CN114546745A - Method for distinguishing fault program section in trusted starting process - Google Patents

Method for distinguishing fault program section in trusted starting process Download PDF

Info

Publication number
CN114546745A
CN114546745A CN202210197811.XA CN202210197811A CN114546745A CN 114546745 A CN114546745 A CN 114546745A CN 202210197811 A CN202210197811 A CN 202210197811A CN 114546745 A CN114546745 A CN 114546745A
Authority
CN
China
Prior art keywords
program segment
bios
bios program
code length
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210197811.XA
Other languages
Chinese (zh)
Other versions
CN114546745B (en
Inventor
张建标
张恒
韩现群
刘燕辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN202210197811.XA priority Critical patent/CN114546745B/en
Publication of CN114546745A publication Critical patent/CN114546745A/en
Application granted granted Critical
Publication of CN114546745B publication Critical patent/CN114546745B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/22Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
    • G06F11/2284Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing by power-on test, e.g. power-on self test [POST]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

A method for distinguishing fault program segment in trusted starting process belongs to the field of starting fault identification and is characterized in that in the starting process, the trusted BIOS program is segmented integrally according to the segmented identifier of a statement. Taking the code length of each section of program of the trusted BIOS as a variable; obtaining a standard reference value corresponding to the initial code length of each program segment by using a trusted computing method; taking a standard reference value of a code length corresponding to each section of the BIOS program as a sample value; the system actually measures the code length actual measurement value of each BIOS subsection program to be verified, and then calculates the measurement value; the system compares each sample value and metric value corresponding to each trusted BIOS fragment program and the BIOS fragment program to be tested. The sample values and the metric values are sequentially compared according to the segmentation order of the BIOS segmentation program. And if the BIOS sectional programs are equal, the BIOS sectional program to be tested is credible, otherwise, the BIOS sectional program is not credible. The invention realizes the discovery of the specific fault section of the BIOS program in the trusted starting process.

Description

Method for distinguishing fault program section in trusted starting process
Technical Field
The invention belongs to the technical field of cross identification of credible starting and starting fault program segments.
Background
The System comprises a substrate Management Controller (BMC, hereinafter referred to as BMC), a small dedicated embedded System isolated from a host System and having an independent power supply System, and a control unit disposed on a server motherboard and having an independent power supply and independent I/O interface, which does not depend on a processor, a Basic Input Output System (BIOS, hereinafter referred to as BIOS) or an operating System of the server, and is a proxy-free Management subsystem operating in the server alone.
Disclosure of Invention
The invention aims to provide a method for detecting a BIOS program segment to be detected with a potential fault while credibly starting, so that the probability of fault identification is improved, and the starting time is shortened.
The system is characterized in that when a production line is started, the system for carrying out fault detection and identification on the BIOS program segment to be detected is called the system for short, and is realized according to the following mode:
step (1): a system configuration, the system comprising: system master controller CPUSAccess module, BMC master controller, credibility measurement module, access control module, wherein:
system master controller CPUSAlso called production line system master controller CPUSIn the production line processing section, the BIOS program is segmented into sections according to the section identifiers of the statements, and the sections are used respectively (BIOS program section 1)Code length, (BIOS program segment 2)Code lengthTo (BIOS program segment N)Code lengthIndicating, where N represents a finite positive integer, the BIOS program segment being divisible into a total of N program segments according to the segment identifier,
the access module is the access module of the standard reference value of each BIOS program segment, the standard reference value is the credible measurement value of the initial value of the code length when entering the system for the first time, and L is used respectivelyH(BIOS program segment 1), LH(BIOS program segment 2) to LH(BIOS program segment N) to represent,
BMC master controller using CPUMIndicating that during the system starting process, the CPU is pressed according to the system master controllerSIs instructed to carry out the CPU of the BMC master controllerMStarting up and measuring each BIOS programCode length of sequence: l isFruit of Chinese wolfberry(BIOS program segment 1), LFruit of Chinese wolfberry(BIOS program segment 2) to LFruit of Chinese wolfberry(BIOS program segment N), these values are passed to the confidence measure module,
the credibility measurement module is used for solving the measurement value of each corresponding BIOS program segment by a credibility calculation method which is the same as the calculation of the standard reference value: l isFruit of Chinese wolfberry(BIOS program segment 1)Metric value、LFruit of Chinese wolfberry(BIOS program segment 2)Metric valueTo LFruit of Chinese wolfberry(BIOS program segment N)Metric value
An access control module having an access control CPUCAnd a cache module for sequentially acquiring the standard reference values of each BIOS program segment including the start program in the access module, wherein the access control module has N comparison sub-modules, namely comparison LH(BIOS program segment 1) and LFruit of Chinese wolfberry(BIOS program segment 1)Metric valueProgram segment-comparison module of, compare LH(BIOS program segment 2) and LFruit of Chinese wolfberry(BIOS program segment 2)Metric valueProgram segment two compares the submodules until LH(BIOS program segments N) and LFruit of Chinese wolfberry(BIOS program segment N)Metric valueThe comparison sub-modules are sequentially called when the system is executed, the input of each sub-module is the measurement value of the actual code length of the program segment and the standard reference value of the code length of the program segment, and whether the specific program segment has a fault or not is judged according to the comparison result;
step (2), system master controller CPUSThe determination of the failed BIOS program segment is realized by the following steps:
step (2.1), the mapping table of the credibility values of the code length initial values of the BIOS program segment and the corresponding program segment is stored in the access module,
step (2.2), CPU in BMCMThe code length of each BIOS program segment is measured,
and (2.3) the credible measuring module obtains the measuring value of the actual code length of each BIOS program segment by using credible calculation and transmits the measuring value to the CPU of the access control templateC
Step (2.4), the access control module calls the comparison sub-modules corresponding to each BIOS program segment in turn to compare the actual code length metric value obtained by calculation in step (2.3) with the initial code length metric value stored in the access module in step (2.1),
and (2.5) if all the code sections are the same, trusted boot is carried out, and if one of the code sections is different, the trusted boot platform is indicated to have a fault, and the fault occurs in the code section of which the standard reference value and the actual measurement value are not equal.
The method has the advantages that the fault of the BIOS program to be tested is identified in the starting process, and meanwhile, the starting efficiency and the program fault elimination efficiency are improved.
Drawings
FIG. 1: and (4) a flow block diagram of a main program of the system.
FIG. 2: the overall system is a schematic diagram.
Detailed Description
The invention proposes: under the control of the BMC master, the BIOS program is segmented integrally according to the segmentation identifier. Finally, the BIOS program will be represented in the form of BIOS program segment 1, BIOS program segment 2 through BIOS program segment N. When the system is started, the program section to be tested is verified, and the fault program section can be accurately positioned.
The invention also proposes:
the failed program segment can be classified as the code length of the failed program, because the code length change of the failed program is the most obvious result caused by the program failure. The code length of the failed BIOS program segment may thus be used to represent the failed BIOS program segment.
The invention further provides:
the code length of the fault program is calculated by the starting point of the trusted boot program. Therefore, the sample comparison method is adopted to detect the actually measured code length of the trusted boot program to be detected and the initial code length of the known trusted program obtained in the previous initial trusted boot. And simultaneously, in order to realize the secrecy of the code length information of the program segments, the measured code length of the starting program to be tested and the initial code length of the sample starting program are expressed by using the same credible calculation method, the measured value of the starting program to be tested is compared with the standard reference value of the credible starting program serving as the sample, if all the program segments of the BIOS are the same, the starting program of the BIOS to be tested is credible, otherwise, the starting program of the BIOS to be tested is not credible. And the specific error code segment is a BIOS code segment with a sample value different from an actual measurement value.

Claims (1)

1. A method for distinguishing fault program segment in credible starting process is characterized in that when a production line is started, a system for checking and identifying faults of specific program segment in the program is realized according to the following modes:
step (1): a system configuration, the system comprising: system master controller CPUSAccess module, BMC master controller, credibility measurement module, access control module, wherein:
system master controller CPUSAlso called production line system master controller CPUSIn the production line processing section, the BIOS program is segmented into sections according to the section identifiers of the statements, and the sections are used respectively (BIOS program section 1)Code length, (BIOS program segment 2)Code lengthTo (BIOS program segment N)Code lengthIndicating that, where N represents a finite positive integer, the BIOS program segment can be divided into a total of N program segments according to the segment identifier,
the access module is the access module of the standard reference value of each BIOS program segment, the standard reference value is the credible measurement value of the initial value of the code length when entering the system for the first time, and L is used respectivelyH(BIOS program segment 1), LH(BIOS program segment 2) to LH(BIOS program segment N) to represent,
BMC master controller using CPUMIndicating that during the system starting process, the CPU is pressed according to the system master controllerSIs instructed to carry out the CPU of the BMC master controllerMStarting up, and measuring the code length of each BIOS program segment: l isFruit of Chinese wolfberry(BIOS program segment 1), LFruit of Chinese wolfberry(BIOS program segment 2) to LFruit of Chinese wolfberry(BIOS program segment N), these values are passed to the confidence measure module,
the credibility measurement module is used for solving the measurement value of each corresponding BIOS program segment by a credibility calculation method which is the same as the calculation of the standard reference value: l isFruit of Chinese wolfberry(BIOS program segment 1)Metric value、LFruit of Chinese wolfberry(BIOSProgram segment 2)Metric valueTo LFruit of Chinese wolfberry(BIOS program segment N)Metric value
An access control module having an access control CPUCAnd a cache module for sequentially acquiring the standard reference values of each BIOS program segment including the start program in the access module, wherein the access control module has N comparison sub-modules, namely comparison LH(BIOS program segment 1) and LFruit of Chinese wolfberry(BIOS program segment 1)Metric valueProgram segment-comparison module of, compare LH(BIOS program segment 2) and LFruit of Chinese wolfberry(BIOS program segment 2)Metric valueProgram segment two compares the submodules until LH(BIOS program segments N) and LFruit of Chinese wolfberry(BIOS program segment N)Metric valueThe comparison sub-modules are sequentially called when the system is executed, the input of each sub-module is the measurement value of the actual code length of the program segment and the standard reference value of the code length of the program segment, and whether the specific program segment has a fault or not is judged according to the comparison result;
step (2), system master controller CPUSThe determination of the faulty BIOS program segment is realized by the following steps:
step (2.1), the mapping table of the credibility values of the code length initial values of the BIOS program segment and the corresponding program segment is stored in the access module,
step (2.2), CPU in BMCMThe code length of each BIOS program segment is measured,
and (2.3) the credible measuring module obtains the measuring value of the actual code length of each BIOS program segment by using credible calculation and transmits the measuring value to the CPU of the access control templateC
Step (2.4), the access control module calls the comparison sub-modules corresponding to each BIOS program segment in turn to compare the actual code length metric value obtained by calculation in step (2.3) with the initial code length metric value stored in the access module in step (2.1),
and (2.5) if all the code sections are the same, trusted boot is carried out, and if one of the code sections is different, the trusted boot platform is indicated to have a fault, and the fault occurs in the code section of which the standard reference value and the actual measurement value are not equal.
CN202210197811.XA 2022-03-02 2022-03-02 Method for distinguishing fault program section in trusted starting process Active CN114546745B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210197811.XA CN114546745B (en) 2022-03-02 2022-03-02 Method for distinguishing fault program section in trusted starting process

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210197811.XA CN114546745B (en) 2022-03-02 2022-03-02 Method for distinguishing fault program section in trusted starting process

Publications (2)

Publication Number Publication Date
CN114546745A true CN114546745A (en) 2022-05-27
CN114546745B CN114546745B (en) 2024-03-22

Family

ID=81661136

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210197811.XA Active CN114546745B (en) 2022-03-02 2022-03-02 Method for distinguishing fault program section in trusted starting process

Country Status (1)

Country Link
CN (1) CN114546745B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6988250B1 (en) * 1999-02-15 2006-01-17 Hewlett-Packard Development Company, L.P. Trusted computing platform using a trusted device assembly
CN109743319A (en) * 2019-01-03 2019-05-10 北京工业大学 A kind of credible starting of network type private server and method for safe operation
CN109784061A (en) * 2018-12-17 2019-05-21 北京华胜天成信息技术发展有限公司 The method and device for starting that control server is credible
CN112651030A (en) * 2021-01-14 2021-04-13 北京工业大学 Trusted starting method for BMC firmware system security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6988250B1 (en) * 1999-02-15 2006-01-17 Hewlett-Packard Development Company, L.P. Trusted computing platform using a trusted device assembly
CN109784061A (en) * 2018-12-17 2019-05-21 北京华胜天成信息技术发展有限公司 The method and device for starting that control server is credible
CN109743319A (en) * 2019-01-03 2019-05-10 北京工业大学 A kind of credible starting of network type private server and method for safe operation
CN112651030A (en) * 2021-01-14 2021-04-13 北京工业大学 Trusted starting method for BMC firmware system security

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
周振柳;李铭;许榕生;宋东生;: "太行安全BIOS可信体系结构与实现研究", 计算机工程与应用, no. 18, 21 June 2008 (2008-06-21) *
苏振宇;: "基于国产BMC的服务器安全启动技术研究与实现", 信息安全研究, no. 09, 5 September 2017 (2017-09-05) *

Also Published As

Publication number Publication date
CN114546745B (en) 2024-03-22

Similar Documents

Publication Publication Date Title
US9720758B2 (en) Diagnostic analysis tool for disk storage engineering and technical support
WO2021244535A1 (en) Vehicle software fault detection method, apparatus and device, and storage medium
CN102214125B (en) Method for testing error checking and correcting (ECC) function of memory
WO2019041870A1 (en) Method, device, and storage medium for locating failure cause
CN108763005B (en) Memory ECC fault error reporting method and system
CN114546745A (en) Method for distinguishing fault program section in trusted starting process
CN106776219A (en) A kind of detection method of the whole machine burning machine of server
US7610173B2 (en) Technique for resolving “no-trouble-found” (NTF) events in electronic systems
CN110765005B (en) Software reliability evaluation method and device
CN112905370A (en) Topological graph generation method, anomaly detection method, device, equipment and storage medium
US20220188221A1 (en) Regression testing method and regression testing apparatus
CN114253610A (en) Improved method and device for preventing system from being started normally due to device aging
US20210010950A1 (en) Inspection device, inspection method, and computer readable medium
CN110059013B (en) Method and device for determining normal operation after software upgrading
CN111552960B (en) Dynamic measurement method and device for program integrity
Amiar et al. Fault localization in embedded software based on a single cyclic trace
CN114595097A (en) Method for identifying fault starting program in trusted starting process
CN111290920B (en) System, method and storage medium for testing CPU temperature based on PECI bus
CN117472629B (en) Multi-fault diagnosis method and system for electronic information system
CN111310172B (en) Method and control unit for verifying processor execution traces by disassembling
CN109687929B (en) Method for realizing HOST-BOX multi-stage cascade server time synchronization
CN112069749B (en) Power supply connection verification method and device, electronic equipment and storage medium
CN117556331B (en) AI-enhancement-based air compressor maintenance decision method and system
KR102307088B1 (en) Interconnect fault diagnosis device using reference Through Silicon Via and the method thereof
JP2018185711A (en) Evaluation method, evaluation device, and evaluation program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant