CN113051579A - Control method and device - Google Patents

Control method and device Download PDF

Info

Publication number
CN113051579A
CN113051579A CN202110352238.0A CN202110352238A CN113051579A CN 113051579 A CN113051579 A CN 113051579A CN 202110352238 A CN202110352238 A CN 202110352238A CN 113051579 A CN113051579 A CN 113051579A
Authority
CN
China
Prior art keywords
data
target data
verification
storage area
verification result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110352238.0A
Other languages
Chinese (zh)
Inventor
朱锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN202110352238.0A priority Critical patent/CN113051579A/en
Publication of CN113051579A publication Critical patent/CN113051579A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Abstract

The application discloses a control method and a control device, wherein the method comprises the following steps: under the condition that the electronic equipment obtains a starting instruction, carrying out validity verification on target data according to the state information of the controller in a determined verification mode to obtain a verification result; the target data corresponds to at least firmware data within the controller; and if the verification result represents that the target data is legal, executing the firmware data to control the enabling state of a component corresponding to the firmware data.

Description

Control method and device
Technical Field
The present application relates to the field of computer technologies, and in particular, to a control method and apparatus.
Background
Currently, an embedded controller EC (embedded controller) needs a higher security mechanism to ensure that corresponding components in the device where the EC is located operate normally.
Disclosure of Invention
In view of the above, the present application provides a control method and apparatus, as follows:
a control method, comprising:
under the condition that the electronic equipment obtains a starting instruction, carrying out validity verification on target data according to the state information of the controller in a determined verification mode to obtain a verification result; the target data corresponds to at least firmware data within the controller;
and if the verification result represents that the target data is legal, executing the firmware data to control the enabling state of a component corresponding to the firmware data.
Preferably, the method for performing validity verification on the target data according to the state information of the controller in a determined verification manner to obtain a verification result includes:
searching the target data in a first storage area of a controller to obtain state information of the controller;
when the state information represents that the target data exist in the first storage area, carrying out validity verification on the target data according to a first verification mode to obtain a verification result;
and/or the presence of a gas in the atmosphere,
and under the condition that the state information represents that the target data does not exist in the first storage area, performing validity verification on the target data in a second storage area corresponding to a boot system of the electronic equipment according to a second verification method to obtain a verification result.
Preferably, in the method, after performing validity verification on the target data according to a first verification manner to obtain a verification result, the method further includes:
if the verification result corresponding to the first verification mode represents that the target data is illegal, deleting the target data in the first storage area; and/or the presence of a gas in the atmosphere,
and controlling the electronic equipment to restart so that the target data is legally verified in a second storage area corresponding to a boot system of the electronic equipment according to a second verification mode under the condition that the electronic equipment obtains a starting instruction again, and obtaining a verification result.
In the above method, preferably, after performing validity verification on the target data in a second storage area corresponding to a boot system of the electronic device according to a second verification method to obtain a verification result, the method further includes:
and if the verification result corresponding to the second verification mode represents that the target data is legal, loading the target data in the second storage area into the first storage area.
The above method, preferably, further comprises:
if the verification result corresponding to the second verification mode represents that the target data is abnormal, performing validity verification on backup data in a second storage area corresponding to a guide system of the electronic equipment according to a second verification mode to obtain a verification result;
wherein the target data is in a first storage location in the second storage area, the backup data corresponds to the target data, and the backup data is in a second storage location in the second storage area.
Preferably, in the method, after performing validity check on the backup data in a second storage area corresponding to a boot system of the electronic device according to a second check method to obtain a verification result, the method further includes:
and if the verification result corresponding to the backup data represents that the backup data is illegal, setting a flag bit, and prompting the controller to perform backup processing on the target data when the controller is started next time by the flag bit.
Preferably, in the method, after performing validity check on the backup data in a second storage area corresponding to a boot system of the electronic device according to a second check method to obtain a verification result, the method further includes:
and if the verification result corresponding to the backup data indicates that the backup data is legal, restoring the target data of the first storage bit by using the backup data of the second storage bit, and loading the target data into the first storage area.
The above method, preferably, further comprises:
if the updated target data is obtained, carrying out validity verification on the updated target data;
and under the condition that the updated target data is legal, backing up the updated target data to a second storage bit in the second storage area so as to update the backup data of the second storage bit.
In the above method, preferably, the target data at least includes signature data corresponding to the firmware data, and the signature data is obtained by encrypting a signature string corresponding to the firmware data with a private key;
the method for verifying the validity of the target data according to the first verification mode to obtain a verification result includes:
decrypting the signature data in the target data by using a public key corresponding to the private key to obtain a decrypted character string;
obtaining a verification result according to the decryption character string, wherein the verification result represents that the target data is legal under the condition that the decryption character string is matched with a preset fixed character string;
the public key is stored in a third storage area in the controller, and the third storage area is a non-flash area.
A control device, comprising:
the data verification unit is used for verifying the legality of the target data according to the state information of the controller in a determined verification mode under the condition of obtaining the starting instruction so as to obtain a verification result; the target data corresponds to at least firmware data within the controller;
a data execution unit, configured to execute the firmware data to control an enable state of a component corresponding to the firmware data if the verification result indicates that the target data is legal
An electronic device, comprising:
a controller;
a processor; the controller is capable of implementing a first function such that the processor is capable of implementing a second function if a preset condition is met;
wherein the controller is to: under the condition of obtaining a starting instruction, carrying out validity verification on target data according to the state information of the controller in a determined verification mode to obtain a verification result; the target data corresponds to at least firmware data within the controller; and if the verification result represents that the target data is legal, executing the firmware data to control the enabling state of a component corresponding to the firmware data.
A storage medium having stored therein computer-executable instructions that, when loaded and executed by a processor, implement a control method as claimed in any preceding claim.
According to the scheme, in the control method and the control device, when the electronic equipment obtains the starting instruction, the target data at least corresponding to the firmware data in the controller is subjected to validity check according to the state information of the controller in a determined check mode, so that a verification result representing whether the target data is legal is obtained, and if the verification result represents that the target data is legal, the firmware data can be executed to control the enabling state of the component corresponding to the firmware data. Therefore, in the application, the firmware data is allowed to be executed only when the target data corresponding to the firmware data in the controller is legal, so that the corresponding component is in an enabled state, and the condition that the component cannot be enabled due to the fact that the firmware data in the controller is illegal, such as tampered or attacked, is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a flowchart of a control method according to an embodiment of the present application;
fig. 2-11 are partial flow charts of a control method according to an embodiment of the present disclosure;
fig. 12 is a schematic structural diagram of a control device according to a second embodiment of the present application;
fig. 13 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present application;
fig. 14-17 are diagrams illustrating examples of applications of the present application for EC, respectively.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, an implementation flowchart of a control method provided in an embodiment of the present application is shown, where the method may be applied to a controller that needs to protect included firmware data, such as an embedded controller ec (embedded controller), and the controller is capable of implementing a first function, so that a processor can implement a second function when a preset condition is met. For example, the controller can implement the first function based on data stored therein, and further satisfy a preset condition, such as an operating environment or a start condition, to support the processor to implement the second function under the preset condition, and the data may be processor data obtained elsewhere by the controller to implement the first function. For example, the processor may be a Central Processing Unit (CPU), and the controller may be an EC, the CPU may be capable of starting an operating system to run after being powered on, thereby providing a calculation or application Processing function for a user, and the EC may provide a power-on starting condition for the CPU and other components by controlling a power-on timing sequence on a hardware level based on data therein, thereby supporting the CPU to start. Specifically, after the EC is started, a power-on sequence is controlled to support the CPU to start, so that the CPU calls and starts an operating system, and starts the whole computer to provide a calculation processing service for a user; or when the CPU load is heavier, the EC reads the CPU temperature through the control bus, thereby controlling the rotation speed of a cooling fan or a system fan of the CPU to be accelerated so as to accelerate the cooling; and so on.
Specifically, the method in this embodiment may include the following steps:
step 101: and under the condition that the electronic equipment obtains the starting instruction, carrying out validity verification on the target data according to the state information of the controller in a determined verification mode to obtain a verification result.
Wherein the target data corresponds to at least firmware data within the controller. The firmware data corresponds to custom control data of corresponding components in the electronic device, such as a fan, a keyboard, a touch control, a mouse, a camera, a microphone, a speaker, and the like, and is data for driving the corresponding components so that the components can operate according to operation rules corresponding to the firmware data. For example, the firmware data is driving data of a fan, and the fan may adjust the rotation speed of the fan according to a heat dissipation control rule in the firmware data, thereby achieving heat dissipation.
It should be noted that the start instruction herein may be understood as an instruction for the controller to implement the first function so as to enable the processor to implement the second function, such as a power-on instruction of the computer, and so on.
In specific implementation, when the target data is validated, validation can be performed according to different verification modes according to different state information of the controller, so that a validation result representing whether the target data is valid is obtained. When the target data is legal, the firmware data in the controller corresponding to the target data can be determined to be legal and not tampered or attacked; in the case that the target data is illegal, it may be determined that the firmware data in the controller corresponding to the target data is illegal, and there may be a case where the firmware data is not used due to tampering or attack.
The state information of the controller may represent state information of whether data participating in validity check is included in the controller, for example, whether the first storage area of the controller itself includes state information of target data to be validity checked, and the like. Based on this, when the first storage area of the controller contains the target data and when the first storage area of the controller does not contain the target data, different verification methods are respectively adopted to perform validity verification on the target data so as to obtain a verification result.
Step 102: and judging whether the verification result represents that the target data is legal or not, and if the verification result represents that the target data is legal, executing the step 103.
Step 103: the firmware data is executed to control an enable state of a component to which the firmware data corresponds.
The controller executes the firmware data, so that components corresponding to the firmware data, such as a fan, a keyboard, a touch pad, a touch screen, a mouse and the like, are in an enabled state, and the components in the enabled state can operate according to control rules contained in the firmware data. For example, the fan adjusts the rotation speed of the fan according to the heat dissipation control rule in the firmware data, so as to realize heat dissipation of components such as a motherboard, a CPU and the like in the computer.
As can be seen from the foregoing solution, in a control method provided in this embodiment of the present application, when an electronic device obtains a start instruction, validity check is performed on target data at least corresponding to firmware data in a controller according to state information of the controller in a determined check manner, so as to obtain a verification result indicating whether the target data is valid, and if the verification result indicates that the target data is valid, the firmware data can be executed to control an enable state of a component corresponding to the firmware data. It can be seen that, in this embodiment, the firmware data is allowed to be executed only when the target data corresponding to the firmware data in the controller is legal, so that the corresponding component is in the enabled state, and the situation that the component cannot be enabled due to illegal use of the firmware data in the controller, such as tampering or attack, is avoided.
In one implementation manner, when performing validity verification on the target data according to the state information of the controller in a certain verification manner in step 101, the following process may be specifically implemented, as shown in fig. 2:
step 201: and searching target data in a first storage area of the controller to obtain state information of the controller.
In this embodiment, whether the first storage area stores the target data is detected, that is, whether the first storage area stores the target data is searched, so as to obtain the state information of the controller.
Step 202: and judging whether the state information represents that the first storage area has the target data or not, executing the step 203 under the condition that the state information represents that the first storage area has the target data, and executing the step 204 under the condition that the state information represents that the first storage area does not have the target data.
Step 203: and carrying out validity verification on the target data according to a first verification mode to obtain a verification result.
After the target data is legally verified according to the first verification method, step 204 may be further executed according to the obtained verification result, for example, in a case that the verification result obtained by legally verifying the target data according to the first verification method indicates that the target data is not legal, step 204 is continuously executed, as shown in fig. 3.
Step 204: and carrying out validity verification on the target data in a second storage area corresponding to a guide system of the electronic equipment according to a second verification mode to obtain a verification result.
The boot system herein may be understood as a basic Input/Output system of an electronic device, such as a BIOS (basic Input Output system) in a computer, and the boot system corresponds to a second storage area, such as a ROM in the BIOS. And when the controller does not contain the target data in the first storage area of the controller, carrying out validity check on the contained target data in a second storage area corresponding to the BIOS of the electronic equipment.
It should be noted that the target data in the second storage area may be understood as backup data of the target data in the first storage area in the controller, and if the target data in the first storage area is tampered or attacked, the target data in the second storage area is used as an alternative.
That is, there are various ways to check the target data in this embodiment:
in a specific implementation manner, under the condition that a first storage area of a controller contains target data, the controller performs validity check on the target data in the first storage area according to a first check manner to obtain a check result;
in another specific implementation manner, under the condition that a first storage area of a controller contains target data, the controller firstly performs validity check on the target data in the first storage area according to a first check mode, and if a verification result corresponding to the first check mode represents that the target data in the first storage area is not legal, the controller performs validity verification on the target data in a second storage area corresponding to a boot system of the electronic device according to a second check mode to obtain a verification result;
in another specific implementation manner, when the first storage area of the controller itself does not contain the target data, the controller directly performs validity verification on the target data in a second storage area corresponding to a boot system of the electronic device according to a second verification manner to obtain a verification result.
Further, in this embodiment, after performing validity verification on the target data according to the first verification method in step 203 to obtain a verification result, the following steps may be further included, as shown in fig. 4:
step 205: and judging whether the verification result corresponding to the first verification mode represents that the target data is legal or not, and if the verification result corresponding to the first verification mode represents that the target data is illegal, executing the step 206.
Step 206: the target data in the first storage area is deleted.
For example, drive data of the fan in the ROM of the EC is deleted.
Or, the determining that the verification result corresponding to the first verification method represents that the target data is not legal in step 205 may further include the following steps, as shown in fig. 5:
step 207: the control electronics restart to perform step 204: and under the condition that the electronic equipment obtains the starting instruction again, carrying out validity verification on the target data in a second storage area corresponding to a guide system of the electronic equipment according to a second verification mode to obtain a verification result.
Alternatively, when it is determined in step 205 that the verification result corresponding to the first verification manner indicates that the target data is not legal, step 206 may be executed first, and then step 207 may be executed, as shown in fig. 6.
For example, in the case that the drive data of the fan in the ROM of the EC is determined to be illegal, the illegal drive data in the ROM of the EC may be directly erased, or the EC may be controlled to directly perform validity check on the drive data included in the BIOS after the computer is restarted, or the illegal drive data in the ROM of the EC may be erased first, then the computer is controlled to be restarted, and then the EC directly performs validity check on the drive data included in the BIOS.
Based on the above implementation manner, after performing validity verification on the target data in the second storage area corresponding to the boot system of the electronic device according to the second verification manner in step 204 to obtain a verification result, the method in this embodiment may further include the following steps, as shown in fig. 7:
step 208: and judging whether the verification result corresponding to the second verification mode represents that the target data is legal or not, and if the verification result corresponding to the second verification mode represents that the target data is legal, executing step 209.
Step 209: and loading the target data in the second storage area into the first storage area.
Therefore, after the legal target data in the second storage area is loaded into the first storage area of the controller, the target data in the first storage area is legal, so that the controller can enable the corresponding component according to the firmware data corresponding to the target data.
After the target data in the second storage area is loaded into the first storage area, the controller may execute the firmware data corresponding to the target data in the first storage area after the electronic device is restarted, so as to enable the component corresponding to the firmware data, or the controller may directly execute the firmware data corresponding to the target data in the first storage area without restarting the electronic device, so as to enable the component corresponding to the firmware data.
For example, when the drive data included in the ROM in the BIOS is legal, the EC loads the drive data in the BIOS into the ROM of the EC, and at this time, the computer may be restarted, and after the restart, the drive data in the EC may be verified to be legal, and at this time, the EC executes the drive data to enable the corresponding fan; or, after the EC loads the drive data in the BIOS into the ROM of the EC, the EC may directly execute the reloaded drive data in the ROM of the EC without restarting to enable the corresponding fan, or perform validity check on the reloaded drive data in the ROM of the EC first, where the check is usually legal, and therefore, after the check is legal, the drive data reloaded in the ROM of the EC may be directly used to enable the corresponding fan.
Further, if it is determined in step 208 that the verification result corresponding to the second verification method represents that the target data is abnormal, if it is not legal, the following steps may be performed, as shown in fig. 8:
step 210: carrying out validity check on the backup data in a second storage area corresponding to a boot system of the electronic equipment according to a second check mode to obtain a verification result;
and the target data in the second storage area is at the first storage bit, the backup data corresponds to the target data, and the backup data is at the second storage bit in the second storage area.
That is to say, in this embodiment, under the condition that the target data on the first storage bit corresponding to the boot system is verified and the target data on the first storage bit is determined to be illegal, the backup data on the second storage bit corresponding to the boot system is verified.
It should be noted that the backup data on the second storage bit may be understood as backup data of the target data on the first storage bit, and in combination with the foregoing implementation, it may be understood as: the method comprises the steps that two backups are set on a boot system for target data contained in a first storage area in a controller, firstly, one backup data is stored in a first storage position on the boot system for the target data in the first storage area, namely the target data in the first storage position, and meanwhile, one backup data is also stored in a second storage position on the boot system for the target data in the first storage area, namely the backup data in the second storage position, so that the safety of the target data in the controller is guaranteed through multiple backups.
For example, two backups are stored in the BIOS for the fan drive data in the EC, one is stored in the first storage location of the BIOS, and the other is stored in the second storage location of the BIOS, in this embodiment, when it is determined that the drive data of the fan in the ROM of the EC is illegal, the EC may first perform validity check on the drive data included in the first storage location in the BIOS, and when the drive data included in the first storage location is illegal, the EC may further perform validity check on the drive data included in the second storage location in the BIOS.
Based on this, after the controller performs the validity check on the backup data in the second storage area corresponding to the boot system of the electronic device according to the second checking method in step 210 to obtain the verification result, the method in this embodiment may further include the following steps, as shown in fig. 9:
step 211: and judging whether the verification result corresponding to the backup data represents that the backup data is legal or not, and if the verification result corresponding to the backup data represents that the backup data is illegal, executing step 212.
Step 212: and setting a flag bit which can be used for prompting the controller to perform backup processing on the target data when the controller is started next time.
For example, a flag bit such as "x" or 0 "is set at a preset position of the EC, and the target data is backed up by recognizing the value of the flag bit when the controller is started next time. The target data backed up here is data subjected to validity verification.
Based on the above implementation manner, in the step 211, when it is determined that the verification result corresponding to the backup data represents that the backup data is legal, there may be the following steps, as shown in fig. 10:
step 213: and recovering the target data of the first storage bit by using the backup data of the second storage bit, and loading the target data into the first storage area.
Specifically, the controller can write the backup data of the second storage bit into the first storage bit, cover the target data which is not verified to be legal, and record the backup data of the second storage bit into the first storage area of the controller, so that the second storage bit in the boot system and the first storage area of the controller contain data which is verified to be legal, and the controller can control the corresponding component to enable according to the firmware data corresponding to the target data which is verified to be legal and control the component to normally operate.
For example, the EC may write the fan driving data of the second storage bit in the ROM in the BIOS into the first storage bit, overwrite the driving data that is not verified, and record the backup data of the second storage bit in the ROM of the EC itself, so that both the second storage bit in the BIOS and the ROM of the EC itself contain the driving data that is verified to be valid, so that the EC controls the fan to be enabled according to the driving data that is verified to be valid, and controls the fan to operate normally.
In one implementation, the boot system may update the target data, and based on this, the method in this embodiment may further include the following steps, as shown in fig. 11:
step 1101: and if the updated target data is obtained, carrying out validity verification on the updated target data.
The updated target data can be the updated target data obtained on the first memory location of the boot system. For example, when it is detected that the fan driving data is updated on the first storage bit of the ROM in the BIOS, the updated fan driving data is obtained.
Specifically, in this embodiment, the validity of the updated target data may be verified according to the first verification manner, so as to obtain a verification result.
Step 1102: and under the condition that the updated target data is legal, backing up the updated target data to the second storage bit in the second storage area so as to update the backup data of the second storage bit.
Further, in this embodiment, the updated target data may also be loaded into the first storage area of the controller.
For example, the EC performs validity check on the updated drive data after obtaining the updated drive data of the fan in the BIOS, and backs up the updated drive data onto the second storage bit of the BIOS when the verification result indicates that the updated drive data is valid, thereby updating the backup data. Further, the EC may load updated driver data into the ROM of the EC, so that the EC enables the fan using the updated driver and controls the fan to operate normally.
In one implementation, the target data at least includes signature data corresponding to the firmware data, and certainly, the target data may also include the firmware data. The signature data is obtained by encrypting the signature character string corresponding to the firmware data by using a private key. For example, the Signature data is obtained by encrypting a Signature string corresponding to the firmware data using an algorithm such as an elliptic Curve Digital Signature algorithm ecdsa (elliptic current Digital Signature algorithm) or an asymmetric Signature algorithm with a private key.
Based on this, when the target data is legally verified in the first verification manner in step 203 to obtain a verification result, the following manners are adopted:
firstly, decrypting signature data in target data by using a public key corresponding to a private key to obtain a decrypted character string, then obtaining a verification result according to the decrypted character string, and under the condition that the decrypted character string is matched with a preset fixed character string, the verification result represents that the target data is legal, namely, firmware data in the target data is not tampered or attacked.
The public key is stored in a third storage area in the controller, and the third storage area is a non-flash area. For example, the third storage area is an otp (one time program) area in the EC so that the public key is not rewritten.
In addition, the manner of performing validity check on the target data in the second storage area corresponding to the boot system of the electronic device according to the second check method and the manner of performing validity check on the backup data in the second storage area corresponding to the boot system of the electronic device according to the second check method are similar to the manner of performing validity check on the target data according to the first check method in the foregoing, and details are not repeated here.
Referring to fig. 12, a schematic structural diagram of a control apparatus according to a second embodiment of the present disclosure is provided, where the apparatus may be configured in a controller that needs to protect included firmware data, and the controller in this embodiment may be a component such as an EC, and can implement a first function, so that a processor in an electronic device can implement a second function when a preset condition is met, based on which:
the control device in this embodiment may include the following units:
the data verification unit 1201 is used for verifying the validity of the target data according to the state information of the controller in a determined verification mode under the condition of obtaining the starting instruction so as to obtain a verification result; the target data corresponds to at least firmware data within the controller;
and a data execution unit 1202, configured to execute the firmware data to control an enable state of a component corresponding to the firmware data if the verification result indicates that the target data is legal.
As can be seen from the foregoing solution, in the control device provided in the second embodiment of the present application, when the electronic device obtains the start instruction, the target data at least corresponding to the firmware data in the controller is subjected to validity check according to the state information of the controller in a certain check manner, so as to obtain a verification result indicating whether the target data is valid, and if the verification result indicates that the target data is valid, the firmware data may be executed to control the enable state of the component corresponding to the firmware data. It can be seen that, in this embodiment, the firmware data is allowed to be executed only when the target data corresponding to the firmware data in the controller is legal, so that the corresponding component is in the enabled state, and the situation that the component cannot be enabled due to illegal use of the firmware data in the controller, such as tampering or attack, is avoided.
In one implementation, the data verification unit 1201 is specifically configured to: searching the target data in a first storage area of a controller to obtain state information of the controller; when the state information represents that the target data exist in the first storage area, carrying out validity verification on the target data according to a first verification mode to obtain a verification result; and/or, when the state information indicates that the target data does not exist in the first storage area, performing validity verification on the target data in a second storage area corresponding to a boot system of the electronic device according to a second verification method to obtain a verification result.
Based on the above implementation, the data verification unit 1201, after performing validity verification on the target data according to the first verification manner to obtain a verification result, is further configured to:
if the verification result corresponding to the first verification mode represents that the target data is illegal, deleting the target data in the first storage area; and/or controlling the electronic equipment to restart so that the target data is legally verified in a second storage area corresponding to a boot system of the electronic equipment in a second verification mode under the condition that the electronic equipment obtains the starting instruction again, and obtaining a verification result.
In one implementation manner, the data verification unit 1201 performs validity verification on the target data in a second storage area corresponding to a boot system of the electronic device according to a second verification manner to obtain a verification result, and is further configured to: and if the verification result corresponding to the second verification mode represents that the target data is legal, loading the target data in the second storage area into the first storage area.
Further, the data verification unit 1201 is further configured to: if the verification result corresponding to the second verification mode represents that the target data is abnormal, performing validity verification on backup data in a second storage area corresponding to a guide system of the electronic equipment according to a second verification mode to obtain a verification result;
wherein the target data is in a first storage location in the second storage area, the backup data corresponds to the target data, and the backup data is in a second storage location in the second storage area.
Optionally, the data verification unit 1201 performs validity verification on the backup data in a second storage area corresponding to the boot system of the electronic device according to a second verification method to obtain a verification result, and then is further configured to: and if the verification result corresponding to the backup data represents that the backup data is illegal, setting a flag bit, and prompting the controller to perform backup processing on the target data when the controller is started next time by the flag bit.
In an implementation manner, the data verification unit 1201 performs validity verification on the backup data in a second storage area corresponding to a boot system of the electronic device according to a second verification manner to obtain a verification result, and after the verification result is obtained, is further configured to:
and if the verification result corresponding to the backup data indicates that the backup data is legal, restoring the target data of the first storage bit by using the backup data of the second storage bit, and loading the target data into the first storage area.
Based on the above implementation, the data verification unit 1201 is further configured to: if the updated target data is obtained, carrying out validity verification on the updated target data;
and under the condition that the updated target data is legal, backing up the updated target data to a second storage bit in the second storage area so as to update the backup data of the second storage bit.
In one implementation manner, the target data at least includes signature data corresponding to the firmware data, and the signature data is obtained by encrypting a signature string corresponding to the firmware data by using a private key;
when the data verification unit 1201 performs validity verification on the target data according to the first verification manner to obtain a verification result, the data verification unit is specifically configured to: decrypting the signature data in the target data by using a public key corresponding to the private key to obtain a decrypted character string; obtaining a verification result according to the decryption character string, wherein the verification result represents that the target data is legal under the condition that the decryption character string is matched with a preset fixed character string;
the public key is stored in a third storage area in the controller, and the third storage area is a non-flash area.
It should be noted that, for the specific implementation of each unit in the present embodiment, reference may be made to the corresponding content in the foregoing, and details are not described here.
In addition, a third embodiment of the present application provides a controller, where the controller and the processor are both components disposed in an electronic device, where:
the controller in this embodiment may be a component such as an EC, and may implement a first function, so that a processor in the electronic device may implement a second function when a preset condition is met, based on which:
the controller is specifically configured to: under the condition of obtaining a starting instruction, carrying out validity verification on target data according to the state information of the controller in a determined verification mode to obtain a verification result; the target data corresponds to at least firmware data within the controller; and if the verification result represents that the target data is legal, executing the firmware data to control the enabling state of the part corresponding to the firmware data.
As can be seen from the foregoing solution, in the controller provided in the third embodiment of the present application, when the electronic device obtains the start instruction, the target data at least corresponding to the firmware data in the controller is subjected to validity check according to the state information of the controller in a determined check manner, so as to obtain a verification result indicating whether the target data is valid, and if the verification result indicates that the target data is valid, the firmware data may be executed to control the enable state of the component corresponding to the firmware data. It can be seen that, in this embodiment, the firmware data is allowed to be executed only when the target data corresponding to the firmware data in the controller is legal, so that the corresponding component is in the enabled state, and the situation that the component cannot be enabled due to illegal use of the firmware data in the controller, such as tampering or attack, is avoided.
It should be noted that, in the present embodiment, reference may be made to the corresponding contents in the foregoing for specific implementation of the controller, and details are not described here.
Referring to fig. 13, a schematic structural diagram of an electronic device according to a fourth embodiment of the present disclosure is shown, where the electronic device may be a computer or a server.
Specifically, the electronic device in this embodiment may include the following structure:
controller 1301, such as EC;
a processor 1302; as a CPU, the controller 1301 can implement a first function, so that the processor 1302 can implement a second function if a preset condition is satisfied;
wherein the controller 1301 is configured to: under the condition of obtaining a starting instruction, carrying out validity verification on target data according to the state information of the controller 1201 in a determined verification mode to obtain a verification result; the target data corresponds to at least firmware data within the controller; and if the verification result represents that the target data is legal, executing the firmware data to control the enabling state of a component corresponding to the firmware data.
It should be noted that the components herein may be internal components in the electronic device, such as a fan and the like.
As can be seen from the foregoing solution, in the electronic device provided in the fourth embodiment of the present application, when the electronic device obtains the start instruction, the target data at least corresponding to the firmware data in the controller is subjected to validity check according to the state information of the controller in a certain check manner, so as to obtain a verification result indicating whether the target data is valid, and if the verification result indicates that the target data is valid, the firmware data may be executed to control the enable state of the component corresponding to the firmware data. It can be seen that, in this embodiment, the firmware data is allowed to be executed only when the target data corresponding to the firmware data in the controller is legal, so that the corresponding component is in the enabled state, and the situation that the component cannot be enabled due to illegal use of the firmware data in the controller, such as tampering or attack, is avoided.
It should be noted that, in the present embodiment, reference may be made to the corresponding contents in the foregoing for specific implementation of the controller, and details are not described here.
In addition, the present application also provides a storage medium, in which computer-executable instructions are stored, and when the computer-executable instructions are loaded and executed by a processor, the data processing method as described in any one of the above is implemented.
Taking a controller as an example of an EC in a computer, a technical scheme of the present application is illustrated in detail:
currently EC is becoming more and more powerful, and higher security mechanisms and self-healing mechanisms are also becoming more and more desirable. Thus, there is a need to ensure that the FW (firmware) of the EC does not crash (near crash), i.e., that the FW of the EC cannot be attacked.
In view of the above problems and the drawbacks of the existing solutions, the technical solution of the present application provides the following technical implementation:
first, an OTP area is provided inside the EC chip, and important data is never flashed once the engineering mode is completed.
In this case, ECDSA or an asymmetric signature algorithm is executed to perform signature sign on the FW part of EC, such as drive data of a fan, which needs to be updated frequently. The signature process is completed on a specific security server to ensure absolute security, and meanwhile, a public key of sign is saved in an OTP region, the boot code of EC needs to check whether FW of the EC that has passed through sign is correct through the public key, if so, new EC data is executed, namely, the verified correct boot code is executed, and if not, a recovery mechanism is executed.
In addition, two copies of EC FW data are stored in the ROM of the BIOS, one copy is ECFW _ PRIM, the other copy is Backup, ECFW _ BK, the primary is an area which needs to be updated frequently, namely a first storage bit, and the Backup is an area which cannot be refreshed after being shipped, namely a second storage bit. Once the data in Primary is destroyed, the data in Backup is copied to the Primary area and then executed again. With reference to fig. 14, 15 and 16, the specific implementation is as follows:
as shown in fig. 14:
1. the boot code of the EC starts to execute the function of ECFW loader, and the ECFW loader loads ECFW _ ACT in the ROM into the eflash;
2. the ECFW loader finds whether ECFW _ ACT exists in an eflash (ROM of EC), namely target data, and if the ECFW loader finds the ECFW _ ACT, checking the ECFW _ ACT is started;
3. if no problem exists in the verification, the ECFW _ ACT is executed, namely the firmware data corresponding to the target data is executed;
4. if the verification fails, the signature of the ECFW is erased and restarted.
Further, as shown in fig. 15:
1. the EC starts to execute the ECFW loader;
2. the ECFW loader searches for ECFW _ ACT in the eflash, and if the ECFW _ ACT is not found in the eflash, executing the step 3;
3. the EC searches the address of the first storage bit ECFW _ PRIM pointed in the ECFW _ pointer according to the BIOS Descriptor;
4. checking the stored ECFW _ ACT in EC-to-ECFW _ PRIM;
5. if the data in the ECFW _ PRIM is verified to be legal, loading the ECFW _ ACT in the ECFW _ PRIM into the eflash; if the check is not legal, indicating that the data in the ECFW _ PRIM is corrupted, the subsequent flow is performed, as shown in FIG. 16.
Further, as shown in fig. 16, continuing with step 2 in fig. 14 or step 5 in fig. 15, if the ECFW _ ACT cannot be found in the eflash, or the ECFW _ ACT check in the ECFW _ PRIM is illegal:
1. the ECFW loader starts to check ECFW _ BK, namely the backup ECFW;
if the step 4 of finding the signature in fig. 14 checks that the signature is incorrect, the ECFW signature is erased, which may result in no ECFW _ ACT being found, and then the step 1 of fig. 16 may be executed;
2. if the ECFW _ BK check has no problem, copying the data backed up in the ECFW _ BK to an ECFW _ PRIM area, executing 3, and if the ECFW _ BK check fails, setting a flag bit and setting EC to a logging state, thereby powering on the EC next time and then backing up again according to the flag bit;
3. and restarting the EC, and restarting a new starting process after restarting.
If the backup ECFW is also failed to be verified, the ECFW sets a flag bit, the starting is failed, the starting is restarted, and a new starting process is restarted, wherein the flag bit is used for restarting the data updated by the backup copy by the EC.
Additionally, in the ECFW update scenario, the backup ECFW may be updated by BIOS during release, or by EC boot code in G3 mode. And will never be updated after the SS. As shown in fig. 17:
backup of EC update conditions and follow the following:
1. the host informs EC via an internal integrated south bridge pch (platform Controller hub): ECFW _ PRIM has updates;
2. the system starts a power down sequence;
3. EC verifies updated ECFW _ prim (new);
4. EC backup ECFW _ PRIM (new) to ECFW _ BK;
5. the EC checks whether the backup process is completed;
6. the EC deletes the EC signature in the header and resets the EC;
7. when the EC loader cannot find the EC signature in the header, the ECFW loader loads ECFW _ PRIM to eflash.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A control method, comprising:
under the condition that the electronic equipment obtains a starting instruction, carrying out validity verification on target data according to the state information of the controller in a determined verification mode to obtain a verification result; the target data corresponds to at least firmware data within the controller;
and if the verification result represents that the target data is legal, executing the firmware data to control the enabling state of a component corresponding to the firmware data.
2. The method of claim 1, performing validity verification on the target data according to the status information of the controller in a determined verification manner to obtain a verification result, comprising:
searching the target data in a first storage area of a controller to obtain state information of the controller;
when the state information represents that the target data exist in the first storage area, carrying out validity verification on the target data according to a first verification mode to obtain a verification result;
and/or the presence of a gas in the atmosphere,
and under the condition that the state information represents that the target data does not exist in the first storage area, performing validity verification on the target data in a second storage area corresponding to a boot system of the electronic equipment according to a second verification method to obtain a verification result.
3. The method of claim 2, after performing validity verification on the target data according to the first verification manner to obtain a verification result, the method further comprising:
if the verification result corresponding to the first verification mode represents that the target data is illegal, deleting the target data in the first storage area; and/or the presence of a gas in the atmosphere,
and controlling the electronic equipment to restart so that the target data is legally verified in a second storage area corresponding to a boot system of the electronic equipment according to a second verification mode under the condition that the electronic equipment obtains a starting instruction again, and obtaining a verification result.
4. The method according to claim 2 or 3, after performing validity verification on the target data in a second storage area corresponding to a boot system of the electronic device in a second verification manner to obtain a verification result, the method further comprising:
and if the verification result corresponding to the second verification mode represents that the target data is legal, loading the target data in the second storage area into the first storage area.
5. The method of claim 4, further comprising:
if the verification result corresponding to the second verification mode represents that the target data is abnormal, performing validity verification on backup data in a second storage area corresponding to a guide system of the electronic equipment according to a second verification mode to obtain a verification result;
wherein the target data is in a first storage location in the second storage area, the backup data corresponds to the target data, and the backup data is in a second storage location in the second storage area.
6. The method of claim 5, after performing a validity check on the backup data according to a second check method in a second storage area corresponding to a boot system of the electronic device to obtain a verification result, the method further comprising:
and if the verification result corresponding to the backup data represents that the backup data is illegal, setting a flag bit, and prompting the controller to perform backup processing on the target data when the controller is started next time by the flag bit.
7. The method of claim 5, after performing a validity check on the backup data according to a second check method in a second storage area corresponding to a boot system of the electronic device to obtain a verification result, the method further comprising:
and if the verification result corresponding to the backup data indicates that the backup data is legal, restoring the target data of the first storage bit by using the backup data of the second storage bit, and loading the target data into the first storage area.
8. The method of claim 5, further comprising:
if the updated target data is obtained, carrying out validity verification on the updated target data;
and under the condition that the updated target data is legal, backing up the updated target data to a second storage bit in the second storage area so as to update the backup data of the second storage bit.
9. The method according to claim 2, wherein the target data at least includes signature data corresponding to the firmware data, and the signature data is obtained by encrypting a signature string corresponding to the firmware data by using a private key;
the method for verifying the validity of the target data according to the first verification mode to obtain a verification result includes:
decrypting the signature data in the target data by using a public key corresponding to the private key to obtain a decrypted character string;
obtaining a verification result according to the decryption character string, wherein the verification result represents that the target data is legal under the condition that the decryption character string is matched with a preset fixed character string;
the public key is stored in a third storage area in the controller, and the third storage area is a non-flash area.
10. A control device, comprising:
the data verification unit is used for verifying the legality of the target data according to the state information of the controller in a determined verification mode under the condition of obtaining the starting instruction so as to obtain a verification result; the target data corresponds to at least firmware data within the controller;
and the data execution unit is used for executing the firmware data to control the enabling state of a component corresponding to the firmware data if the verification result represents that the target data is legal.
CN202110352238.0A 2021-03-31 2021-03-31 Control method and device Pending CN113051579A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110352238.0A CN113051579A (en) 2021-03-31 2021-03-31 Control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110352238.0A CN113051579A (en) 2021-03-31 2021-03-31 Control method and device

Publications (1)

Publication Number Publication Date
CN113051579A true CN113051579A (en) 2021-06-29

Family

ID=76516735

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110352238.0A Pending CN113051579A (en) 2021-03-31 2021-03-31 Control method and device

Country Status (1)

Country Link
CN (1) CN113051579A (en)

Similar Documents

Publication Publication Date Title
JP5014726B2 (en) Enhanced execution environment by preventing unauthorized boot loader execution
JP5437550B2 (en) System and method for reducing required memory capacity of firmware
US9898368B1 (en) Computing device with recovery mode
JP4647300B2 (en) Method and system to ensure that software updates can be installed or run only on a specific device or class of devices
JP5265662B2 (en) Trusted component update system and trusted component update method
KR101280048B1 (en) Anti-hack protection to restrict installation of operating systems and other software
US20060236122A1 (en) Secure boot
US20080168275A1 (en) Securely Recovering a Computing Device
JP5740573B2 (en) Information processing apparatus and information processing method
US20110113181A1 (en) System and method for updating a basic input/output system (bios)
JP6925542B2 (en) Software verification device, software verification method and software verification program
JP2014518428A (en) Protection and notification against BIOS flash attacks
EP3076324B1 (en) Information processing apparatus and method of controlling the apparatus
US9690944B2 (en) System and method updating disk encryption software and performing pre-boot compatibility verification
TWI684887B (en) Automatic verification method and system thereof
US20210367781A1 (en) Method and system for accelerating verification procedure for image file
CN111625295A (en) Embedded system starting method, device, equipment and storage medium
CN113051579A (en) Control method and device
CN109460262B (en) Method, system, android device and medium for verifying validity of main system image
CN112099855B (en) Information processing method, electronic equipment and computer storage medium
JP7341376B2 (en) Information processing device, information processing method, and information processing program
CN116415225A (en) Firmware verification system and firmware verification method
CN114721693A (en) Microprocessor, BIOS firmware updating method, computer equipment and storage medium
CN116467714A (en) Data processing method, anti-hijacking processing method and device for memory hidden partition
CN113742784A (en) System for applying method for accelerating verification of mapping file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination