CN115270100A - Safety protection method, device and system - Google Patents

Safety protection method, device and system Download PDF

Info

Publication number
CN115270100A
CN115270100A CN202110474850.5A CN202110474850A CN115270100A CN 115270100 A CN115270100 A CN 115270100A CN 202110474850 A CN202110474850 A CN 202110474850A CN 115270100 A CN115270100 A CN 115270100A
Authority
CN
China
Prior art keywords
command
sfc
words
tcm
core
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110474850.5A
Other languages
Chinese (zh)
Inventor
邵萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202110474850.5A priority Critical patent/CN115270100A/en
Priority to PCT/CN2021/140684 priority patent/WO2022227641A1/en
Publication of CN115270100A publication Critical patent/CN115270100A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a safety protection method, a safety protection device and a safety protection system, which can improve the safety of BMC. In the embodiment of the application, the internal architecture of the BMC main control chip is divided into a security domain and a non-security domain which are physically isolated, and the interface of the SFC is butted with the TCM to realize system integration of the TCM, so that after the BMC main control chip is powered on and started, a trusted source point can be established by using the trusted capability of the TCM, and the whole process from the powered on and started to the normal operation of software is subjected to trusted measurement, so that the codes at all levels are not damaged, tampered or implanted with illegal codes before being loaded and operated, and the software execution environment of the BMC can be trusted.

Description

Safety protection method, device and system
Technical Field
The present application relates to the field of computer and communications technologies, and in particular, to a security protection method, apparatus, and system.
Background
Currently, a base-Board Management Controller (BMC) has become a key component of a server, and is a management subsystem operating in the server alone. The BMC serves as a platform management system, has a series of monitoring and control functions, and is mainly used for monitoring the temperature, voltage, a fan, a power supply and the like of a server and carrying out corresponding adjustment so as to ensure that the server is in a healthy state.
In the process of starting the server, the BMC is usually started before the server operating system is powered on, and the power-on switch and the time sequence of the server can be controlled through a special programmable logic circuit. The BMC also has a serious security threat while providing rich operation and maintenance management and control capabilities for the server. Therefore, if the BMC is subjected to security protection, the problem to be solved urgently is solved.
Disclosure of Invention
The application provides a safety protection method, a safety protection device and a safety protection system, which can improve the safety of BMC.
In a first aspect, an embodiment of the present application provides a BMC, where the BMC includes a security domain and a non-security domain, and the security domain is physically isolated from the non-security domain; the security domain comprises a serial flash memory controller (SFC) and a first core, wherein the SFC is used for being connected with a Trusted Cryptography Module (TCM), and the first core is used for realizing the security function of the BMC through the interaction of the SFC and the TCM.
In the embodiment of the application, the internal architecture of the BMC main control chip is divided into a security domain and a non-security domain which are physically isolated, and the interface of the SFC is butted with the TCM to realize system integration of the TCM, so that after the BMC main control chip is powered on and started, a trusted source point can be established by using the trusted capability of the TCM, and the whole process from the powered on and started to the normal operation of software is subjected to trusted measurement, so that the codes at all levels are not damaged, tampered or implanted with illegal codes before being loaded and operated, and the software execution environment of the BMC can be trusted.
In one possible design, the SFC is connected to the first core via an Advanced Peripheral Bus (APB).
In one possible design, the SFC includes a Clock (CLK) signal terminal, a Serial Input Output (SIO) signal terminal, a Serial Output Input (SOI) signal terminal, and a chip select signal (CSN) signal terminal.
In one possible design, the first core is to generate a first command, the first command to interact with the TCM; the first command comprises A control words, B address words and C load words, wherein A is an integer larger than 0, B is an integer larger than 0, C is an integer larger than 0, the sum of A, B and C is not larger than N, N is the total number of bytes included by the first command, the control words are used for indicating read operation or write operation, the address words are used for carrying address information, and the load words are used for carrying the load of the first command.
In one possible design, the A control words are the 1 st to a bytes of the first command, the a +1 st to B bytes of the B address words, the C payload words are the B +1 st to N bytes of the first command, a is an integer greater than 1 and less than N, and B is an integer greater than a +1 and less than N.
In the design, the interface of the SFC is transformed by transposition of software and hardware protocols and is butted with the TCM to realize system integration of the TCM, and the communication and control of the SFC interface on the TCM only have two functional states of sending and receiving, so that the SFC interface has high reliability, the state and the content of the TCM can not be read and written by the outside, and only commands can be written in a specified address area or functional output information can be read, thereby ensuring that the module is not easy to be tampered, hijacked and counterfeited.
In one possible design, the first command is a read command or a write command; or, the first command is a response command for notifying the TCM to send a second command, where the second command is a read command or a write command sent by the first core to the TCM through the SFC.
In one possible design, the non-secure domain includes a second core, and/or a peripheral, where the second core is used to run an operating system.
In a second aspect, an embodiment of the present application provides a security protection system, where the system includes the BMC and the TCM described in the first aspect, and a security domain in the BMC is connected to the TCM through an SFC.
In the embodiment of the application, the SFC interface of the BMC security domain is butted with the TCM to realize system integration of the TCM, so that after the BMC main control chip is powered on and started, a trusted source point can be established by using the trusted capability of the TCM, and the whole process from power-on starting to normal operation of software is subjected to trusted measurement, so that codes at all levels are not damaged, tampered or implanted with illegal codes before loading and operation, and the trust of the software execution environment of the BMC can be ensured.
In one possible design, the SFC and TCM satisfy the following connection relationships:
the CLK signal end of the SFC is connected with the CLK signal end of the TCM, and can be used as a TCM interface SPI bus synchronous clock signal and a timing reference signal of the TCM interface signal;
the SIO signal end of the SFC is connected with the MOSI signal end of the TCM and can be used as a data input signal channel of the SPI bus of the TCM interface;
the SOI signal end of the SFC is connected with the MISO signal end of the TCM and can be used as a TCM interface SPI bus data output signal channel;
the CSN signal end of the SFC is connected with the CS signal end of the TCM and can be used as a TCM interface SPI bus chip selection signal, wherein the low level is effective, and the high level can be defaulted when the first core and the TCM are not interacted.
In one possible design, a general purpose input/output (GPIO) signal terminal of the security domain is connected to a physical in-place (PP) signal terminal of the TCM, and is active high as a TCM interface physical in-place signal, and defaults to high when the TCM is connected to the first core.
In a third aspect, an embodiment of the present application provides a security protection method, where the method is applied to a BMC, and the method includes: a first core generates a first command, wherein the first command comprises a control words, B address words and C payload words, a is an integer greater than 0, B is an integer greater than 0, a is an integer greater than 0, the sum of A, B and C is not greater than N, and N is the total number of bytes included in the first command, wherein the control words are used for indicating read operation or write operation, the address words are used for carrying address information, and the payload words are used for carrying the payload of the first command; the first core sends a first command to the TCM through the SFC.
In the embodiment of the application, the system integration of the TCM is realized by transposing and transforming the soft and hardware protocols of the interface of the SFC and butting the interface with the TCM, and the communication and control of the SFC to the TCM are only in two functional states of sending and receiving, so that the SFC has high reliability, the state and the content of the TCM can not be read and written by the outside, and only commands can be written in a specified address area or functional output information can be read, so that the module can be prevented from being tampered, hijacked and counterfeited easily.
In one possible design, the A control words are bytes 1-a of the first command, the a + 1-B bytes of the B address words, the C payload words are bytes B + 1-N of the first command, a is an integer greater than 1 and less than N, and B is an integer greater than a +1 and less than N.
In one possible design, the first core sends a first command to the TCM through the SFC, including: the first core writes A control bytes into an instruction register of the SFC; the first core writes the B address bytes into an address register of the SFC; the first core writes C load bytes into a command sending data cache region of the SFC; the first core triggers a command write operation. Through the design, the data format of the write command can be prevented from being damaged, so that the accuracy of command transmission can be improved.
In one possible design, the first core triggers a command write operation, including: the first core sets a command write control bit of the SFC to a first value, the first value for triggering a command write operation.
In one possible design, the first command is a read command or a write command.
In one possible design, the C payload words include C1 command identification words, C2 command length words, C3 command codes, and C4 payload words, where C1 is an integer greater than 0 and smaller than C, C2 is an integer greater than 0 and smaller than C, C3 is an integer greater than 0 and smaller than C, C4 is an integer greater than 0 and smaller than C, and the sum of C1, C2, C3, and C4 is not greater than C, where the command identification words are used to carry an identification of the first command, the command length words are used to indicate the length of the first command, the command codes are used to carry codes of the first command, and the payload words are used to carry a payload of the first command.
In one possible design, the C1 command identification words are b +1 to C bytes of the first command, the C2 command length words are C +1 to d bytes of the first command, the C3 command codes are d +1 to e bytes of the first command, and the C4 payload words are e +1 to N bytes of the first command, where C is an integer greater than b +1 and less than N, d is an integer greater than C +1 and less than N, and e is an integer greater than d +1 and less than N.
In one possible design, the first command is a response command that informs the TCM to send a second command, which is a read command or a write command sent by the BMC to the TCM.
In one possible design, the C payload words include C1 command identification words, C2 command length words, C3 return codes, C4 command codes, and C5 payload words, where C1 is an integer greater than 0 and less than C, C2 is an integer greater than 0 and less than C, C3 is an integer greater than 0 and less than C, C4 is an integer greater than 0 and less than C, C5 is an integer greater than 0 and less than C, and the sum of C1, C2, C3, C4, and C5 is not greater than C, where the command identification words are used to carry the identification of the first command, the command length words are used to indicate the length of the first command, the return codes are used to carry the return codes of the first command, the command codes are used to carry the code of the first command, and the payload words are used to carry the payload of the first command.
In one possible design, c1 command identification words are b +1 to c bytes of the first command, c2 command length words are c +1 to d bytes of the first command, c3 return codes are d +1 to e bytes of the first command, c4 command codes are e +1 to f bytes of the first command, and c5 payload words are f +1 to N bytes of the first command, where c is an integer greater than b +1 and less than N, d is an integer greater than c +1 and less than N, and e is an integer greater than d +1 and less than N.
In one possible design, after the first core sends the first command to the TCM through the SFC, the method further includes: the first core receives a response command to the second command through the SFC.
In one possible design, the first core receives a response command to the second command through the SFC, including: the method comprises the steps that a first core triggers command read operation, wherein a CSN signal end of an SFC is at a high level in a first time period and at a low level in a second time period during the command read operation, the starting point of the first time period is the moment when the first core triggers the command read operation, the duration of the first time period is the time length corresponding to b bytes, the starting point of the second time period is the end point of the first time period, and the end point of the second time period is the moment when the command read operation ends; a first core reads bytes cached in a data cache region by a command of the SFC; the first core saves the read byte to a Static Random Access Memory (SRAM). The design enables the first core to start reading from the valid data, so that the accuracy of command transmission can be improved.
In one possible design, the first core receives a response command to the second command through the SFC, including: triggering a command read operation after a first time interval by a first core, wherein the first time interval is a time length corresponding to b bytes, and a CSN signal end of the SFC in a read state is at a low level; a first core reads bytes cached in a data cache region by a command of the SFC; the first core saves the read byte to SRAM. The design enables the first core to start reading from the valid data, so that the accuracy of command transmission can be improved.
In a fourth aspect, an embodiment of the present application provides a security protection apparatus, including at least one processor, coupled with at least one memory: the at least one processor is configured to execute the computer program or instructions stored in the at least one memory to cause the apparatus to perform the method of the third aspect and any possible design thereof. Optionally, the apparatus further comprises a communication interface, the processor being coupled to the communication interface. The communication interface may be an input/output interface of the chip.
In a fifth aspect, embodiments of the present application provide a computing device comprising a processor and a memory, the processor comprising a plurality of processor cores; the memory for storing computer programs or instructions; the processor is configured to execute a computer program or instructions to implement the method according to the third aspect and any possible design thereof.
In a sixth aspect, the present application provides a readable storage medium for storing instructions that, when executed, enable the method of the third aspect and any possible design thereof to be implemented.
In a seventh aspect, the present application provides a computer program product containing instructions, which when executed on a computer, causes the computer to perform the method of the third aspect and any possible design thereof.
In an eighth aspect, an embodiment of the present application provides a chip system, including: the chip system can also comprise an interface circuit, wherein the interface circuit is used for receiving the program or the instruction and transmitting the program or the instruction to the processor; the program or instructions, when executed by the processor, cause the system-on-chip to implement the method of the third aspect and any possible design thereof.
Optionally, the system on a chip may have one or more processors. The processor may be implemented by hardware or by software. When implemented in hardware, the processor may be a logic circuit, an integrated circuit, or the like. When implemented in software, the processor may be a general-purpose processor implemented by reading software code stored in a memory.
Optionally, the memory in the system-on-chip may also be one or more. The memory may be integrated with the processor or may be separate from the processor, which is not limited in this application. For example, the memory may be a non-transitory processor, such as a read-only memory (ROM), which may be integrated on the same chip as the processor or may be separately disposed on different chips.
The present application may be further combined to provide further implementations on the basis of the implementations provided by the above aspects.
The advantageous effects of the above fourth to eighth aspects and any possible design thereof can be seen in the advantageous effects of the third aspect and any possible design thereof.
Drawings
Fig. 1 is a schematic structural diagram of an integrated system of BMC and TCM according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a command format according to an embodiment of the present application;
FIG. 3 is a diagram illustrating a read/write command format according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a command format according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a safety protection system according to an embodiment of the present application;
fig. 6 is a schematic flowchart of a security protection method according to an embodiment of the present application;
FIG. 7 is a signal diagram illustrating a write operation according to an embodiment of the present application;
FIG. 8 is a signal diagram illustrating a write operation according to an embodiment of the present application;
FIG. 9 is a signal diagram illustrating a read operation according to an embodiment of the present application;
FIG. 10 is a signal diagram illustrating a read operation according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a safety protection device according to an embodiment of the present application.
Detailed Description
In order to solve the problems mentioned in the background art, embodiments of the present application provide a security protection method, device, and system, which can improve the security of the BMC. The method and the device are based on the same technical conception, and because the principle of solving the problems of the method and the device is similar, the implementation of the device and the method can be mutually referred, and repeated parts are not described again.
Hereinafter, some terms in the present application are explained to facilitate understanding by those skilled in the art.
BMC: the key component of the server is a management subsystem which operates solely within the server. The BMC serves as a platform management system, has a series of monitoring and control functions, and is mainly used for monitoring the temperature, voltage, a fan, a power supply and the like of a server and carrying out corresponding adjustment so as to ensure that the server is in a healthy state. The hardware is the first power-on starting component of the mainboard of the server and the out-of-band management system.
TCM: a set of hardware and firmware is constructed for a secure computing environment. Its core functions may include: platform integrity measurement and verification, platform trusted identity identification and authentication, platform data protection and the like.
Core of trusted metric root (CRTM): and establishing a platform measurement root and guaranteeing a core function code or module of integrity measurement. The CRTM is typically the first piece of code executed after a power-up start of the server's independent system.
A trusted source point: a trusted source is a component that must be trusted. In a trusted platform, a trusted source point contains three trusted roots: a Root of Trust for Measurement (RTM), a Root of Trust for Storage (RTS), and a Root of Trust for Reporting (RTR).
SFC-TCM interface: the serial interface of the trusted cryptographic module is connected with the serial interface of the trusted cryptographic module by the interface of the Serial Flash Controller (SFC), so that the collection of the physical bus interface and the driving software integrated by the trusted cryptographic module system can be realized.
The technical features related to the embodiments of the present application are described below.
The BMC is used as an independent management control subsystem in the server and is a subsystem started by the server first, and can control a power-on switch and a time sequence of the server system through a special programmable logic circuit. The BMC also has a serious security threat while providing rich operation and maintenance management and control capabilities for the server. The server firmware and software, as well as the firmware and software systems in the BMC, will threaten the security of the overall server's state, control, and environmental configuration if they are implanted with malicious code. The BMC can be subjected to security protection through the BMC integrated TCM.
At present, a hardware design of integrating TCM based on BMC is shown in fig. 1, and a hardware structure thereof is characterized in that a Serial Peripheral Interface (SPI) interface based on BMC is directly connected to an SPI interface of TCM, thereby realizing system integration based on SPI bus. The software architecture is characterized in that BMC software (or firmware) realizes communication flow and state control of the TCM interface based on the SPI interface.
However, in the scheme, a BMC non-secure domain interface (i.e., SPI interface) is used to implement system integration on the TCM, and an attack plane of the TCM is expanded, so that the operation and maintenance management application software running on the BMC has a possibility of directly accessing or tampering the state and content of the TCM. In addition, the scheme does not obtain credible measurement or security guarantee for the driving of the SPI interface, the storage and execution environment of communication state control, and the possibility of tampering, hijacking or counterfeiting the TCM command interface aiming at the malicious code implanted into the interface driving of the TCM by the BMC exists. In addition, the scheme realizes the control of the TCM state in BMC software, the state definition and the function state are complex, and application middleware of the scheme has potential safety hazards and does not conform to an international universal trusted cryptography module access mode. Moreover, the software of the BMC for interfacing the TCM needs to acquire the physical in-place state of the TCM by querying the state of the SPI bus, and the software flow is complex.
The embodiment of the application provides a safety protection method, a safety protection device and a safety protection system. In the embodiment of the application, the internal architecture of the BMC master control chip is divided into a security domain and a non-security domain which are physically isolated, the transposition transformation of software and hardware protocols is carried out on an interface of an SFC, and the interface is butted with a TCM (trusted form-coded modulation), so that the system integration of the TCM is realized, after the BMC master control chip is powered on and started, a trusted source point can be established by utilizing the trusted capability of the TCM, and the whole process from the power-on starting to the normal running of software is subjected to trusted measurement, so that codes at all levels are not damaged, tampered or implanted with illegal codes before loading and running, and the trust of the software execution environment of the BMC can be ensured.
The following describes the BMC provided in the embodiments of the present application.
The main control chip of the BMC comprises a security domain and a non-security domain, and the security domain is physically isolated from the non-security domain. The main control chip of the BMC includes at least two cores, where one core is in a secure domain and the other core is in a non-secure domain, and the two cores are two independent cores in hardware, or the two cores are located in two independent areas of the same silicon chip in hardware, or the two cores are two independent silicon chips in hardware.
The security domain comprises an SFC and a first core, wherein the SFC is used for being connected with the TCM, and the first core is used for realizing the security function of the BMC through the interaction of the SFC and the TCM, for example, the platform integrity measurement and verification, the platform trusted identity identification and authentication, the platform data protection and the like are carried out on the BMC.
Optionally, the non-secure domain may include a second core, and may further include a peripheral device, where the second core is used to run an operating system.
Because the security domain is physically separated from the non-security domain, the kernel deployed in the non-security domain and software running on the kernel cannot access the SFC interface of the security domain, so that attack surfaces of the TCM can be reduced, and the possibility of accessing or tampering states and contents of the TCM can be reduced.
In one implementation, a first core is configured to generate a first command, the first command configured to interact with a TCM. Wherein, the first command can be a read command or a write command; alternatively, the first command may also be a response command for acquiring a second command, where the second command is a read command or a write command sent by the first core to the TCM through the SFC.
Optionally, the first command includes a control words, B address words, and C payload words, where a is an integer greater than 0, B is an integer greater than 0, a is a sum of A, B and C is not greater than N, and N is a total number of bytes included in the first command, where the control words are used to indicate a read operation or a write operation, the address words are used to carry address information, and the payload words are used to carry a payload of the first command.
Illustratively, bytes 1 to a of the first command are control words for indicating a read operation or a write operation, bytes a +1 to b of the first command are address words for carrying address information, bytes b +1 to N of the first command are payload words for carrying a payload of the first command, N is the total number of bytes included in the first command, a is an integer greater than 1 and less than N, and b is an integer greater than a +1 and less than N.
For example, the 1 st byte of the first command is used to indicate a read operation or a write operation, the 2 nd to 4 th bytes of the first command are used to carry address information, and the 5 th to N th bytes of the first command are used to carry a payload of the first command, as shown in fig. 2.
Optionally, N may be an integer no greater than the maximum length that the SFC can transmit data, for example, the maximum length that the SFC can transmit data is 128, N may be an integer no greater than 128, such as N is 128, and so on.
In one example, the first command is a read command or a write command. The C payload words comprise C1 command identification words, C2 command length words, C3 command codes and C4 payload words, wherein C1 is an integer which is larger than 0 and smaller than C, C2 is an integer which is larger than 0 and smaller than C, C3 is an integer which is larger than 0 and smaller than C, C4 is an integer which is larger than 0 and smaller than C, and the sum of C1, C2, C3 and C4 is not larger than C, the command identification words are used for carrying an identification of the first command, the command length words are used for indicating the length of the first command, the command codes are used for carrying codes of the first command, and the payload words are used for carrying a payload of the first command.
For example, the b +1 th to c th bytes of the first command are command identification words for carrying an identification of the first command, the c +1 th to d th bytes of the first command are command length words for indicating the length of the first command, the d +1 th to e th bytes of the first command are command codes for carrying a code of the first command, and the e +1 th to N th bytes of the first command can carry a payload of the first command, where c is an integer greater than b +1 and less than N, d is an integer greater than c +1 and less than N, and e is an integer greater than d +1 and less than N.
For example, the 1 st byte of the first command is used to indicate a read operation or a write operation, the 2 nd to 4 th bytes of the first command are used to carry address information, the 5 th to 6 th bytes of the first command may carry an identifier of the first command, the 7 th to 10 th bytes of the first command may indicate a length of the first command, the 11 th to 14 th bytes of the first command may carry a code of the first command, and the 15 th to N th bytes of the first command may carry a payload of the first command, as shown in fig. 3.
In another example, the first command is a response command that informs the TCM to send a second command, which is a read command or a write command sent by the BMC to the TCM. The C payload words comprise C1 command identification words, C2 command length words, C3 return codes, C4 command codes and C5 payload words, wherein C1 is an integer which is greater than 0 and less than C, C2 is an integer which is greater than 0 and less than C, C3 is an integer which is greater than 0 and less than C, C4 is an integer which is greater than 0 and less than C, C5 is an integer which is greater than 0 and less than C, and the sum of C1, C2, C3, C4 and C5 is not greater than C, wherein the command identification words are used for carrying an identification of the first command, the command length words are used for indicating the length of the first command, the return codes are used for carrying the return codes of the first command, the command codes are used for carrying the codes of the first command, and the payload words are used for carrying the payload of the first command.
For example, bytes b +1 to c of the first command are command identification words for carrying an identification of the first command, bytes c +1 to d of the first command are command length words for indicating the length of the first command, bytes d +1 to e of the first command carry a return code of the first command, bytes e +1 to f of the first command are command codes for carrying a code of the first command, and bytes f +1 to N of the first command carry a payload of the first command, where c is an integer greater than b +1 and less than N, d is an integer greater than c +1 and less than N, and e is an integer greater than d +1 and less than N.
For example, the 1 st byte of the first command is used to indicate a read operation or a write operation, the 2 nd to 4 th bytes of the first command are used to carry address information, the 5 th to 6 th bytes of the first command may carry an identifier of the first command, the 7 th to 10 th bytes of the first command may indicate a length of the first command, the 11 th to 14 th bytes of the first command may carry a return code of the first command, the 15 th to 18 th bytes of the first command may carry a code of the first command, and the 19 th to N th bytes of the first command may carry a payload of the first command, as shown in fig. 4.
In a possible implementation manner, the first core is connected with the TCM through the SFC, wherein an interface of the SFC may be a master mode, and an interface of the TCM may be a slave mode.
Optionally, the SFC and the first core may be connected via an Advanced Peripheral Bus (APB).
In one embodiment, the security domain may include a Read Only Memory (ROM) that may be coupled to the first core via the APB. The on-chip ROM may include a core of trusted metrics (CRTM) code segment in which driver and application code for an interface deploying the SFC may be deployed.
The security domain may also include an on-chip Static Random Access Memory (SRAM) that may be coupled to the first core via a Private Peripheral Bus (PPB).
Through the embodiment, when the power-on start of the BMC main control chip is started, the first core can firstly read the CRTM code from the on-chip ROM, write the CRTM code into the on-chip SRAM through the PPB bus and execute the CRTM code, so that the interface driving code of the SFC is the code which runs at the first stage after the power-on start of the BMC subsystem, and the BMC can be protected in time after the power-on start.
Illustratively, the SFC may include a Clock (CLK) signal terminal, a serial input/output (SIO) signal terminal, a serial output/input (SOI) signal terminal, and a chip select n, CSN signal terminal.
In one example, the hardware structure of the BMC master chip may be as shown in fig. 5, where the high-performance core shown in fig. 5 may be the second core described above, and the high-security core shown in fig. 5 may be the first core described above.
The following describes a security protection system provided in an embodiment of the present application. The system comprises a BMC and a TCM as shown in FIG. 5, wherein a security domain in the BMC is connected with the TCM through the SFC.
In an exemplary illustration, the TCM may be a trusted cryptography module that complies with standards and authentication requirements such as "GM/T0011-2012 trusted computing trusted cryptography support platform function and interface specification", "GM/T0012-2012 trusted computing trusted cryptography module interface specification", "GM/T0013-2012 trusted computing trusted cryptography module conformance detection specification", and the like, and may externally provide a command response interactive interface based on the SPI physical protocol and the custom software protocol.
For example, the TCM may include a CLK signal terminal, a master output/slave input (MOSI) signal terminal, a master input/slave output (MISO) signal terminal, and a Chip Select (CS) signal terminal.
In one implementation, the SFC and the TCM may satisfy the following connection relationship:
the CLK signal end of the SFC is connected with the CLK signal end of the TCM, and can be used as a TCM interface SPI bus synchronous clock signal and a timing reference signal of the TCM interface signal;
the SIO signal end of the SFC is connected with the MOSI signal end of the TCM and can be used as a data input signal channel of the SPI bus of the TCM interface;
the SOI signal end of the SFC is connected with the MISO signal end of the TCM and can be used as a TCM interface SPI bus data output signal channel;
the CSN signal end of the SFC is connected with the CS signal end of the TCM and can be used as a TCM interface SPI bus chip selection signal, wherein the low level is effective, and the high level can be defaulted when the first core and the TCM are not interacted.
In addition, a general purpose input/output (GPIO) signal terminal of the security domain is connected to a physical bit (PP) signal terminal of the TCM, and is used as a TCM interface physical bit signal, so that the high level is active, and the high level is default when the TCM is connected to the first core.
In one example, the structure of the security system may be as shown in FIG. 5.
The embodiment of the present application further provides a security protection method, which may be applied to the BMC in fig. 5. As shown in fig. 6, the method includes:
s901, the first core generates a first command.
The first command may refer to the above description related to the first command, and details are not repeated here.
S902, the first core sends a first command to the TCM through the SFC.
In one implementation, the first core may write bytes 1-a of the first command to an instruction register of the SFC; writing the a +1 th byte to the b th byte of the first command into an address register of the SFC; writing the (b + 1) -N bytes of the first command into a command sending data cache region of the SFC; triggering a command write operation.
The first core can trigger command write operation by the following modes: the command write control bit of the SFC is set to a first value that triggers a command write, for example, the first value may be 1. The command write control bit may be a register of the SFC, and the first core may trigger the command write by controlling a state of the register.
Taking the first command shown in fig. 2 as an example, the first core may write the 1 st byte of the first command into an instruction register of the SFC; writing the 2 nd to 4 th bytes of the first command into an address register of the SFC; writing the 5 th to N th bytes of the first command into a command sending data cache region of the SFC; setting the command write control bit of the SFC to "1" triggers the interface of the SFC to perform a command write.
In a possible implementation manner, before step S901, the first core may send a second command to the TCM, where the second command is a read command or a write command, a format of the second command may refer to a format shown in fig. 2 or fig. 3, and a manner of sending the second command by the first core may specifically refer to a manner of sending the first command by the first core, and repeated details are omitted.
Based on the above embodiment, the first command sent by the first core after sending the second command is used to obtain a response command to the second command. The first core may receive a response command of the second command transmitted by the TCM after transmitting the first command.
In one implementation, the first core receives a response command to the second command by: triggering command read operation, wherein a CSN signal end of an SFC during the command read operation is at a high level in a first time period and at a low level in a second time period, the starting point of the first time period is the time when a first core triggers the command read operation, the duration of the first time period is the time length corresponding to b bytes, the starting point of the second time period is the end point of the first time period, and the end point of the second time period is the time when the command read operation is stopped; reading bytes cached in a data cache region by an SFC command; the read byte is saved to SRAM.
Optionally, the first core may trigger a command read operation by: the command read control bit of the SFC is set to a second value that triggers a command read, e.g., the second value may be 0. The command read control bit may be a register of the SFC, and the first core may trigger the command read by controlling a state of the register.
Optionally, the command write operation control bit and the command read operation control bit may be the same register or different registers, and are not limited specifically here.
In another implementation, the first core also receives a response command to the second command by: triggering a command reading operation after a first time length is set, wherein the first time length is a time length corresponding to b bytes, and a CSN signal end of the SFC in a reading state is at a low level; reading bytes cached in a data cache region by an SFC command; the read byte is saved to SRAM.
In order to better understand the interaction process of the first core and the TCM, the interaction process is exemplarily described below with reference to a specific scenario.
The interaction process may include:
s1, a first core generates a command 1 based on a signaling format shown in FIG. 3, wherein the command 1 is a read command or a write command, and the command can be used for TCM to realize functions such as platform integrity measurement and verification, platform trusted identity identification and authentication, and platform data protection.
And S2, writing the first byte of the command 1 into an instruction register of the SFC by the first core, writing the 2 nd to 4 th bytes of the command 1 into an address register of the SFC, and writing the 5 th to N th bytes of the command 1 into a command sending data cache region of the SFC.
And S3, the first core sets the command write operation control bit of the SFC to be 1 to trigger the interface of the SFC to perform command write operation.
The first core controls the CSN of the SFC to be at a high level when the command 2 is sent, for example, the first core controls the CSN of the SFC to be at a high level when the command write operation completion control bit of the SFC is "1".
For example, the first byte of the write operation of the SFC interface is a read/write command word, the second to fourth bytes are read/write address words, and the subsequent bytes are data payload, and the signal diagram of the signal terminal of the SFC may be as shown in fig. 7.
The hardware automatically sends a preset write command and a write address during write operation of the SFC interface, and then sends data from a low byte to a high byte for sending a data buffer, but this will cause that the data format of the write command will be destroyed and cannot be analyzed by the TCM module if the four bytes in front of the data are all zero bytes. In the embodiment of the present application, the first byte is written into the instruction register of the SFC, the second to fourth bytes are sequentially written into the address register of the SFC, and the fifth to nth bytes are written from the first byte of the write data buffer area to the "N-4" byte, as shown in fig. 8, which can avoid damaging the data format of the write command, thereby improving the accuracy of command transmission.
And S4, the first core generates a command 2 based on the signaling format shown in FIG. 4, wherein the command 2 is used for acquiring a response command of the command 1.
And S5, writing the first byte of the command 2 into an instruction register of the SFC by the first core, writing the 2 nd to 4 th bytes of the command 2 into an address register of the SFC, and writing the 5 th to N th bytes of the command 2 into a command sending data cache region of the SFC.
S6, the first core sets the command write operation control bit of the SFC to be 1 to trigger the interface of the SFC to carry out command write operation. After which step S7a, or S7b, is performed.
The first core controls the CSN of the SFC to be at a high level when the command 2 is sent, for example, the first core controls the CSN of the SFC to be at a high level when the command write operation completion control bit of the SFC is "1".
S7a, the first core sets the command reading operation control bit of the SFC to be 1 to trigger the interface of the SFC to carry out command reading operation.
Wherein the first core controls the CSN of the SFC to be high level during a period of the first 4 bytes when the command read operation control bit is "1", and then controls the CSN of the SFC to be low level.
And S7b, after the first core is separated by the time length of 4 bytes, setting the command read operation control bit of the SFC to be 1 to trigger the interface of the SFC to carry out command read operation.
Wherein the first core controls the CSN of the SFC to be low level when the command read operation control bit is '1'.
Since the hardware will automatically send the preset read command and read address during the read operation of the SFC interface, and then will switch to the read cycle, the end of the read command packet will be appended with unexpected data, and the read data will be empty in the beginning 4-byte data area of the buffer, as shown in fig. 9. In the embodiment of the present application, by controlling the CSN to be at a high level for the first 4 bytes during the read operation, or triggering the read operation after a time interval of 4 bytes, as shown in fig. 10, the first core can start reading from valid data, so that the accuracy of command transmission can be improved.
Based on the same inventive concept, the embodiment of the present application further provides a safety protection device, which is used for implementing the steps shown in the above method embodiments. The device may include the structure shown in fig. 11. The safety device may be used to implement the method shown in fig. 6. As shown in fig. 11, the security protection device may include a driver module 1101, a TCM application middleware module 1102, and a TCM application software module 1103.
The driving module 1101 is configured to drive an interface of the SFC. For example, an interface for driving the SFC interacts with an interface of the TCM, and may also be used to provide a TCM read application interface and a TCM write application interface to the TCM application middleware.
The TCM application middleware module 1102 is configured to implement read/write operations on the TCM, for example, may implement and package TCM functions, services, and procedures based on a TCM read operation application interface and a TCM write operation application interface provided by the driver module, and may also be configured to provide a TCM application interface for a TCM application software module. In an implementation manner, the TCM application middleware module may implement and encapsulate TCM functions, services, and procedures according to the interface specification of the trusted computing trusted cryptography module GM/T0012-2012, based on a TCM read operation application interface and a TCM write operation application interface provided by the driver module.
The TCM application software module 1103 is used to implement application services to the TCM. For example, application services to the TCM may be implemented based on a TCM application interface provided by a TCM application middleware module.
In one implementation, the TCM application middleware module 1102 is specifically configured to generate a first command based on an application service implemented by a TCM application software module 1103, where the first command includes a control word a, an address word B, and a payload word C, where a is an integer greater than 0, B is an integer greater than 0, a sum of A, B and C is not greater than N, and N is a total number of bytes included in the first command, where the control word is used to indicate a read operation or a write operation, the address word is used to carry address information, and the payload word is used to carry a payload of the first command; the driving module 1101 is specifically configured to drive the SFC to send a first command to the TCM.
Optionally, the driving module 1101, when the SFC is driven to send the first command to the TCM, is specifically configured to: writing A control bytes into an instruction register of the SFC; writing the B address bytes into an address register of the SFC; writing the C load bytes into a command sending data cache region of the SFC; triggering a command write operation.
Specifically, the driving module 1101, when triggering a command write operation, is specifically configured to: the command write control bit of the SFC is set to a first value, which is used to trigger a command write.
Illustratively, the first command is a read command or a write command.
Illustratively, the C payload words include C1 command identification words, C2 command length words, C3 command codes, and C4 payload words, where C1 is an integer greater than 0 and smaller than C, C2 is an integer greater than 0 and smaller than C, C3 is an integer greater than 0 and smaller than C, C4 is an integer greater than 0 and smaller than C, and the sum of C1, C2, C3, and C4 is not greater than C, where the command identification words are used to carry an identification of the first command, the command length words are used to indicate a length of the first command, the command codes are used to carry codes of the first command, and the payload words are used to carry a payload of the first command.
For example, the first command is a response command for notifying the TCM to send a second command, and the second command is a read command or a write command sent by the BMC to the TCM.
Illustratively, the C payload words include C1 command identification words, C2 command length words, C3 return codes, C4 command codes, and C5 payload words, where C1 is an integer greater than 0 and less than C, C2 is an integer greater than 0 and less than C, C3 is an integer greater than 0 and less than C, C4 is an integer greater than 0 and less than C, C5 is an integer greater than 0 and less than C, and the sum of C1, C2, C3, C4, and C5 is not greater than C, where the command identification words are used to carry the identification of the first command, the command length words are used to indicate the length of the first command, the return codes are used to carry the return codes of the first command, the command codes are used to carry the codes of the first command, and the payload words are used to carry the payload of the first command.
Optionally, the driving module 1101 is further configured to receive a response command of the second command through the SFC.
Optionally, when receiving the response command of the second command through the SFC, the driving module 1101 is specifically configured to: triggering a command read operation, wherein a CSN signal end of the SFC is at a high level in a first time period and at a low level in a second time period during the command read operation, a starting point of the first time period is the time when the first core triggers the command read operation, a duration of the first time period is a time length corresponding to b bytes, a starting point of the second time period is an end point of the first time period, and an end point of the second time period is the time when the command read operation ends; reading bytes cached in a data cache region by an SFC command; the read byte is saved to SRAM.
Alternatively, when the driving module 1101 receives a response command of the second command through the SFC, the driving module is specifically configured to: triggering a command reading operation after a first time length is set, wherein the first time length is a time length corresponding to b bytes, and a CSN signal end of the SFC in a reading state is at a low level; reading bytes cached in a data cache region by an SFC command; the read byte is saved to SRAM.
The embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium is used for storing a computer program, and when the computer program is executed by a computer, the computer may implement the processes related to the above method embodiments.
The embodiment of the present application further provides a computer program product, where the computer program product is used to store a computer program, and when the computer program is executed by a computer, the computer may implement the processes related to the above method embodiments.
Embodiments of the present application also provide a chip or a chip system (or a circuit), where the chip may include a processor, and the processor may be configured to call a program or instructions in a memory, and perform the processes related to the network device and/or the terminal provided by the foregoing method embodiments. The chip system may include components such as the chip, memory, or transceiver.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (33)

1. A baseboard management controller, BMC, comprising a secure domain and a non-secure domain, the secure domain being physically isolated from the non-secure domain;
the security domain comprises a Serial Flash Controller (SFC) and a first core, wherein the SFC is used for being connected with a Trusted Cryptography Module (TCM), and the first core is used for realizing the security function of the BMC through interaction of the SFC and the TCM.
2. The BMC of claim 1, wherein the SFC is connected to the first core through an Advanced Peripheral Bus (APB).
3. The BMC of claim 1 or claim 2, wherein the SFC comprises a clock CLK signal terminal, a serial in out SIO signal terminal, a serial out in SOI signal terminal, and a chip select signal CSN signal terminal.
4. The BMC of any of claims 1-3, wherein the first core is to generate a first command to interact with the TCM;
the first command comprises A control words, B address words and C payload words, wherein A is an integer larger than 0, B is an integer larger than 0, A is an integer larger than 0, the sum of A, B and C is not larger than N, N is the total number of bytes included in the first command, the control words are used for indicating read operation or write operation, the address words are used for carrying address information, and the payload words are used for carrying the payload of the first command.
5. The BMC of claim 4, wherein the first command is a read command or a write command; or
The first command is a response command used for informing the TCM to send a second command, and the second command is a read command or a write command sent by the first core to the TCM through the SFC.
6. The BMC of any of claims 1-5, wherein the non-secure domain comprises a second core, and/or a peripheral, wherein the second core is to run an operating system.
7. A security protection system, characterized in that the system comprises a Baseboard Management Controller (BMC) according to any one of claims 1-6 and a Trusted Cryptography Module (TCM), wherein the security domain in the BMC is connected with the TCM through the SFC.
8. The system of claim 7, wherein the SFC and the TCM satisfy the following connection relationship:
the clock CLK signal end of the SFC is connected with the CLK signal end of the TCM;
the SIO signal end of the SFC is connected with a main output slave input MOSI signal end of the TCM;
the SOI signal end of the SFC is connected with a main input and slave output MISO signal end of the TCM;
and the CSN signal end of the SFC is connected with the chip selection CS signal end of the TCM.
9. The system of claim 7 or 8, wherein a general purpose input output, GPIO, signal terminal of the secure domain is connected with a physically in-place, PP, signal terminal of the TCM.
10. A security protection method applied to the BMC of any one of claims 1 to 7, the method comprising:
a first core generates a first command, wherein the first command comprises a control words, B address words and C payload words, a is an integer greater than 0, B is an integer greater than 0, a is an integer greater than 0, the sum of A, B and C is not greater than N, and N is the total number of bytes included in the first command, wherein the control words are used for indicating read operation or write operation, the address words are used for carrying address information, and the payload words are used for carrying the payload of the first command;
and the first core sends the first command to a trusted cryptography module TCM through a serial flash controller SFC.
11. The method of claim 10, wherein the first core sends the first command to the TCM through the SFC, comprising:
the first core writes the A control words to an instruction register of the SFC;
the first core writes the B address words to an address register of the SFC;
the first core writes the C payload words into a command-to-send-data cache region of the SFC;
the first core triggers a command write operation.
12. The method of claim 11, wherein the first core triggers a command write operation, comprising:
and the first core sets a command write operation control bit of the SFC to be a first value, and the first value is used for triggering command write operation.
13. The method of any of claims 10-12, wherein the first command is a read command or a write command.
14. The method according to claim 13, wherein the C payload words include C1 command identification words, C2 command length words, C3 command codes, and C4 payload words, the C1 is an integer greater than 0 and less than C, the C2 is an integer greater than 0 and less than C, the C3 is an integer greater than 0 and less than C, the C4 is an integer greater than 0 and less than C, and the sum of C1, C2, C3, and C4 is not greater than C, wherein the command identification words are used to carry the identification of the first command, the command length words are used to indicate the length of the first command, the command codes are used to carry the code of the first command, and the payload words are used to carry the payload of the first command.
15. The method of any one of claims 10-12, wherein the first command is a response command that informs the TCM to send a second command, the second command being a read command or a write command that the BMC sends to the TCM.
16. The method of claim 15, wherein the C payload words include C1 command identification words, C2 command length words, C3 return codes, C4 command codes, and C5 payload words, the C1 is an integer greater than 0 and less than C, the C2 is an integer greater than 0 and less than C, the C3 is an integer greater than 0 and less than C, the C4 is an integer greater than 0 and less than C, the C5 is an integer greater than 0 and less than C, and a sum of C1, C2, C3, C4, and C5 is not greater than C, wherein the command identification words are used to carry an identification of the first command, the command length words are used to indicate a length of the first command, the return codes are used to carry the return codes of the first command, the command codes are used to carry the codes of the first command, and the payload words are used to carry a payload of the first command.
17. The method of claim 15 or 16, wherein after the first core sends the first command to the TCM over the SFC, the method further comprises:
the first core receives a response command of the second command through the SFC.
18. The method of claim 17, wherein the first core receiving a response command to the second command over the SFC comprises:
the first core triggers a command read operation, wherein a CSN signal end of the SFC is at a high level in a first time period and at a low level in a second time period during the command read operation, the starting point of the first time period is the moment when the first core triggers the command read operation, the duration of the first time period is a time length corresponding to b bytes, the starting point of the second time period is the end point of the first time period, and the end point of the second time period is the moment when the command read operation ends;
the first core reads the bytes cached in the SFC command receiving data cache region;
the first core saves the read bytes to a Static Random Access Memory (SRAM).
19. The method of claim 17, wherein the first core receiving a response command to the second command over the SFC comprises:
the first core triggers command reading operation after a first time interval, wherein the first time is a time length corresponding to b bytes, and a CSN signal end of the SFC in a reading state is at a low level;
the first core reads the bytes cached in the SFC command receiving data cache region;
the first core saves the read byte to SRAM.
20. A safety protection device is characterized by comprising a driving module, a Trusted Cryptography Module (TCM) application middleware module and a TCM application software module;
the driving module is used for driving an interface of the serial flash controller SFC;
the TCM application middleware module is used for realizing read-write operation on the TCM;
the TCM application software module is used for realizing application service of the TCM.
21. The apparatus of claim 20, wherein the TCM application middleware module is specifically configured to generate a first command based on an application service implemented by the TCM application software module, wherein the first command includes a control words, B address words, and C payload words, a is an integer greater than 0, B is an integer greater than 0, a sum of A, B and C is not greater than N, N is a total number of bytes included in the first command, wherein the control word is used to indicate a read operation or a write operation, the address words are used to carry address information, and the payload words are used to carry a payload of the first command;
the driving module is specifically configured to drive the SFC to send the first command to the TCM.
22. The apparatus as claimed in claim 21, wherein the driving module, when driving the SFC to send the first command to the TCM, is specifically configured to:
writing the A control bytes to an instruction register of the SFC;
writing the B address bytes to an address register of the SFC;
writing the C payload bytes into a command sending data cache region of the SFC;
triggering a command write operation.
23. The apparatus as claimed in claim 22, wherein the driving module, when triggering a command write operation, is specifically configured to:
and setting a command write operation control bit of the SFC to be a first value, wherein the first value is used for triggering command write operation.
24. The apparatus of any of claims 21-23, wherein the first command is a read command or a write command.
25. The apparatus of claim 24, wherein the C payload words comprise C1 command identification words, C2 command length words, C3 command codes, and C4 payload words, the C1 being an integer greater than 0 and less than C, the C2 being an integer greater than 0 and less than C, the C3 being an integer greater than 0 and less than C, the C4 being an integer greater than 0 and less than C, and the sum of C1, C2, C3, and C4 being no greater than C, wherein the command identification words are used to carry the identification of the first command, the command length words are used to indicate the length of the first command, the command codes are used to carry the code of the first command, and the payload words are used to carry the payload of the first command.
26. The apparatus of any one of claims 21-23, wherein the first command is a response command that informs the TCM to send a second command, the second command being a read command or a write command that the BMC sends to the TCM.
27. The apparatus of claim 26, wherein the C payload words include C1 command identification words, C2 command length words, C3 return codes, C4 command codes, and C5 payload words, the C1 is an integer greater than 0 and less than C, the C2 is an integer greater than 0 and less than C, the C3 is an integer greater than 0 and less than C, the C4 is an integer greater than 0 and less than C, the C5 is an integer greater than 0 and less than C, and a sum of C1, C2, C3, C4, and C5 is not greater than C, wherein the command identification words are used to carry an identification of the first command, the command length words are used to indicate a length of the first command, the return codes are used to carry the return codes of the first command, the command codes are used to carry the codes of the first command, and the payload words are used to carry a payload of the first command.
28. The apparatus of claim 26 or 27, wherein the driver module is further configured to receive a response command to the second command through the SFC.
29. The apparatus as claimed in claim 28, wherein the driver module, when receiving the response command of the second command through the SFC, is specifically configured to:
triggering a command read operation, wherein a CSN signal end of the SFC is at a high level in a first time period and at a low level in a second time period during the command read operation, a starting point of the first time period is the time when the first core triggers the command read operation, a duration of the first time period is a time length corresponding to b bytes, a starting point of the second time period is an end point of the first time period, and an end point of the second time period is the time when the command read operation ends;
reading bytes cached in a data cache region by a command of the SFC;
and saving the read bytes to a Static Random Access Memory (SRAM).
30. The apparatus as claimed in claim 28, wherein the driver module, when receiving the response command of the second command through the SFC, is specifically configured to:
triggering a command reading operation after a first time length is set, wherein the first time length is a time length corresponding to b bytes, and a CSN signal end of the SFC in a reading state is at a low level;
reading bytes cached in a data cache region by a command of the SFC;
the read byte is saved to SRAM.
31. A security device comprising a memory and a processor:
the memory is to store computer program instructions;
the processor is configured to invoke and execute computer program instructions to implement the method of any one of claims 10 to 19.
32. A chip, coupled to a memory, for allowing program instructions stored in the memory to cause the computer to perform the method of any of claims 10-19.
33. A computer-readable storage medium having stored thereon computer program instructions which, when run on a computer, cause the computer to perform the method of any one of claims 10-19.
CN202110474850.5A 2021-04-29 2021-04-29 Safety protection method, device and system Pending CN115270100A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110474850.5A CN115270100A (en) 2021-04-29 2021-04-29 Safety protection method, device and system
PCT/CN2021/140684 WO2022227641A1 (en) 2021-04-29 2021-12-23 Security protection method, apparatus, and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110474850.5A CN115270100A (en) 2021-04-29 2021-04-29 Safety protection method, device and system

Publications (1)

Publication Number Publication Date
CN115270100A true CN115270100A (en) 2022-11-01

Family

ID=83746049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110474850.5A Pending CN115270100A (en) 2021-04-29 2021-04-29 Safety protection method, device and system

Country Status (2)

Country Link
CN (1) CN115270100A (en)
WO (1) WO2022227641A1 (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4302641B2 (en) * 2002-11-18 2009-07-29 エイアールエム リミテッド Controlling device access to memory
WO2014165538A2 (en) * 2013-04-01 2014-10-09 Nebula, Inc. Update management for a distributed computing system
US20150106660A1 (en) * 2013-10-16 2015-04-16 Lenovo (Singapore) Pte. Ltd. Controller access to host memory
US10997296B2 (en) * 2017-03-22 2021-05-04 Oracle International Corporation System and method for restoration of a trusted system firmware state
CN109446815B (en) * 2018-09-30 2020-12-25 华为技术有限公司 Management method and device for basic input/output system firmware and server
US20210117249A1 (en) * 2020-10-03 2021-04-22 Intel Corporation Infrastructure processing unit

Also Published As

Publication number Publication date
WO2022227641A1 (en) 2022-11-03

Similar Documents

Publication Publication Date Title
US20220405403A1 (en) Technologies for trusted i/o protection of i/o data with header information
CN109858265B (en) Encryption method, device and related equipment
US9323942B2 (en) Protecting information processing system secrets from debug attacks
US10303880B2 (en) Security device having indirect access to external non-volatile memory
JP2016517241A (en) Inline encryption and decryption supported by storage devices
TW201617957A (en) Management of authenticated variables
US8627069B2 (en) System and method for securing a computer comprising a microkernel
WO2007088699A1 (en) Apparatus and method for providing key security in a secure processor
CN111201553B (en) Safety element and related equipment
CN101004719A (en) Embedded system and method for increasing embedded system security
CN112384922B (en) Encryption key distribution
CN112000382B (en) Linux system starting method and device and readable storage medium
US11461479B2 (en) Computing device and method for operating same
US11238166B2 (en) Data processing device and operating method therefor
EP1465038B1 (en) Memory security device for flexible software environment
US9729320B2 (en) Apparatus and method for software enabled access to protected hardware resources
KR20180074967A (en) Software security method based on virtualization technologies to ensure the security level equivalent to hardware and system using the same
CN115270100A (en) Safety protection method, device and system
CN113961939B (en) Method and system for protecting safety of embedded operating system
EP4261713A1 (en) License file management method and apparatus, and device
US20190042800A1 (en) Technologies for authenticated usb device policy enforcement
CN114925368A (en) Secure element and method for launching an application
CN116257368A (en) Communication method in computer system and related product
CN115549938A (en) Host firewall interface for controller
KR20170138412A (en) A device for managing a plurality of accesses to a security module of a system on chip of a device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination