive, through the trusted network connection, a new metric expected value returned by the trusted management platform for the Boot Loader code.
After the trusted management agent sends the Boot Loader code to the trusted management platform, the trusted management platform calculates the Boot Loader code to obtain a new measurement expected value returned by the Boot Loader code, wherein the new measurement expected value returned by the Boot Loader code corresponds to the Boot Loader code one by one, and can be understood as a feature code of the Boot Loader code, which is beneficial to measurement and verification of the Boot Loader code.
And the trusted management agent receives a new measurement expected value of the Boot Loader sent by the trusted management platform.
In other embodiments, the trusted management agent may also receive a new metric expected value returned by the trusted management platform for the BIOS code or OS Kernel code.
And step S504, storing the new measurement expected value of the code to be updated into the TPM/TPCM chip.
Here, the new metric expected value of the Boot Loader may be stored in the TPM/TPCM chip.
And the trusted management agent stores the new measurement expected value of the Boot Loader into a TPM/TPCM chip so as to facilitate the recording and management of the TPM/TPCM chip.
In other embodiments, a new metric expectation of the BIOS code or the OS Kernel code may also be stored in the TPM/TPCM chip.
And step S505, updating the code to be updated to a storage area of the code to be updated.
Here, the Boot Loader code is updated to the Boot Loader storage area.
And the trusted management agent updates the code to be updated to a corresponding storage area, and the trusted management agent updates the Boot Loader code to a Boot Loader storage area to complete the update process of the Boot Loader code.
In other embodiments, the trusted management agent may update the BIOS code to a BIOS code storage area, completing the update process of the BIOS code.
In other embodiments, the trusted management agent may update the OS Kernel code to an OS Kernel code storage area, and complete the update process for the OS Kernel code.
In the embodiment of the application, the trusted management agent is connected through a trusted network to complete the update of the Boot Loader code, and the secure and stable starting of the server is guaranteed.
In some other embodiments, a BMC (Baseboard Management Controller) -based trusted Management system is provided, including: the system comprises a TPM/TPCM, a BMC, a trusted management agent running in the BMC and a trusted management cloud platform. Fig. 6 is a schematic structural diagram of a trusted management system according to an embodiment of the present application, and reference is made to fig. 6:
the trusted management agent 601 running in the BMC microprocessor 600 in this system is the key to implementing remote trusted management of the server system. The trusted management agent 601 includes: a trusted communication module 611, a state read module 612, a firmware/software update module 613, an expected value update module 614, and a trusted metrics module 615, wherein:
the trusted communication module 611 establishes a trusted network connection with the trusted management platform 602 through the independent network connection channel of the BMC microprocessor 600, and provides a trusted and secure data transmission channel for trusted management of the server.
The state reading module 612 receives a measurement state reading instruction sent by the trusted management cloud platform 602 (i.e., the trusted management platform in the foregoing embodiment), then reads the measurement state in the server boot process from the TPM/TPCM chip 605 through a relevant protocol, and sends the measurement state to the remote trusted management cloud platform 602.
The firmware/software update module 613 receives the firmware/software update instruction and the firmware/software binary code sent by the server management platform, and then updates the firmware/software through the server update interface.
The expected value updating module 614 receives a metric expected value updating instruction sent by the trusted management cloud platform 602 and a new metric expected value, and then writes the new metric expected value into the TPM/TPCM chip 605 through a relevant protocol.
The trusted measurement module 615 performs static measurement on the BMC APP module 604, and then writes the measurement value of the BMC APP module 604 into the TPM/TPCM chip 605 through a relevant protocol, so as to obtain the measurement state of the BMC APP. If the measurement status of the BMC APP module 604 is successful, the trusted measurement module measures the code of the server BIOS, and then writes the measurement value of the BIOS into the TPM/TPCM chip through a relevant protocol. If the measurement state of the BIOS module is measurement success, the BMC microprocessor 600 is notified to give the control right of the server CPU to the BIOS and start the start-up process of the server.
It should be noted that the BMC microprocessor 600 further includes a BMC U-Boot module 606 and a BMC OS Kernel module 607; before the trusted metrics module performs static metrics on the BMC APP module 604, the metrics on the BMC U-Boot module 606 and the BMC OS Kernel module 607 are also included.
Under the control of the trusted management agent with the functional modules, the server trusted management model is updated as shown in fig. 7:
when a server mainboard is powered on, based on the password and the trusted control function of the TPM/TPCM chip 700, the server sequentially performs trusted measurement on the BMC U-Boot module 701, the BMC OS Kernel module 702, the trusted management agent 703 and the BMC App module 704, so that the running environment built in the BMC microprocessor can be safe and trusted; after confirming the security and the credibility of the operating environment built inside the BMC microprocessor, the credible management agent 703 takes over the credible management work of the server, where the credible management work includes the startup measurement and the establishment of a credible chain of the subsequent server, the management of the TPM/TPCM chip 700, and the credible update management of the server firmware/software.
In the process of starting the server, if any server firmware/software module (for example, the BIOS module 704, the Boot Loader module 705, the OS Kernel module 706, or the like) causes the measurement to be unexpected due to abnormal tampering, that is, the measurement fails, the start of the server is terminated, and then the trusted management agent 703 running on the BMC microprocessor monitors the abnormality and reports the abnormality.
A specific remote trusted management monitoring and diagnosing process of abnormal server startup is illustrated, in the embodiment of the present application, a case that a BIOS measures Boot Loader failure is taken as an example for description, with reference to fig. 8:
in the first step, the BIOS module 704 measures the Boot Loader module 705, and after failure, stores the measurement status of the measurement failure in the TPM/TPCM chip 700.
In the second step, the TPM/TPCM chip 700 informs the trusted management agent 703 of the failure to measure.
Third, the trusted management agent 703 informs the trusted management cloud platform 708 of the detailed information of the measurement failure.
Fourth, the trusted management agent 703 informs the server management platform 709 of the exception of the failed server boot and the location of the server failure.
When the server management platform 709 needs to repair or upgrade a firmware/software module involved in a server Boot process, a trusted update process of corresponding firmware/software is as follows, in this embodiment, a Boot Loader is updated as an example, and fig. 9 is a schematic structural diagram of a Boot Loader code provided in this embodiment, referring to fig. 9:
in the first step, the server management platform 709 sends an update instruction and Boot Loader codes to the server BMC APP module 707.
In the second step, the server BMC APP module 707 forwards the update instruction and the Boot Loader code to the trusted management agent 703.
Thirdly, the trusted management agent 703 sends the Boot Loader code to the trusted management cloud platform 708.
In the fourth step, the trusted management cloud platform 708 performs measurement expected value calculation on the Boot Loader code, and sends a new measurement expected value back to the trusted management agent 703.
In the fifth step, the trusted management agent 703 stores the new measurement expected value of Boot Loader into the TPM/TPCM module 705.
In the sixth step, the trusted management agent 703 updates the Boot Loader code to the storage area of the Boot Loader module.
Through the above steps, the repair or upgrade of the Boot Loader module 705 of the server can be completed, and the repair or upgrade processes of other modules in the server are the same as the above steps, except that the modules to be updated are different, which is not described herein again.
According to the trusted management method provided by the embodiment of the application, the trusted management agent is constructed in the BMC module, the trusted management agent works in a stable and stable working environment, the influence of the running state of a main system of the server is avoided, the measurement result/state can be ensured to be read out in time, remote trusted monitoring and fault positioning can be carried out on the abnormity in the trusted starting of the server, and remote trusted updating of a firmware/software module at the bottom layer of the server can be realized.
Based on the foregoing embodiments, an embodiment of the present application provides a trusted management apparatus, and referring to fig. 10, the trusted management apparatus 1100 includes:
a constructing unit 1101, configured to construct an independent trusted management agent inside the BMC module of the server;
the trusted management agent 1102 is configured to perform trusted management on a server, where performing trusted management on the server by the trusted management agent at least includes: the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted mode.
Based on the trusted management security and stability realized by the trusted management device, when the server executes trusted starting measurement, the influence of power failure caused by system starting failure can be avoided, the measurement result/state can be ensured to be stably read, and meanwhile, firmware/software in the server can be updated.
In other embodiments, the trusted management agent may include a trusted communication module for establishing a trusted network connection with the trusted management platform using a separate network connection channel of the BMC module; and providing a trusted and safe data transmission channel for trusted management of the server through the trusted network connection so as to realize trusted management of the server.
In other embodiments, when the trusted management agent comprises management of a TPM/TPCM chip in the server, the trusted management agent may comprise: a first receiving unit, configured to receive, through the trusted network connection, an instruction sent by the trusted management platform and used for reading a metric state; a first response unit, configured to respond to the instruction for reading the metric state, and read the metric state in the server boot process from the TPM/TPCM chip through a relevant protocol; a first sending unit, configured to send the measurement state to the trusted management platform through the trusted network connection.
In other embodiments, when the trusted management agent comprises a trusted update to the firmware/software of the server, the trusted management agent may comprise: the second receiving unit is used for receiving a firmware/software updating instruction sent by the server management platform through the trusted network connection; and the second response unit is used for responding to the firmware/software updating instruction and updating the firmware/software through the server updating interface.
In other embodiments, when the trusted management agent includes performing trusted boot metrics on the server, the trusted management agent may include: a third receiving unit, configured to receive, through the trusted network connection, a metric expected value update instruction sent by the trusted management platform, where the metric expected value update instruction includes a new metric expected value; and the third response unit is used for responding to the measurement expectation updating instruction and writing the new measurement expectation value into the TPM/TPCM chip through a relevant protocol.
In other embodiments, when the trusted management agent includes execution of trusted boot metrics on the server, the trusted management agent includes: the first measurement unit is used for carrying out static measurement on the BMC APP of the server; the first writing unit is used for writing the BMC APP metric value into the TPM/TPCM chip through a relevant protocol to obtain the measurement state of the BMC APP; the second measurement unit is used for measuring the code of the BIOS of the server when the measurement state of the BMC APP is measurement success; the second write-in unit is used for writing the measurement value of the BIOS into the TPM/TPCM chip through a relevant protocol to obtain the measurement state of the BIOS; and the notification unit is used for notifying the BMC module to give the control right of the CPU of the server to the BIOS when the measurement state of the BIOS is measurement success.
When it needs to be noted, the above steps are operations executed in the starting process of the server.
In other embodiments, the trusted management agent further comprises: the reporting unit is used for monitoring the metric value of the firmware/software module of the server in the starting process of the server; if the measured value of the firmware/software module of the server is not in accordance with the expectation, reporting the monitored abnormal condition that the measured value is not in accordance with the expectation through the trusted network connection so as to realize the remote trusted monitoring and fault positioning of the trusted boot abnormality of the server.
In other embodiments, the reporting unit may include: the first receiving module is used for receiving the information of measurement failure sent by the TPM/TPCM chip; the first informing module is used for informing the trusted management platform of the information of the measurement failure through the trusted network connection; and the second informing module is used for informing the server management platform of the starting failure and the position of the server through the BMC APP.
In other embodiments, the trusted management agent may further include: the second receiving module is used for receiving an update instruction forwarded by the server management platform through the BMC APP of the server, wherein the update instruction comprises a Boot Loader code; the first sending module is used for sending the Boot Loader code to the trusted management platform through the trusted network connection; a third receiving module, configured to receive, through the trusted network connection, a new metric expected value returned by the trusted management platform for the Boot Loader code; the storage module is used for storing the new measurement expected value of the Boot Loader into a TPM/TPCM chip; and the updating module is used for updating the Boot Loader codes to a Boot Loader storage area.
Here, it should be noted that: the above description of the embodiment of the apparatus is similar to the above description of the embodiment of the method, and has similar beneficial effects to the embodiment of the method, and therefore, the description thereof is omitted. For technical details not disclosed in the embodiments of the present apparatus, please refer to the description of the embodiments of the method of the present application for understanding, and therefore, for brevity, will not be described again.
Based on the foregoing embodiments, an embodiment of the present application provides a trusted management system, and fig. 11 is a schematic structural diagram of a trusted management system provided in an embodiment of the present application, and referring to fig. 11, the trusted management system includes: the system comprises a BMC module 600 of the server, a trusted management agent 601 and a trusted management platform 602, wherein the trusted management agent 601 runs inside the BMC module 600 of the server and is used for performing trusted management on the server;
wherein, the trusted management agent performs trusted management on the server at least comprises one of the following steps: the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted manner;
the trusted management platform 602 communicates remotely with the trusted management agent 601.
Here, the trusted management system may further include a TPM/TPCM chip 605 in the server.
In the trusted management system provided in the embodiment of the present application, the trusted management agent 601 running inside the BMC module 600 of the server is a key for implementing remote trusted management on the server system 610.
In other embodiments, the trusted management agent 601 may include a trusted communication module, the trusted communication module is configured to establish a trusted network connection with the server system 610 through a separate network connection channel of the BMC module 600, and the trusted management of the server system 610 provides a trusted and secure data transmission channel.
In other embodiments, the management agent 601 may further include a status reading module, where the status reading module is configured to receive an instruction sent by the trusted management platform 602 to read a metric status, and read the metric status in a server boot process from the TPM/TPCM chip 605 through a relevant protocol, and send the metric status to the trusted management platform 602.
In other embodiments, the management agent 601 may further include a firmware/software update module, wherein the firmware/software update module is configured to receive a firmware/software update instruction sent by the server management platform 603, and update the firmware/software through a server update interface.
In other embodiments, the management agent 601 may further include an expected value updating module, which is configured to receive a metric expected value updating instruction sent by the trusted management platform 602, where the metric expected value updating instruction includes a new metric expected value, and write the new metric expected value into the TPM/TPCM chip 605 through a related protocol.
In other embodiments, the trusted management agent 601 may further include a trusted metrics module, and the trusted metrics module is configured to perform the following operations during the boot process of the server: performing static measurement on the BMC APP604 of the server; writing the metric value of the BMC APP604 into the TPM/TPCM chip 605 through a relevant protocol; if the BMC APP604 measures successfully, measuring a code of the BIOS of the server; writing the metric of the BIOS into the TPM/TPCM chip 605 via a relevant protocol; if the BIOS measurement is successful, the BMC module 600 is notified to pass control of the CPU of the server to the BIOS.
It should be noted that, in the embodiment of the present application, if the above-mentioned trusted management method is implemented in the form of a software functional module and is sold or used as a standalone product, it may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a trusted management device to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.
Correspondingly, an embodiment of the present application provides a trusted management device, where the device includes a memory and a processor, where the memory stores a computer program that is executable on the processor, and the processor implements the steps of the trusted management method provided in any of the above embodiments when executing the program.
Correspondingly, an embodiment of the present application provides a readable storage medium, in which computer-executable instructions are stored, and the computer-executable instructions are stored in the computer-readable storage medium, and are configured to execute the trusted management method provided in any of the above embodiments.
Here, it should be noted that: the above description of the storage medium and device embodiments is similar to the description of the method embodiments above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for causing a server to execute the method described in the embodiments of the present application.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.

Claims (14)

1. A trusted management method, characterized in that the method comprises:
an independent trusted management agent is built inside a BMC module of the server;
the trusted management agent performs trusted management on the server;
wherein, the trusted management agent performs trusted management on the server at least comprises one of the following steps:
the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted mode.
2. The method of claim 1, wherein the trusted management agent establishes a trusted network connection with the trusted management platform using a separate network connection channel of the BMC module;
and providing a trusted and safe data transmission channel for trusted management of the server through the trusted network connection so as to realize trusted management of the server.
3. The method as claimed in claim 2, wherein when the managing the server with trust comprises managing a TPM/TPCM chip in the server, the providing a data transmission channel with trust security for the managing the server with trust through the trusted network connection to implement the managing the server with trust comprises:
the trusted management agent is connected through the trusted network and receives an instruction which is sent by the trusted management platform and used for reading a measurement state;
reading the measurement state in the server starting process from the TPM/TPCM chip through a relevant protocol in response to the measurement state reading instruction;
and sending the measurement state to the trusted management platform through the trusted network connection.
4. The method of claim 2, wherein when the performing the trusted management on the server includes performing the trusted update on firmware/software of the server, the providing a trusted and secure data transmission channel for the trusted management of the server through the trusted network connection to perform the trusted management on the server includes:
the trusted management agent is connected through the trusted network and receives a firmware/software updating instruction sent by a server management platform;
and updating the firmware/software through a server updating interface in response to the firmware/software updating instruction.
5. The method of claim 2, wherein when performing the trusted boot measurement on the server, the providing a trusted secure data transmission channel for trusted management of the server through the trusted network connection to perform trusted management on the server comprises:
in the starting process of the server, the following operations are executed:
performing static measurement on a BMC APP of the server;
writing the BMC APP metric value into the TPM/TPCM chip through a relevant protocol to obtain the metric state of the BMC APP;
if the measurement state of the BMC APP is successful, measuring a code of a BIOS of the server;
writing the measurement value of the BIOS into the TPM/TPCM chip through a relevant protocol to obtain the measurement state of the BIOS;
and if the measurement state of the BIOS is successful, informing the BMC module to transfer the control right of the CPU of the server to the BIOS.
6. The method of claim 5, wherein when performing the trusted boot measurement on the server, the providing a trusted secure data transmission channel for trusted management of the server through the trusted network connection to perform trusted management on the server includes:
the trusted management agent receives a metric expected value updating instruction sent by the trusted management platform through the trusted network connection, wherein the metric expected value updating instruction comprises a new metric expected value;
and in response to the measurement expectation updating instruction, writing the new measurement expectation value into the TPM/TPCM chip through a relevant protocol.
7. The method of claim 5, wherein the providing a trusted secure data transmission channel for trusted management of the server through the trusted network connection to implement trusted management of the server further comprises:
monitoring a metric value of a firmware/software module of a server in a server starting process;
if the measured value of the firmware/software module of the server is not in accordance with the expectation, reporting the monitored abnormal condition that the measured value is not in accordance with the expectation through the trusted network connection so as to realize the remote trusted monitoring and fault positioning of the trusted boot abnormality of the server.
8. The method as claimed in claim 7, wherein reporting the monitored metric value not meeting the expected anomaly via the trusted network connection to achieve remote trusted monitoring and fault location of the startup anomaly of the server comprises:
receiving information of measurement failure sent by the TPM/TPCM chip, wherein the information of measurement failure is used for representing that the server fails in the starting process;
informing the trusted management platform of the information of the measurement failure through the trusted network connection;
and informing the server management platform of the abnormal starting failure of the server and the fault position of the server through the BMC APP.
9. The method of claim 6, wherein the providing a trusted secure data transmission channel for trusted management of the server through the trusted network connection to implement trusted management of the server further comprises:
receiving an update instruction forwarded by a server management platform through a BMC APP of the server, wherein the update instruction comprises a code to be updated;
sending the code to be updated to the trusted management platform through the trusted network connection;
receiving a new metric expected value returned by the trusted management platform for the code to be updated through the trusted network connection;
storing the new measurement expected value of the code to be updated into a TPM/TPCM chip;
and updating the code to be updated to a storage area of the code to be updated.
10. The method of claim 9, wherein the providing a trusted secure data transmission channel for trusted management of a server through the trusted network connection to implement trusted management of the server further comprises:
receiving an update instruction forwarded by a server management platform through a BMC APP of the server, wherein the update instruction comprises a Boot Loader code;
sending the Boot Loader code to the trusted management platform through the trusted network connection;
receiving a new measurement expected value returned by the trusted management platform for the Boot Loader code through the trusted network connection;
storing the new measurement expected value of the Boot Loader into a TPM/TPCM chip;
and updating the Boot Loader code to a Boot Loader storage area.
11. A trusted management device, wherein said device comprises:
the building unit is used for building an independent trusted management agent in the BMC module of the server;
the trusted management agent is configured to perform trusted management on a server, where performing trusted management on the server by the trusted management agent at least includes:
the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted mode.
12. A trusted management system, said system comprising: a BMC module of the server, a trusted management agent, a trusted management platform, wherein,
the trusted management agent runs inside a BMC module of the server and is used for performing trusted management on the server;
wherein, the trusted management agent performs trusted management on the server at least comprises one of the following steps: the trusted management agent is used as an independent TPM/TPCM physical trusted root to execute trusted boot measurement on the server, manage a TPM/TPCM chip in the server and update the firmware/software of the server in a trusted manner;
the trusted management platform and the trusted management agent implement remote communication.
13. A trusted management device, said device comprising a memory and a processor, said memory storing a computer program operable on said processor, wherein said processor implements the steps of the method of any one of claims 1 to 10 when executing said program.
14. A computer-readable storage medium having computer-executable instructions stored thereon, the computer-readable storage medium having computer-executable instructions stored thereon that are configured to perform the trusted management method provided by any one of claims 1 to 10.
CN201911007916.9A 2019-10-22 2019-10-22 Trusted management method, device, system, equipment and storage medium Pending CN112702182A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911007916.9A CN112702182A (en) 2019-10-22 2019-10-22 Trusted management method, device, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911007916.9A CN112702182A (en) 2019-10-22 2019-10-22 Trusted management method, device, system, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112702182A true CN112702182A (en) 2021-04-23

Family

ID=75504966

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911007916.9A Pending CN112702182A (en) 2019-10-22 2019-10-22 Trusted management method, device, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112702182A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114153782A (en) * 2022-01-24 2022-03-08 阿里云计算有限公司 Data processing system, method and storage medium
CN114666103A (en) * 2022-03-04 2022-06-24 阿里巴巴(中国)有限公司 Credible measuring device, equipment and system and credible identity authentication method
CN114860339A (en) * 2022-04-28 2022-08-05 阿里巴巴(中国)有限公司 Control method of intelligent board card, starting method of electronic equipment and electronic system
CN116628701A (en) * 2023-05-25 2023-08-22 合芯科技有限公司 TPCM (thermoplastic polyurethane) in-place detection method and device, server starting method and server

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104123511A (en) * 2014-07-28 2014-10-29 浪潮集团有限公司 Method for realizing BMC safety management in server with trusted computing function
CN105095768A (en) * 2015-08-20 2015-11-25 浪潮电子信息产业股份有限公司 Virtualization-based credible server trust chain construction method
CN105160255A (en) * 2015-08-06 2015-12-16 浪潮电子信息产业股份有限公司 Trustworthy measurement apparatus and method
CN105740710A (en) * 2016-02-01 2016-07-06 浪潮电子信息产业股份有限公司 Method for implementing BIOS dynamic measurement based on BMC
CN107493271A (en) * 2017-07-28 2017-12-19 大唐高鸿信安(浙江)信息科技有限公司 Credible and secure network system
CN107506663A (en) * 2017-08-02 2017-12-22 中电科技(北京)有限公司 Server security based on credible BMC starts method
CN109670349A (en) * 2018-12-13 2019-04-23 英业达科技有限公司 The hardware structure of trusted computer and the credible starting method of computer
CN109726562A (en) * 2019-01-03 2019-05-07 北京工业大学 A kind of starting method that server master board based on credible BMC is credible
CN109889477A (en) * 2018-12-20 2019-06-14 北京华胜天成信息技术发展有限公司 Server based on trusted cryptography's engine starts method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104123511A (en) * 2014-07-28 2014-10-29 浪潮集团有限公司 Method for realizing BMC safety management in server with trusted computing function
CN105160255A (en) * 2015-08-06 2015-12-16 浪潮电子信息产业股份有限公司 Trustworthy measurement apparatus and method
CN105095768A (en) * 2015-08-20 2015-11-25 浪潮电子信息产业股份有限公司 Virtualization-based credible server trust chain construction method
CN105740710A (en) * 2016-02-01 2016-07-06 浪潮电子信息产业股份有限公司 Method for implementing BIOS dynamic measurement based on BMC
CN107493271A (en) * 2017-07-28 2017-12-19 大唐高鸿信安(浙江)信息科技有限公司 Credible and secure network system
CN107506663A (en) * 2017-08-02 2017-12-22 中电科技(北京)有限公司 Server security based on credible BMC starts method
CN109670349A (en) * 2018-12-13 2019-04-23 英业达科技有限公司 The hardware structure of trusted computer and the credible starting method of computer
CN109889477A (en) * 2018-12-20 2019-06-14 北京华胜天成信息技术发展有限公司 Server based on trusted cryptography's engine starts method and device
CN109726562A (en) * 2019-01-03 2019-05-07 北京工业大学 A kind of starting method that server master board based on credible BMC is credible

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114153782A (en) * 2022-01-24 2022-03-08 阿里云计算有限公司 Data processing system, method and storage medium
CN114153782B (en) * 2022-01-24 2022-05-06 阿里云计算有限公司 Data processing system, method and storage medium
CN114666103A (en) * 2022-03-04 2022-06-24 阿里巴巴(中国)有限公司 Credible measuring device, equipment and system and credible identity authentication method
CN114666103B (en) * 2022-03-04 2023-08-15 阿里巴巴(中国)有限公司 Trusted measurement device, equipment, system and trusted identity authentication method
CN114860339A (en) * 2022-04-28 2022-08-05 阿里巴巴(中国)有限公司 Control method of intelligent board card, starting method of electronic equipment and electronic system
CN114860339B (en) * 2022-04-28 2023-06-02 阿里巴巴(中国)有限公司 Control method of intelligent board card, starting method of electronic equipment and electronic system
CN116628701A (en) * 2023-05-25 2023-08-22 合芯科技有限公司 TPCM (thermoplastic polyurethane) in-place detection method and device, server starting method and server
CN116628701B (en) * 2023-05-25 2023-11-24 合芯科技有限公司 TPCM (thermoplastic polyurethane) in-place detection method and device, server starting method and server

Similar Documents

Publication Publication Date Title
CN112702182A (en) Trusted management method, device, system, equipment and storage medium
CN111158767B (en) BMC-based server safe starting method and device
US8543866B2 (en) Remote access diagnostic mechanism for communication devices
US20090249319A1 (en) Testing method of baseboard management controller
WO2018095107A1 (en) Bios program abnormal processing method and apparatus
US20140122930A1 (en) Performing diagnostic tests in a data center
TWI261748B (en) Policy-based response to system errors occurring during OS runtime
CN110377344A (en) A kind of method for refreshing and relevant device of FRU information
CN113672306B (en) Server component self-checking abnormity recovery method, device, system and medium
CN111427602B (en) Method for upgrading firmware on line of intelligent platform management controller of VPX case
CN101471820B (en) Test method for substrate management controller
CN116225812B (en) Baseboard management controller system operation method, device, equipment and storage medium
CN115599617B (en) Bus detection method and device, server and electronic equipment
CN111475186A (en) Firmware upgrading method, device, equipment and medium based on BMC
CN113220324B (en) CPLD remote updating method, system and medium
CN115618360A (en) Server tamper-proof safe starting method and device
CN113190491B (en) Serial port information display method, system and medium
CN114138587A (en) Reliability verification method, device and equipment for upgrading server power firmware
CN117251333A (en) Method, device, equipment and storage medium for acquiring hard disk information
CN117762703A (en) Hardware stability detection method, device, terminal equipment and storage medium
TWI298137B (en)
CN117675576A (en) Method and device for upgrading server firmware, server and electronic equipment
CN111538627A (en) Method, device, system and storage medium for detecting BIOS fault
CN117742819A (en) Processing method and device of configuration file, storage medium and electronic equipment
CN114461464A (en) Server production test method and device, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210423