CN114357464A - Firmware verification method and device, storage medium and electronic device - Google Patents

Firmware verification method and device, storage medium and electronic device Download PDF

Info

Publication number
CN114357464A
CN114357464A CN202111679002.4A CN202111679002A CN114357464A CN 114357464 A CN114357464 A CN 114357464A CN 202111679002 A CN202111679002 A CN 202111679002A CN 114357464 A CN114357464 A CN 114357464A
Authority
CN
China
Prior art keywords
firmware
bmc
hash value
head
trusted signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111679002.4A
Other languages
Chinese (zh)
Inventor
刘春明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Priority to CN202111679002.4A priority Critical patent/CN114357464A/en
Publication of CN114357464A publication Critical patent/CN114357464A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a method and a device for verifying firmware, a storage medium and an electronic device, wherein the method comprises the following steps: under the condition that the server is determined to be started, acquiring a decryption public key of an encrypted trusted signature head, wherein the trusted signature head is generated by a Baseboard Management Controller (BMC), and the trusted signature head comprises a first firmware hash value of firmware of the BMC; decrypting the obtained trusted signature head by using the decryption public key to obtain a first firmware hash value; verifying the firmware of the BMC based on a comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC, wherein the second firmware hash value is an unencrypted value. By the method and the device, the problem of verifying the firmware in the related technology is solved, and the effect of effectively verifying the firmware is achieved.

Description

Firmware verification method and device, storage medium and electronic device
Technical Field
The embodiment of the invention relates to the field of computers, in particular to a firmware verification method and device, a storage medium and an electronic device.
Background
And storing the public key into a trusted hardware TPM or TCM, and then carrying out security verification on the firmware through TPM chips and TCM chips. An additional TPM or TCM chip firmware signature public key is needed, and the hardware cost of the product is increased. Moreover, external API interfaces of the TPM and the TCM need to be adapted, a physical channel needs to be reserved to be connected to the TPM and the TCM chips, the technology is relatively immature, and the development difficulty is large.
Disclosure of Invention
The embodiment of the invention provides a firmware verification method and device, a storage medium and an electronic device, which are used for at least solving the problem of verifying firmware in the related art.
According to an embodiment of the present invention, there is provided a method of verifying firmware, including: under the condition that the server is determined to be started, acquiring a decryption public key of an encrypted trusted signature head, wherein the trusted signature head is generated by a Baseboard Management Controller (BMC), and the trusted signature head comprises a first firmware hash value of firmware of the BMC; decrypting the obtained credible signing head by using the decryption public key to obtain the first firmware hash value; verifying the firmware of the BMC based on a comparison result between the first firmware hash value and a second firmware hash value of the firmware of the BMC, wherein the second firmware hash value is a non-encrypted value.
According to another embodiment of the present invention, there is provided a firmware verification method including: generating a trusted signature head of firmware of a Baseboard Management Controller (BMC), wherein the trusted signature head comprises a first firmware hash value of the firmware of the BMC, and the trusted signature head is in an encrypted state; under the condition that the server is determined to be started, calculating a hash value of the read firmware of the BMC, and determining a second firmware hash value, wherein the second firmware hash value is an unencrypted value; sending the trusted signature header and the second firmware hash value to a BIOS to instruct the BIOS to verify the firmware of the BMC using the first firmware hash value and the second firmware hash value.
According to another embodiment of the present invention, there is provided a verification apparatus of firmware, including: the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a decryption public key of an encrypted trusted signature head under the condition that the server is determined to be started, the trusted signature head is generated by a Baseboard Management Controller (BMC), and the trusted signature head comprises a first firmware hash value of firmware of the BMC; a second obtaining module, configured to decrypt the obtained trusted signature header by using the decryption public key to obtain the first firmware hash value; a first verification module, configured to verify the firmware of the BMC based on a comparison result between the first firmware hash value and a second firmware hash value of the firmware of the BMC, where the second firmware hash value is an unencrypted value.
In an exemplary embodiment, the apparatus further includes: the first determining module is configured to determine that the firmware of the BMC is abnormal when the second firmware hash value and/or the signable header is not acquired within a preset time before the firmware of the BMC is verified based on a comparison result between the first firmware hash value and the second firmware hash value of the firmware of the BMC.
In an exemplary embodiment, the first verification module includes: a first determining unit, configured to determine that the firmware of the BMC is in a normal state when the first firmware hash value and the second firmware hash value are the same.
In an exemplary embodiment, the apparatus further includes: the first setting module is used for setting a flag bit of a register of the BMC to be a first preset value after the firmware of the BMC is determined to be in a normal state under the condition that the first firmware hash value is identical to the second firmware hash value, so as to indicate that the complex programmable logic device CPLD triggers the firmware of the BMC to normally operate.
In an exemplary embodiment, the first verification module includes: and the second determining unit is used for determining that the firmware of the BMC is in an abnormal state under the condition that the first firmware hash value is different from the second firmware hash value.
In an exemplary embodiment, the apparatus further includes: the second setting module is used for setting a flag bit of a register of the BMC to a second preset value to mark that the firmware of the BMC is not credible after the firmware of the BMC is determined to be in an abnormal state under the condition that the first firmware hash value and the second firmware hash value are the same; and the first indicating module is used for indicating the CPLD to continuously restart the firmware of the BMC.
In an exemplary embodiment, the first obtaining module includes: and the first acquisition unit is used for always acquiring the decryption public key from the Basic Input Output System (BIOS) under the condition that the server is determined to be started.
According to another embodiment of the present invention, there is provided a verification apparatus of firmware, including: the system comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for generating a trusted signature head of firmware of a Baseboard Management Controller (BMC), the trusted signature head comprises a first firmware hash value of the firmware of the BMC, and the trusted signature head is in an encrypted state; a first calculating module, configured to calculate a hash value of the read firmware of the BMC and determine a second firmware hash value when it is determined that the server is started, where the second firmware hash value is an unencrypted value; the first sending module is configured to send the trusted signature header and the second firmware hash value to a BIOS, so as to instruct the BIOS to verify the firmware of the BMC by using the first firmware hash value and the second firmware hash value.
In an exemplary embodiment, the apparatus further comprises one of: the first storage module is used for storing a decryption public key of the credible signature head into the BIOS after the credible signature head of the firmware of the baseboard management controller BMC is generated; and the second storage module is used for storing the credible signature head into a read-only storage medium under the condition that the firmware of the BMC is upgraded or the firmware is burnt by the BMC.
In an exemplary embodiment, the apparatus further includes: a first reading module, configured to, after storing the trusted signature head in a read-only storage medium, read the trusted signature head from the read-only storage medium if it is determined that the server is started; and the third storage module is used for storing the credible signature head into the memory of the BMC.
In an exemplary embodiment, the apparatus further includes: and the fourth saving module is used for calculating the read hash value of the firmware of the BMC under the condition that the server is determined to be started, and saving the second firmware hash value into the memory of the BMC after determining the second firmware hash value.
According to a further embodiment of the present invention, there is also provided a computer-readable storage medium having a computer program stored thereon, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
According to yet another embodiment of the present invention, there is also provided an electronic device, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the above method embodiments.
According to the method and the device, the decryption public key of the encrypted trusted signature head is obtained under the condition that the server is determined to be started, wherein the trusted signature head is generated by a Baseboard Management Controller (BMC), and the trusted signature head comprises a first firmware hash value of a firmware of the BMC; decrypting the obtained trusted signature head by using the decryption public key to obtain a first firmware hash value; verifying the firmware of the BMC based on a comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC, wherein the second firmware hash value is an unencrypted value. The purpose of verifying the trusted signature head of the BMC firmware through the BIOS is achieved, and the trusted safety of the BMC firmware is achieved. Therefore, the problem of verifying the firmware in the related art can be solved, and the effect of effectively verifying the firmware is achieved.
Drawings
Fig. 1 is a block diagram of a hardware configuration of a mobile terminal according to a method for verifying firmware according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method of verification of firmware according to an embodiment of the invention;
FIG. 3 is a flow chart of a method of verification of firmware according to an embodiment of the invention (two);
FIG. 4 is an overall flow diagram according to an embodiment of the invention;
FIG. 5 is a schematic diagram of a link structure according to an embodiment of the invention;
FIG. 6 is a block diagram (one) of the structure of an authentication apparatus of firmware according to an embodiment of the present invention;
fig. 7 is a block diagram (ii) of the configuration of the authentication apparatus of firmware according to the embodiment of the present invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings in conjunction with the embodiments.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
The method embodiments provided in the embodiments of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Taking the example of the method running on the mobile terminal, fig. 1 is a hardware structure block diagram of the mobile terminal of the method for verifying the firmware according to the embodiment of the present invention. As shown in fig. 1, the mobile terminal may include one or more (only one shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), and a memory 104 for storing data, wherein the mobile terminal may further include a transmission device 106 for communication functions and an input-output device 108. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration, and does not limit the structure of the mobile terminal. For example, the mobile terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store computer programs, for example, software programs and modules of application software, such as computer programs corresponding to the firmware verification method in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the computer programs stored in the memory 104, so as to implement the above-mentioned method. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the mobile terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a Network adapter (NIC), which can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
In this embodiment, a method for verifying firmware is provided, and fig. 2 is a flowchart (a) of a method for verifying firmware according to an embodiment of the present invention, where as shown in fig. 2, the flowchart includes the following steps:
step S202, under the condition that the server is determined to be started, a decryption public key of an encrypted trusted signature head is obtained, wherein the trusted signature head is generated by a Baseboard Management Controller (BMC), and the trusted signature head comprises a first firmware hash value of firmware of the BMC;
in this embodiment, the trusted signature header is encrypted after BMC generation. When the BMC firmware is upgraded or directly leaves a factory to burn the firmware, the trusted signature head corresponding to the BMC firmware is stored in a read-only storage medium ROM connected with the BMC (the trusted signature head is prevented from being lost or tampered, and the failure of the BMC firmware trusted verification is avoided).
And when the BIOS is started, the saved BMC firmware trusted signature decryption public key is obtained from the BIOS SPI FALSH and is saved in a BIOS memory.
Step S204, decrypting the obtained trusted signature head by using the decryption public key to obtain a first firmware hash value;
in step S206, the firmware of the BMC is verified based on the comparison result between the first firmware hash value and a second firmware hash value of the firmware of the BMC, where the second firmware hash value is an unencrypted value.
And the BIOS acquires the second firmware hash value through the KCS channel.
The main body of the above steps may be BIOS, etc., but is not limited thereto.
Through the steps, under the condition that the server is determined to be started, a decryption public key of an encrypted trusted signature head is obtained, wherein the trusted signature head is generated by the Baseboard Management Controller (BMC), and the trusted signature head comprises a first firmware hash value of the firmware of the BMC; decrypting the obtained trusted signature head by using the decryption public key to obtain a first firmware hash value; verifying the firmware of the BMC based on a comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC, wherein the second firmware hash value is an unencrypted value. The purpose of verifying the trusted signature head of the BMC firmware through the BIOS is achieved, and the trusted safety of the BMC firmware is achieved. Therefore, the problem of verifying the firmware in the related art can be solved, and the effect of effectively verifying the firmware is achieved.
In an exemplary embodiment, before verifying the firmware of the BMC based on the comparison between the first firmware hash value and the second firmware hash value of the firmware of the BMC, the method further includes:
and S1, determining that the firmware of the BMC is abnormal under the condition that the second firmware hash value and/or the credible signature head are not acquired within the preset time.
In this embodiment, when the second firmware hash value is not obtained within the preset time, it is determined that the firmware of the BMC is abnormal.
And determining that the firmware of the BMC is abnormal under the condition that the signable header is not acquired within the preset time.
And under the condition that the second firmware hash value and the trusted signature head are not obtained within the preset time, determining that the firmware of the BMC is abnormal.
In one exemplary embodiment, verifying the firmware of the BMC based on a comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC includes:
and S1, determining that the firmware of the BMC is in a normal state under the condition that the first firmware hash value and the second firmware hash value are the same.
In this embodiment, the BMC firmware is not tampered with when the first firmware hash value and the second firmware hash value are the same.
In an exemplary embodiment, after determining that the firmware of the BMC is in a normal state in a case that the first firmware hash value and the second firmware hash value are the same, the method further includes:
and S1, setting the flag bit of the register of the BMC to be a first preset value so as to indicate the complex programmable logic device CPLD to trigger the firmware of the BMC to normally operate.
In this embodiment, the BIOS writes to the CPLD BMC firmware trusted register 0x01, and the CPLD triggers an interrupt to notify the BMC to continue normal operation.
In one exemplary embodiment, verifying the firmware of the BMC based on a comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC includes:
and S1, determining that the firmware of the BMC is in an abnormal state under the condition that the first firmware hash value is different from the second firmware hash value.
In this implementation, when the first firmware hash value and the second firmware hash value are different, it is determined that the BMC firmware is tampered without being trusted.
In an exemplary embodiment, after determining that the firmware of the BMC is in the abnormal state in the case that the first firmware hash value and the second firmware hash value are the same, the method further includes:
s1, setting the flag bit of the register of the BMC to be a second preset value so as to mark that the firmware of the BMC is not credible;
and S2, indicating the CPLD to continuously restart the firmware of the BMC.
In this embodiment, the BMC firmware is tampered with, and the BIOS writes the CPLD BMC firmware register to 0x02, marking that the BMC firmware is not trusted. And the CPLD pulls the BMC watdog to continuously restart the BMC system according to the register zone bit, so that the BMC system is not started normally. And the user cannot normally use the BMC, so that the safety of the rectification server system is ensured.
In one exemplary embodiment, obtaining the decryption public key of the encrypted trusted signature header in case of determining that the server is booted includes:
s1, if the server is determined to be started, the decryption public key is always acquired from the BIOS.
In this embodiment, when the BIOS is started, the saved BMC firmware trusted signature decryption public key is obtained from the BIOS SPI false and is saved in the BIOS memory.
In this embodiment, a method for verifying firmware is provided, and fig. 3 is a flowchart (two) of a method for verifying firmware according to an embodiment of the present invention, where as shown in fig. 3, the flowchart includes the following steps:
step S302, generating a trusted signature head of the firmware of the BMC, wherein the trusted signature head comprises a first firmware hash value of the firmware of the BMC, and the trusted signature head is in an encryption state;
in this embodiment, the trusted signature header is encrypted after BMC generation. When the BMC firmware is upgraded or directly leaves a factory to burn the firmware, the trusted signature head corresponding to the BMC firmware is stored in a read-only storage medium ROM connected with the BMC (the trusted signature head is prevented from being lost or tampered, and the failure of the BMC firmware trusted verification is avoided).
And when the BIOS is started, the saved BMC firmware trusted signature decryption public key is obtained from the BIOS SPI FALSH and is saved in a BIOS memory.
Step S304, under the condition that the server is determined to be started, calculating a hash value of the read BMC firmware, and determining a second firmware hash value, wherein the second firmware hash value is a non-encrypted value;
step S306, the trusted signature head and the second firmware hash value are sent to the BIOS, so that the BIOS is instructed to verify the firmware of the BMC by using the first firmware hash value and the second firmware hash value.
And the BIOS acquires the second firmware hash value through the KCS channel.
The execution subject of the above steps may be BMC, but is not limited thereto.
Through the steps, a trusted signature head of the firmware of the BMC is generated, wherein the trusted signature head comprises a first firmware hash value of the firmware of the BMC, and is in an encryption state; under the condition that the server is determined to be started, calculating a hash value of the read firmware of the BMC, and determining a second firmware hash value, wherein the second firmware hash value is an unencrypted value; and sending the trusted signature head and the second firmware hash value to the BIOS to instruct the BIOS to verify the firmware of the BMC by using the first firmware hash value and the second firmware hash value. The purpose of verifying the trusted signature head of the BMC firmware through the BIOS is achieved, and the trusted safety of the BMC firmware is achieved. Therefore, the problem of verifying the firmware in the related art can be solved, and the effect of effectively verifying the firmware is achieved.
In an exemplary embodiment, after generating the trusted signature header of the firmware of the baseboard management controller BMC, the method further comprises one of:
s1, storing the decryption public key of the signable header into the BIOS;
and S2, storing the credible signature head into a read-only storage medium under the condition of firmware upgrading of the BMC or firmware burning of the BMC.
In an exemplary embodiment, after saving the authentic signature header to the read-only storage medium, the method further comprises:
s1, reading the letter sign head from the read-only storage medium under the condition that the server is determined to be started;
and S2, storing the credible signature head into the memory of the BMC.
In an exemplary embodiment, in the case that it is determined that the server is started, the method further includes, after calculating a hash value of the firmware of the read BMC and determining the second firmware hash value:
and S1, storing the second firmware hash value in the memory of the BMC.
The present application is illustrated below with reference to specific examples:
the embodiment provides a scheme for verifying the encrypted trusted signature head of the BMC firmware through the BIOS and solving the security problem that the BMC is maliciously counterfeited and tampered. The embodiment requires that the BMC is started with the BIOS first, before the BIOS does not check the credibility of the BMC firmware, the control management interface of the BMC is disconnected through the CPLD, and the BMC cannot control and manage external equipment, so that a server system cannot be controlled and managed by the BMC, and sensitive information on the server is prevented from being leaked. The method specifically comprises the following steps:
step 1: in this embodiment, the trusted signature header decryption public key is stored in the BIOS SPI FLASH.
Step 2: and the BMC end generates a BMC firmware signable head.
And step 3: when the BMC firmware is upgraded or directly leaves a factory to burn the firmware, the trusted signature head corresponding to the BMC firmware is stored in a read-only storage medium ROM connected with the BMC (the trusted signature head is prevented from being lost or tampered, and the failure of the BMC firmware trusted verification is avoided).
As shown in fig. 4, step 4: the server device is powered on and started, and the CPLD initializes the BMC firmware trusted register bit to be 0x 00.
And 5: when the server equipment is powered on and started, the BMC system reads the firmware content from the SPI FLASH, calculates the unencrypted firmware HASH value and stores the unencrypted firmware HASH value in the BMC memory.
Step 6: and the BMC reads the trusted signature head file written into the BMC read-only storage medium EEPROM in the step 3 and stores the content of the trusted signature head file into the memory of the BMC system.
And 7: and when the BIOS is started, the saved BMC firmware trusted signature decryption public key is obtained from the BIOS SPI FALSH and is saved in a BIOS memory.
And 8: and the BIOS acquires the BMC system firmware HASH value acquired in the step 5 and the trusted signature header content in the step 6 through the KCS channel. If the trusted signature header and the HASH value of the BMC system firmware are not obtained within the timeout period, the BMC firmware is considered to be tampered and untrustworthy, and the step 9 is entered.
And step 9: and the BIOS analyzes the HASH credible signature head content acquired from the BMC by using the BMC firmware credible decryption public key in the step 7.
Step 10: and comparing the decrypted HASH value in the step 9 with the HASH value acquired from the BMC system. If the HASH is consistent, the BMC firmware is considered to be trusted, and the step 11 is entered; if the HASH values are not consistent, the BMC firmware is considered to be tampered with and is not trusted, and the process proceeds to step 12.
Step 11: the BMC firmware is trusted, the BIOS writes the CPLD BMC firmware trusted register to be 0x01, and the CPLD triggers interruption to inform the BMC to continue normal operation.
Step 12: the BMC firmware is tampered, the BIOS writes the CPLD BMC firmware register to be 0x02, and the mark BMC firmware is not trusted. And the CPLD pulls the BMC watdog to continuously restart the BMC system according to the register zone bit, so that the BMC system is not started normally. And the user cannot normally use the BMC, so that the safety of the rectification server system is ensured.
In this embodiment, the physical links of BMC, EEPROM, BIOS and BMC are shown in FIG. 5.
In summary, in this embodiment, the trusted security of the BMC firmware can be realized by verifying the trusted signature header of the BMC firmware through the BIOS; the BMC firmware trusted signature public key is stored in the BIOS SPI FLASH, and the same credibility of the BMC firmware is guaranteed on the premise that the BIOS firmware is trusted; when the BMC firmware is delivered from a factory or upgraded on line, the trusted signature head of the BMC firmware is stored in a power-down non-loss storage medium (the storage medium for storing the firmware itself is not included, such as an SPI FLASH), the storage medium comprises a ROM, an EMMC, a USB device and the like, the storage medium cannot be lost when the power is down, and the BMC cannot pass trusted verification if the storage medium is lost or tampered; after the BIOS verifies the credibility of the BMC system firmware fails, the BMC and the server main CPU (including the BIOS and the service OS) are cut off through the CPLD, so that the main system is prevented from being maliciously attacked by the BMC.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
In this embodiment, a verification apparatus for firmware is further provided, and the verification apparatus is used to implement the foregoing embodiments and preferred embodiments, and the description already made is omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 6 is a block diagram (one) of the structure of a verification apparatus of firmware according to an embodiment of the present invention, as shown in fig. 6, the apparatus includes:
a first obtaining module 62, configured to obtain a decryption public key of an encrypted trusted signature header under a condition that it is determined that a server is started, where the trusted signature header is generated by a baseboard management controller BMC, and the trusted signature header includes a first firmware hash value of a firmware of the BMC;
a second obtaining module 64, configured to decrypt the obtained trusted signature header by using the decryption public key to obtain the first firmware hash value;
a first verification module 66, configured to verify the firmware of the BMC based on a comparison result between the first firmware hash value and a second firmware hash value of the firmware of the BMC, where the second firmware hash value is an unencrypted value.
In an exemplary embodiment, the apparatus further includes: the first determining module is configured to determine that the firmware of the BMC is abnormal when the second firmware hash value and/or the signable header is not acquired within a preset time before the firmware of the BMC is verified based on a comparison result between the first firmware hash value and the second firmware hash value of the firmware of the BMC.
In an exemplary embodiment, the first verification module includes:
a first determining unit, configured to determine that the firmware of the BMC is in a normal state when the first firmware hash value and the second firmware hash value are the same.
In an exemplary embodiment, the apparatus further includes: the first setting module is used for setting a flag bit of a register of the BMC to be a first preset value after the firmware of the BMC is determined to be in a normal state under the condition that the first firmware hash value is identical to the second firmware hash value, so as to indicate that the complex programmable logic device CPLD triggers the firmware of the BMC to normally operate.
In an exemplary embodiment, the first verification module includes:
and the second determining unit is used for determining that the firmware of the BMC is in an abnormal state under the condition that the first firmware hash value is different from the second firmware hash value.
In an exemplary embodiment, the apparatus further includes: the second setting module is used for setting a flag bit of a register of the BMC to a second preset value to mark that the firmware of the BMC is not credible after the firmware of the BMC is determined to be in an abnormal state under the condition that the first firmware hash value and the second firmware hash value are the same;
and the first indicating module is used for indicating the CPLD to continuously restart the firmware of the BMC.
In an exemplary embodiment, the first obtaining module includes: and the first acquisition unit is used for always acquiring the decryption public key from the Basic Input Output System (BIOS) under the condition that the server is determined to be started.
Fig. 7 is a block diagram (ii) of the structure of the verification apparatus of firmware according to the embodiment of the present invention, as shown in fig. 7, including:
a first generating module 72, configured to generate a trusted signature header of firmware of a BMC, where the trusted signature header includes a first firmware hash value of the firmware of the BMC, and the trusted signature header is in an encrypted state;
a first calculating module 74, configured to calculate a hash value of the read firmware of the BMC and determine a second firmware hash value if it is determined that the server is started, where the second firmware hash value is an unencrypted value;
a first sending module 76, configured to send the trusted signature header and the second firmware hash value to a BIOS, so as to instruct the BIOS to verify the firmware of the BMC by using the first firmware hash value and the second firmware hash value.
In an exemplary embodiment, the apparatus further comprises one of:
the first storage module is used for storing a decryption public key of the credible signature head into the BIOS after the credible signature head of the firmware of the baseboard management controller BMC is generated;
and the second storage module is used for storing the credible signature head into a read-only storage medium under the condition that the firmware of the BMC is upgraded or the firmware is burnt by the BMC.
In an exemplary embodiment, the apparatus further includes:
a first reading module, configured to, after storing the trusted signature head in a read-only storage medium, read the trusted signature head from the read-only storage medium if it is determined that the server is started;
and the third storage module is used for storing the credible signature head into the memory of the BMC.
In an exemplary embodiment, the apparatus further includes: and the fourth saving module is used for calculating the read hash value of the firmware of the BMC under the condition that the server is determined to be started, and saving the second firmware hash value into the memory of the BMC after determining the second firmware hash value.
It should be noted that, the above modules may be implemented by software or hardware, and for the latter, the following may be implemented, but not limited to: the modules are all positioned in the same processor; alternatively, the modules are respectively located in different processors in any combination.
Embodiments of the present invention also provide a computer-readable storage medium having a computer program stored thereon, wherein the computer program is arranged to perform the steps of any of the above-mentioned method embodiments when executed.
In the present embodiment, the above-described computer-readable storage medium may be configured to store a computer program for executing the above steps.
In an exemplary embodiment, the computer-readable storage medium may include, but is not limited to: various media capable of storing computer programs, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
In an exemplary embodiment, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
In an exemplary embodiment, the processor may be configured to execute the above steps by a computer program.
For specific examples in this embodiment, reference may be made to the examples described in the above embodiments and exemplary embodiments, and details of this embodiment are not repeated herein.
It will be apparent to those skilled in the art that the various modules or steps of the invention described above may be implemented using a general purpose computing device, they may be centralized on a single computing device or distributed across a network of computing devices, and they may be implemented using program code executable by the computing devices, such that they may be stored in a memory device and executed by the computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into various integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.

Claims (15)

1. A method for verifying firmware, comprising:
under the condition that the server is determined to be started, acquiring a decryption public key of an encrypted trusted signature head, wherein the trusted signature head is generated by a Baseboard Management Controller (BMC), and the trusted signature head comprises a first firmware hash value of firmware of the BMC;
decrypting the acquired credible signing head by using the decryption public key to obtain the first firmware hash value;
verifying the firmware of the BMC based on a comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC, wherein the second firmware hash value is an unencrypted value.
2. The method of claim 1, wherein prior to verifying the firmware of the BMC based on the comparison between the first firmware hash value and the second firmware hash value of the firmware of the BMC, the method further comprises:
and determining that the firmware of the BMC is abnormal under the condition that the second firmware hash value and/or the credible signing head are not acquired within preset time.
3. The method of claim 1, wherein verifying the firmware of the BMC based on the comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC comprises:
and under the condition that the first firmware hash value and the second firmware hash value are the same, determining that the firmware of the BMC is in a normal state.
4. The method of claim 3, wherein after determining that the firmware of the BMC is in a normal state if the first firmware hash value and the second firmware hash value are the same, the method further comprises:
setting a flag bit of a register of the BMC to be a first preset value so as to indicate a Complex Programmable Logic Device (CPLD) to trigger the firmware of the BMC to normally operate.
5. The method of claim 1, wherein verifying the firmware of the BMC based on the comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC comprises:
and under the condition that the first firmware hash value is different from the second firmware hash value, determining that the firmware of the BMC is in an abnormal state.
6. The method of claim 5, wherein after determining that the firmware of the BMC is in an exception state if the first firmware hash value and the second firmware hash value are the same, the method further comprises:
setting a flag bit of a register of the BMC to be a second preset value so as to mark that the firmware of the BMC is not credible;
and indicating the CPLD to continuously restart the firmware of the BMC.
7. The method of claim 1, wherein obtaining the decryption public key of the encrypted trusted signature header upon determining that the server is booted comprises:
and under the condition that the server is determined to be started, always acquiring the decryption public key from the BIOS.
8. A method for verifying firmware, comprising:
generating a trusted signature head of firmware of a Baseboard Management Controller (BMC), wherein the trusted signature head comprises a first firmware hash value of the firmware of the BMC, and the trusted signature head is in an encrypted state;
under the condition that the server is determined to be started, calculating a hash value of the read firmware of the BMC, and determining a second firmware hash value, wherein the second firmware hash value is an unencrypted value;
sending the trusted signature header and the second firmware hash value to a BIOS to instruct the BIOS to verify the firmware of the BMC using the first firmware hash value and the second firmware hash value.
9. The method of claim 8, wherein after generating the trusted signature header of the firmware of the Baseboard Management Controller (BMC), the method further comprises one of:
storing the decryption public key of the signable header into a BIOS;
and under the condition that the firmware of the BMC is upgraded or the BMC burns the firmware, the credible signature head is stored into a read-only storage medium.
10. The method of claim 9, wherein after saving the letterable header to a read-only storage medium, the method further comprises:
reading the letterable header from the read-only storage medium in the case that the server is determined to be started;
and storing the credible signature head into the memory of the BMC.
11. The method of claim 8, wherein upon determining that the server is up, computing a hash of the firmware of the BMC that is read, and after determining a second firmware hash, the method further comprises:
and storing the second firmware hash value into a memory of the BMC.
12. An apparatus for verifying firmware, comprising:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a decryption public key of an encrypted trusted signature head under the condition that the server is determined to be started, the trusted signature head is generated by a Baseboard Management Controller (BMC), and the trusted signature head comprises a first firmware hash value of firmware of the BMC;
the second obtaining module is used for decrypting the obtained credible signing head by using the decryption public key to obtain the first firmware hash value;
a first verification module to verify the firmware of the BMC based on a comparison between the first firmware hash value and a second firmware hash value of the firmware of the BMC, wherein the second firmware hash value is an unencrypted value.
13. An apparatus for verifying firmware, comprising:
the system comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for generating a trusted signature head of firmware of a Baseboard Management Controller (BMC), the trusted signature head comprises a first firmware hash value of the firmware of the BMC, and the trusted signature head is in an encryption state;
the first calculation module is used for calculating a read hash value of the firmware of the BMC under the condition that the server is determined to be started, and determining a second firmware hash value, wherein the second firmware hash value is an unencrypted value;
a first sending module, configured to send the trusted signature header and the second firmware hash value to a BIOS, so as to instruct the BIOS to verify the firmware of the BMC using the first firmware hash value and the second firmware hash value.
14. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 7 or carries out the method of any one of claims 8 to 11.
15. An electronic apparatus comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 7, or to perform the method of any of claims 8 to 11.
CN202111679002.4A 2021-12-31 2021-12-31 Firmware verification method and device, storage medium and electronic device Pending CN114357464A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111679002.4A CN114357464A (en) 2021-12-31 2021-12-31 Firmware verification method and device, storage medium and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111679002.4A CN114357464A (en) 2021-12-31 2021-12-31 Firmware verification method and device, storage medium and electronic device

Publications (1)

Publication Number Publication Date
CN114357464A true CN114357464A (en) 2022-04-15

Family

ID=81105120

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111679002.4A Pending CN114357464A (en) 2021-12-31 2021-12-31 Firmware verification method and device, storage medium and electronic device

Country Status (1)

Country Link
CN (1) CN114357464A (en)

Similar Documents

Publication Publication Date Title
CN101984575B (en) Method and device for protecting mobile terminal software
US7506381B2 (en) Method for securing an electronic device, a security system and an electronic device
US8560820B2 (en) Single security model in booting a computing device
US8239688B2 (en) Securely recovering a computing device
US8230412B2 (en) Compatible trust in a computing device
US9596085B2 (en) Secure battery authentication
CN110737897B (en) Method and system for starting measurement based on trusted card
US8533829B2 (en) Method for monitoring managed device
WO2015184891A1 (en) Security management and control method, apparatus, and system for android system
US20040073806A1 (en) Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem
Pearson et al. On misconception of hardware and cost in IoT security and privacy
CN108347361B (en) Application program testing method and device, computer equipment and storage medium
CN110688660B (en) Method and device for safely starting terminal and storage medium
JP2004280284A (en) Control processor, electronic equipment, and program starting method for electronic equipment, and system module updating method for electronic equipment
CN111666564A (en) Application program safe starting method and device, computer equipment and storage medium
WO2021023173A1 (en) Data processing method, apparatus and system, storage medium, and computer device
CN112181513B (en) Trusted measurement method based on control host system guidance of hardware board card
CN111125707A (en) BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module
US20190356640A1 (en) Method, system, and apparatus for secure wireless connection generation
CN111783120A (en) Data interaction method, computing device, BMC chip and electronic device
CN111400771A (en) Target partition checking method and device, storage medium and computer equipment
CN114357464A (en) Firmware verification method and device, storage medium and electronic device
Su et al. Wisecr: Secure simultaneous code dissemination to many batteryless computational RFID devices
JP7230598B2 (en) Information processing device, decryption method for encrypted data, and electronic device
CN112688942A (en) Electric energy meter firmware program upgrading method, device, medium and equipment based on ESAM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination