CN114510751A - Hardware replacement prevention device and method based on processor security kernel - Google Patents

Hardware replacement prevention device and method based on processor security kernel Download PDF

Info

Publication number
CN114510751A
CN114510751A CN202111681801.5A CN202111681801A CN114510751A CN 114510751 A CN114510751 A CN 114510751A CN 202111681801 A CN202111681801 A CN 202111681801A CN 114510751 A CN114510751 A CN 114510751A
Authority
CN
China
Prior art keywords
module
replacement
external equipment
verification
prevention
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111681801.5A
Other languages
Chinese (zh)
Inventor
陈小春
张超
朱立森
孙亮
邱昌佩
易祝兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Clp Technology Beijing Co ltd
Original Assignee
Clp Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Clp Technology Beijing Co ltd filed Critical Clp Technology Beijing Co ltd
Priority to CN202111681801.5A priority Critical patent/CN114510751A/en
Publication of CN114510751A publication Critical patent/CN114510751A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a hardware replacement prevention device and method based on a processor security kernel. The device comprises a hardware replacement prevention trusted unit arranged in the BIOS; the firmware and SE communication module is in communication interaction with the SE module in the CPU, so that the calling of a hash calculation function in the SE module and the reading and writing of a hash value of a nonvolatile storage area in the SE module are realized; the external equipment replacement prevention module accesses the SE module by utilizing the firmware and the SE communication module to calculate the metric value of the external equipment to be verified when the external equipment needs to be subjected to replacement prevention verification after the BIOS is started, reads a prestored reference value from a nonvolatile storage area in the SE module, and determines that the external equipment is not replaced if the metric value is the same as the reference value; otherwise, the external equipment to be verified is replaced, and the prompt is carried out through the result display and processing module. The invention can enhance the safety and reliability of the whole platform and prevent a destroyer from maliciously replacing hardware equipment.

Description

Hardware replacement prevention device and method based on processor security kernel
Technical Field
The invention belongs to the technical field of computer firmware, and particularly relates to a hardware replacement prevention device and method based on a processor security kernel.
Background
Firmware (Firmware) is a set of programs executed first after a computer is powered on, runs on the bottom layer of the computer, and is usually solidified in a Flash chip, BIOS is the most important Firmware in the computer, and Unified Extensible Firmware Interface (UEFI) is a new standard of BIOS and is widely used in the industry at present.
In recent years, the localization of computers has been rapidly developed. In the current domestic processor platform, most of the trusted schemes are implemented based on secure chips such as tcm (trusted Cryptography module) or dedicated secure cards. The TCM security chip is an important module for implementing a secure and trusted computing function, the TCM has interface requirements during design, for example, some TCMs have many limitations when used between platforms through lpc (low pin count bus) interfaces or PCI interfaces, different devices need to design corresponding software and hardware conversion on their respective devices for a specific protocol when connected to the TCM chip, and the software layer needs to adapt the interfaces used by the TCM to meet the requirements of rich application platforms, so that the user has complex processing both in hardware design and in software layer.
The existing hardware platform has the following problems:
1) at present, in a home-made market, a mainboard manufacturer or a complete machine manufacturer reserves relevant interfaces for a machine, such as a PCIE slot, an SATA port, a USB port and the like, and an operator can replace the external devices at will when using the external devices. However, for some more important devices, such as SATA hard disk, USB optical drive, and RAID card, if they are replaced at will, they will bring safety hazards, but at present, it is impossible to control the user to replace the device maliciously on the hardware level.
2) On a domestic trusted platform, a TCM module is an important module in a security trust chain, and most of the current schemes adopt a TCM chip welded on hardware, the chip needs own firmware inside the chip, and a user needs to write a driver on a BIOS software level to control the whole process, so that the TCM module is relatively complex to use.
Disclosure of Invention
In view of this, the present invention provides a hardware replacement prevention method based on a processor security kernel, which can enhance the security and reliability of the entire platform and prevent a malicious replacement of hardware devices by a destructor.
In order to solve the above-mentioned technical problems, the present invention has been accomplished as described above.
A hardware replacement prevention device based on a processor safety core is used for performing replacement prevention verification on external equipment of a computer; the CPU of the computer is provided with a built-in secure kernel (SE) module; the device comprises a hardware replacement prevention trusted unit arranged in the BIOS; the hardware replacement prevention trusted unit comprises a firmware and SE communication module, an external equipment replacement prevention module and a result display and processing module;
the firmware and SE communication module is used for carrying out communication interaction with the SE module in the CPU to realize the calling of the hash calculation function in the SE module and the reading and writing of the hash value of the nonvolatile storage area in the SE module;
the external equipment replacement preventing module is used for acquiring the characteristic information of the external equipment to be verified when replacement-preventing verification needs to be carried out on certain external equipment after the BIOS is normally started, accessing the SE module by utilizing the firmware and the SE communication module to calculate a hash value of the characteristic information as a measurement value, reading the prestored hash value of the external equipment to be verified from a nonvolatile storage area in the SE module as a reference value, and determining that the external equipment is not replaced if the measurement value is the same as the reference value; otherwise, the external equipment to be verified is replaced, and the result display and processing module is used for prompting.
Preferably, the firmware and SE communication module comprises a hash calculation interface module, a write data module, and a read data module;
the hash calculation interface module is used for calling a hash calculation function interface of the SE module, grouping the characteristic information of the external equipment according to a set communication protocol, sending the characteristic information to the SE module for hash operation, and receiving a hash value returned by the SE module;
the data writing module is used for storing the hash value of the external equipment in a nonvolatile storage area of the SE module;
and the read data module is used for reading the hash value stored before from the nonvolatile storage area of the SE module to be used as a reference value for preventing replacement verification.
Preferably, after the BIOS is normally started, the external device replacement prevention module reads the device list, and performs replacement prevention verification operations on the external devices marked in the device list as external devices that need to be subjected to replacement prevention verification one by one.
Preferably, the external device replacement prevention module further determines whether the replacement prevention verification function is enabled or not after the BIOS is normally started and before the external device is subjected to replacement prevention verification, and if so, performs replacement prevention verification; otherwise, the replacement-proof verification operation does not need to be executed; the judgment of whether the replacement-proof verification function is enabled is realized according to the replacement-proof verification enabling identifier, and the replacement-proof verification enabling identifier can be modified by arranging a replacement-proof verification enabling switch in a secure page of the BIOS starting interface.
Preferably, after the external equipment replacement prevention module judges that the replacement prevention verification function is enabled, the external equipment replacement prevention module further calls the SE module through the firmware and the SE communication module to judge whether the SE module is enabled, and if so, the external equipment replacement prevention module performs replacement prevention verification operation; otherwise, the result display and processing module prompts that the initialization of the SE module fails, and the replacement-proof verification of the external equipment is not carried out.
Preferably, the external device that needs to perform the replacement-proof verification includes a USB optical drive, a RAID card, a SATA hard disk, a network card and/or a graphics card.
Preferably, the characteristic information of the USB optical drive is a serial SN number, the characteristic information of the RAID card is an Option Rom, the characteristic information of the SATA hard disk is an SN number, the characteristic information of the network card is an MAC address, and the characteristic information of the display card is an Option Rom.
Preferably, after the external device replacement prevention module determines that the external device to be verified is replaced, the external device replacement prevention module further prompts that the currently verified external device is replaced on a BIOS interface through the result display and processing module, and waits for replacement authentication of an operator; if the authentication is passed, calling the firmware and the SE communication module to update the hash value of the replaced external equipment in the SE module, and then continuing the verification operation; and if the authentication is not passed, stopping the starting process.
The invention also provides a hardware replacement prevention method based on the processor security kernel, which adopts any one of the devices, and the replacement prevention verification process comprises the following steps:
step 1, the firmware and SE communication module stores a hash value of an external device needing anti-replacement verification in a nonvolatile storage area of the SE module as a reference value by calling the firmware and the SE communication module in advance;
step 2, after the computer is powered on and started up, the BIOS starts to operate to acquire an equipment list of the external equipment;
step 3, after the BIOS is normally started, entering a safety page of a starting interface, judging whether to open anti-replacement verification according to the anti-replacement verification enabling identification by the anti-external equipment replacement module, if so, performing anti-replacement verification, and executing step 4; otherwise, the replacement prevention verification process is finished;
step 4, the external equipment replacement prevention module calls the SE module through the firmware and the SE communication module, judges whether the SE module can be enabled, and prompts the SE module to be failed in initialization through the result display and processing module if the SE module cannot be enabled, stops starting the process and exits the process; if the external equipment is enabled, selecting one unprocessed external equipment from the equipment list determined in the step 2 as the current external equipment, and entering a step 5;
step 5, the external equipment replacement prevention module checks whether the current external equipment needs replacement prevention verification, if so, the current external equipment is determined to be external equipment to be verified, and step 6 is executed; if not, jumping to the step 8;
step 6, the external equipment replacement prevention module acquires the characteristic information of the external equipment to be verified, the hash value calculation function of the SE module is called through the firmware and the SE communication module, and the hash value of the characteristic information is acquired and used as a measurement value; reading a pre-stored reference value of the external equipment to be verified from a nonvolatile storage area of the SE module;
step 7, judging whether the measurement value is the same as the reference value; if so, confirming that the replacement is not performed; executing the step 8; if the external equipment is different from the external equipment, the external equipment is confirmed to be replaced, the current external equipment is prompted to be replaced on a BIOS interface through a result display and processing module, and an operator is waited for replacement authentication; if the authentication is passed, calling the firmware and the SE communication module to update the hash value of the replaced external equipment in the SE module, continuing the verification operation, and executing the step 8; if the authentication is not passed, stopping the starting process, and ending the process;
step 8, checking whether all the external devices in the device list have finished the replacement-proof verification, if so, the external devices to be verified are not replaced, and the process is finished; otherwise, selecting an unprocessed external device from the device list as the current external device, and turning to the step 5 to continue the replacement prevention verification.
Preferably, in step 6, when the pre-stored reference value of the external device to be verified is read from the nonvolatile storage area of the SE module, if the reading of the reference value fails, the start-up process is stopped, and the process is ended.
Has the advantages that:
the invention designs a hardware replacement prevention scheme by setting the verification after the BIOS is started and combining the characteristics of SE working time. After being powered on, a CPU chip with a built-in SE can preferentially verify the integrity of the BIOS; if the BIOS is not tampered, the computer is normally started; if the BIOS is tampered, the CPU chip with the built-in SE can be matched with other peripheral equipment to recover the BIOS before the BIOS is started. Compared with the hardware replacement prevention scheme of the TCM, the method can ensure that the BIOS is not tampered before the BIOS runs, and ensure that the hardware replacement prevention process is executed. The following advantages are included in particular:
(1) safe and reliable: according to the implementation scheme, the SE module is used as a calculation hash and a storage device hash, and the design mode can not be unreliable in replacement prevention caused by artificial tampering of hash data, and is suitable for a platform with a higher security level.
(2) The method has the advantages that no requirement is made on an operating system, the anti-replacement of relevant hardware is completed before the operating system is booted and loaded, if the system can be accessed, the hardware is not maliciously replaced, and therefore the system can be directly booted by a hard disk without any operation;
(3) different mainboards are transplanted simply, as long as the hardware platform supports the SE, and as long as the interfaces of the SE are the same, the hardware replacement preventing module can be directly transplanted to another mainboard, and the workload of transplanting adaptation is effectively reduced.
(4) The invention can realize the function of prompting an operator that the equipment is replaced in real time on the display screen. Namely, if one hardware device is replaced on the hardware platform, the replaced device information can be displayed on the display screen in real time, and a user is reminded more intuitively and clearly.
Drawings
FIG. 1 is a schematic block diagram of a hardware replacement prevention apparatus based on a processor SE according to the present invention;
FIG. 2 is a flowchart of a hardware replacement prevention method based on processor SE according to the present invention;
FIG. 3 is a flow diagram of the function of computing hash feature values;
fig. 4 is a flow chart of trusted verification of a device.
FIG. 5 is a diagram of a packet assembly of hash calculation packets.
Detailed Description
The invention is described in detail below by way of example with reference to the accompanying drawings.
The invention provides a hardware replacement prevention scheme based on a processor Secure kernel, which is characterized in that a trusted module for preventing hardware replacement is designed on the BIOS software level by combining the existing processor with a built-in Secure kernel (SE for short). The verification is arranged after the BIOS is started, and the CPU chip with the built-in SE can preferentially verify the integrity of the BIOS after being electrified; if the BIOS is not tampered, the computer is started normally; if the BIOS is tampered, the CPU chip with the built-in SE can be matched with other peripheral equipment to recover the BIOS before the BIOS is started. Compared with the hardware replacement prevention scheme of the TCM, the method can ensure that the BIOS is not tampered before the BIOS runs, and ensure that the hardware replacement prevention process is executed.
Because UEFI is the mainstream new standard of BIOS at present, UEFI protocol is adopted in the BIOS layer, so the BIOS firmware in the embodiment is realized by UEFI firmware, and a trusted module for preventing hardware replacement is designed in the UEFI software layer, thereby enhancing the safety and reliability of the whole platform and preventing a destroyer from maliciously replacing hardware equipment.
Generally, after a computer is powered on, a BIOS performs related hardware configuration according to a hardware interface of the computer, and finally loads an operating system from a storage medium and completes the start of the operating system. FIG. 1 is a block diagram of a hardware replacement prevention device based on a processor security kernel, which divides an entire computer platform system into three layers, namely computer hardware, BIOS and an operating system.
(1) Computer hardware
The invention has special requirements on a computer hardware platform, a CPU needs to be composed of a general processor and an SE module, and other related peripheral equipment only needs to be composed of general computer hardware.
(2)BIOS
After computer hardware is powered on, the BIOS mainly configures the running state of the CPU, configures the Cache, configures the memory, and configures the interrupt, prepares an environment in which a device driver conforming to, for example, the UEFI specification can run normally, and loads a system from a hard disk or boots and installs an operating system from other media normally. Mainstream UEFI drives include hard disk drives, USB device (USB devices such as keyboard, mouse and optical drive), video card drives, RAID drives and the like.
The invention adds a hardware replacement prevention credible unit in the BIOS, wherein the unit is the core module of the invention, and combines the characteristics of the SE module in the CPU to realize the communication between the firmware and the SE. The hardware replacement prevention trusted unit comprises a firmware and SE communication module, an external equipment replacement prevention module and a result display and processing module. Specifically, the method comprises the following steps:
the SE communication module combines NV (nonvolatile storage) functions of the SE module, and a unique characteristic value calculated by relevant external equipment needs to be stored in the SE module. Therefore, the firmware and the SE communication module need to perform communication interaction with the SE module in the CPU, so as to realize the calling of the hash calculation function in the SE module and the reading and writing of the hash value of the nonvolatile storage area in the SE module.
The firmware and SE communication module mainly realizes the following functional interface modules:
i. hash calculation interface module
The functional interface is mainly used for calculating the hash value function of related equipment, and needs to utilize the hash calculation capacity integrated in the SE chip. Therefore, the hash calculation interface module is used for calling the hash calculation function interface of the SE module, grouping the characteristic information of the external equipment according to a set communication protocol, sending the characteristic information to the SE module for hash operation, and receiving the hash value returned by the SE module. The hash computation interface module implements a HashInterface () interface.
A write data module: writing data to NV of SE module, implementing WriteNV () interface
The functional interface is mainly used for storing the hash value of the external device in an NV (nonvolatile random access) designated area of the SE for later anti-replacement verification.
A read data module: reading data from NV of SE module to realize ReadNV () interface
The functional interface is mainly used for reading a characteristic value stored before from an NV area of the SE module and is used for a reference value for carrying out anti-replacement verification later.
② prevent external equipment replacement module
The external equipment replacement prevention module is used for reading the equipment list after the BIOS is normally started, and performing replacement prevention verification processing on all external equipment needing replacement prevention verification in the equipment list: acquiring the characteristic information of the external equipment to be verified, accessing an SE module by utilizing the firmware and the SE communication module to calculate a hash value of the characteristic information as a measurement value, reading a prestored hash value of the external equipment to be verified from a nonvolatile storage area in the SE module as a reference value, and if the measurement value is the same as the reference value, determining that the external equipment to be verified is not replaced; otherwise, the external device to be verified is replaced. If all the external devices are not replaced, continuing to start the process; and if the external equipment is found to be replaced, stopping starting the process, and prompting through the result display and processing module.
Further, in order to improve the flexibility of the replacement-prevention verification, after the BIOS is normally started, it may be determined whether the replacement-prevention verification function is enabled, and the replacement-prevention verification process is started only under the enabled condition. The judgment of whether the replacement-prevention verification function is enabled is realized according to the replacement-prevention verification enabling identifier, and the replacement-prevention verification enabling identifier can be modified by arranging a replacement-prevention verification enabling switch in a secure page of the BIOS starting interface.
After the replacement-prevention verification process is started, the SE module is called firstly, whether the SE module is enabled or not is judged, if so, replacement-prevention verification operation is carried out, otherwise, the result display and processing module prompts that the initialization of the SE module fails, subsequent verification operation cannot be carried out, and the starting process is stopped.
When the replacement prevention verification is carried out on one external device, if the reference value of the external device is read from the SE module and fails, the starting process is also stopped, and the result display and processing module is used for prompting.
In this embodiment, external devices such as a USB optical drive, a RAID card, a SATA hard disk, a network card, and a graphics card may be controlled to prevent these devices from being replaced. The characteristic information of the USB optical drive is a serial SN number, the characteristic information of the RAID card is an Option Rom, the characteristic information of the SATA hard disk is an SN number, the characteristic information of the network card is an MAC address, and the characteristic information of the display card is an Option Rom.
Result display and processing module
The result display and processing module is used for displaying the result of whether the equipment is replaced on a screen, for example, the result that the SATA hard disk is replaced. When one external device is judged to be replaced, the prompt information is displayed on the screen through the result display and processing module to inform that one device is replaced at present, and an operator can be further prompted to input authentication information to realize replacement authentication. If the replacement of the equipment is approved, the operator is required to perform identity authentication, and after the authentication is passed, the hash value of the replaced equipment in the SE module can be updated, so that the verification of other equipment can be continued; otherwise, the replacement is determined to be illegal, the starting process is stopped, and shutdown operation can be implemented.
(3) And (4) operating the system. The method has no special requirement on an operating system, and only a system capable of conducting booting is needed.
Based on the above device, the present invention provides a hardware replacement prevention method based on a processor security kernel, as shown in fig. 2, including the following steps:
step 1, the firmware and SE communication module stores a hash value of the external equipment needing to be subjected to replacement-proof verification in a nonvolatile storage area of the SE module as a reference value by calling the firmware and SE communication module in advance. This step is not shown in the figure.
And 2, after the computer is powered on and started, the BIOS starts to operate to acquire an equipment list of the external equipment.
In this step, the computer is powered on and started up, and the BIOS starts to run. The BIOS initializes the processor platform hardware, obtains relevant information of platform onboard equipment (mainly comprising onboard network cards, onboard display cards and the like) and external equipment (mainly comprising equipment on the PCIE slot, equipment of a USB external interface and the like), enumerates all the equipment and forms an equipment list.
Step 3, after the BIOS is normally started, entering a safety page of a starting interface, judging whether to open anti-replacement verification according to the anti-replacement verification enabling identification by the anti-external equipment replacement module, if so, performing anti-replacement verification, and executing step 4; otherwise, the replacement prevention verification process is ended, and the starting process can be continued.
Step 4, the external equipment replacement prevention module calls the SE module through the firmware and the SE communication module, whether the SE module can be enabled is judged, if not, the result display and processing module prompts that the initialization of the SE module fails, the subsequent verification cannot be carried out, in order to guarantee the safety, the starting process is stopped at the moment, and the process is ended; if the external equipment is enabled, selecting one unprocessed external equipment from the equipment list determined in the step 2 as the current external equipment, and entering a step 5;
step 5, the external equipment replacement prevention module checks whether the current external equipment needs replacement prevention verification, if so, the current external equipment is determined to be external equipment to be verified, and step 6 is executed; if not, go to step 8.
Step 6, the external equipment replacement prevention module acquires the characteristic information of the external equipment to be verified, the hash value calculation function of the SE module is called through the firmware and the SE communication module, and the hash value of the characteristic information is acquired and used as a measurement value; and reading a pre-stored reference value of the external equipment to be verified from a nonvolatile storage area of the SE module.
In this step, as shown in fig. 3, the external device replacement prevention module obtains the feature information from the external device through the address of the external device to be verified for replacement prevention; then, the acquired feature information is packaged according to the communication protocol shown in fig. 5, and as shown in fig. 5, the communication protocol package includes the length of the feature information and the data of the feature information itself. And sending the group packet to an SE module for hash operation, and receiving a hash value returned by the SE module.
In the step, the prestored hash value of the external equipment to be verified is read from the SE module to serve as a reference value. In a preferred embodiment, step 7 is re-entered if the read is successful; if the reading fails, the verification operation cannot be performed, and at this time, the starting process may be stopped for the purpose of ensuring safety. Fig. 4 shows a flow chart of the authentication against replacement of a certain device in the preferred embodiment.
Step 7, judging whether the measurement value is the same as the reference value; if so, confirming that the replacement is not performed; executing the step 8; if the external equipment is different from the external equipment, the external equipment is confirmed to be replaced, the current external equipment is prompted to be replaced on a BIOS interface through a result display and processing module, and an operator is waited for replacement authentication; if the authentication is passed, calling the firmware and the SE communication module to update the hash value of the replaced external equipment in the SE module, continuing the verification operation, and executing the step 8; if the authentication is not passed, the shutdown is carried out, and the process is ended;
step 8, checking whether all the external devices in the device list have finished the replacement-proof verification, if so, ending the verification process, continuing the computer starting process, and normally starting the computer; otherwise, selecting an unprocessed external device from the device list as the current external device, and turning to the step 5 to continue the replacement prevention verification.
This flow ends by this point.
The above embodiments only describe the design principle of the present invention, and the shapes and names of the components in the description may be different without limitation. Therefore, a person skilled in the art of the present invention can modify or substitute the technical solutions described in the foregoing embodiments; such modifications and substitutions do not depart from the spirit and scope of the present invention.

Claims (10)

1. A hardware replacement prevention device based on a processor safety core is used for performing replacement prevention verification on external equipment of a computer; the CPU of the computer is provided with a built-in secure kernel (SE) module; the device is characterized by comprising a hardware replacement prevention trusted unit arranged in a BIOS; the hardware replacement prevention trusted unit comprises a firmware and SE communication module, an external equipment replacement prevention module and a result display and processing module;
the firmware and SE communication module is used for carrying out communication interaction with the SE module in the CPU to realize the calling of the hash calculation function in the SE module and the reading and writing of the hash value of the nonvolatile storage area in the SE module;
the external equipment replacement preventing module is used for acquiring the characteristic information of the external equipment to be verified when replacement-preventing verification needs to be carried out on certain external equipment after the BIOS is normally started, accessing the SE module by utilizing the firmware and the SE communication module to calculate a hash value of the characteristic information as a measurement value, reading the prestored hash value of the external equipment to be verified from a nonvolatile storage area in the SE module as a reference value, and determining that the external equipment is not replaced if the measurement value is the same as the reference value; otherwise, the external equipment to be verified is replaced, and the result display and processing module is used for prompting.
2. The hardware replacement prevention apparatus of claim 1, wherein the firmware and SE communication module comprises a hash calculation interface module, a write data module, and a read data module;
the hash calculation interface module is used for calling a hash calculation function interface of the SE module, grouping the characteristic information of the external equipment according to a set communication protocol, sending the characteristic information to the SE module for hash operation, and receiving a hash value returned by the SE module;
the data writing module is used for storing the hash value of the external equipment in a nonvolatile storage area of the SE module;
and the read data module is used for reading the hash value stored before from the nonvolatile storage area of the SE module to be used as a reference value for preventing replacement verification.
3. The hardware replacement preventing device of claim 1, wherein the external device replacement preventing module reads the device list after the BIOS is normally started, and performs the replacement prevention verification operation on the external devices marked as external devices requiring the replacement prevention verification one by one in the device list.
4. The hardware replacement preventing apparatus according to claim 1, wherein the external device replacement preventing module further determines whether the replacement preventing verification function is enabled after the BIOS is normally started and before the external device is subjected to the replacement preventing verification, and if so, performs the replacement preventing verification; otherwise, the replacement-proof verification operation does not need to be executed; the judgment of whether the replacement-proof verification function is enabled is realized according to the replacement-proof verification enabling identifier, and the replacement-proof verification enabling identifier can be modified by arranging a replacement-proof verification enabling switch in a secure page of the BIOS starting interface.
5. The hardware replacement preventing device of claim 4, wherein the external device replacement preventing module further calls the SE module through the firmware and the SE communication module after judging that the replacement preventing verification function is enabled, judges whether the SE module is enabled, and performs replacement preventing verification operation if the SE module is enabled; otherwise, the result display and processing module prompts the SE module that the initialization fails, and the replacement-proof verification of the external equipment is not carried out.
6. The hardware replacement preventing device as claimed in claim 1, wherein the external device requiring replacement prevention verification includes a USB optical drive, a RAID card, a SATA hard disk, a network card and/or a video card.
7. The hardware replacement preventing device as claimed in claim 6, wherein the characteristic information of the USB optical drive is serial SN, the characteristic information of the RAID card is Option Rom, the characteristic information of the SATA hard disk is SN, the characteristic information of the network card is MAC address, and the characteristic information of the video card is Option Rom.
8. The hardware replacement preventing device of claim 6, wherein the external device replacement preventing module further prompts the currently verified external device to be replaced on the BIOS interface through the result displaying and processing module after determining that the external device to be verified is replaced, and waits for the replacement authentication of the operator; if the authentication is passed, calling the firmware and the SE communication module to update the hash value of the replaced external equipment in the SE module, and then continuing the verification operation; and if the authentication is not passed, stopping the starting process.
9. A hardware replacement prevention method based on a processor security kernel, which adopts the device of any one of claims 1-8, wherein the replacement prevention verification process comprises the following steps:
step 1, the firmware and SE communication module stores a hash value of an external device needing anti-replacement verification in a nonvolatile storage area of the SE module as a reference value by calling the firmware and the SE communication module in advance;
step 2, after the computer is powered on and started up, the BIOS starts to operate to acquire an equipment list of the external equipment;
step 3, after the BIOS is normally started, entering a safety page of a starting interface, judging whether to open anti-replacement verification according to the anti-replacement verification enabling identification by the anti-external equipment replacement module, if so, performing anti-replacement verification, and executing step 4; otherwise, the replacement prevention verification process is finished;
step 4, the external equipment replacement prevention module calls the SE module through the firmware and the SE communication module, judges whether the SE module can be enabled, and prompts the SE module to be failed in initialization through the result display and processing module if the SE module cannot be enabled, stops starting the process and exits the process; if the external equipment is enabled, selecting one unprocessed external equipment from the equipment list determined in the step 2 as the current external equipment, and entering a step 5;
step 5, the external equipment replacement prevention module checks whether the current external equipment needs replacement prevention verification, if so, the current external equipment is determined to be external equipment to be verified, and step 6 is executed; if not, jumping to the step 8;
step 6, the external equipment replacement prevention module acquires the characteristic information of the external equipment to be verified, the hash value calculation function of the SE module is called through the firmware and the SE communication module, and the hash value of the characteristic information is acquired and used as a measurement value; reading a pre-stored reference value of the external equipment to be verified from a nonvolatile storage area of the SE module;
step 7, judging whether the measurement value is the same as the reference value; if so, confirming that the replacement is not performed; executing the step 8; if the external equipment is different from the external equipment, the external equipment is confirmed to be replaced, the current external equipment is prompted to be replaced on a BIOS interface through a result display and processing module, and an operator is waited for replacement authentication; if the authentication is passed, calling the firmware and the SE communication module to update the hash value of the replaced external equipment in the SE module, continuing the verification operation, and executing the step 8; if the authentication is not passed, stopping the starting process, and ending the process;
step 8, checking whether all the external devices in the device list have finished the replacement-proof verification, if so, the external devices to be verified are not replaced, and the process is finished; otherwise, selecting an unprocessed external device from the device list as the current external device, and turning to step 5 to continue the replacement prevention verification.
10. The hardware replacement preventing method according to claim 9, wherein in step 6, when reading the pre-stored reference value of the external device to be verified from the nonvolatile storage area of the SE module, if the reading of the reference value fails, the start-up process is stopped, and the process is ended.
CN202111681801.5A 2021-12-30 2021-12-30 Hardware replacement prevention device and method based on processor security kernel Pending CN114510751A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111681801.5A CN114510751A (en) 2021-12-30 2021-12-30 Hardware replacement prevention device and method based on processor security kernel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111681801.5A CN114510751A (en) 2021-12-30 2021-12-30 Hardware replacement prevention device and method based on processor security kernel

Publications (1)

Publication Number Publication Date
CN114510751A true CN114510751A (en) 2022-05-17

Family

ID=81547401

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111681801.5A Pending CN114510751A (en) 2021-12-30 2021-12-30 Hardware replacement prevention device and method based on processor security kernel

Country Status (1)

Country Link
CN (1) CN114510751A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115906100A (en) * 2022-11-29 2023-04-04 江苏云涌电子科技股份有限公司 System and method for ensuring credibility of firmware of micro control unit

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115906100A (en) * 2022-11-29 2023-04-04 江苏云涌电子科技股份有限公司 System and method for ensuring credibility of firmware of micro control unit

Similar Documents

Publication Publication Date Title
KR101802800B1 (en) Media protection policy enforcement for multiple-operating-system environments
EP2596423B1 (en) Providing platform independent memory logic
US20170220278A1 (en) Backing up firmware during initialization of device
JP5270377B2 (en) Platform boot with bridge support
TWI465901B (en) Method and system for verification of computerized systems for cloud testing and remote monitoring of integrated circuit devices
US20060136708A1 (en) Information processing system, program product, and information processing method
US20200334045A1 (en) Systems And Methods For Separate Storage And Use Of System BIOS Components
CN102279914A (en) Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same
US8281119B1 (en) Separate normal firmware and developer firmware
CN106909848A (en) A kind of computer security strengthening system and its method based on BIOS extensions
CN101807152B (en) Basic output and input system for self verification of selection read only memory and verification method thereof
CN107567629B (en) Dynamic firmware module loader in trusted execution environment container
US20150363187A1 (en) Systems and methods for installing upgraded software on electronic devices
CN111638936A (en) Virtual machine static measurement method and device based on built-in security architecture
CN105637521A (en) Data processing method and intelligent terminal
WO2022028057A1 (en) Tpm-based apparatus and method for multi-layer protection of server asset information
US20130080751A1 (en) Method and device for updating bios program for computer system
US8176309B2 (en) Boot system has BIOS that reads rescue operating system from memory device via input/output chip based on detecting a temperature of a hard disk
US11900128B2 (en) Modularized basic input output system (BIOS) firmware activation
CN110096882B (en) Safety measurement method in equipment operation process
CN114510751A (en) Hardware replacement prevention device and method based on processor security kernel
CN113849230A (en) Server starting method and device, electronic equipment and readable storage medium
US20240176887A1 (en) Method for Running Startup Program of Electronic Device, and Electronic Device
CN113094107B (en) Data protection method, device, equipment and computer storage medium
CN114329490A (en) Software self-starting method and device in MCU (microprogrammed control Unit) and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing

Applicant after: Kunlun Taike (Beijing) Technology Co.,Ltd.

Address before: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing

Applicant before: CLP Technology (Beijing) Co.,Ltd.