CN115794240A - Computer BIOS (basic input output System) starting measurement method based on CPLD (Complex programmable logic device) - Google Patents

Computer BIOS (basic input output System) starting measurement method based on CPLD (Complex programmable logic device) Download PDF

Info

Publication number
CN115794240A
CN115794240A CN202211598272.7A CN202211598272A CN115794240A CN 115794240 A CN115794240 A CN 115794240A CN 202211598272 A CN202211598272 A CN 202211598272A CN 115794240 A CN115794240 A CN 115794240A
Authority
CN
China
Prior art keywords
bios
cpld
computer
chip
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211598272.7A
Other languages
Chinese (zh)
Inventor
孟宪鑫
冯磊
黄延珂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Chaoyue Shentai Information Technology Co Ltd
Original Assignee
Xian Chaoyue Shentai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Chaoyue Shentai Information Technology Co Ltd filed Critical Xian Chaoyue Shentai Information Technology Co Ltd
Priority to CN202211598272.7A priority Critical patent/CN115794240A/en
Publication of CN115794240A publication Critical patent/CN115794240A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a computer BIOS (basic input output System) starting measurement method based on a CPLD (Complex programmable logic device), relating to the technical field of computer security; according to a starting signal of a computer, an alternative chip of a mainboard is controlled by a CPLD chip to select an intercommunication mode of a BIOS and the CPLD, a key sensitive field in an internal program of the BIOS is actively read, MD5 value calculation is carried out according to the key sensitive field, whether an MD5 value obtained by calculation is consistent with an MD5 value of the BIOS stored in the CPLD chip is verified, if the MD5 value is consistent with the MD5 value of the BIOS stored in the CPLD chip, the alternative chip is controlled by the CPLD chip to be converted into the intercommunication mode of the BIOS and the CPU, the mainboard is controlled to be powered on and started, and if the CPLD chip is not, the computer is controlled to alarm.

Description

Computer BIOS (basic input output System) starting measurement method based on CPLD (Complex programmable logic device)
Technical Field
The invention discloses a method, relates to the technical field of computer security, and particularly relates to a computer BIOS (basic input output System) starting measurement method based on a CPLD (complex programmable logic device).
Background
With the continuous development of information technology, the problem of information security is becoming more and more prominent, and how to ensure the security of information systems has become a focus of much attention in society. At present, the demand for data protection on computers is increasingly wide, and the importance of the BIOS as a basic input and output system of computer equipment is self-evident. In the market, a method for actively measuring the BIOS through a PCIE SOC card and an onboard TCM chip is provided, but the cost is high, and the realization and the use are complex.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a computer BIOS starting measurement method based on a CPLD, which realizes simple and effective protection of BIOS safety.
The specific scheme provided by the invention is as follows:
the invention provides a computer BIOS starting measurement method based on CPLD, according to the starting signal of the computer, the alternative chip of the CPLD chip control mainboard is used to select the intercommunication mode of BIOS and CPLD, actively read the key sensitive field in the BIOS internal program, calculate the MD5 value according to the key sensitive field,
and verifying whether the MD5 value obtained by calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, if so, controlling the alternative chip to be converted into an intercommunication mode of the BIOS and the CPU through the CPLD chip, and controlling the mainboard to be powered on and started, otherwise, controlling the computer to alarm through the CPLD chip.
Further, in the computer BIOS power-on measurement method based on the CPLD, if the MD5 value obtained by verification calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, the CPLD chip controls the alternative chip to switch to the intercommunication mode of the BIOS and the CPU, the CPLD chip controls the CPU to be powered on, and the CPU reads the BIOS and normally starts the computer.
Further, in the computer BIOS power-on measurement method based on the CPLD, if the MD5 value obtained by verification calculation is inconsistent with the MD5 value of the BIOS stored in the CPLD chip, the CPU is stopped from being powered on by the CPLD chip, and the buzzer is controlled to give an alarm.
Further, in the computer BIOS power-on measurement method based on the CPLD, the MD5 value written in the BIOS is fixed in the CPLD chip according to the BIOS of the computer.
The invention also provides a computer BIOS starting measurement system based on CPLD, which comprises a control module, a calculation module and a measurement module,
the control module selects the intercommunication mode of BIOS and CPLD through the alternative chip of CPLD chip control mainboard according to the startup signal of computer, actively reads the key sensitive field in BIOS internal program, the calculation module calculates MD5 value according to the key sensitive field,
the measuring module verifies whether the MD5 value obtained by calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, if so, the control module controls the alternative chip to be converted into the intercommunication mode of the BIOS and the CPU through the CPLD chip and controls the mainboard to be powered on and started, otherwise, the control module controls the computer to alarm through the CPLD chip.
Further, the measuring module in the computer BIOS startup measuring system based on the CPLD verifies that the MD5 value obtained by calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, then the control module controls the alternative chip to switch to the intercommunication mode of the BIOS and the CPU through the CPLD chip, controls the CPU to be powered on through the CPLD chip, reads the BIOS through the CPU, and normally starts the computer.
Further, if the MD5 value obtained by verification calculation of the metrology module in the computer BIOS power-on metrology system based on the CPLD is not consistent with the MD5 value of the BIOS stored in the CPLD chip, the control module stops the CPU from being powered on through the CPLD chip and controls the buzzer to alarm.
The present invention further provides a computer readable medium, which has computer instructions stored thereon, and when the computer instructions are executed by a processor, the computer instructions cause the processor to execute the computer BIOS boot-up measurement method based on CPLD.
The invention has the advantages that:
the invention provides a computer BIOS (basic input output System) starting measurement method based on a CPLD (complex programmable logic device), which can adopt a CPLD chip originally used for controlling power-on a computer mainboard to realize the measurement function of key sensitive information of the BIOS of the mainboard, ensure that the key sensitive information of the BIOS on the computer is not distorted, and have good popularization and use values in the security field.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the embodiments or technical solutions in the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic flow diagram of the process of the present invention.
Fig. 2 is a schematic layout diagram of a computer motherboard according to the present invention.
Detailed Description
The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.
The invention provides a computer BIOS starting measurement method based on CPLD, according to the starting signal of the computer, through the alternative chip of the CPLD chip control mainboard, the intercommunication mode of BIOS and CPLD is selected, the key sensitive field in the BIOS internal program is actively read, the MD5 value calculation is carried out according to the key sensitive field,
and verifying whether the MD5 value obtained by calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, if so, controlling the alternative chip to be converted into an intercommunication mode of the BIOS and the CPU through the CPLD chip, and controlling the mainboard to be powered on and started up, otherwise, controlling the computer to alarm through the CPLD chip.
The method adopts the CPLD chip to realize the measurement of the key sensitive information of the BIOS of the mainboard, and ensures that the key sensitive information of the BIOS on the computer is not tampered.
In specific application, in some embodiments of the method of the present invention, according to a startup signal of a computer, an alternative chip of a control mainboard of a CPLD chip selects an intercommunication mode of a BIOS and the CPLD, actively reads a key sensitive field in an internal program of the BIOS, performs MD5 value calculation according to the key sensitive field,
verifying whether the MD5 value obtained by calculation is consistent with the MD5 value of BIOS stored in the CPLD chip, wherein the MD5 value written in the BIOS is solidified in the CPLD chip according to the BIOS of the computer,
if the MD5 value obtained by verification calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, the CPLD chip controls the alternative chip to be converted into an intercommunication mode of the BIOS and the CPU, the CPLD chip controls the CPU to be electrified, and the CPU reads the BIOS and normally starts the computer.
And if the MD5 value obtained by verification calculation is inconsistent with the MD5 value of the BIOS stored in the CPLD chip, stopping the CPU from being powered on through the CPLD chip, and controlling the buzzer to buzz and alarm.
The invention also provides a computer BIOS starting measurement system based on CPLD, which comprises a control module, a calculation module and a measurement module,
the control module selects the intercommunication mode of BIOS and CPLD through the alternative chip of CPLD chip control mainboard according to the startup signal of computer, actively reads the key sensitive field in BIOS internal program, the calculation module calculates MD5 value according to the key sensitive field,
the measuring module verifies whether the MD5 value obtained by calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, if so, the control module controls the alternative chip to be converted into the intercommunication mode of the BIOS and the CPU through the CPLD chip and controls the mainboard to be powered on and started, otherwise, the control module controls the computer to alarm through the CPLD chip.
For the information interaction, execution process and other contents between the modules in the system, the specific contents can refer to the description in the embodiment of the method of the present invention because the same conception is based on, and are not described herein again.
Similarly, the system can utilize the CPLD chip originally used for controlling power-on the computer mainboard to realize the function of measuring the key sensitive information of the BIOS of the mainboard, ensure that the key sensitive information of the BIOS on the computer is not falsified and has good popularization and use values in the security field.
The present invention also provides a computer readable medium having stored thereon computer instructions, which, when executed by a processor, cause the processor to execute the method for measuring the BIOS power-on of a computer based on CPLD. Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the embodiments described above are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer by a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion unit connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion unit to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
It should be noted that not all steps and modules in the above flows and system structures are necessary, and some steps or modules may be omitted according to actual needs. The execution order of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by a plurality of physical entities, or some components in a plurality of independent devices may be implemented together.
The above-mentioned embodiments are merely preferred embodiments for fully illustrating the present invention, and the scope of the present invention is not limited thereto. The equivalent substitutions or changes made by the person skilled in the art on the basis of the present invention are all within the protection scope of the present invention. The protection scope of the invention is subject to the claims.

Claims (8)

1. A BIOS starting-up measuring method for computer based on CPLD is characterized by that according to the starting-up signal of computer, the alternative chip of CPLD chip control main board can be used to select the intercommunicating mode of BIOS and CPLD, and can actively read the key sensitive field in BIOS internal program, and according to the described key sensitive field can make MD5 value calculation,
and verifying whether the MD5 value obtained by calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, if so, controlling the alternative chip to be converted into an intercommunication mode of the BIOS and the CPU through the CPLD chip, and controlling the mainboard to be powered on and started, otherwise, controlling the computer to alarm through the CPLD chip.
2. The method according to claim 1, wherein the verification shows that the MD5 value obtained by the calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, the CPLD chip controls the alternative chip to switch to the intercommunication mode between the BIOS and the CPU, the CPLD chip controls the CPU to be powered on, and the CPU reads the BIOS and normally starts the computer.
3. The computer BIOS power-on measurement method based on CPLD of claim 1, wherein if the MD5 value obtained by verification calculation is inconsistent with the MD5 value of the BIOS stored in the CPLD chip, the CPU is stopped to power on by the CPLD chip, and the buzzer is controlled to alarm.
4. The method according to claim 1, wherein the MD5 value written into the BIOS is fixed in the CPLD chip according to the BIOS of the computer.
5. A computer BIOS starting measurement system based on CPLD is characterized by comprising a control module, a calculation module and a measurement module,
the control module selects the intercommunication mode of BIOS and CPLD through the alternative chip of CPLD chip control mainboard according to the startup signal of computer, actively reads the key sensitive field in BIOS internal program, the calculation module calculates MD5 value according to the key sensitive field,
the measuring module verifies whether the MD5 value obtained by calculation is consistent with the MD5 value of the BIOS stored in the CPLD chip, if so, the control module controls the alternative chip to be converted into the intercommunication mode of the BIOS and the CPU through the CPLD chip and controls the mainboard to be powered on and started, otherwise, the control module controls the computer to alarm through the CPLD chip.
6. The computer BIOS boot measurement system based on CPLD according to claim 5, wherein the measurement module verifies that the MD5 value obtained by calculation is consistent with the MD5 value of BIOS stored in the CPLD chip, the control module controls the alternative chip to switch to the intercommunication mode of BIOS and CPU through the CPLD chip, controls the CPU to be powered on through the CPLD chip, reads BIOS through the CPU and normally starts the computer.
7. The computer BIOS startup measurement system based on CPLD according to claim 5, wherein the measurement module verifies that the MD5 value obtained by calculation is inconsistent with the MD5 value of BIOS stored in the CPLD chip, and the control module stops CPU power-on through the CPLD chip and controls buzzer alarm.
8. Computer readable medium characterized in that said computer readable medium has stored thereon computer instructions which, when executed by a processor, cause said processor to execute a CPLD based computer BIOS boot measurement method as claimed in any one of claims 1 to 4.
CN202211598272.7A 2022-12-14 2022-12-14 Computer BIOS (basic input output System) starting measurement method based on CPLD (Complex programmable logic device) Pending CN115794240A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211598272.7A CN115794240A (en) 2022-12-14 2022-12-14 Computer BIOS (basic input output System) starting measurement method based on CPLD (Complex programmable logic device)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211598272.7A CN115794240A (en) 2022-12-14 2022-12-14 Computer BIOS (basic input output System) starting measurement method based on CPLD (Complex programmable logic device)

Publications (1)

Publication Number Publication Date
CN115794240A true CN115794240A (en) 2023-03-14

Family

ID=85419729

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211598272.7A Pending CN115794240A (en) 2022-12-14 2022-12-14 Computer BIOS (basic input output System) starting measurement method based on CPLD (Complex programmable logic device)

Country Status (1)

Country Link
CN (1) CN115794240A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116881928A (en) * 2023-09-06 2023-10-13 联想长风科技(北京)有限公司 Trusted rapid measurement method and trusted computer

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116881928A (en) * 2023-09-06 2023-10-13 联想长风科技(北京)有限公司 Trusted rapid measurement method and trusted computer
CN116881928B (en) * 2023-09-06 2023-11-17 联想长风科技(北京)有限公司 Trusted rapid measurement method and trusted computer

Similar Documents

Publication Publication Date Title
CN105144185B (en) Access control device code and system start code
US8863109B2 (en) Updating secure pre-boot firmware in a computing system in real-time
CN107526665B (en) Case management system and case management method
CN103080904B (en) Multistage lock-step integrity report mechanism is provided
US11579893B2 (en) Systems and methods for separate storage and use of system BIOS components
US7929706B2 (en) Encryption key restoring method, information processing apparatus, and encryption key restoring program
CN101221509B (en) Bus arbitration starting method of reliable embedded system
US10869176B1 (en) Near field communication (NFC) enhanced computing systems
CN1323354C (en) Detecting modifications made to code placed in memory by the POST BIOS
CN107665308B (en) TPCM system for building and maintaining trusted operating environment and corresponding method
CN110472421B (en) Mainboard and firmware safety detection method and terminal equipment
US20210303691A1 (en) Ip independent secure firmware load
US10212272B1 (en) Near field communication enhanced computing systems
US20090132798A1 (en) Electronic device and method for resuming from suspend-to-memory state thereof
CN115794240A (en) Computer BIOS (basic input output System) starting measurement method based on CPLD (Complex programmable logic device)
US8375198B2 (en) Boot system and method having a BIOS that reads an operating system from first storage device via an input/output chip based on detecting a temperature of a second storage device
CN117992311B (en) Server and hard disk monitoring method, device, equipment and medium thereof
CN113420297A (en) Credibility verification system, credibility verification method, mainboard, miniature board card and storage medium
CA2658634A1 (en) Controlled frequency core processor and method for starting-up said core processor in a programmed manner
CN114579971A (en) Starting method of safety control module and related device
CN113064610A (en) Method, device and medium for updating BIOS
CN111444515A (en) Credibility measurement method based on PCIE interface
CN114510751A (en) Hardware replacement prevention device and method based on processor security kernel
CN113741985A (en) Method, device and equipment for cold start of system after BIOS (basic input output System) upgrade and readable medium
CN115129384A (en) Electronic equipment and running method of starting program of electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination