CN114117444A - Hard disk binding starting method based on Initrd file system - Google Patents

Hard disk binding starting method based on Initrd file system Download PDF

Info

Publication number
CN114117444A
CN114117444A CN202111292803.5A CN202111292803A CN114117444A CN 114117444 A CN114117444 A CN 114117444A CN 202111292803 A CN202111292803 A CN 202111292803A CN 114117444 A CN114117444 A CN 114117444A
Authority
CN
China
Prior art keywords
hard disk
serial number
computer system
unique
binding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111292803.5A
Other languages
Chinese (zh)
Inventor
段红涛
韩正赟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kirin Software Co Ltd
Original Assignee
Kirin Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kirin Software Co Ltd filed Critical Kirin Software Co Ltd
Priority to CN202111292803.5A priority Critical patent/CN114117444A/en
Publication of CN114117444A publication Critical patent/CN114117444A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order

Abstract

The invention provides a hard disk binding starting method based on an Initrd file system, which comprises the following steps: writing a unique hard disk serial number in the computer system; adding an authentication program of a hard disk serial number in an Initrd file system; and starting the computer system, authenticating the hard disk serial number by the authentication program, normally starting the computer system if the hard disk serial number authenticated by the authentication program is consistent with the unique hard disk serial number, and shutting down the computer system if the hard disk serial number authenticated by the authentication program is inconsistent with the unique hard disk serial number. The method solves the problem that the hard disk binding needs additional assistance by customizing hardware, can identify the risk point to prevent the abnormal starting condition in the system starting stage, and ensures the safe starting.

Description

Hard disk binding starting method based on Initrd file system
Technical Field
The invention relates to the technical field of information security, in particular to a hard disk binding starting method based on an Initrd file system.
Background
Computer security is always a hot spot of domestic and foreign research, and the secure start of a computer is the first step of using the computer, which is a more important defense line, and in reality, the situation of normally starting a system after a hard disk is replaced randomly exists, and personal information of a user cannot be effectively protected for computers produced in batches.
In order to solve the above problems, in the prior art, for example, in the application of industrial control equipment, there is a method for authorizing a hard disk matching a serial number by binding the serial number of the hard disk with a BIOS of a motherboard, so as to ensure safe start; the proposal also provides mutual binding of the BIOS, the mainboard and the hard disk, and the starting safety is ensured by judging whether the mainboard is matched with the BIOS, whether the hard disk is matched with the BIOS and whether the hard disk is matched with the mainboard.
However, both of the above two methods have problems because both of the above two methods need to perform the cooperative authentication based on the BIOS, and although the cooperative authentication scheme based on the BIOS can ensure the start-up safety of the computer and has higher security, the implementation is complicated, the BIOS or the motherboard needs to be customized for the hard disk, the corresponding technology needs to be matched with the motherboard and the BIOS, if the motherboard is replaced or the BIOS is updated, the corresponding motherboard and the BIOS need to be synchronously customized, and the universality is also reduced.
Therefore, for the problems in the prior art, it is necessary to provide a secure boot scheme for hard disk binding to solve the problem that additional assistance is required for hardware customization.
Disclosure of Invention
The invention provides a hard disk binding starting method based on an Initrd file system, which solves the problem that hard disk binding needs additional assistance of customized hardware, can identify a risk point to prevent abnormal starting at the system starting stage, and ensures safe starting.
In order to achieve the above and other related objects, the present invention provides a hard disk binding startup method based on an Initrd file system, including:
writing a unique hard disk serial number in the computer system;
adding an authentication program of a hard disk serial number in an Initrd file system;
and starting the computer system, authenticating the hard disk serial number by the authentication program, normally starting the computer system if the hard disk serial number authenticated by the authentication program is consistent with the unique hard disk serial number, and shutting down the computer system if the hard disk serial number authenticated by the authentication program is inconsistent with the unique hard disk serial number.
Preferably, the writing of the unique hard disk serial number in the computer system specifically includes:
selecting a partition in the computer system as a particular partition;
acquiring the disk number of the disk where the specific partition is located;
acquiring a unique serial number of a hard disk according to the disk partition of the disk where the specific partition is located;
and writing the unique serial number of the hard disk into a mark file.
Preferably, the authentication program performs authentication of the hard disk serial number, and specifically includes:
detecting whether the computer system has the mark file or not, if so, performing the next authentication, and if not, shutting down the computer system;
detecting whether the specific partition exists, if so, detecting the disk number of a disk where the specific partition is located, and acquiring a corresponding hard disk serial number according to the disk number; if not, shutting down the machine;
and judging whether the hard disk serial number is consistent with the unique hard disk serial number, if so, successfully authenticating, normally starting the computer system, and if not, failing to authenticate, and shutting down the computer system.
Preferably, the corresponding hard disk serial number is obtained according to the disk number through an hdparm command.
Preferably, the method further comprises testing the hard disk binding start method, and specifically comprises:
manufacturing a mirrored system of the computer system;
and installing the mirror image system and restarting the system for testing.
Preferably, the manufacturing of the mirror image system of the computer system specifically includes:
writing the technology for writing the unique hard disk serial number in the computer system and the authentication technology of the authentication program into a binary package;
writing the binary package to a computer system and manufacturing a mirrored system of the computer system.
Preferably, the testing specifically comprises:
installing the mirror system;
normally starting without replacing the hard disk, and checking whether the prompt message is normal;
replacing the hard disk with the mark file, and checking whether the mirror image system can be normally started;
and replacing the hard disk with the specific partition, and checking whether the mirror image system can be normally started.
Based on the same inventive concept, the present invention also provides an electronic device comprising a processor and a memory, wherein the memory stores a computer program, and the computer program realizes the method of any one of the above items when being executed by the processor.
Based on the same inventive concept, the present invention further provides a readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the method of any one of the above.
In conclusion, the invention provides a hard disk binding starting method based on the Initrd file system, which solves the problem that the hard disk binding needs additional assistance of hardware customization, identifies the risk point to prevent the abnormal starting condition in the system starting stage, and ensures the safe starting; furthermore, the key mark information of the hard disk comprises the serial number and the partition condition of the hard disk, so that the authentication of the hard disk is enhanced; still further, the invention is convenient for managing and transplanting the binary package in the writing and authentication process of the hard disk serial number to other platforms.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic diagram illustrating steps of a hard disk binding start method based on an Initrd file system according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an authentication flow in a hard disk binding and starting method based on the Initrd file system according to an embodiment of the present invention.
Detailed Description
The hard disk binding startup method based on the Initrd file system proposed by the present invention is further described in detail with reference to fig. 1-2 and the detailed description below. The advantages and features of the present invention will become more apparent from the following description. It is to be noted that the drawings are in a very simplified form and are all used in a non-precise scale for the purpose of facilitating and distinctly aiding in the description of the embodiments of the present invention. To make the objects, features and advantages of the present invention comprehensible, reference is made to the accompanying drawings. It should be understood that the structures, ratios, sizes, and the like shown in the drawings and described in the specification are only used for matching with the disclosure of the specification, so as to be understood and read by those skilled in the art, and are not used to limit the implementation conditions of the present invention, so that the present invention has no technical significance, and any structural modification, ratio relationship change or size adjustment should still fall within the scope of the present invention without affecting the efficacy and the achievable purpose of the present invention.
First, technical terms related to the present invention will be described.
initrd file system: refers to an initial root file system that is mounted into the system before the actual root file system is available. initrd is bound to the kernel and is loaded as part of the kernel boot process. The kernel will then load the module with this initrd file as part of its two-phase boot process, so that the real file system can be used later and the actual root file system mounted.
Hard disk binding: refers to the authentication of the unique identity of the hard disk firmware.
Referring to fig. 1, the present invention provides a hard disk binding startup method based on an Initrd file system, including the following steps:
and S100, writing the unique hard disk serial number into the computer system.
In this embodiment, as for step S100, specifically, based on an ARM/MIPS hardware platform and a software environment of a domestic standard kylin desktop operating system, writing a unique serial number into a hard disk is added in an installer, and the serial number is written into a designated file, so that the serial number is conveniently authenticated when the system is started.
The writing step comprises:
1) detecting whether the operating system uses a single disk or a double disk, and if the operating system uses a single disk, writing a subsequent hard disk serial number into a flag file, for example: (iv)/etc/HOMESILBLE; if it is a dual disc, another flag file is written, for example: /ete/HOMEDBLE.
2) Selecting a partition in the computer system as a particular partition;
3) acquiring the disk number of a disk where the specific partition (such as the HOME partition) is located;
4) acquiring a unique serial number of a hard disk according to the disk partition of the disk where the specific partition is located;
5) writing the unique serial number of the hard disk into a mark file to facilitate subsequent authentication;
s200, adding an authentication program of a hard disk serial number in an Initrd file system;
s300, starting the computer system, authenticating the hard disk serial number by the authentication program, normally starting if the hard disk serial number authenticated by the authentication program is consistent with the unique hard disk serial number, and shutting down if the hard disk serial number authenticated by the authentication program is inconsistent with the unique hard disk serial number.
In this embodiment, as for step S300, the serial number of the system hard disk authenticated in the initrd system includes a plurality of detailed steps, and the specific flow is as shown in fig. 2:
1) detecting and judging that the starting system is a mark file of a single disk or a double disk, if the mark file (such as/etc/HOMENGLE or/ete/HOMEDBLE) exists, giving related prompt information, continuing the next step, and if the mark file does not exist, shutting down the system after the prompt information;
2) judging whether the specific partition exists, if so, giving related prompt information and then carrying out next detection, and if not, shutting down the prompt information;
3) detecting the disk number of the disk where the specific partition (such as the HOME partition) is located when the system is started:
4) the hard disk serial number corresponding to the disk number is inquired through the hdparm command, which refers to the parameter for detecting, displaying and setting IDE or SCSI hard disk and is a common tool for testing the hard disk reading performance.
5) And comparing 4) whether the serial number read in the step is consistent with the serial number written in the mark file (/ etc/HOMESINGLE or/ete/HOMEDBLE) in the system, if the serial numbers are consistent, the hard disk is not replaced, the hard disk can be safely started, and if the serial numbers are not consistent, the information is prompted to be shut down.
In this embodiment, the method further includes testing the hard disk binding start method, and specifically includes:
1) manufacturing a mirrored system of the computer system;
2) and installing the mirror image system and restarting the system for testing.
In this embodiment, the manufacturing of the mirror system of the computer system specifically includes:
1) writing the technology for writing the unique hard disk serial number in the computer system and the authentication technology of the authentication program into a binary package;
2) writing the binary package to a computer system and manufacturing a mirrored system of the computer system.
In this embodiment, the testing specifically includes:
1) installing the mirror system;
2) normally starting without replacing the hard disk, checking whether the prompt message is normal, if normal, completing the first layer test, and performing the second layer test, if not, the technology of writing the unique hard disk serial number in the computer system or the authentication technology of the authentication program has problems.
Changing the hard disk with the mark file, checking whether the mirror system can be normally started, if the mirror system can be normally started, the technology of writing the unique hard disk serial number in the computer system or the authentication technology of the authentication program has problems, and if the mirror system can not be normally started, completing the second-layer test and carrying out a third-layer test;
and replacing the hard disk with the specific partition, checking whether the mirror system can be normally started, if the mirror system can be normally started, solving the problem in the technology of writing the unique hard disk serial number in the computer system or the authentication technology of the authentication program, and if the mirror system can not be normally started, completing the test of the third layer so as to complete the test of the method.
Based on the same inventive concept, the invention further provides an electronic device, which includes a processor and a memory, where the memory stores a computer program, and when the computer program is executed by the processor, the method for binding and starting a hard disk based on the Initrd file system is implemented.
The processor may be, in some embodiments, a Central Processing Unit (CPU), a controller, a microcontroller, a microprocessor (e.g., a GPU), or other data Processing chip. The processor is typically used to control the overall operation of the electronic device. In this embodiment, the processor is configured to run a program code stored in the memory or process data, for example, run a program code of the hard disk binding startup method based on the Initrd file system.
The memory includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage may be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. In other embodiments, the memory may also be an external storage device of the electronic device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the electronic device. Of course, the memory may also include both internal and external memory units of the electronic device. In this embodiment, the memory is generally used to store an operating method installed in the electronic device and various types of application software, such as a program code of a hard disk binding start method based on the Initrd file system. In addition, the memory may also be used to temporarily store various types of data that have been output or are to be output.
Based on the same idea, the invention further provides a readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the hard disk binding starting method based on the Initrd file system is implemented.
The invention has the advantages that the hard disk binding starting method based on the Initrd file system is provided, the problem that the hard disk binding needs additional assistance of hardware customization is solved, the risk point is identified in the system starting stage to prevent abnormal starting, and safe starting is ensured; furthermore, the key mark information of the hard disk comprises the serial number and the partition condition of the hard disk, so that the authentication of the hard disk is enhanced; still further, the invention is convenient for managing and transplanting the binary package in the writing and authentication process of the hard disk serial number to other platforms.
While the present invention has been described in detail with reference to the preferred embodiments, it should be understood that the above description should not be taken as limiting the invention. Various modifications and alterations to this invention will become apparent to those skilled in the art upon reading the foregoing description. Accordingly, the scope of the invention should be determined from the following claims.

Claims (9)

1. A hard disk binding starting method based on an Initrd file system is characterized by comprising the following steps:
writing a unique hard disk serial number in the computer system;
adding an authentication program of a hard disk serial number in an Initrd file system;
and starting the computer system, authenticating the hard disk serial number by the authentication program, normally starting the computer system if the hard disk serial number authenticated by the authentication program is consistent with the unique hard disk serial number, and shutting down the computer system if the hard disk serial number authenticated by the authentication program is inconsistent with the unique hard disk serial number.
2. The Initrd file system-based hard disk binding startup method according to claim 1, wherein writing a unique hard disk serial number in the computer system specifically includes:
selecting a partition in the computer system as a particular partition;
acquiring the disk number of the disk where the specific partition is located;
acquiring a unique serial number of a hard disk according to the disk partition of the disk where the specific partition is located;
and writing the unique serial number of the hard disk into a mark file.
3. The Initrd file system-based hard disk binding startup method according to claim 2, wherein the authentication program performs authentication of a hard disk serial number, and specifically comprises:
detecting whether the computer system has the mark file or not, if so, performing the next authentication, and if not, shutting down the computer system;
detecting whether the specific partition exists, if so, detecting the disk number of a disk where the specific partition is located, and acquiring a corresponding hard disk serial number according to the disk number; if not, shutting down the machine;
and judging whether the hard disk serial number is consistent with the unique hard disk serial number, if so, successfully authenticating, normally starting the computer system, and if not, failing to authenticate, and shutting down the computer system.
4. The Initrd file system-based hard disk binding startup method according to claim 3, wherein a corresponding hard disk serial number is obtained according to the disk number through an hdparm command.
5. The Initrd file system-based hard disk binding startup method according to claim 3, further comprising testing the hard disk binding startup method, specifically comprising:
manufacturing a mirrored system of the computer system;
and installing the mirror image system and restarting the system for testing.
6. The Initrd file system-based hard disk binding boot method according to claim 5, wherein manufacturing the mirror system of the computer system specifically includes:
writing the technology for writing the unique hard disk serial number in the computer system and the authentication technology of the authentication program into a binary package;
writing the binary package to a computer system and manufacturing a mirrored system of the computer system.
7. The Initrd file system-based hard disk binding startup method according to claim 6, wherein the testing specifically comprises:
installing the mirror system;
normally starting without replacing the hard disk, and checking whether the prompt message is normal;
replacing the hard disk with the mark file, and checking whether the mirror image system can be normally started;
and replacing the hard disk with the specific partition, and checking whether the mirror image system can be normally started.
8. An electronic device comprising a processor and a memory, the memory having stored thereon a computer program which, when executed by the processor, implements the method of any of claims 1 to 7.
9. A readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 7.
CN202111292803.5A 2021-11-03 2021-11-03 Hard disk binding starting method based on Initrd file system Pending CN114117444A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111292803.5A CN114117444A (en) 2021-11-03 2021-11-03 Hard disk binding starting method based on Initrd file system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111292803.5A CN114117444A (en) 2021-11-03 2021-11-03 Hard disk binding starting method based on Initrd file system

Publications (1)

Publication Number Publication Date
CN114117444A true CN114117444A (en) 2022-03-01

Family

ID=80380401

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111292803.5A Pending CN114117444A (en) 2021-11-03 2021-11-03 Hard disk binding starting method based on Initrd file system

Country Status (1)

Country Link
CN (1) CN114117444A (en)

Similar Documents

Publication Publication Date Title
US10613773B2 (en) Backing up firmware during initialization of device
US8255678B2 (en) Method of booting a processing device
US8554686B2 (en) Anti-hack protection to restrict installation of operating systems and other software
TW201519100A (en) System and method for auto-enrolling option ROMs in a UEFI secure boot database
CN103718165A (en) BIOS flash attack protection and notification
WO2012031567A1 (en) Fault tolerance method and device for file system
JP2006522968A (en) Control execution of programs for virtual machines on portable data carriers
US7836219B1 (en) System and method for authentication of embedded RAID on a host RAID card
US7047565B2 (en) Method and system for capturing in-service date information
JP2008546122A (en) Mechanism for evaluating token-enabled computer systems
CN111666574A (en) Method for binding BIOS (basic input output System), mainboard and hard disk mutually
CN114117444A (en) Hard disk binding starting method based on Initrd file system
TWI467408B (en) Embedded devices and control methods thereof
CN111258617B (en) Electronic equipment
JPH03147086A (en) Ic card
CN112632482A (en) Target application running method and device and storage medium
CN115129384A (en) Electronic equipment and running method of starting program of electronic equipment
TWM575145U (en) System for preserving data
CN115118413B (en) TDS validity testing method and device, electronic equipment and storage medium
CN117574352B (en) Software and hardware combined anti-counterfeiting method, system, equipment and storage medium
US7502942B1 (en) System and method for authentication of embedded raid on a motherboard having input/output processor
CN113094107B (en) Data protection method, device, equipment and computer storage medium
CN111291363B (en) Communication module operation processing method and device, communication module and computer readable medium
US20230094673A1 (en) Information handling systems and related methods to prevent tampering and verify the integrity of non-volatile data stored within non-volatile memory
CN116820849A (en) Memory SPD read-write test method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination