CN114567550A - Firmware upgrading method and device for FPGA in intelligent network card - Google Patents

Firmware upgrading method and device for FPGA in intelligent network card Download PDF

Info

Publication number
CN114567550A
CN114567550A CN202210096510.8A CN202210096510A CN114567550A CN 114567550 A CN114567550 A CN 114567550A CN 202210096510 A CN202210096510 A CN 202210096510A CN 114567550 A CN114567550 A CN 114567550A
Authority
CN
China
Prior art keywords
fpga
firmware
remote management
management terminal
network card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210096510.8A
Other languages
Chinese (zh)
Inventor
陈贝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Original Assignee
Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd filed Critical Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority to CN202210096510.8A priority Critical patent/CN114567550A/en
Publication of CN114567550A publication Critical patent/CN114567550A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to a firmware upgrading method and device for an FPGA (field programmable gate array) in an intelligent network card. The method comprises the following steps: in response to the detection that the FPGA is electrified, sequentially loading and operating basic firmware and initial service firmware from the FLASH mounted by the FPGA, wherein the basic firmware is used for enabling the FPGA to be respectively communicated with a remote management end and a host end; in response to the FPGA receiving a firmware upgrading request sent by a remote management terminal, verifying the safety of a communication link between the FPGA and the remote management terminal; and in response to the confirmation of the safety of the communication link between the FPGA and the remote management terminal, reading the target service firmware from the remote management terminal, and writing the target service firmware into the FLASH mounted by the FPGA. The scheme of the invention realizes that the FPGA business firmware of the intelligent network card is safely acquired from the remote management end for upgrading without the participation of an external CPU or SoC chip, is easy to deploy and realize, and simultaneously ensures the safety.

Description

Firmware upgrading method and device for FPGA in intelligent network card
Technical Field
The invention relates to the field of firmware upgrading, in particular to a firmware upgrading method and device for an FPGA (field programmable gate array) in an intelligent network card.
Background
With the development of cloud computing technology, the scale of a cloud computing center is larger and larger, a network topology architecture is more and more complex, and the management of network ports and the forwarding pressure of network data occupy more and more computing resources in a cloud computing data center server. In order to release the computing resources of the server and improve the Processing efficiency, the data center generally applies an intelligent network card software and hardware scheme, and network Processing forwarding work originally needing to be processed by a Central Processing Unit (CPU) of the server is offloaded to the intelligent network card Processing, so that the performance of network virtualization Processing of the data center is improved, and the architecture of the data center service is expanded. Therefore, the intelligent network card gets more and more attention, and the design, test and other related technologies of the intelligent network card are developed more and more quickly. In order to adapt to different application characteristics of various industries and provide hardware-level network processing performance, the intelligent network card generally uses an FPGA as a processing carrier of a data plane, and integrates chips such as a CPU and a BMC (Baseboard Management Controller) as carriers of a Management plane. The FPGA serves as a core data processing unit of the intelligent network card, can flexibly and repeatedly program, and well supports flexible and diverse network services of a data center. The development and deployment efficiency of a modern data center is influenced by the rapidity and the safety of the FPGA firmware loading process in the intelligent network card.
Fig. 1 is a deployment architecture of a general FPGA (Field Programmable Gate Array) intelligent network card, which mainly includes an FPGA chip and a CPU chip. Since the FPGA chip is responsible for the main network processing forwarding work, the FPGA is connected with a high-speed network interface, for example, the high-speed network interface is SFP (Small Form Factor connector, hot-Pluggable, and communication protocol independent optical transceiver), host golden finger PCIe (Peripheral Component Interconnect express, high-speed serial computer extended bus standard) interface 1, on-board CPU PCIe interface 2, and DDR (Double Data Rate Synchronous Random Access memory), FLASH memory (which is a non-volatile memory), and I/O (Input/Output) Peripheral for general control. The onboard CPU of the intelligent network card may also mount devices (general architecture, not shown in fig. 1) such as a memory and a hard disk, and is used to run an operating system to manage a service management plane of the intelligent network card. The intelligent Network card onboard BMC chip is connected with the FPAG through an NCSI (Network Controller side Interface), which is an industrial standard of a side band Interface Network Controller defined by a distributed management task group and used for supporting server out-of-band management, and the standard becomes a standard Interface between a management Controller and the Network Controller) Interface for remote management in the later period. The intelligent network card is connected with the remote management server and the local host. The main network data path processing hardware is an FPGA chip. The high-speed network interface of the FPGA is connected to the network cloud, the PCIe interface of the FPGA is connected with the local host, the FPGA is a key chip in the intelligent network card and is a key carrier in the deployment, operation and maintenance of the intelligent network card. The FPGA loading needs to be carried out by means of an external FLASH, the common FPGA firmware is pre-stored in the FLASH, the initialization firmware is read into the FPGA from the FLASH for configuration after the FPGA is powered on, and then the FPGA program is normally operated. When the intelligent network card meets the application scene requirements, after the intelligent network card is deployed in a data center server, the intelligent network card also has the requirement of upgrading or changing the firmware of the FPGA chip. Therefore, the general intelligent network card also needs to have a remote upgrading function.
The remote upgrading mode of the traditional intelligent network card is as follows: the FPGA firmware needing to be upgraded is sent to the processor or the microprocessor from a remote management end through a network, then the processor or the microprocessor finishes the upgrading of the FPGA firmware in the FLASH, and for the intelligent network card, a BMC chip on the card is generally used for processing the upgrading process. The traditional remote upgrading method of the intelligent network card has the following defects: on one hand, the bandwidth of firmware transmission through the management network port of the BMC is low; on the other hand, the upgrading security of the FPGA firmware is poor, and the confidentiality of intelligent network card management is influenced.
Disclosure of Invention
In view of the above, it is necessary to provide a method and an apparatus for upgrading firmware of an FPGA in an intelligent network card, a computer device, and a storage medium.
According to a first aspect of the present invention, there is provided a firmware upgrade method for an FPGA in an intelligent network card, the method including:
in response to the fact that the FPGA is detected to be powered on, sequentially loading and operating basic firmware and initial service firmware from FLASH mounted by the FPGA, wherein the basic firmware is used for enabling the FPGA to be communicated with a remote management end and a host end respectively;
in response to the FPGA receiving a firmware upgrading request sent by a remote management terminal, verifying the safety of a communication link between the FPGA and the remote management terminal;
And in response to the confirmation of the safety of the communication link between the FPGA and the remote management terminal, reading the target service firmware from the remote management terminal, and writing the target service firmware into the FLASH mounted by the FPGA.
In some embodiments, the method further comprises:
in response to the completion of writing the target service firmware into the FLASH mounted by the FPGA, powering off the FPGA;
and in response to the fact that the FPGA is detected to be electrified again, loading and operating the basic firmware and the target service firmware in the FLASH mounted by the FPGA.
In some embodiments, the step of sequentially loading and running the basic firmware and the initial service firmware from the FLASH mounted by the FPGA includes:
firstly, loading and running PCIe interface firmware from a FLASH mounted by an FPGA to complete the initialization of a PCIe interface in the FPGA by a host end;
then loading and operating FPGA network interface firmware, IPSec function firmware and microprocessor firmware from the FLASH mounted by the FPGA so as to enable the FPGA to be provided with a microprocessor module, an IPSec module and a FLASH control module;
and finally, loading the initial service firmware from the FLASH loaded by the FPGA.
In some embodiments, the step of verifying the security of the communication link between the FPGA and the remote management terminal comprises:
Establishing communication with the remote management terminal and the IPSec module respectively by utilizing the microprocessor module and exchanging IPSec keys of the remote management terminal and the IPSec module;
the remote management end and the IPSec module respectively verify the received IPSec key;
responding to the fact that the received IPSec key is verified by the remote management terminal and the IPSec module, and then confirming the safety of a communication link between the FPGA and the remote management terminal;
and responding to the remote management end and/or the IPSec module not verifying the received IPSec key, and confirming that the communication link between the FPGA and the remote management end is unsafe.
In some embodiments, the step of reading the target service firmware from the remote management terminal and writing the target service firmware into the FLASH mounted by the FPGA includes:
reading a target service firmware from the remote management terminal by using the microprocessor module, and sending the target service firmware to the FLASH control module;
and writing the received target service firmware into the position of the initial service firmware in the FLASH mounted by the FPGA by using the FLASH control module.
In some embodiments, the microprocessor module is a MicroBlaze microprocessor or a Nios microprocessor.
In some embodiments, the remote management terminal and the microprocessor module are connected through a high-speed network interface.
According to a second aspect of the present invention, there is provided a firmware upgrading apparatus for an FPGA in an intelligent network card, the apparatus including:
the firmware loading unit is configured to sequentially load and run a basic firmware and an initial service firmware from FLASH mounted by the FPGA in response to the detection of the electrification of the FPGA, wherein the basic firmware is used for enabling the FPGA to respectively communicate with the remote management terminal and the host terminal;
the verification unit is configured to respond to a firmware upgrading request sent by the remote management terminal received by the FPGA, and verify the safety of a communication link between the FPGA and the remote management terminal;
and the firmware writing unit is configured to read the target service firmware from the remote management terminal in response to the confirmation of the safety of the communication link between the FPGA and the remote management terminal, and write the target service firmware into the FLASH mounted by the FPGA.
According to a third aspect of the present invention, there is also provided a computer apparatus comprising:
at least one processor; and
And the memory stores a computer program which can run on the processor, and the processor executes the firmware upgrading method for the FPGA in the intelligent network card when executing the program.
According to a fourth aspect of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the computer program executes the foregoing firmware upgrading method for an FPGA in an intelligent network card.
According to the firmware upgrading method for the FPGA in the intelligent network card, when the FPGA is detected to be powered on, the basic firmware and the initial service firmware are loaded from the FLASH mounted by the FPGA, so that the FPGA is ensured to be respectively communicated with the remote management terminal and the host terminal based on the basic firmware, when the FPGA receives a firmware upgrading request sent by the remote management terminal, the safety of a communication link between the FPGA and the remote management terminal is verified, if the safety of the communication link between the FPGA and the remote management terminal is confirmed, the target service firmware is read from the remote management terminal and written into the FLASH mounted by the FPGA, the FPGA service firmware of the intelligent network card is safely obtained from the remote management terminal to be upgraded under the condition that an external CPU or SoC chip is not used, the deployment and implementation are easy, and the safety is also ensured.
In addition, the firmware upgrading device for the FPGA in the intelligent network card, the computer device and the computer readable storage medium provided by the invention can also achieve the above technical effects, and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a schematic diagram of a deployment architecture of a general FPGA intelligent network card;
fig. 2 is a schematic flowchart of a firmware upgrading method 100 for an FPGA in an intelligent network card according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of another firmware upgrading method 200 for an FPGA in an intelligent network card according to an embodiment of the present invention;
fig. 4 is a schematic diagram of communication among functional modules in an FPGA according to another embodiment of the present invention;
fig. 5 is a flowchart illustrating firmware upgrade executed by each functional module in the FPGA according to another embodiment of the present invention;
Fig. 6 is a schematic structural diagram of a firmware upgrading apparatus 300 for an FPGA in an intelligent network card according to another embodiment of the present invention;
fig. 7 is a schematic diagram of the internal structure of a computer device according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
The abbreviations mentioned in the embodiments of the present invention are explained as follows:
IPSec is a set of protocols established by the IETF (Internet Engineering Task Force) to provide communication security at the IP layer. The IPSec security protocol provides two communication protection mechanisms, namely an Encapsulation Security Payload (ESP) and an Authentication Header (AH). The ESP mechanism provides confidentiality, integrity and data identity authentication protection for communication; the AH mechanism provides integrity and data identity authentication protection for communications.
In an embodiment, referring to fig. 2, the present invention provides a method for upgrading firmware of an FPGA in an intelligent network card, specifically, the method includes the following steps:
step 101, in response to the fact that the FPGA is detected to be powered on, sequentially loading and operating basic firmware and initial service firmware from a FLASH mounted by the FPGA, wherein the basic firmware is used for enabling the FPGA to communicate with a remote management terminal and a host terminal respectively;
in this embodiment, the basic firmware is a firmware that guarantees a basic communication function of the FPGA, and includes a PCIe interface firmware of the FPGA and a firmware for assisting the update of the FPGA firmware to guarantee that the FPAG can normally communicate with the remote management terminal, and the initial service firmware is a normal service firmware of the intelligent network card and includes a function logic related to a formal service of the intelligent network card. The initial service firmware has a specific application scenario, and the initial service firmware can ensure that the FPGA realizes an expected function in the specific scenario.
102, in response to the FPGA receiving a firmware upgrading request sent by a remote management terminal, verifying the safety of a communication link between the FPGA and the remote management terminal;
in this embodiment, the security verification may be any existing verification method, and only needs to mutually confirm that the other party is trusted between the FPGA and the remote management terminal, for example, a user name and an encryption form may be adopted, so that other auxiliary algorithms may be adopted for trusted authentication.
And 103, in response to the confirmation of the safety of the communication link between the FPGA and the remote management terminal, reading the target service firmware from the remote management terminal, and writing the target service firmware into the FLASH mounted by the FPGA.
The target service firmware refers to firmware corresponding to other application scenarios different from the initial service.
According to the firmware upgrading method for the FPGA in the intelligent network card, when the FPGA is detected to be electrified, the basic firmware and the initial service firmware are loaded from the FLASH mounted by the FPGA, so that the communication between the FPGA and the remote management terminal and the communication between the FPGA and the remote management terminal are respectively ensured based on the basic firmware, when the FPGA receives a firmware upgrading request sent by the remote management terminal, the safety of a communication link between the FPGA and the remote management terminal is verified, if the safety of the communication link between the FPGA and the remote management terminal is confirmed, the target service firmware is read from the remote management terminal and written into the FLASH mounted by the FPGA, the FPGA service firmware of the intelligent network card is safely obtained from the remote management terminal to be upgraded under the condition that an external CPU or SoC chip is not used, the deployment and the implementation are easy, and the safety is ensured.
In some embodiments, referring to fig. 3, the present invention further provides a schematic flow chart of another firmware upgrading method 200 for an FPGA in an intelligent network card, where the method further includes the following steps:
Step 201, in response to detecting that the FPGA is powered on, sequentially loading and operating a basic firmware and an initial service firmware from the FLASH mounted by the FPGA, wherein the basic firmware is used for enabling the FPGA to communicate with a remote management terminal and a host terminal respectively;
step 202, in response to the fact that the FPGA receives a firmware upgrading request sent by a remote management terminal, verifying the safety of a communication link between the FPGA and the remote management terminal;
step 203, in response to the confirmation of the security of the communication link between the FPGA and the remote management terminal, reading the target service firmware from the remote management terminal, and writing the target service firmware into the FLASH mounted on the FPGA.
In the present embodiment, the specific operations of steps 201-203 have been described in detail in steps 101-103 in the embodiment shown in fig. 2, and are not described again.
Step 204, in response to the completion of writing the target service firmware into the FLASH mounted by the FPGA, powering off the FPGA;
step 205, in response to detecting that the FPGA is powered on again, loading and running the basic firmware and the target service firmware in the FLASH mounted by the FPGA.
The difference between this embodiment and the previous embodiment is that after the target service firmware writing operation is executed, the FPGA is powered off through the line, and then the FPGA is powered on to read the latest service firmware from the FLASH mounted on the FPGA, so that the FPAG is guaranteed to load the latest firmware in time, and the normal and stable operation of the intelligent network card is guaranteed.
In some embodiments, the step of sequentially loading and running the basic firmware and the initial service firmware from the FLASH mounted by the FPGA includes:
firstly, PCIe interface firmware is loaded and operated from the FLASH mounted by the FPGA to complete the initialization of the PCIe interface in the FPGA by the host end;
then loading and operating FPGA network interface firmware, IPSec function firmware and microprocessor firmware from the FLASH mounted by the FPGA so as to enable the FPGA to be provided with a microprocessor module, an IPSec module and a FLASH control module;
and finally, loading the initial service firmware from the FLASH loaded by the FPGA.
In some embodiments, the step of verifying the security of the communication link between the FPGA and the remote management terminal comprises:
establishing communication with the remote management terminal and the IPSec module respectively by using the microprocessor module and exchanging IPSec keys of the remote management terminal and the IPSec module;
the remote management end and the IPSec module respectively verify the received IPSec key;
responding to the fact that the received IPSec key is verified by the remote management terminal and the IPSec module, and then confirming the safety of a communication link between the FPGA and the remote management terminal;
and responding to the remote management end and/or the IPSec module not verifying the received IPSec key, and confirming that the communication link between the FPGA and the remote management end is unsafe.
In some embodiments, the step of reading the target service firmware from the remote management terminal and writing the target service firmware into the FLASH mounted by the FPGA includes:
reading a target service firmware from the remote management terminal by using the microprocessor module, and sending the target service firmware to the FLASH control module;
and writing the received target service firmware into the position of the initial service firmware in the FLASH mounted by the FPGA by using the FLASH control module.
In some embodiments, the microprocessor module is a MicroBlaze microprocessor or a Nios microprocessor. Wherein the MicroBlaze microprocessor may be a RISC processor soft core optimized by Xilinx corporation that may be embedded in an FPGA, e.g., MicroBlaze version 7.0, and the Nios microprocessor may be a simple low power processor provided by Intel corporation, e.g., Nios V/g, and so on.
In some embodiments, the remote management terminal and the microprocessor module are connected by a high-speed network interface.
In some embodiments, referring to fig. 4 and fig. 5, in order to facilitate understanding of the scheme of the present invention, the following takes as an example that the execution subject is an FPGA, and specifically, the firmware upgrading method for the FPGA in the smart network card includes the following two parts:
A first part: the FPGA firmware is divided into three phases. The first stage is FPGA PCIe interface firmware, the second stage is upgrade management firmware, and the third stage is formal business function related firmware. The firmware of the three stages is loaded in sequence, the function of the FPGA completely runs the data service of the intelligent network card after the integral loading is finished, the upgraded firmware is the third stage firmware generally according to the firmware stage division mode, and the first stage and the second stage do not need to be changed along with the service change.
The first stage firmware functions as follows: because the PCIe protocol requires that the host-connected PCIe device need to complete initialization within 100ms before the host can properly scan the PCIe device. The complete FPGA firmware is large and can not be loaded within 100ms, so that the FPGA firmware related to the PCIe interface is independently processed and loaded at the first time to complete the initialization of the PCIe interface in the FPGA by the host,
the second stage firmware functions as follows: the firmware for upgrading the FPGA firmware comprises an FPGA network interface, an IPSec function realized by the FPGA and microprocessor firmware in the FPGA. The FPGA network interface is used for connecting a remote management server, and a microprocessor in the FPGA is a processor unit realized in the FPGA, such as a microblaze of xilinx or a Nios microprocessor of Intel.
The third stage firmware functions as follows: and the normal intelligent network card business firmware comprises the related functional logic of the formal business of the intelligent network card.
A second part: and upgrading the service firmware based on the function realized by the second stage firmware in the FPGA.
The IPSec module is used for establishing safe connection with a remote server end so as to ensure the safety of the transmission process of the FPGA firmware upgrading data; the IPSec module is used for establishing a secure communication channel between the local intelligent network card and the remote management server, so that the security of network communication can be kept while the network interface is used for flexible deployment and flexible communication, and the firmware is prevented from being attacked and tampered during upgrading.
The MicroBlaze (embedded soft core, a simplified instruction set processor soft core which is optimized by Xilinx company and can be embedded in FPGA) processor is used for establishing basic network connection with a remote server, and performing data distribution, such as sending protocol handshake data to an IPSec module when establishing IPSec safety connection, and sending firmware data to a FLASH control module in the firmware upgrading process; the Microblaze processor is an FPGA microprocessor module provided by xilinx, and may be replaced with other microprocessor modules in an FPGA, such as the Nios microprocessor module of Intel mentioned above. The microprocessor module in the FPGA is used to assist in handling the IPSec protocol handshaking process and the firmware loading process because the microprocessor module can be developed using C language, and the development and deployment of the present invention are accelerated by means of standard software libraries.
The FLASH control module is used for reading and writing the data stored in the FLASH and writing the upgrading firmware into the FLASH. The general FPGA firmware FLASH uses a special FPGA interface, and the FPGA needs to perform read-write operation on the loading FLASH by means of a method provided by an FPGA chip manufacturer.
The process of writing the service firmware of the remote management end to the FLASH through the three modules is as follows:
step one, a remote server side initiates IPSec key exchange to a Microblaze processor;
step two, the Microblaze processor is respectively communicated with the remote server and the IPSec module, so that the remote server and the intelligent network card complete IPSec protocol negotiation, and secure communication is established;
step three, the remote management server side starts to send FPGA upgrading firmware (namely new business related firmware);
step four, the Microblaze processor in the intelligent network card FPGA receives the upgrade firmware (namely the new business related firmware), and provides a FLASH control module to write the new business related firmware into the FLASH;
and step five, finishing the writing and upgrading of the firmware after the writing of the firmware is finished.
A firmware upgrading method for FPGA in an intelligent network card is characterized in that a staged firmware loading mode is adopted, a safety upgrading function module is realized in firmware of a second stage while the requirement of a host on the initialization time of a PCIe interface of the FPGA is guaranteed in a first stage, meanwhile, the firmware of the second stage is realized by a high-speed network interface in the FPGA and an IPSec safety module in a microprocessor core, a safety communication channel of an external management service end is realized, so that the data safety of the FPGA firmware in remote transmission is guaranteed, and the safety upgrading is realized.
In some embodiments, referring to fig. 6, the present invention further provides a firmware upgrading apparatus 300 for an FPGA in an intelligent network card, where the apparatus includes:
a firmware loading unit 301, configured to sequentially load and run a basic firmware and an initial service firmware from a FLASH mounted by the FPGA in response to detecting that the FPGA is powered on, where the basic firmware is used to enable the FPGA to communicate with the remote management terminal and the host terminal, respectively;
a verification unit 302, configured to verify security of a communication link between the FPGA and the remote management terminal in response to the FPGA receiving a firmware upgrade request sent by the remote management terminal;
a firmware writing unit 303, configured to, in response to determining that a communication link between the FPGA and the remote management end is secure, read the target service firmware from the remote management end, and write the target service firmware into the FLASH mounted on the FPGA.
According to the firmware upgrading device for the FPGA in the intelligent network card, when the situation that the FPGA is electrified is detected, basic firmware and initial service firmware are loaded from the FLASH mounted by the FPGA, so that the situation that the FPGA is respectively communicated with the remote management terminal and the host terminal based on the basic firmware is ensured, when the FPGA receives a firmware upgrading request sent by the remote management terminal, the safety of a communication link between the FPGA and the remote management terminal is verified, if the safety of the communication link between the FPGA and the remote management terminal is confirmed, the target service firmware is read from the remote management terminal and written into the FLASH mounted by the FPGA, the situation that the FPGA service firmware of the intelligent network card is safely obtained from the remote management terminal for upgrading under the condition that an external CPU or an SoC chip is not used is achieved, deployment is easy, and implementation is achieved, and meanwhile the safety is ensured.
It should be noted that, for specific limitations of the firmware upgrading apparatus for the FPGA in the intelligent network card, reference may be made to the above limitations of the firmware upgrading method for the FPGA in the intelligent network card, and details are not described here again. All or part of each unit in the firmware upgrading device for the FPGA in the intelligent network card can be realized through software, hardware and combination thereof. The units can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the units.
According to another aspect of the present invention, a computer device is provided, which may be a server, and the internal structure of the computer device is shown in fig. 7. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data. The network interface of the computer device is used for communicating with an external terminal through a network connection. When being executed by a processor, the computer program realizes the firmware upgrading method for the FPGA in the intelligent network card, and specifically, the method comprises the following steps:
In response to the detection that the FPGA is electrified, sequentially loading and operating basic firmware and initial service firmware from FLASH mounted by the FPGA, wherein the basic firmware is used for enabling the FPGA to respectively communicate with a remote management terminal and a host terminal;
responding to a firmware upgrading request sent by a remote management terminal received by the FPGA, and verifying the safety of a communication link between the FPGA and the remote management terminal;
and in response to the confirmation of the safety of the communication link between the FPGA and the remote management terminal, reading the target service firmware from the remote management terminal, and writing the target service firmware into the FLASH mounted by the FPGA.
According to still another aspect of the present invention, there is provided a computer-readable storage medium, on which a computer program is stored, the computer program, when executed by a processor, implementing the above-mentioned firmware upgrading method for an FPGA in an intelligent network card, specifically, the method includes the following steps:
in response to the fact that the FPGA is detected to be powered on, sequentially loading and operating basic firmware and initial service firmware from FLASH mounted by the FPGA, wherein the basic firmware is used for enabling the FPGA to be communicated with a remote management end and a host end respectively;
in response to the FPGA receiving a firmware upgrading request sent by a remote management terminal, verifying the safety of a communication link between the FPGA and the remote management terminal;
And in response to the confirmation of the safety of the communication link between the FPGA and the remote management terminal, reading the target service firmware from the remote management terminal, and writing the target service firmware into the FLASH mounted by the FPGA.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by hardware instructions of a computer program, which may be stored in a non-volatile computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), Rambus (Rambus) direct RAM (RDRAM), direct bused dynamic RAM (DRDRAM), and bused dynamic RAM (RDRAM).
All possible combinations of the technical features in the above embodiments may not be described for the sake of brevity, but should be considered as being within the scope of the present disclosure as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is specific and detailed, but not to be understood as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present patent application shall be subject to the appended claims.

Claims (10)

1. A firmware upgrading method for an FPGA in an intelligent network card is characterized by comprising the following steps:
in response to the fact that the FPGA is detected to be powered on, sequentially loading and operating basic firmware and initial service firmware from FLASH mounted by the FPGA, wherein the basic firmware is used for enabling the FPGA to be communicated with a remote management end and a host end respectively;
responding to a firmware upgrading request sent by a remote management terminal received by the FPGA, and verifying the safety of a communication link between the FPGA and the remote management terminal;
And in response to the confirmation of the safety of the communication link between the FPGA and the remote management terminal, reading the target service firmware from the remote management terminal, and writing the target service firmware into the FLASH mounted by the FPGA.
2. The method for upgrading the firmware of the FPGA in the intelligent network card according to claim 1, further comprising:
in response to the completion of writing the target service firmware into the FLASH mounted by the FPGA, powering off the FPGA;
and in response to the fact that the FPGA is detected to be electrified again, loading and operating the basic firmware and the target service firmware in the FLASH mounted by the FPGA.
3. The method for upgrading firmware of an FPGA in an intelligent network card according to claim 1, wherein the step of sequentially loading and running the basic firmware and the initial service firmware from the FLASH mounted on the FPGA comprises:
firstly, PCIe interface firmware is loaded and operated from the FLASH mounted by the FPGA to complete the initialization of the PCIe interface in the FPGA by the host end;
then loading and operating FPGA network interface firmware, IPSec function firmware and microprocessor firmware from the FLASH mounted by the FPGA so as to enable the FPGA to be provided with a microprocessor module, an IPSec module and a FLASH control module;
and finally, loading the initial service firmware from the FLASH loaded by the FPGA.
4. The method for upgrading firmware of an FPGA in an intelligent network card according to claim 3, wherein the step of verifying the security of the communication link between the FPGA and the remote management terminal comprises:
establishing communication with the remote management terminal and the IPSec module respectively by using the microprocessor module and exchanging IPSec keys of the remote management terminal and the IPSec module;
the remote management end and the IPSec module respectively verify the received IPSec key;
responding to the fact that the received IPSec key is verified by the remote management terminal and the IPSec module, and then confirming the safety of a communication link between the FPGA and the remote management terminal;
and responding to the remote management end and/or the IPSec module not verifying the received IPSec key, and confirming that the communication link between the FPGA and the remote management end is unsafe.
5. The method according to claim 3, wherein the step of reading the target service firmware from the remote management terminal and writing the target service firmware into the FLASH mounted on the FPGA comprises:
reading a target service firmware from the remote management terminal by using the microprocessor module, and sending the target service firmware to the FLASH control module;
And writing the received target service firmware into the position of the initial service firmware in the FLASH mounted by the FPGA by using the FLASH control module.
6. The firmware upgrade method for the FPGA in the intelligent network card according to claim 3, wherein the microprocessor module is a MicroBlaze microprocessor or a Nios microprocessor.
7. The firmware upgrading method for the FPGA in the intelligent network card according to claim 3, wherein the remote management terminal and the microprocessor module are connected through a high-speed network interface.
8. A firmware upgrading device for FPGA in intelligent network card, characterized in that, the device includes:
the firmware loading unit is configured to sequentially load and run basic firmware and initial service firmware from FLASH mounted by the FPGA in response to the detection that the FPGA is powered on, wherein the basic firmware is used for enabling the FPGA to communicate with the remote management terminal and the host terminal respectively;
the verification unit is configured to respond to a firmware upgrading request sent by the remote management terminal received by the FPGA, and verify the safety of a communication link between the FPGA and the remote management terminal;
And the firmware writing unit is configured to read the target service firmware from the remote management terminal in response to the confirmation of the safety of the communication link between the FPGA and the remote management terminal, and write the target service firmware into the FLASH mounted by the FPGA.
9. A computer device, comprising:
at least one processor; and
a memory storing a computer program operable in the processor, the processor executing the program to perform the firmware upgrade method for the FPGA in the smart card according to any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, wherein the computer program is executed by a processor to execute the firmware upgrade method for FPGA in an intelligent network card according to any one of claims 1 to 7.
CN202210096510.8A 2022-01-26 2022-01-26 Firmware upgrading method and device for FPGA in intelligent network card Pending CN114567550A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210096510.8A CN114567550A (en) 2022-01-26 2022-01-26 Firmware upgrading method and device for FPGA in intelligent network card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210096510.8A CN114567550A (en) 2022-01-26 2022-01-26 Firmware upgrading method and device for FPGA in intelligent network card

Publications (1)

Publication Number Publication Date
CN114567550A true CN114567550A (en) 2022-05-31

Family

ID=81714063

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210096510.8A Pending CN114567550A (en) 2022-01-26 2022-01-26 Firmware upgrading method and device for FPGA in intelligent network card

Country Status (1)

Country Link
CN (1) CN114567550A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115048130A (en) * 2022-08-17 2022-09-13 北京左江科技股份有限公司 FPGA-based firmware program reliable online upgrading system and method
CN116015986A (en) * 2022-12-16 2023-04-25 苏州浪潮智能科技有限公司 Intelligent network card management method and related components

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102279756A (en) * 2010-06-11 2011-12-14 英业达股份有限公司 CPLD (Complex Programmable Logic Device) firmware updating method
CN107465542A (en) * 2017-08-01 2017-12-12 郑州云海信息技术有限公司 A kind of remote management FPGA method and system
CN109343873A (en) * 2018-08-28 2019-02-15 九阳股份有限公司 A kind of intelligent appliance remote upgrade control method
CN110378153A (en) * 2019-07-18 2019-10-25 上海擎感智能科技有限公司 A kind of upgrade package safety downloading method and system
CN111625263A (en) * 2020-05-22 2020-09-04 苏州浪潮智能科技有限公司 Server component firmware updating method
CN111736871A (en) * 2020-06-22 2020-10-02 天津美腾科技股份有限公司 FPGA chip upgrading method, device and system
CN113641381A (en) * 2021-07-26 2021-11-12 珠海格力电器股份有限公司 DSP firmware remote upgrading device and method and industrial robot

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102279756A (en) * 2010-06-11 2011-12-14 英业达股份有限公司 CPLD (Complex Programmable Logic Device) firmware updating method
CN107465542A (en) * 2017-08-01 2017-12-12 郑州云海信息技术有限公司 A kind of remote management FPGA method and system
CN109343873A (en) * 2018-08-28 2019-02-15 九阳股份有限公司 A kind of intelligent appliance remote upgrade control method
CN110378153A (en) * 2019-07-18 2019-10-25 上海擎感智能科技有限公司 A kind of upgrade package safety downloading method and system
CN111625263A (en) * 2020-05-22 2020-09-04 苏州浪潮智能科技有限公司 Server component firmware updating method
CN111736871A (en) * 2020-06-22 2020-10-02 天津美腾科技股份有限公司 FPGA chip upgrading method, device and system
CN113641381A (en) * 2021-07-26 2021-11-12 珠海格力电器股份有限公司 DSP firmware remote upgrading device and method and industrial robot

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115048130A (en) * 2022-08-17 2022-09-13 北京左江科技股份有限公司 FPGA-based firmware program reliable online upgrading system and method
CN116015986A (en) * 2022-12-16 2023-04-25 苏州浪潮智能科技有限公司 Intelligent network card management method and related components
CN116015986B (en) * 2022-12-16 2024-06-04 苏州浪潮智能科技有限公司 Intelligent network card management method and related components

Similar Documents

Publication Publication Date Title
CN114567550A (en) Firmware upgrading method and device for FPGA in intelligent network card
US20180246713A1 (en) Method for programming vehicle electronic control modules
US11334660B2 (en) Authenticated discoverability of Universal Windows Applications to Win32 desktop applications
US9864606B2 (en) Methods for configurable hardware logic device reloading and devices thereof
CN111612614A (en) Public link-based sub-chain service system
US10274919B2 (en) Method, device and computer program product for programming a plurality of control units
CN110532106B (en) Inter-process communication method, device, equipment and storage medium
WO2024007987A1 (en) Vehicle-end firmware upgrading method and apparatus for digital key system, and device and medium
US11256494B2 (en) ECU and peripherals update using central dispatch unit
CN115310145A (en) Privacy computing system, method, device, equipment and medium
WO2020158377A1 (en) Electronic control device and security verification method for electronic control device
CN114064091A (en) OTA (over the air) upgrade control method and device, electronic equipment and automatic driving vehicle
CN103907094A (en) Serialization of access to data in multi-mainframe computing environments
CN111522571A (en) Equipment upgrading method and device, terminal equipment and storage medium
CN111259376A (en) Authority configuration method, device, server and storage medium
CN116010118A (en) Deployment method and device of blockchain nodes and terminal equipment
CN114637525A (en) Method, device, equipment and medium for compatibility of SDK and access application
KR102354062B1 (en) Direct memory access control device and operating method for the same
CN112968809B (en) Method and device for testing system stability and compatibility
CN113791810B (en) ZYNQ platform-based remote upgrading method, device and system
CN111625836B (en) Trusted guiding method for entrance guard type electronic equipment
JP7314935B2 (en) System, server, verification method and program
US20240104217A1 (en) Computer-readable storage medium, gateway for transmitting the same, and software update method using the same
EP3982250A1 (en) Generation of code for a system
EP3993458A1 (en) Enrollment of enrollee devices to a wireless network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination