CN114546745B - Method for distinguishing fault program section in trusted starting process - Google Patents
Method for distinguishing fault program section in trusted starting process Download PDFInfo
- Publication number
- CN114546745B CN114546745B CN202210197811.XA CN202210197811A CN114546745B CN 114546745 B CN114546745 B CN 114546745B CN 202210197811 A CN202210197811 A CN 202210197811A CN 114546745 B CN114546745 B CN 114546745B
- Authority
- CN
- China
- Prior art keywords
- bios
- bios program
- program segment
- segment
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000005259 measurement Methods 0.000 claims abstract description 31
- 238000004364 calculation method Methods 0.000 claims abstract description 8
- 230000011218 segmentation Effects 0.000 claims abstract description 8
- 238000013507 mapping Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 claims description 2
- 238000012795 verification Methods 0.000 claims 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2284—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing by power-on test, e.g. power-on self test [POST]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
A method for distinguishing fault program segments in the process of trusted starting belongs to the field of starting fault identification and is characterized in that the trusted BIOS program is integrally segmented according to a segment identifier of a sentence in the starting process. Taking the code length of each program segment of the trusted BIOS as a variable; obtaining a standard reference value corresponding to the initial code length of each program segment by a trusted computing method; taking a standard reference value of the code length corresponding to each segment of the BIOS program as a sample value; the system actually measures the code length actually measured value of each BIOS segmentation program to be verified, and then calculates the measurement value; the system compares each sample value and the metric value corresponding to each trusted BIOS segment program and the BIOS segment program to be tested. The sample values are compared with the metric values in turn in the segmentation order of the BIOS segmentation procedure. And if the BIOS segmentation programs to be detected are equal, the BIOS segmentation programs to be detected are trusted, otherwise, the BIOS segmentation programs to be detected are not trusted. The invention realizes the discovery of the specific fault section of the BIOS program in the trusted starting process.
Description
Technical Field
The invention belongs to the technical field of trusted start and start fault program segment identification intersection.
Background
A baseboard management controller (Baseboard Management Controller, BMC, hereinafter referred to as BMC) is a small dedicated embedded system isolated from a host system with an independent power supply system, and a control unit with an independent power supply and independent I/O interface disposed on a server motherboard, which does not depend on a processor, a basic input/output system (Basic Input Output System, BIOS, hereinafter referred to as BIOS), or an operating system of a server to operate, and is a single agent-free management subsystem running in the server.
Disclosure of Invention
The invention aims to provide a method for detecting a BIOS program segment to be detected with potential faults while reliably starting, so that the probability of fault identification is improved, and the starting time is shortened.
The system is characterized by being a system for performing fault detection and identification on a BIOS program segment to be tested when a production line is started, and is realized in the following manner:
step (1): a system configuration, the system comprising: CPU of system master controller S The system comprises an access module, a BMC master controller, a trusted measurement module and an access control module, wherein:
CPU of system master controller S Also called production line system master CPU S Setting in the processing section of the production line, the BIOS program is wholly segmented according to the segmentation identifier of the sentence, and the BIOS program is respectively used (BIOS program segment 1) Code length (BIOS program section 2) Code length Until (BIOS program segment N) Code length Where N represents a finite positive integer, the BIOS program segments can be divided into N program segments in total according to the segment identifier,
the access module is used for accessing the standard reference value of each BIOS program segment, wherein the standard reference value refers to the credibility metric value of the code length initial value when the system is first accessed, and L is used for respectively H (BIOS program segment 1), L H (BIOS program segments 2) to L H (BIOS program segment N) is presented,
BMC master, CPU M Indicating that during the system start-up process, the CPU is pressed by the system master controller S Is instructed to do the BMC master CPU M Starting up and measuring the code length of each BIOS program segment: l (L) Real world (BIOS program segment 1), L Real world (BIOS program segments 2) to L Real world (BIOS program segment N), these values will be sent to the trusted metrics module,
the trusted measurement module is used for solving the measurement value of each corresponding BIOS program segment by using the trusted calculation method which is the same as that used for calculating the standard reference value: l (L) Real world (BIOS program segment 1) Measurement value 、L Real world (BIOS program segment 2) Measurement value To L Real world (BIOS program segment N) Measurement value ,
An access control module having an access control CPU C The access control module is used for acquiring the standard reference value of each BIOS program segment including the starting program in the access module in sequenceN contrast sub-modules are arranged in the interior and are respectively of contrast L H (BIOS program segment 1) and L Real world (BIOS program segment 1) Measurement value Program segment comparison module of (1), comparison L H (BIOS program segment 2) and L Real world (BIOS program segment 2) Measurement value Is up to L H (BIOS program segment N) and L Real world (BIOS program segment N) Measurement value The system comprises a comparison sub-module, a program segment comparison sub-module and a program segment comparison sub-module, wherein the input of each sub-module is a measurement value of the actual code length of the program segment and a code length standard reference value of the program segment, and whether the specific program segment fails or not is judged according to a comparison result;
step (2), the system master controller CPU S The determination of the failed BIOS program segment is realized by the following steps:
step (2.1), storing the mapping table of the reliability value of the code length initial value of the BIOS program section and the corresponding program section into an access module,
step (2.2), CPU in BMC M The code length of each BIOS program segment is measured,
step (2.3), the trusted measurement module uses trusted calculation to obtain the measurement value of the actual code length of each BIOS program segment, and transmits the measurement value to the CPU of the access control template C ,
Step (2.4), the access control module calls the comparison sub-module corresponding to each BIOS program segment in turn, compares the actual code length value obtained by calculation in step (2.3) with the initial code length value stored in the access module in step (2.1),
and (2.5) if all the code segments are identical, the trusted starting is performed, if one code segment is different, the trusted starting platform is indicated to have a fault, and the fault occurs in the code segment of which the standard reference value and the actual measurement value are not equal.
The invention has the advantages that the faults of the BIOS program to be tested are identified in the starting process, and meanwhile, the starting efficiency and the program fault removal efficiency are improved.
Drawings
Fig. 1: and a system main program flow block diagram.
Fig. 2: the system is overall schematic.
Detailed Description
The invention provides that: under the control of the BMC master, the BMC master can segment the BIOS program as a whole according to the segment identifier. The final BIOS program will be represented by dividing into BIOS program segment 1, BIOS program segment 2 through BIOS program segment N. When the system is started, the fault program segment can be accurately positioned by verifying the program segment to be tested.
The invention also proposes:
the faulty program segment may be normalized to the code length of the faulty program, as the code length change of the faulty program is the most obvious result of the program fault. The code length of the failed BIOS program segment is thus available to represent the failed BIOS program segment.
The invention also provides that:
the code length of the fault program is set at the starting point of the timing of the trusted starting program. So as to detect the actual measurement code length of the trusted starting program to be detected and the initial code length of the known trusted program acquired during the previous initial trusted starting by adopting a sample comparison method. Meanwhile, in order to realize the secrecy of the code length information of the program segments, the measured code length of the to-be-measured starting program and the initial code length of the sample starting program are both represented as the measurement value of the to-be-measured starting program by the same trusted computing method and are compared with the standard reference value of the trusted starting program as a sample, if all the program segments of the BIOS are the same, the to-be-measured BIOS starting program is trusted, otherwise, the to-be-measured BIOS starting program is not trusted. And the code segment with specific error is a BIOS code segment with sample value different from measured value.
Claims (1)
1. A method for distinguishing faulty program segments during a trusted start-up, characterized in that a system for fault verification and identification of specific program segments in a program, hereinafter referred to as system, is implemented in the following manner when a production line is started up:
step (1): a system configuration, the system comprising: CPU of system master controller S The system comprises an access module, a BMC master controller, a trusted measurement module and an access control module, wherein:
CPU of system master controller S Also called production line system master CPU S Setting in the processing section of the production line, the BIOS program is wholly segmented according to the segmentation identifier of the sentence, and the BIOS program is respectively used (BIOS program segment 1) Code length (BIOS program section 2) Code length Until (BIOS program segment N) Code length Where N represents a finite positive integer, the BIOS program segments can be divided into N program segments in total according to the segment identifier,
the access module is used for accessing the standard reference value of each BIOS program segment, wherein the standard reference value refers to the credibility metric value of the code length initial value when the system is first accessed, and L is used for respectively H (BIOS program segment 1), L H (BIOS program segments 2) to L H (BIOS program segment N) is presented,
BMC master, CPU M Indicating that during the system start-up process, the CPU is pressed by the system master controller S Is instructed to do the BMC master CPU M Starting up and measuring the code length of each BIOS program segment: l (L) Real world (BIOS program segment 1), L Real world (BIOS program segments 2) to L Real world (BIOS program segment N), these values will be sent to the trusted metrics module,
the trusted measurement module is used for solving the measurement value of each corresponding BIOS program segment by using the trusted calculation method which is the same as that used for calculating the standard reference value: l (L) Real world (BIOS program segment 1) Measurement value 、L Real world (BIOS program segment 2) Measurement value To L Real world (BIOS program segment N) Measurement value ,
An access control module having an access control CPU C The cache module sequentially acquires standard reference values of all BIOS program segments including a starting program in the access module, and N comparison sub-modules are respectively compared with L in the access control module H (BIOS program segment 1) and L Real world (BIOS program segment 1) Measurement value Program segment comparison module of (1), comparison L H (BIOS program segment 2) and L Real world (BIOS program segment 2) Measurement value Is up to L H (BIOS program segment N) and L Real world (BIOS program segment N) Measurement value Comparing sub-modules, system executionSequentially calling program segment comparison sub-modules when the program segment comparison sub-modules are executed, wherein the input of each sub-module is a measurement value of the actual code length of the program segment and a code length standard reference value of the program segment, and judging whether the specific program segment fails according to a comparison result;
step (2), the system master controller CPU S The determination of the failed BIOS program segment is realized by the following steps:
step (2.1), storing the mapping table of the reliability value of the code length initial value of the BIOS program section and the corresponding program section into an access module,
step (2.2), CPU in BMC M The code length of each BIOS program segment is measured,
step (2.3), the trusted measurement module uses trusted calculation to obtain the measurement value of the actual code length of each BIOS program segment, and transmits the measurement value to the CPU of the access control template C ,
Step (2.4), the access control module calls the comparison sub-module corresponding to each BIOS program segment in turn, compares the actual code length value obtained by calculation in step (2.3) with the initial code length value stored in the access module in step (2.1),
and (2.5) if all the code segments are identical, the trusted starting is performed, if one code segment is different, the trusted starting platform is indicated to have a fault, and the fault occurs in the code segment of which the standard reference value and the actual measurement value are not equal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210197811.XA CN114546745B (en) | 2022-03-02 | 2022-03-02 | Method for distinguishing fault program section in trusted starting process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210197811.XA CN114546745B (en) | 2022-03-02 | 2022-03-02 | Method for distinguishing fault program section in trusted starting process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114546745A CN114546745A (en) | 2022-05-27 |
| CN114546745B true CN114546745B (en) | 2024-03-22 |
Family
ID=81661136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210197811.XA Active CN114546745B (en) | 2022-03-02 | 2022-03-02 | Method for distinguishing fault program section in trusted starting process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114546745B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6988250B1 (en) * | 1999-02-15 | 2006-01-17 | Hewlett-Packard Development Company, L.P. | Trusted computing platform using a trusted device assembly |
| CN109743319A (en) * | 2019-01-03 | 2019-05-10 | 北京工业大学 | A kind of credible starting of network type private server and method for safe operation |
| CN109784061A (en) * | 2018-12-17 | 2019-05-21 | 北京华胜天成信息技术发展有限公司 | The method and device for starting that control server is credible |
| CN112651030A (en) * | 2021-01-14 | 2021-04-13 | 北京工业大学 | Trusted starting method for BMC firmware system security |
-
2022
- 2022-03-02 CN CN202210197811.XA patent/CN114546745B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6988250B1 (en) * | 1999-02-15 | 2006-01-17 | Hewlett-Packard Development Company, L.P. | Trusted computing platform using a trusted device assembly |
| CN109784061A (en) * | 2018-12-17 | 2019-05-21 | 北京华胜天成信息技术发展有限公司 | The method and device for starting that control server is credible |
| CN109743319A (en) * | 2019-01-03 | 2019-05-10 | 北京工业大学 | A kind of credible starting of network type private server and method for safe operation |
| CN112651030A (en) * | 2021-01-14 | 2021-04-13 | 北京工业大学 | Trusted starting method for BMC firmware system security |
Non-Patent Citations (2)
| Title |
|---|
| 基于国产BMC的服务器安全启动技术研究与实现;苏振宇;;信息安全研究;20170905(第09期);全文 * |
| 太行安全BIOS可信体系结构与实现研究;周振柳;李铭;许榕生;宋东生;;计算机工程与应用;20080621(第18期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114546745A (en) | 2022-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109558282B (en) | PCIE link detection method, system, electronic equipment and storage medium | |
| CN108388489B (en) | Server fault diagnosis method, system, equipment and storage medium | |
| WO2021244535A1 (en) | Vehicle software fault detection method, apparatus and device, and storage medium | |
| CN110750396B (en) | Server operating system compatibility testing method and device and storage medium | |
| CN107223257B (en) | Test method, test server and test system | |
| CN104850792A (en) | Establishment method and apparatus of trust chain of server | |
| CN113504932B (en) | Firmware data updating method and device | |
| CN108572895B (en) | Stability test method for automatically checking software and hardware configuration under Linux | |
| CN105743707A (en) | Method for testing BMC log analyzing function based on Redhat system | |
| CN107908490B (en) | Method and system for verifying reliability of GPU (graphics processing Unit) register in server DC (direct Current) test | |
| CN114546745B (en) | Method for distinguishing fault program section in trusted starting process | |
| CN107562593A (en) | A kind of automated testing method and system for verifying internal memory ECC functions | |
| CN113973068B (en) | Chaos testing method and device, chaos testing platform and storage medium | |
| US20220188221A1 (en) | Regression testing method and regression testing apparatus | |
| CN115757099A (en) | Automatic test method and device for platform firmware protection recovery function | |
| CN111309584A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN114253610A (en) | Improved method and device for preventing system from being started normally due to device aging | |
| WO2019056545A1 (en) | Test machine automation management method and apparatus, device, and storage medium | |
| CN110096888B (en) | Method and system for accelerating verification and analyzing SMM potential safety hazard | |
| JP6217086B2 (en) | Information processing apparatus, error detection function diagnosis method, and computer program | |
| CN111552960B (en) | Dynamic measurement method and device for program integrity | |
| CN112069749B (en) | Power supply connection verification method and device, electronic equipment and storage medium | |
| CN110851344A (en) | Big data testing method and device based on computational formula complexity and electronic equipment | |
| CN111310172B (en) | Method and control unit for verifying processor execution traces by disassembling | |
| JP7207519B2 (en) | Information processing device, information processing method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |