CN112835628A - Server operating system booting method, device, equipment and medium - Google Patents
Server operating system booting method, device, equipment and medium Download PDFInfo
- Publication number
- CN112835628A CN112835628A CN202110076353.XA CN202110076353A CN112835628A CN 112835628 A CN112835628 A CN 112835628A CN 202110076353 A CN202110076353 A CN 202110076353A CN 112835628 A CN112835628 A CN 112835628A
- Authority
- CN
- China
- Prior art keywords
- server
- operating system
- program
- image program
- tftp service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
Abstract
The application discloses a method, a device, equipment and a medium for guiding a server operating system, wherein the method comprises the following steps: the method comprises the steps of configuring a PXE enabling mode of a server as an encryption mode by default, and guiding the server to enter a PXE phase; scanning TFTP service corresponding to a server in a network to determine whether a boot program and an operating system mirror program corresponding to the server exist in the TFTP service; if the boot program and the operating system mirror image program corresponding to the server exist in the TFTP service, verifying the operating system mirror image program based on a digital certificate corresponding to the server; and when the operating system image program passes the verification, the bootstrap program is operated by the server so as to bootstrap the operating system image program. Therefore, the reliability of the operating system mirror image program can be ensured by checking the operating system mirror image program firstly, the malicious mirror image program is prevented from being guided, and the reliability of the operating system of the server is ensured.
Description
Technical Field
The present application relates to the field of server technologies, and in particular, to a method, an apparatus, a device, and a medium for booting a server operating system.
Background
With the development of information technology, the degree of informatization is continuously improved, and information security is more and more concerned, especially security of a server. In the management process of the server, in order to ensure that a System in which the server operates is controllable, when the server is started, the server boots an Operating System (OS) through a Basic Input Output System (BIOS), and the BIOS first boots a pre-boot eXecution Environment (PXE) to perform network boot. In the existing boot process of the server operating system, the network boot item is directly loaded, which may lead out an unsafe server operating system, so that the whole server operating system is unreliable.
Therefore, how to ensure the reliability of the operating system boot of the server is an important issue to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method, an apparatus, a device, and a medium for booting a server operating system, which can ensure reliability of the booted server operating system. The specific scheme is as follows:
in a first aspect, the present application discloses a method for booting a server operating system, including:
the method comprises the steps of configuring a PXE enabling mode of a server as an encryption mode by default, and guiding the server to enter a PXE phase;
scanning a TFTP service corresponding to the server in a network to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service;
if the boot program and the operating system mirror image program corresponding to the server exist in the TFTP service, verifying the operating system mirror image program based on a digital certificate corresponding to the server;
and when the operating system image program passes the verification, the bootstrap program is operated by the server to bootstrap the operating system image program.
Optionally, the scanning a TFTP service corresponding to the server in the network to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service includes:
scanning TFTP service corresponding to the server in the network;
if the TFTP service exists, whether a bootstrap program and an operating system image program corresponding to the server exist in the TFTP service is detected, wherein the bootstrap program and the operating system image program both conform to TFTP specifications.
Optionally, the detecting whether a boot program and an operating system image program corresponding to the server exist in the TFTP service includes:
and detecting all files under a default directory in the TFTP service to determine whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service.
Optionally, after the scanning the TFTP service corresponding to the server in the network to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service, the method further includes:
if the TFTP service does not exist in the network, or the TFTP service exists in the network and the bootstrap program and the operating system mirror program do not exist in the TFTP service, local bootstrap of the operating system of the server is carried out.
Optionally, after the default configuration of the PXE enabled mode of the server to the encryption mode, the method further includes:
and acquiring the digital certificate and storing the digital certificate, wherein the digital certificate comprises a public key corresponding to the server.
Optionally, the verifying the operating system image program based on the digital certificate corresponding to the server includes:
decrypting a signature file corresponding to the operating system mirror image program by using the public key in the digital certificate to obtain a reference plaintext, wherein the signature file is stored in the TFTP service and is obtained by calculating the operating system mirror image program by using a preset algorithm and encrypting a calculation result by using a private key corresponding to the public key;
processing the operating system mirror image program by using the preset algorithm to obtain a plaintext to be verified;
and comparing the reference plaintext with the plaintext to be verified, and judging whether the operating system image program passes the verification according to a comparison result.
Optionally, the default configuration of the PXE-enabled mode of the server to the encryption mode includes:
configuring a PXE enabled mode of the server as an encryption mode by default in a BIOS setup page of the server.
In a second aspect, the present application discloses a server operating system booting apparatus, including:
the PXE setting module is used for configuring a PXE enabling mode of the server as an encryption mode by default and guiding the server to enter a PXE phase;
a scanning module, configured to scan a TFTP service corresponding to the server in a network, so as to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service;
a verification module, configured to verify, if the boot program and the operating system image program corresponding to the server exist in the TFTP service, the operating system image program based on a digital certificate corresponding to the server;
and the guide module is used for running the guide program through the server when the operating system image program passes the verification so as to guide the operating system image program.
In a third aspect, the present application discloses a server, comprising:
a memory and a processor;
wherein the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the server operating system booting method disclosed above.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the server operating system booting method disclosed above.
It can be seen that, in the present application, a PXE enabled mode of a server is firstly configured as an encryption mode by default, the server is booted to enter a PXE phase, and then a TFTP service corresponding to the server in a network is scanned to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service, if the boot program and the operating system image program corresponding to the server exist in the TFTP service, the operating system image program is verified based on a digital certificate corresponding to the server, and when the operating system image program passes the verification, the boot program is run by the server to boot the operating system image program. As can be seen, the PXE enabled mode of the server is configured as an encryption mode by default, so that when the server enters the PXE phase, scanning a TFTP server corresponding to the server in a network, when finding that the TFTP server has a bootstrap program and an operating system mirror image program corresponding to the server, firstly checking the operating system mirror image program, compared with the prior art that the bootstrap program and the operating system mirror program are directly operated after the bootstrap program and the operating system mirror program are found, the verification of the operating system mirror program can ensure the reliability of the operating system mirror program, avoid guiding the malicious mirror program and ensure the reliability of the operating system of the server.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a method for booting a server operating system as disclosed herein;
FIG. 2 is a flow chart of a particular server operating system boot method disclosed herein;
FIG. 3 is a flow chart of a particular server operating system boot method disclosed herein;
FIG. 4 is a schematic diagram of a booting device of a server operating system according to the present disclosure;
fig. 5 is a schematic diagram of a server structure disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, when the operating system of the server is booted in the PXE mode, as long as the boot program and the image program of the operating system are found, the boot program directly boots the image program of the operating system, which may lead out the operating system of the server that is not secure, thereby making the operating system of the whole server unreliable. In view of this, the present application provides a method for booting a server operating system, which can ensure the reliability of the booted server operating system.
Referring to fig. 1, an embodiment of the present application discloses a method for booting a server operating system, where the method includes:
step S11: a PXE enabled mode of a server is configured as an encrypted mode by default, and the server is booted into a PXE phase.
In a specific implementation, a PXE enabled mode of a server needs to be configured as an encrypted mode by default, and the server is booted to enter the PXE phase. Firstly, the PXE enabling mode of the server is configured as an encryption mode by default, namely, when the server enters the PXE mode, the encryption mode is adopted by default to conduct operating system booting.
Specifically, the default setting of the PXE enabled mode of the server to be the encryption mode may specifically include: configuring a PXE enabled mode of the server as an encryption mode by default in a BIOS setup page of the server.
Step S12: scanning TFTP service corresponding to the server in the network to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service.
Accordingly, after the server enters the PXE mode, it scans TFTP (simple File Transfer Protocol) services corresponding to the server in the network, so as to determine whether a bootstrap program and an operating system image program corresponding to the server exist in the TFTP services. The bootstrap program is used for booting an operating system image program corresponding to the server, and the operating system image program is used for installing an operating system of the server.
Step S13: and if the boot program and the operating system image program corresponding to the server exist in the TFTP service, verifying the operating system image program based on the digital certificate corresponding to the server.
It is understood that if the boot program and the server-to-corresponding operating system image program exist in the TFTP service, the operating system image program needs to be verified based on the server-corresponding digital certificate.
In an actual process, the operating system image program may have threat information, and if the operating system image program is directly booted, the reliability of the operating system of the server may be affected, so that the operating system image program needs to be checked based on a digital certificate corresponding to the server, so as to determine the reliability of the operating system image file.
Step S14: and when the operating system image program passes the verification, the bootstrap program is operated by the server to bootstrap the operating system image program.
It will be appreciated that when the operating system image file passes the verification, indicating that the operating system image file is authentic, the operating system image file may be booted and the server may run the boot program to boot the operating system image program. And if the operating system image program does not pass the verification, the operating system image program is not reliable, and the operating system image program is not guided.
It can be seen that, in the present application, a PXE enabled mode of a server is firstly configured as an encryption mode by default, the server is booted to enter a PXE phase, and then a TFTP service corresponding to the server in a network is scanned to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service, if the boot program and the operating system image program corresponding to the server exist in the TFTP service, the operating system image program is verified based on a digital certificate corresponding to the server, and when the operating system image program passes the verification, the boot program is run by the server to boot the operating system image program. As can be seen, the PXE enabled mode of the server is configured as an encryption mode by default, so that when the server enters the PXE phase, scanning a TFTP server corresponding to the server in a network, when finding that the TFTP server has a bootstrap program and an operating system mirror image program corresponding to the server, firstly checking the operating system mirror image program, compared with the prior art that the bootstrap program and the operating system mirror program are directly operated after the bootstrap program and the operating system mirror program are found, the verification of the operating system mirror program can ensure the reliability of the operating system mirror program, avoid guiding the malicious mirror program and ensure the reliability of the operating system of the server.
Referring to fig. 2, an embodiment of the present application discloses a specific server operating system booting method, including:
step S21: a PXE enabled mode of a server is configured as an encrypted mode by default, and the server is booted into a PXE phase.
In practical applications, after the PXE enabled mode of the server is configured as the encryption mode by default, the method further includes: and acquiring the digital certificate and storing the digital certificate, wherein the digital certificate comprises a public key corresponding to the server.
Step S22: and scanning the TFTP service corresponding to the server in the network.
After the server is booted to enter the PXE mode, the TFTP service corresponding to the server in the network needs to be scanned, and if the TFTP service does not exist, the local boot of the operating system of the server is directly performed. If the TFTP service exists, subsequent network bootstrapping may proceed.
Step S23: if the TFTP service exists, whether a bootstrap program and an operating system image program corresponding to the server exist in the TFTP service is detected, wherein the bootstrap program and the operating system image program both conform to TFTP specifications.
If the TFTP service exists, whether a bootstrap program and an operating system image program corresponding to the server exist in the TFTP service is detected, wherein the bootstrap program and the operating system image program both conform to TFTP specifications.
Specifically, the detecting whether a boot program and an operating system image program corresponding to the server exist in the TFTP service includes: and detecting all files under a default directory in the TFTP service to determine whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service. That is, the boot program and the operating system image program are generally placed under the default directory in the TFTP service according to the TFTP specification, so after the TFTP service is found, all files under the default directory in the TFTP service can be detected to determine whether the boot program and the operating system image program exist in the TFTP service.
Step S24: and if the boot program and the operating system image program corresponding to the server exist in the TFTP service, verifying the operating system image program based on the digital certificate corresponding to the server.
And if the boot program and the operating system image program corresponding to the server exist in the TFTP service, verifying the operating system image program based on the digital certificate corresponding to the server.
Specifically, the verifying the operating system image program based on the digital certificate corresponding to the server includes: decrypting a signature file corresponding to the operating system mirror image program by using the public key in the digital certificate to obtain a reference plaintext, wherein the signature file is stored in the TFTP service and is obtained by calculating the operating system mirror image program by using a preset algorithm and encrypting a calculation result by using a private key corresponding to the public key; processing the operating system mirror image program by using the preset algorithm to obtain a plaintext to be verified; and comparing the reference plaintext with the plaintext to be verified, and judging whether the operating system image program passes the verification according to a comparison result. The preset algorithm is an MD5 algorithm and the like.
That is, when the operating system image program is stored in the TFTP service, the operating system image program is calculated by using the preset algorithm to obtain a calculation result, then, the calculation result is encrypted by using a private key corresponding to the public key in the digital certificate to obtain the signature file, and storing the signature file, the operating system image file and the bootstrap program in a default directory in the TFTP service, so the public key in the digital certificate is firstly utilized to decrypt the signature file corresponding to the operating system mirror image program to obtain a reference plaintext, and then processing the operating system mirror image program by using the preset algorithm to obtain a plaintext to be verified, comparing the reference plaintext with the plaintext to be verified, and judging whether the operating system mirror image program passes the verification according to a comparison result.
Step S25: and when the operating system image program passes the verification, the bootstrap program is operated by the server to bootstrap the operating system image program.
If the comparison result is consistent, the checking of the operating system image program is passed, and if the comparison result is inconsistent, the checking of the operating system image program is not passed. And if the operating system image program passes the verification, the server runs the bootstrap program to bootstrap the operating system image program.
Step S26: if the TFTP service does not exist in the network, or the TFTP service exists in the network and the bootstrap program and the operating system mirror program do not exist in the TFTP service, local bootstrap of the operating system of the server is carried out.
If the TFTP service does not exist in the network, or the TFTP service exists in the network and the bootstrap program and the operating system mirror program do not exist in the TFTP service, local bootstrap of the operating system of the server is carried out.
In addition to the encrypted mode, the PXE enabled mode of the server may be set to an unencrypted mode, where the unencrypted mode is the same way as the operating system of a prior art server boots. That is, in the non-encryption mode, after the server enters the PXE mode, the TFTP service is detected, if a boot program and an operating system image program corresponding to the server are detected in the TFTP service, the boot program is directly run to boot the operating system image program, and if the TFTP service is not detected or the boot program and the operating system image program do not exist in the TFTP service, the local boot of the operating system of the server is performed.
Referring to fig. 3, a flow chart of the booting of the server operating system is shown. The method comprises the steps of starting two modes, namely an encryption mode and a non-encryption mode, of a PXE of a server, starting the encryption mode by default, specifically, configuring a BIOS (basic input/output System) sauup page, starting the encryption mode, leading the BIOS to a PXE stage, scanning a TFTP (thin film transport protocol) server in a network, detecting whether a bootstrap program exists or not when detecting that TFTP service exists, checking an operating system image program corresponding to the bootstrap program according to a digital certificate if the bootstrap program exists, and continuously loading the bootstrap program and running the bootstrap program if the operating system image program corresponding to the bootstrap program passes the check.
Referring to fig. 4, an embodiment of the present application discloses a server operating system booting apparatus, including:
the PXE setting module 11 is used for configuring a PXE enabling mode of the server as an encryption mode by default and guiding the server to enter a PXE phase;
a scanning module 12, configured to scan a TFTP service corresponding to the server in a network, so as to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service;
a verification module 13, configured to verify, if the boot program and the operating system image program corresponding to the server exist in the TFTP service, the operating system image program based on a digital certificate corresponding to the server;
and a boot module 14, configured to run the boot program through the server when the operating system image program passes the verification, so as to boot the operating system image program.
It can be seen that, in the present application, a PXE enabled mode of a server is firstly configured as an encryption mode by default, the server is booted to enter a PXE phase, and then a TFTP service corresponding to the server in a network is scanned to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service, if the boot program and the operating system image program corresponding to the server exist in the TFTP service, the operating system image program is verified based on a digital certificate corresponding to the server, and when the operating system image program passes the verification, the boot program is run by the server to boot the operating system image program. As can be seen, the PXE enabled mode of the server is configured as an encryption mode by default, so that when the server enters the PXE phase, scanning a TFTP server corresponding to the server in a network, when finding that the TFTP server has a bootstrap program and an operating system mirror image program corresponding to the server, firstly checking the operating system mirror image program, compared with the prior art that the bootstrap program and the operating system mirror program are directly operated after the bootstrap program and the operating system mirror program are found, the verification of the operating system mirror program can ensure the reliability of the operating system mirror program, avoid guiding the malicious mirror program and ensure the reliability of the operating system of the server.
In some specific implementations, the scanning module 12 is configured to:
scanning TFTP service corresponding to the server in the network;
if the TFTP service exists, whether a bootstrap program and an operating system image program corresponding to the server exist in the TFTP service is detected, wherein the bootstrap program and the operating system image program both conform to TFTP specifications.
In some specific implementations, the scanning module 12 is configured to:
and detecting all files under a default directory in the TFTP service to determine whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service.
In some specific implementations, the server operating system boot module further includes:
a local boot module, configured to perform local boot of the operating system of the server if the TFTP service does not exist in the network, or if the TFTP service exists in the network and the boot program and the operating system image program do not exist in the TFTP service.
In some specific implementations, the server operating system boot module further includes:
and the information acquisition module is used for acquiring the digital certificate and storing the digital certificate, wherein the digital certificate comprises a public key corresponding to the server.
In some specific implementation processes, the verification module 13 is configured to:
decrypting a signature file corresponding to the operating system mirror image program by using the public key in the digital certificate to obtain a reference plaintext, wherein the signature file is stored in the TFTP service and is obtained by calculating the operating system mirror image program by using a preset algorithm and encrypting a calculation result by using a private key corresponding to the public key;
processing the operating system mirror image program by using the preset algorithm to obtain a plaintext to be verified;
and comparing the reference plaintext with the plaintext to be verified, and judging whether the operating system image program passes the verification according to a comparison result.
In some specific implementations, the PXE setting module 11 is configured to:
configuring a PXE enabled mode of the server as an encryption mode by default in a BIOS setup page of the server.
Referring to fig. 5, a schematic structural diagram of a server 20 provided in the embodiment of the present application is shown, where the server 20 may specifically implement the steps of the server operating system booting method disclosed in the foregoing embodiment.
In general, the server 20 in the present embodiment includes: a processor 21 and a memory 22.
The processor 21 may include one or more processing cores, such as a four-core processor, an eight-core processor, and so on. The processor 21 may be implemented by at least one hardware of a DSP (digital signal processing), an FPGA (field-programmable gate array), and a PLA (programmable logic array). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (graphics processing unit) which is responsible for rendering and drawing images to be displayed on the display screen. In some embodiments, the processor 21 may include an AI (artificial intelligence) processor for processing computing operations related to machine learning.
Memory 22 may include one or more computer-readable storage media, which may be non-transitory. Memory 22 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 22 is at least used for storing the following computer program 221, wherein after being loaded and executed by the processor 21, the steps of the server operating system booting method disclosed in any one of the foregoing embodiments can be implemented.
In some embodiments, server 20 may also include input output interface 23, communication interface 24, sensors 25, power supply 26, and communication bus 27.
Those skilled in the art will appreciate that the configuration shown in FIG. 5 is not intended to be limiting with respect to server 20 and may include more or fewer components than those shown.
Further, an embodiment of the present application also discloses a computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the server operating system booting method disclosed in any of the foregoing embodiments.
For a specific process of the server operating system booting method, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of other elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above detailed description is provided for a method, an apparatus, a device, and a medium for booting a server operating system, and a specific example is applied in the present disclosure to explain the principle and the implementation of the present disclosure, and the description of the above embodiment is only used to help understand the method and the core idea of the present disclosure; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A method for booting a server operating system, comprising:
the method comprises the steps of configuring a PXE enabling mode of a server as an encryption mode by default, and guiding the server to enter a PXE phase;
scanning a TFTP service corresponding to the server in a network to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service;
if the boot program and the operating system mirror image program corresponding to the server exist in the TFTP service, verifying the operating system mirror image program based on a digital certificate corresponding to the server;
and when the operating system image program passes the verification, the bootstrap program is operated by the server to bootstrap the operating system image program.
2. The server os boot method according to claim 1, wherein the scanning TFTP services corresponding to the server in the network to determine whether a boot program and an os image program corresponding to the server exist in the TFTP services comprises:
scanning TFTP service corresponding to the server in the network;
if the TFTP service exists, whether a bootstrap program and an operating system image program corresponding to the server exist in the TFTP service is detected, wherein the bootstrap program and the operating system image program both conform to TFTP specifications.
3. The server os boot method according to claim 2, wherein the detecting whether a boot program and an os image program corresponding to the server exist in the TFTP service comprises:
and detecting all files under a default directory in the TFTP service to determine whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service.
4. The server os boot method according to claim 1, wherein after scanning the TFTP service corresponding to the server in the network to determine whether a boot program and an os image corresponding to the server exist in the TFTP service, the method further comprises:
if the TFTP service does not exist in the network, or the TFTP service exists in the network and the bootstrap program and the operating system mirror program do not exist in the TFTP service, local bootstrap of the operating system of the server is carried out.
5. The server operating system boot method according to claim 1, wherein after the default configuration of the PXE-enabled mode of the server as the encrypted mode, further comprising:
and acquiring the digital certificate and storing the digital certificate, wherein the digital certificate comprises a public key corresponding to the server.
6. The method for booting the operating system of the server according to claim 5, wherein the verifying the operating system image program based on the digital certificate corresponding to the server includes:
decrypting a signature file corresponding to the operating system mirror image program by using the public key in the digital certificate to obtain a reference plaintext, wherein the signature file is stored in the TFTP service and is obtained by calculating the operating system mirror image program by using a preset algorithm and encrypting a calculation result by using a private key corresponding to the public key;
processing the operating system mirror image program by using the preset algorithm to obtain a plaintext to be verified;
and comparing the reference plaintext with the plaintext to be verified, and judging whether the operating system image program passes the verification according to a comparison result.
7. The server operating system boot method according to any one of claims 1 to 6, wherein the default configuration of the PXE-enabled mode of the server as an encryption mode comprises:
configuring a PXE enabled mode of the server as an encryption mode by default in a BIOS setup page of the server.
8. A server operating system boot apparatus, comprising:
the PXE setting module is used for configuring a PXE enabling mode of the server as an encryption mode by default and guiding the server to enter a PXE phase;
a scanning module, configured to scan a TFTP service corresponding to the server in a network, so as to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service;
a verification module, configured to verify, if the boot program and the operating system image program corresponding to the server exist in the TFTP service, the operating system image program based on a digital certificate corresponding to the server;
and the guide module is used for running the guide program through the server when the operating system image program passes the verification so as to guide the operating system image program.
9. A server, comprising:
a memory and a processor;
wherein the memory is used for storing a computer program;
the processor, configured to execute the computer program to implement the server operating system booting method according to any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the server operating system boot method of any one of claims 1 to 7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110076353.XA CN112835628A (en) | 2021-01-20 | 2021-01-20 | Server operating system booting method, device, equipment and medium |
| PCT/CN2021/143306 WO2022156513A1 (en) | 2021-01-20 | 2021-12-30 | Server operation system guiding method and apparatus, device, and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110076353.XA CN112835628A (en) | 2021-01-20 | 2021-01-20 | Server operating system booting method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112835628A true CN112835628A (en) | 2021-05-25 |
Family
ID=75929113
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110076353.XA Pending CN112835628A (en) | 2021-01-20 | 2021-01-20 | Server operating system booting method, device, equipment and medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112835628A (en) |
| WO (1) | WO2022156513A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113407943A (en) * | 2021-05-28 | 2021-09-17 | 浪潮电子信息产业股份有限公司 | Server starting method, system and storage medium |
| WO2022156513A1 (en) * | 2021-01-20 | 2022-07-28 | 浪潮电子信息产业股份有限公司 | Server operation system guiding method and apparatus, device, and medium |
| WO2022156507A1 (en) * | 2021-01-20 | 2022-07-28 | 浪潮电子信息产业股份有限公司 | Virtual optical disc drive generating method and apparatus, and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101228508A (en) * | 2005-07-21 | 2008-07-23 | 国际商业机器公司 | Methods, apparatus and program products for downloading a boot image of file from a boot file server in a secure manner |
| CN110457073A (en) * | 2019-08-13 | 2019-11-15 | 北京工业大学 | A kind of credible starting method of the Pre-boot Execution Environment PXE of Shen prestige server |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10372463B1 (en) * | 2013-11-27 | 2019-08-06 | EMC IP Holding Company LLC | Provisioning a computerized device with an operating system |
| CN110610091A (en) * | 2019-09-12 | 2019-12-24 | 江苏域固威芯科技有限公司 | Security PXE method based on domestic network platform |
| CN112835628A (en) * | 2021-01-20 | 2021-05-25 | 浪潮电子信息产业股份有限公司 | Server operating system booting method, device, equipment and medium |
-
2021
- 2021-01-20 CN CN202110076353.XA patent/CN112835628A/en active Pending
- 2021-12-30 WO PCT/CN2021/143306 patent/WO2022156513A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101228508A (en) * | 2005-07-21 | 2008-07-23 | 国际商业机器公司 | Methods, apparatus and program products for downloading a boot image of file from a boot file server in a secure manner |
| CN110457073A (en) * | 2019-08-13 | 2019-11-15 | 北京工业大学 | A kind of credible starting method of the Pre-boot Execution Environment PXE of Shen prestige server |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022156513A1 (en) * | 2021-01-20 | 2022-07-28 | 浪潮电子信息产业股份有限公司 | Server operation system guiding method and apparatus, device, and medium |
| WO2022156507A1 (en) * | 2021-01-20 | 2022-07-28 | 浪潮电子信息产业股份有限公司 | Virtual optical disc drive generating method and apparatus, and computer readable storage medium |
| CN113407943A (en) * | 2021-05-28 | 2021-09-17 | 浪潮电子信息产业股份有限公司 | Server starting method, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022156513A1 (en) | 2022-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10931451B2 (en) | Securely recovering a computing device | |
| CN109669734B (en) | Method and apparatus for starting a device | |
| CN109710315B (en) | BIOS (basic input output System) flash writing method and BIOS mirror image file processing method | |
| CN109714303B (en) | BIOS starting method and data processing method | |
| US8254568B2 (en) | Secure booting a computing device | |
| EP2681689B1 (en) | Protecting operating system configuration values | |
| JP5014726B2 (en) | Enhanced execution environment by preventing unauthorized boot loader execution | |
| US11409884B2 (en) | Security profiling of system firmware and applications from an OOB appliance at a differentiated trust boundary | |
| US8826405B2 (en) | Trusting an unverified code image in a computing device | |
| CN112835628A (en) | Server operating system booting method, device, equipment and medium | |
| US20120266259A1 (en) | Approaches for firmware to trust an application | |
| JP6391439B2 (en) | Information processing apparatus, server apparatus, information processing system, control method, and computer program | |
| US10592661B2 (en) | Package processing | |
| US20220382874A1 (en) | Secure computation environment | |
| CN112148314A (en) | Mirror image verification method, device, equipment and storage medium of embedded system | |
| WO2020233044A1 (en) | Plug-in verification method and device, and server and computer-readable storage medium | |
| CN111177752A (en) | Credible file storage method, device and equipment based on static measurement | |
| US20230126541A1 (en) | Information processing apparatus, control method for controlling the same and storage medium | |
| CN114237637A (en) | Firmware flashing method and device, storage medium and electronic equipment | |
| CN117556418A (en) | Method for determining kernel state and related equipment | |
| CN115618362A (en) | Computer system, access control method and storage medium | |
| CN114996773A (en) | SOC chip starting method and device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |