CN114048484A - Method and device for measuring credibility of multi-path server and computer equipment - Google Patents
Method and device for measuring credibility of multi-path server and computer equipment Download PDFInfo
- Publication number
- CN114048484A CN114048484A CN202111337399.9A CN202111337399A CN114048484A CN 114048484 A CN114048484 A CN 114048484A CN 202111337399 A CN202111337399 A CN 202111337399A CN 114048484 A CN114048484 A CN 114048484A
- Authority
- CN
- China
- Prior art keywords
- bios firmware
- path server
- module
- pulse
- bios
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Abstract
The invention discloses a credibility measuring method and device of a multi-path server and computer equipment. After receiving a starting signal of the multi-path server, the method generates a measurement signal and sends the measurement signal to the editable logic module; the editable logic module dynamically connects the trusted module and the BIOS firmware according to the measurement signal; the trusted module acquires and verifies the content of the BIOS firmware; when the verification result of the content of each BIOS firmware is passed, verifying the identifier of each BIOS firmware; and starting the multi-path server when the identification of each BIOS firmware passes verification. By the mode, the running safety of the multi-path server multi-BIOS system can be improved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for measuring the credibility of a multi-path server and computer equipment.
Background
With the advent of informatization, information security becomes more and more important, and trusted computing becomes a new development direction in the field of information security. The industry organization trusted computing platform alliance defines the credibility judgment standard as follows: an entity is trusted if its behavior is always the same as expected when it achieves a given goal.
Currently, the main approaches to trusted computing include identity validation, storage protection using encryption, and integrity protection using integrity metrics. Firstly, a trusted root is established in a computer system, then a trust chain is established according to the trusted root, and the trusted environment is covered to the whole computer system in a layer-by-layer push mode. The BIOS (Basic Input Output System) provides the lowest level, most direct hardware settings and control for the computer, which is the behavioral basis of the operating System. During the starting process, the operating system is loaded, the physical equipment is initialized, system parameters are provided, and a trusted process and related service programs which are necessary for maintaining the normal operation of the system are started. Therefore, to ensure the trustworthiness and security of the operating system, the BIOS needs to be measured for trustworthiness.
Currently, a single BIOS measurement method for a single server is relatively mature, but the measurement method for multiple BIOS in a multi-server is not perfect. The existing two-way and multi-way servers often have more than one BIOS, and in a multi-BIOS environment, lack of complete measurement in the starting process brings potential safety hazards to a system running on the basis of the BIOS.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, and a computer device for measuring the reliability of a multi-path server, which can reduce response delay to the reliability of multiple basic input/output systems, and improve the efficiency of the reliability of the multiple basic input/output systems.
According to one aspect of the invention, a method for measuring the credibility of a multi-path server is provided, which is applied to the multi-path server, wherein the multi-path server comprises at least two CPUs, an editable logic module, a credible module and at least two BIOS firmware,
the editable logic module is dynamically connected with the at least two CPUs, the trusted module and the at least two BIOS firmware;
the method comprises the following steps:
after receiving a starting signal of the multi-path server, generating a measurement signal and sending the measurement signal to the editable logic module;
the editable logic module dynamically connects the trusted module and the BIOS firmware according to the measurement signal;
the trusted module acquires and verifies the content of the BIOS firmware;
when the verification result of the content of each BIOS firmware is passed, verifying the identifier of each BIOS firmware;
and starting the multi-path server when the identification of each BIOS firmware passes verification.
In one embodiment, the method further comprises: and when the verification result of the content of any one of the BIOS firmware is failed, or when the identification verification result of the BIOS firmware is failed, stopping starting the multi-path server.
In one embodiment, after the identification of each of the BIOS firmware is verified, the method further comprises: verifying the equipment hardware of the multi-path server, and executing the starting of the multi-path server when the equipment hardware of the multi-path server passes the verification; or, verifying the device hardware of the multi-path server and the operating system of the multi-path server, and executing the starting of the multi-path server when the operating system of the multi-path server and the device hardware of the multi-path server are verified; or, verifying the operating system of the multi-path server, and executing the starting of the multi-path server when the operating system of the multi-path server passes the verification.
In one embodiment, the editable logic module dynamically connects the trusted module and the BIOS firmware according to the measurement signal, and the trusted module acquires and verifies the content of the BIOS firmware, including: the measurement signal sends out a first pulse low level to high level jump, the programmable logic module gates an interface access of a security card of the trusted module and a first BIOS firmware interface access according to the measurement signal, and the first BIOS firmware is any one of the at least two BIOS firmware; the security card of the trusted module reads the content of the first BIOS firmware and verifies the content of the first BIOS1 firmware; if the verification result of the content of the first BIOS firmware is that the content of the first BIOS firmware passes, the measurement signal sends a first pulse high level to low level jump, and after the low level is kept for a period of time, a second pulse low level to high level jump is sent, the programmable logic module gates an interface passage of a security card of the trusted module and an interface passage of second BIOS firmware according to the measurement signal, and the second BIOS firmware is any one of the at least two BIOS firmware except the first BIOS firmware; until the verification result of the content of each BIOS firmware of the at least two BIOS firmware is passed, the verification of the identification of each BIOS firmware is executed when the verification result of the content of each BIOS firmware is passed.
In one embodiment, when the content verification result of any one of the at least two BIOS firmware is failed, the measurement signal is maintained at a high level.
In one embodiment, after the measurement signal is a pulse signal and the programmable logic module gates an interface path of a security card of the trusted module and an interface path of any one of the at least two BIOS firmware according to the measurement signal, the method further includes: counting pulse serial numbers and recording pulse states, wherein the pulse serial numbers are divided into rising edge serial numbers and/or falling edge serial numbers, and the pulse states comprise three types, namely rising edge front, rising edge back, falling edge front and falling edge back; and determining prompt information according to the pulse sequence number and the pulse state, and prompting.
In one embodiment, the determining and prompting the prompt information according to the pulse sequence number and the pulse state includes: controlling at least one of an LED indicator light to be on or off, flash at different frequencies or present different colors to prompt according to the pulse sequence number and the pulse state; and/or determining prompt information fed back to other terminals according to the pulse sequence number and the pulse state, and prompting the prompt information through voice or characters.
In one embodiment, the contents of each of the BIOS firmware are the same.
In one embodiment, when the verification result of the content of each BIOS firmware is a first pass, the when each BIOS firmware identification verification fails, the method includes: when each BIOS firmware does not detect the corresponding identification, the identification verification fails; the method further comprises the following steps: the trusted module sends feedback information to the editable logic module, wherein the feedback information is used for feeding back that the identification verification fails; the editable logic module generates a starting signal for cold restarting the multi-path server according to the feedback information; and when the cold restart starting signal is received, identifying each BIOS firmware to obtain the identification of each BIOS firmware.
According to another aspect of the present invention, there is provided a multi-server trust measurement apparatus, applied to a multi-server, where the multi-server includes at least two CPUs, an editable logic module, a trusted module, and at least two BIOS firmware, and the editable logic module is dynamically connected to the at least two CPUs, the trusted module, and the at least two BIOS firmware;
the device comprises:
the control module is used for generating a measurement signal and sending the measurement signal to the editable logic module after receiving a starting signal of the multi-path server;
the editable logic module is used for dynamically connecting the trusted module and the BIOS firmware according to the measurement signal;
the trusted module is used for acquiring and verifying the content of the BIOS firmware;
the trusted module is used for verifying the identification of each BIOS firmware when the verification result of the content of each BIOS firmware passes;
and the control module is used for starting the multi-path server when the identification of each BIOS firmware passes verification.
According to yet another aspect of the present invention, there is provided a computer apparatus comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method for trustworthiness measurement of a multi-way server as described in any one of the above.
According to still another aspect of the present invention, there is provided a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method for measuring trustworthiness of a multi-server as described in any one of the above.
According to the credibility measuring method, the credibility measuring device, the computer equipment and the storage medium of the multi-path server, the editable logic module is dynamically connected with the credibility module and the BIOS firmware according to the measuring signal, the BIOS firmware is completely measured, potential safety hazards caused by the incredible BIOS firmware are avoided, and therefore the operation safety of the multi-path server is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a diagram of an application scenario of an embodiment of a method for measuring the trustworthiness of a multi-server of the present invention;
FIG. 2 is a flowchart illustrating an embodiment of a method for measuring the trustworthiness of a multi-server of the present invention;
fig. 3 is a schematic structural diagram of an embodiment of a trust measuring apparatus of a multi-server according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be noted that the following examples are only illustrative of the present invention, and do not limit the scope of the present invention. Similarly, the following examples are only some but not all examples of the present invention, and all other examples obtained by those skilled in the art without any inventive work are within the scope of the present invention.
The invention provides a credibility measuring method of a multi-path server, which can reduce the potential safety hazard of the multi-path server caused by incomplete credibility measurement of multi-BIOS firmware and improve the operation safety of the multi-path server.
Referring to fig. 1, fig. 1 is a diagram illustrating an application scenario of an embodiment of a method for measuring trust of a multi-server according to the present invention. Fig. 1 includes a multi-server 100, where the multi-server 100 includes at least an editable logic module 101, a trusted module 102, a CPU103 (at least two, such as CPU1031, CPU1032, and CPU1033), and BIOS firmware 104 (at least two, such as BIOS1041, BIOS1042, and BIOS1043), where the editable logic module 101 is dynamically connected to the CPU103, the trusted module 102, and the BIOS firmware 104. Editable logic module 101 includes, but is not limited to, CPLD (Complex Programming logic device)/FPGA (field programmable Gate array). The trusted module 102 at least includes a security card, which is a third-party monitoring board based on a security control soc (system on chip) chip, and is used for firmware security verification, data monitoring and the like of the motherboard. The trusted module 102 also includes TCM (trusted Cryptography module), wherein the TCM is a trusted cryptographic module designed by a developed cryptographic algorithm on an embedded chip.
In an embodiment, a method for measuring the trustworthiness of a multi-server is provided, and is applied to the multi-server in fig. 1, as shown in fig. 2, and fig. 2 is a schematic flowchart of the method for measuring the trustworthiness of the multi-server in an embodiment. It should be noted that the method of the present invention is not limited to the flow sequence shown in fig. 2 if the results are substantially the same. As shown in fig. 2, the method comprises the steps of:
s201: after receiving a starting signal of the multi-path server, generating a measurement signal and sending the measurement signal to the editable logic module.
The multi-path server comprises an editable logic module, a trusted module, at least two CPUs and at least two BIOS firmware. The measurement signal is used for instructing the trusted module to perform trusted measurement on the BIOS firmware. The trust measurement generally adopts a layer-by-layer push mode from a trust root to a trust chain, and at least comprises a measurement layer, namely the measurement of BIOS firmware. And in the reliability process, a core measurement credible root is started first, a corresponding measurement value is generated aiming at each measurement layer, and whether each measurement layer is credible or not is verified by comparing the measurement value with the standard value.
S202: and the editable logic module dynamically connects the trusted module and the BIOS firmware according to the measurement signal.
S203: the trusted module obtains and verifies the contents of the BIOS firmware.
S204: and when the verification result of the content of each BIOS firmware is passed, verifying the identification of each BIOS firmware.
S205: and starting the multi-path server when the identification of each BIOS firmware passes verification.
Wherein, dynamic connection refers to determining whether to establish connection or disconnect according to the signal. I.e. by different signal determinations to connect different modules and firmware.
After receiving the measurement signal, the editable logic module selects one firmware from the BIOS firmware as the current firmware only with the trusted measurement according to the measurement signal trusted module. The dynamic connection of the trusted module and the BIOS firmware refers to establishing connection of one or more BIOS firmware and the trusted module through the editable logic module according to the measurement signal. If one of the BIOS firmware and the trusted module are connected through the editable logic module, the trusted module acquires the content of the BIOS firmware through the editable module and performs trusted measurement on the acquired content of the BIOS firmware to obtain corresponding measurement values, the measurement values determined according to the content of each BIOS firmware are compared with standard measurement values, if the measurement values determined according to the content of one of the BIOS firmware are the same as the standard values corresponding to the content of the BIOS firmware, the verification result of the BIOS firmware is indicated to be successful, and if not, the verification result of the BIOS firmware is indicated to be failed.
The verification of the identity of the BIOS firmware is performed only if the contents of each BIOS firmware of the multi-server pass. The identification of the BIOS firmware may be a mark marked on the BIOS identification when the BIOS passes the verification, or a pre-mark, and the identification is used to distinguish that each BIOS firmware is a different firmware, that is, to avoid missing verification in the verification process, thereby causing the BIOS firmware of the multi-path server to be not verified, that is, to avoid running risk of the multi-path server caused by failing to verify all the BIOS firmware.
According to the credibility measuring method of the multi-path server, the editable logic module is used for realizing the gating connection of the credibility module and the BIOS firmware, the credibility measurement of each BIOS firmware is realized, and the verification of part of the BIOS firmware is avoided, so that the credibility of the credibility measurement of the multi-path server is enhanced, and the operation risk of the multi-path server is reduced. By verifying each BIOS firmware, whether each BIOS firmware is tampered can be effectively determined, and if the BIOS is tampered, the BIOS can be reflected by a credibility measurement result of a credible module, so that the risk of tampering the BIOS firmware is reduced.
In one embodiment, the content of each BIOS firmware of the multi-way server is the same, and the same content is adopted to facilitate the maintenance of the BIOS firmware. That is, the same contents of the BIOS firmware are used, which can reduce the verification of the contents of the BIOS firmware. Because the standard metric of each BIOS firmware is the same, the verification speed can be increased, and the verification speed is improved.
In one embodiment, the multi-server is stopped from being started when the verification result of the contents of any one of the BIOS firmware is failed or when the identification verification result of the BIOS firmware is failed.
Specifically, if the content verification result of at least one BIOS firmware in the multi-server fails, it indicates that there is an untrusted BIOS firmware in the multi-server, and the server is stopped to be started. The information of the untrusted BIOS firmware in the multi-path server can be fed back to the user, and the feedback form can be set according to the requirement or the actual operation environment, and can be transmitted to the user in a light, sound or text mode. Similarly, when the identification of the BIOS firmware is not verified, the multi-server is stopped from being started, and information of the untrusted BIOS firmware in the multi-server may be fed back to the user, where the feedback form is not specifically limited.
In one embodiment, after the identification of each of the BIOS firmware is verified, the method further comprises: and verifying the equipment hardware of the multi-path server, and starting the multi-path server when the equipment hardware of the multi-path server passes the verification.
Specifically, after the content and the identifier of the BIOS firmware are verified and the verification is passed, the trusted measurement of other device hardware of the multi-path server is further required, and if the trusted measurement result of the other device hardware is also passed, the multi-path server is continuously started. And the operation safety brought by the incredible hardware of other equipment is avoided.
In one embodiment, after the identification of each of the BIOS firmware is verified, the method further comprises: and verifying the equipment hardware of the multi-path server and the operating system of the multi-path server, and executing the starting of the multi-path server when the operating system of the multi-path server and the equipment hardware of the multi-path server are verified.
Specifically, after the content and the identification of the BIOS firmware are verified and the verification is passed, the operating system and other device hardware of the multi-path server also need to be subjected to trust measurement, and if the trust measurement result of the operating system and the trust measurement result of the other device hardware are both passed, the multi-path server is continuously started. And the operation safety brought by the incredibility of an operating system and other device hardware is avoided.
In one embodiment, after the identification of each of the BIOS firmware is verified, the method further comprises: and verifying the operating system of the multi-path server, and executing the starting of the multi-path server when the operating system of the multi-path server passes the verification.
Specifically, after the content and the identifier of the BIOS firmware are verified and the verification is passed, the operating system of the multi-path server needs to be subjected to the credibility measurement, and if the result of the credibility measurement of the operating system is also passed, the multi-path server is continuously started. And the operation safety caused by the incredibility of an operating system is avoided.
In one embodiment, the editable logic module dynamically connects the trusted module and the BIOS firmware according to the measurement signal, and the trusted module acquires and verifies the content of the BIOS firmware, including: the measuring signal sends out a first pulse low level to high level jump, the programmable logic module gates an interface access of a safety card of the trusted module and a first BIOS firmware interface access according to the measuring signal, and the first BIOS firmware is any one of the at least two BIOS firmware; reading the content of the first BIOS firmware by a security card of the trusted module, and verifying the content of the first BIOS1 firmware; if the verification result of the content of the first BIOS firmware is that the first BIOS firmware passes, the measurement signal sends out first pulse high level to low level jump and sends out second pulse low level to high level jump after keeping the low level for a period of time, the programmable logic module gates an interface access of a safety card of the trusted module and an interface access of second BIOS firmware according to the measurement signal, and the second BIOS firmware is any one of at least two BIOS firmware except the first BIOS firmware; until the verification result of the content of each of the at least two BIOS firmware pieces is a pass, S204 is performed.
In particular, the metrology signal is a pulsed signal, e.g. the pulsed signal may be a rectangular pulse. The measuring signal sends out a first pulse low level to high level jump, the programmable logic module gates a security card interface access of the trusted module and one BIOS firmware interface access of the multi-path server according to the pulse signal, the security card reads the content of the first BIOS firmware and carries out trusted measurement on the content of the first BIOS firmware to obtain a corresponding measuring value, the measuring value is compared with a standard measuring value, and whether the verification passes or not is determined according to the comparison result. If the metric value is consistent with the standard metric value, the verification is passed, otherwise, the verification is failed.
And under the condition that the content of the first BIOS firmware is verified, the measuring signal sends out a first pulse high level to low level jump, and the duration of the level is kept to be longer than the preset duration. The preset time duration can be customized, for example, the preset time duration can be defined as 10ms (10 ms), 12ms, 15ms or 20 ms. After the transition from the high level to the low level, the low level is maintained for a period of time, so that the measurement of the content of different BIOS firmware can be better distinguished. And the jump caused by current instability can be avoided, and misjudgment is caused.
And after the duration of the holding level is greater than the preset duration, the measuring signal sends out a second pulse low level to high level jump. The programmable logic module gates a security card interface access of the trusted module and one BIOS firmware interface access (second BIOS firmware) of the multi-path server according to the pulse signal, the security card reads the content of the second BIOS firmware and performs trusted measurement on the content of the second BIOS firmware to obtain a corresponding measurement value, the measurement value is compared with a standard measurement value, and whether verification passes or not is determined according to a comparison result.
The content of each BIOS firmware in the multi-path server is verified in the above manner. If the verification result of the content of each BIOS firmware is pass, step S204 is executed.
In one embodiment, after the programmable logic module gates the interface path of the security card of the trusted module and the interface path of the BIOS firmware of any one of the at least two BIOS firmware according to the metric signal, the method further includes: counting pulse serial numbers and recording pulse states, wherein the pulse serial numbers are divided into rising edge serial numbers and/or falling edge serial numbers, and the pulse states comprise three types, namely rising edge front, rising edge back, falling edge front and falling edge back; and determining prompt information according to the pulse sequence number and the pulse state, and prompting.
The pulse sequence number is used for recording the number and sequence of pulses, and the pulse sequence number can be obtained by recording the occurrence times and the occurrence sequence number of rising edges and/or falling edges. Preferably, the rising and falling edges are recorded simultaneously. The pulse state is used for recording the real state of the pulse, and comprises three types of states, namely a rising edge front state, a rising edge back state, a falling edge front state and a falling edge back state. Different pulse states, representing different verify results. And determining the verification result of each BIOS firmware according to the recorded pulse sequence number and the pulse state.
In one embodiment, the metric signal is held at a high level when the content verification result of any one of the at least two BIOS firmware is fail.
Specifically, if the contents of any of the BIOS firmware in the multi-server fails to verify, the metric signal is held high. I.e., feeding back the contents of the BIOS firmware with a high level fails the trustworthiness metric.
In one embodiment, determining and prompting the prompt information according to the pulse sequence number and the pulse state comprises: controlling at least one of the LED indicator light to be on or off, flashing at different frequencies or presenting different colors for prompting according to the pulse sequence number and the pulse state; and/or determining prompt information fed back to other terminals according to the pulse sequence number and the pulse state, and prompting the prompt information through voice or characters;
specifically, the LED indicator light is controlled to be on or off, flash at different frequencies or show at least one of different colors according to the pulse sequence number and the pulse state to prompt whether the starting of the multi-path server is abnormal or not. And similarly, determining prompt information fed back to other terminals according to the pulse serial number and the pulse state, and prompting whether the starting of the multi-channel server is abnormal or not through voice or characters.
In a specific embodiment, the feedback mode of the prompt message includes, but is not limited to, serial port printing, LED indication, log recording, restart, and shutdown.
In one embodiment, when the verification result of the content of each BIOS firmware is a first pass, when each BIOS firmware identification fails to verify, the method includes: when each BIOS firmware does not detect the corresponding identification, the identification verification fails; the method further comprises the following steps: the trusted module sends feedback information to the editable logic module, wherein the feedback information is used for feeding back that the identification verification fails; the editable logic module generates a signal for cold restarting the multi-path server according to the feedback information; and when the cold restart starting signal is received, identifying each BIOS firmware to obtain the identification of each BIOS firmware.
In one embodiment, the trusted module includes functionality to identify the BIOS firmware by which to distinguish between a plurality of different BIOS firmware.
Specifically, since the BIOS firmware is not identified when the multi-path server is started for the first time, although the content of the BIOS firmware is verified, the identification of the BIOS firmware is not verified, and the multi-path server cannot be started. And starting the multi-path server according to the starting signal of the cold restart multi-path server, wherein the corresponding identification is marked on the BIOS firmware at the moment, the identification of the BIOS firmware is verified to pass, and the multi-path server is started, or the credibility measurement of other equipment of the multi-path server and/or the operating system of the multi-path server is executed.
In one embodiment, after waiting a predetermined period of time under the condition that the trusted metric fails to cause the boot failure, if the metric signal does not meet the metric completion condition, the system may be subjected to a cold reboot operation.
In a specific embodiment, referring to fig. 1, the multi-way server 100 includes at least an editable logic module 101, a trusted module 102, a CPU103 (at least two, such as CPU1031 and CPU1032) and a BIOS firmware 104 (at least two, such as BIOS1041 and BIOS1042), wherein the editable logic module 101 is dynamically connected to the CPU103, the trusted module 102 and the BIOS firmware 104, and an interface (not shown) for prompting with other hardware devices.
For convenience of explanation, the trusted module is exemplified by a security card. The programmable logic module is connected with the CPU and the BIOS firmware through interface paths, and can be connected with the safety card through a control path;
the programmable logic module can be a complex programmable logic device CPLD or a programmable logic device FPGA;
the metrics for the multi-way server include a metrics layer including BIOS firmware, hardware devices, and an operating system. Wherein the core metric root and at least one metric layer, the same metric layer allowing stacking with the same number of devices.
There is provided a schematic diagram of a trust measurement method of a multi-path server, the method including:
s301: and in the starting process of the multi-path server, the safety card is powered on and reset preferentially.
S302: the safety card completes the processes of power-on reset, power-on self-test and the like. The trusted measurement function of the BIOS firmware is started, and the programmable logic module is informed by a control signal, namely a measurement enable signal EN (measurement signal).
S303: the measurement enabling signal EN sends out the jump from the low level to the high level of the 1 st pulse, the programmable logic module strobes the interface path of the safety card and the interface path of the first BIOS firmware according to the pulse signal, counts the pulse sequence number, and records the pulse state (the pulse state is before the rising edge, after the rising edge and before the falling edge or after the falling edge). The first BIOS firmware may be any one of the BIOS firmware, and has no direct association with the location of the BIOS firmware. Where the interface path may be a serial peripheral interface SPI. The pulse sequence number may be designed into two groups of counts, Flag1_ cnt count measures the rising edge of the enable signal EN, and Flag2_ cnt count enables the falling edge of the enable signal EN. And judging whether the credibility measure of the first BIOS firmware passes according to the two groups of counts of Flag1_ cnt, Flag2_ cnt and the logic pair pulse state.
S304: the security card reads the contents of the first BIOS firmware.
S305: and comparing the content of the BIOS firmware with the calculated standard value to determine a verification result. If the verification is passed, step S306 is executed, otherwise, step S307 is executed.
S306: if the result of the first confidence measure of the BIOS firmware measurement is a pass, the measurement enable signal EN sends a 1 st pulse high to low transition. And after the measurement enabling signal EN keeps the low level for a period of time (for example, the duration of keeping the low level is more than or equal to 10ms, 12ms or 13ms and the like), a 2 nd pulse low level is sent to jump to the high level, and the programmable logic module gates the safe card interface access and the second BIOS firmware interface access according to the pulse signal, counts the pulse sequence number and records the pulse state. The second BIOS firmware may be any one of BIOS firmware for distinguishing from the first BIOS firmware, and the first and second are not specifically defined herein. And the programmable logic module judges the measurement times according to the received measurement enabling signal EN, and if the measurement times accord with the 1 st measurement time sequence, the SPI interface of the safety card is connected with the SPI interface of the 1 st BIOS for 1 st measurement.
S307: if the result of the first confidence measure of the BIOS firmware measurement is fail, the measurement enable signal EN remains high. Namely, the SPI interfaces of the CPU, the BIOS and the safety card are kept in a disconnected state. And outputting prompt information for the first BIOS firmware credibility measurement verification failure. If corresponding feedback signals are given according to the pulse state, the LED indicating lamps can be controlled to be on or off, flicker at different frequencies or present different colors, the state of a maintenance interface of a client can be displayed, and the like. And feeding back the information of the failed measurement to the user, wherein the feedback modes comprise but are not limited to serial port printing, LED indication, log recording, restarting and shutdown. If the first BIOS fails to measure, the CPU reset state is kept, and the multi-path server fails to start.
S308: if the second BIOS firmware is passing, the third BIOS firmware is executed, and if the second BIOS firmware is passing, the next BIOS firmware is executed until one of the BIOS firmware is not passing, the trusted measurement is stopped, or until each BIOS firmware is passed, S309 is executed. To facilitate BIOS firmware maintenance, uniform firmware content may be employed, i.e., the content of each BIOS firmware in the multi-way server is the same. If all the BIOS in all the CPUs of the multi-path server pass the measurement, the multi-path server is started continuously, namely S309 is executed, and if the BIOS in any one CPU does not pass the measurement, the CPU reset state is kept, and the multi-path server fails to be started.
And S309, entering identification and verification of the BIOS firmware. Namely, the safety card confirms that the last BIOS measurement passes, the measurement enabling signal jumps from high level to low level, and the identification and the signature of the BIOS firmware are entered.
S310: and when the first starting measurement is completed and all the read BIOS firmware expansion information sections are not marked, the label verification fails, the security card provides the CPLD label verification failure result feedback for the CPLD through the GPIO signal, and the CPLD performs cold restart processing on the server according to the received label verification failure feedback signal. The BIOS firmware which is measured after the first start is marked by the safety card, so that the cold restart is electrified again, and the BIOS firmware mark can pass the verification. The safety card has an active identification function, and can distinguish a plurality of different BIOS firmware under the condition of keeping the content of the BIOS firmware consistent. When the whole multi-path server is measured for the first time, the BIOS firmware is not identified, and a re-measurement mechanism is introduced after the safety card identification is completed.
S311: and after BIOS firmware measurement and verification, entering hardware equipment and system boot program measurement, if the measurement is successful, normally starting the system of the multi-path server, otherwise, failing to start. And if the starting fails, feeding back the information of the failed measurement to the user, wherein the feedback mode comprises but is not limited to serial port printing, LED indication, log recording, restarting and shutdown.
In one embodiment, as shown in fig. 3, there is provided a multi-server trust measurement apparatus 300, comprising: the system comprises a control module 301, an editable logic module 302, at least two CPUs 303, a trusted module 304 and at least two BIOS firmware 305, wherein the editable logic module 302 is dynamically connected with the at least two CPUs 303, the trusted module 304 and the at least two BIOS305 firmware;
the control module 301 is configured to generate a metric signal after receiving a start signal of the multi-path server, and send the metric signal to the editable logic module 302;
the editable logic module 302 is configured to dynamically connect the trusted module 304 and the BIOS firmware 305 according to the measurement signal;
the trusted module 304 is configured to obtain and verify the content of the BIOS firmware 305;
the trusted module 304 is configured to verify the identifier of each BIOS firmware 305 when the verification result of the content of each BIOS firmware 305 passes;
a control module 301, configured to start the multi-way server when the identification of each BIOS firmware 305 passes verification.
In one embodiment, the control module 301 is configured to stop starting the multi-path server when the verification result of the content of any one of the BIOS firmware is failed or when the identification verification result of the BIOS firmware 305 is failed.
In one embodiment, the trusted module 304 is configured to, after said verification of the identity of each of said BIOS firmware 305,
verifying the equipment hardware of the multi-path server, and executing the starting of the multi-path server when the equipment hardware of the multi-path server passes the verification; or
Verifying the equipment hardware of the multi-path server and the operating system of the multi-path server, and executing the starting of the multi-path server when the operating system of the multi-path server and the equipment hardware of the multi-path server are verified; or
And verifying the operating system of the multi-path server, and executing the starting of the multi-path server when the operating system of the multi-path server passes the verification.
In one embodiment, the editable logic module 302 is configured to gate an interface path of the secure card of the trusted module 304 to interface with a first BIOS firmware 305 when the measurement signal issues a first pulse low-to-high transition, where the first BIOS firmware 305 is any one of the at least two BIOS firmware 305;
the security card of the trusted module 304 reads the content of the first BIOS firmware 305 and verifies the content of the first BIOS firmware 305;
if the verification result of the content of the first BIOS firmware 305 is pass, the measurement signal sends a first pulse high level to low level transition, and after the low level is maintained for a period of time, sends a second pulse low level to high level transition, an interface path of the secure card of the trusted module 304 and an interface path of a second BIOS firmware 305 are connected, and the second BIOS firmware 305 is any one of the at least two BIOS firmware 305 except the first BIOS firmware;
until the verification result of the content of each of the at least two BIOS firmware 305 is passed, performing the verification of the identity of each of the BIOS firmware 305 when the verification result of the content of each of the at least two BIOS firmware 305 is passed.
In one embodiment, the control module 301 is configured to hold the metric signal at a high level when the content verification result of any one of the at least two BIOS firmware 305 is failed.
In one embodiment, the metrology signal is a pulsed signal,
the programmable logic module 302 is configured to count pulse sequence numbers and record pulse states, where the pulse sequence numbers are divided into rising edge sequence numbers and/or falling edge sequence numbers, and the pulse states include three types, namely, rising edge front, rising edge back, falling edge front, and falling edge back;
and the control module 301 is configured to determine prompt information according to the pulse sequence number and the pulse state, and prompt.
In one embodiment, the control module 301 is configured to control at least one of turning on and off, flashing at different frequencies, or displaying different colors of an LED indicator for prompting according to the pulse sequence number and the pulse state; and/or determining prompt information fed back to other terminals according to the pulse serial number and the pulse state, and prompting the prompt information through voice or characters; and/or determining prompt information printed through the serial port according to the pulse serial number and the pulse state.
In one embodiment, when the verification result of the content of each BIOS firmware is a first pass, the when each BIOS firmware identification verification fails, the method includes: when each BIOS firmware does not detect the corresponding identification, the identification verification fails;
the trusted module 304 is configured to send feedback information to the editable logic module 302, where the feedback information is used to feed back that the identifier verification fails;
the editable logic module 302 is configured to generate a signal for cold restarting the multi-path server according to the feedback information;
the trusted module 304 is configured to identify each BIOS firmware when receiving the cold reboot start signal, and obtain an identifier of each BIOS firmware.
In one embodiment, there is provided a computer device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method for trustworthiness measurement of a multi-server as described in any above.
According to still another aspect of the present invention, there is provided a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method for measuring trustworthiness of a multi-server as described in any one of the above.
In the several embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a module or a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be substantially or partially implemented in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a part of the embodiments of the present invention, and not intended to limit the scope of the present invention, and all equivalent devices or equivalent processes performed by the present invention through the contents of the specification and the drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A credibility measuring method of a multi-path server is characterized in that the method is applied to the multi-path server,
the multi-way server comprises at least two CPUs, an editable logic module, a trusted module and at least two BIOS firmware,
the editable logic module is dynamically connected with the at least two CPUs, the trusted module and the at least two BIOS firmware;
the method comprises the following steps:
after receiving a starting signal of the multi-path server, generating a measurement signal and sending the measurement signal to the editable logic module;
the editable logic module dynamically connects the trusted module and the BIOS firmware according to the measurement signal;
the trusted module acquires and verifies the content of the BIOS firmware;
when the verification result of the content of each BIOS firmware is passed, verifying the identifier of each BIOS firmware;
and starting the multi-path server when the identification of each BIOS firmware passes verification.
2. The method of claim 1, further comprising:
when the verification result of the content of any one of the BIOS firmware is failed, or when the identification verification result of the BIOS firmware is failed,
and stopping starting the multi-path server.
3. The method of claim 1, wherein after the validation of the identity of each of the BIOS firmware passes, the method further comprises:
verifying the equipment hardware of the multi-path server, and executing the starting of the multi-path server when the equipment hardware of the multi-path server passes the verification; or
Verifying the equipment hardware of the multi-path server and the operating system of the multi-path server, and executing the starting of the multi-path server when the operating system of the multi-path server and the equipment hardware of the multi-path server are verified; or
And verifying the operating system of the multi-path server, and executing the starting of the multi-path server when the operating system of the multi-path server passes the verification.
4. The method of any of claims 1-3, wherein the editable logic module dynamically connects the trusted module and the BIOS firmware based on the metric signal, the trusted module obtaining and verifying contents of the BIOS firmware comprising:
the measurement signal sends out a first pulse low level to high level jump, the programmable logic module gates an interface access of a security card of the trusted module and a first BIOS firmware interface access according to the measurement signal, and the first BIOS firmware is any one of the at least two BIOS firmware;
reading the content of the first BIOS firmware by a security card of the trusted module, and verifying the content of the first BIOS firmware;
if the verification result of the content of the first BIOS firmware is that the content of the first BIOS firmware passes, the measurement signal sends a first pulse high level to low level jump, and after the low level is kept for a period of time, a second pulse low level to high level jump is sent, the programmable logic module gates an interface passage of a security card of the trusted module and an interface passage of second BIOS firmware according to the measurement signal, and the second BIOS firmware is any one of the at least two BIOS firmware except the first BIOS firmware;
until the verification result of the content of each BIOS firmware of the at least two BIOS firmware is passed, the verification of the identification of each BIOS firmware is executed when the verification result of the content of each BIOS firmware is passed.
5. The method of claim 4, further comprising:
when the content verification result of any one of the at least two BIOS firmware is failed, the measurement signal is kept at a high level.
6. The method of claim 4 or 5, wherein the measurement signal is a pulse signal,
after the programmable logic module gates an interface channel of a security card of the trusted module and any one of the at least two BIOS firmware interface channels according to the metric signal, the method further includes:
counting pulse serial numbers and recording pulse states, wherein the pulse serial numbers are divided into rising edge serial numbers and/or falling edge serial numbers, and the pulse states comprise three types, namely rising edge front, rising edge back, falling edge front and falling edge back;
and determining prompt information according to the pulse sequence number and the pulse state, and prompting.
7. The method of claim 6, wherein the determining and prompting of the prompt information according to the pulse sequence number and the pulse state comprises:
controlling at least one of an LED indicator light to be on or off, flash at different frequencies or present different colors to prompt according to the pulse sequence number and the pulse state; and/or
Determining prompt information fed back to other terminals according to the pulse serial number and the pulse state, and prompting the prompt information through voice or characters; and/or
And determining prompt information printed through the serial port according to the pulse serial number and the pulse state.
8. The method of any of claims 1-5, wherein the contents of each of the BIOS firmware are the same.
9. The method according to any of claims 1-5, wherein when the verification of the contents of each of the BIOS firmware is a first pass,
when each BIOS firmware identification verification fails, the steps include:
when each BIOS firmware does not detect the corresponding identification, the identification verification fails;
the method further comprises the following steps:
the trusted module sends feedback information to the editable logic module, wherein the feedback information is used for feeding back that the identification verification fails;
the editable logic module generates a starting signal for cold restarting the multi-path server according to the feedback information;
and when the cold restart starting signal is received, identifying each BIOS firmware to obtain the identification of each BIOS firmware.
10. The device for measuring the credibility of the multi-path server is applied to the multi-path server, and the multi-path server comprises at least two CPUs, an editable logic module, a credible module and at least two BIOS firmware, wherein the editable logic module is dynamically connected with the at least two CPUs, the credible module and the at least two BIOS firmware;
the device comprises:
the control module is used for generating a measurement signal and sending the measurement signal to the editable logic module after receiving a starting signal of the multi-path server;
the editable logic module is used for dynamically connecting the trusted module and the BIOS firmware according to the measurement signal;
the trusted module is used for acquiring and verifying the content of the BIOS firmware;
the trusted module is used for verifying the identification of each BIOS firmware when the verification result of the content of each BIOS firmware passes;
and the control module is used for starting the multi-path server when the identification of each BIOS firmware passes verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111337399.9A CN114048484A (en) | 2021-11-11 | 2021-11-11 | Method and device for measuring credibility of multi-path server and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111337399.9A CN114048484A (en) | 2021-11-11 | 2021-11-11 | Method and device for measuring credibility of multi-path server and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114048484A true CN114048484A (en) | 2022-02-15 |
Family
ID=80208657
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111337399.9A Pending CN114048484A (en) | 2021-11-11 | 2021-11-11 | Method and device for measuring credibility of multi-path server and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114048484A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112817643A (en) * | 2021-01-15 | 2021-05-18 | 浪潮电子信息产业股份有限公司 | Dual-BIOS measurement method, device and equipment for multi-path server |
| CN114666103A (en) * | 2022-03-04 | 2022-06-24 | 阿里巴巴(中国)有限公司 | Credible measuring device, equipment and system and credible identity authentication method |
-
2021
- 2021-11-11 CN CN202111337399.9A patent/CN114048484A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112817643A (en) * | 2021-01-15 | 2021-05-18 | 浪潮电子信息产业股份有限公司 | Dual-BIOS measurement method, device and equipment for multi-path server |
| CN114666103A (en) * | 2022-03-04 | 2022-06-24 | 阿里巴巴(中国)有限公司 | Credible measuring device, equipment and system and credible identity authentication method |
| CN114666103B (en) * | 2022-03-04 | 2023-08-15 | 阿里巴巴(中国)有限公司 | Trusted measurement device, equipment, system and trusted identity authentication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114048484A (en) | Method and device for measuring credibility of multi-path server and computer equipment | |
| US9778988B2 (en) | Power failure detection system and method | |
| CN106294102B (en) | Application program testing method, client, server and system | |
| US8307439B2 (en) | Add-in card based cheat detection platform for online applications | |
| US10223318B2 (en) | Hot plugging peripheral connected interface express (PCIe) cards | |
| CN106547653B (en) | Computer system fault state detection method, device and system | |
| US11163865B2 (en) | Trusted computing method, and server | |
| US20230121492A1 (en) | Monitoring and control method, circuit, and device for on-board trusted platform | |
| US11438987B2 (en) | Lighting control method, system and device for NVME backboard, and medium | |
| CN107783788A (en) | The method started shooting after detection means and detection before start | |
| WO2022148324A1 (en) | I2c bus monitoring method, apparatus, and system, and storage medium | |
| CN114510381A (en) | Fault injection method, device, equipment and storage medium | |
| JP5689783B2 (en) | Computer, computer system, and failure information management method | |
| US11954236B2 (en) | Authenticity verification | |
| CN110502250A (en) | A kind of upgrade method and baseboard management controller | |
| US20210334153A1 (en) | Remote error detection method adapted for a remote computer device to detect errors that occur in a service computer device | |
| CN112231170B (en) | Data interaction card supervision method, system, terminal and storage medium | |
| US11726853B2 (en) | Electronic control device | |
| CN114996069A (en) | Mainboard test method, device and medium | |
| CN114090488A (en) | Credibility measurement expansion board, basic input and output system, credibility measurement method and device | |
| CN105511848A (en) | Method and device for detecting DLL | |
| CN112650557B (en) | Command execution method and device | |
| US11487872B2 (en) | Detection of hardware security attacks | |
| CN116524987A (en) | RPMB test method, device, computer equipment and storage medium | |
| CN112698995B (en) | Serial port information positioning method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |