CN115840682B - Operation and maintenance monitoring method and device for BIOS (basic input output system) level sampling based on SW64 instruction set - Google Patents
Operation and maintenance monitoring method and device for BIOS (basic input output system) level sampling based on SW64 instruction set Download PDFInfo
- Publication number
- CN115840682B CN115840682B CN202310158752.XA CN202310158752A CN115840682B CN 115840682 B CN115840682 B CN 115840682B CN 202310158752 A CN202310158752 A CN 202310158752A CN 115840682 B CN115840682 B CN 115840682B
- Authority
- CN
- China
- Prior art keywords
- image file
- maintenance monitoring
- bios image
- monitoring system
- bios
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 139
- 238000012544 monitoring process Methods 0.000 title claims abstract description 134
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000005070 sampling Methods 0.000 title claims abstract description 24
- 230000015654 memory Effects 0.000 claims abstract description 72
- 238000004458 analytical method Methods 0.000 claims description 17
- 238000001514 detection method Methods 0.000 claims description 16
- 238000012806 monitoring device Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 239000004971 Cross linker Substances 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000001934 delay Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000007958 sleep Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application relates to an operation and maintenance monitoring method and device for BIOS (basic input output system) level sampling based on an SW64 instruction set, and belongs to the technical field of computers. According to the method and the device, the EPS table can be obtained from the physical memory according to the characteristic value of the EPS table; acquiring an SMBIOS table according to the EPS table; determining the entry address of the BIOS mirror image file and the size of the BIOS mirror image file according to the SMBIOS table; acquiring the BIOS image file according to the entrance address and the size of the BIOS image file; reading and importing the BIOS image file into an operation and maintenance monitoring system through a remote direct data access (Remote Direct Memory Access, RDMA) technology so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system; wherein, the operation and maintenance monitoring system operates on the Shenwei chip server. Therefore, the operation and maintenance monitoring of the BIOS level is facilitated, and the information security performance of the computer is improved.
Description
Technical Field
The application belongs to the technical field of computers, and particularly relates to an operation and maintenance monitoring method and device for Basic Input/Output System (BIOS) hierarchical sampling based on an SW64 instruction set.
Background
Currently, the 1 st instruction and the 1 st group of programs executed by the computer start-up are all derived from the motherboard BIOS. The BIOS is a set of programs solidified on a Read-Only Memory (ROM) chip on a computer main board, and stores the most important programs of basic input and output of a computer, system setting information, a power-on self-checking program and a system start-up bootstrap program.
In practice, the BIOS malicious code written into the ROM chip is characterized by being more concealed, difficult to detect, difficult to clear, not influenced by the updating of an operating system and a disk, and the like, and the damage is larger. In this regard, how to implement BIOS-level operation and maintenance monitoring, so as to improve the information security performance of the computer, is a problem to be solved.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
Therefore, the application provides the operation and maintenance monitoring method and the device for the BIOS level sampling based on the SW64 instruction set, which are beneficial to realizing the operation and maintenance monitoring of the BIOS level and improving the information security performance of the computer.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, the present application provides a method for monitoring operation and maintenance of BIOS level sampling based on SW64 instruction set, the method comprising:
Acquiring an EPS table from a physical memory according to the characteristic value of the EPS table;
acquiring an SMBIOS table according to the EPS table;
if the numerical value of the content of the physical memory address segment corresponding to the SMBIOS table is matched with a preset corresponding relation, determining that the SMBIOS table is correctly read, and determining the entry address of the BIOS image file and the size of the BIOS image file according to the SMBIOS table;
acquiring the BIOS image file according to the entrance address and the size of the BIOS image file; the BIOS image file is stored in a high-end physical memory;
the BIOS image file is imported into an operation and maintenance monitoring system through remote direct data access, so that the operation and maintenance monitoring system can conduct operation and maintenance monitoring on the BIOS image file; the operation and maintenance monitoring system operates on a Shenwei (SW 64 instruction set) chip server and is used for decomposing the BIOS image file by searching the feature words, decompressing each decomposed module code and carrying out safety detection on the decompressed binary code.
As an alternative embodiment, before the BIOS image file is imported into the operation and maintenance monitoring system through remote direct data access, so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system, the method further includes:
Converting an initial program corresponding to the operation and maintenance monitoring system into a target program matched with a target machine by using a preset compiler;
and running the target program through the target machine so as to start the operation and maintenance monitoring system.
As an alternative implementation manner, the importing the BIOS image file into an operation and maintenance monitoring system through remote direct data access so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system includes:
reading the BIOS image file from the target machine through remote direct data access; the BIOS image file is stored in the target machine;
performing content analysis on the BIOS image file through the operation and maintenance monitoring system to obtain an analysis result;
and carrying out operation and maintenance monitoring on the BIOS image file based on the analysis result.
As an alternative embodiment, the method further comprises:
modifying a source program of the Bootloader to obtain a modified Bootloader;
and transplanting the modified Bootloader to the Shenwei (SW 64 instruction set) chip server.
As an optional implementation manner, the obtaining the SMBIOS table according to the EPS table includes:
Determining an entry address of an SMBIOS table based on the EPS table;
and reading the SMBIOS table through the entry address.
As an alternative embodiment, the method further comprises:
and acquiring a security detection result returned by the operation and maintenance monitoring system aiming at the BIOS image file.
In a second aspect, the present application provides an operation and maintenance monitoring apparatus for BIOS-level sampling based on SW64 instruction set, the apparatus comprising:
the EPS table acquisition unit is used for acquiring the EPS table from the physical memory according to the characteristic value of the EPS table;
the SMBIOS table acquisition unit is used for acquiring an SMBIOS table according to the EPS table;
the BIOS information determining unit is used for determining that the SMBIOS table is correctly read if the numerical value of the physical memory address segment content corresponding to the SMBIOS table is matched with a preset corresponding relation, and determining the entry address of the BIOS image file and the size of the BIOS image file according to the SMBIOS table;
the BIOS sampling unit is used for acquiring the BIOS image file according to the entrance address and the size of the BIOS image file; the BIOS image file is stored in a high-end physical memory;
the operation and maintenance monitoring unit is used for importing the BIOS image file into an operation and maintenance monitoring system so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system; the operation and maintenance monitoring system operates on a Shenwei (SW 64 instruction set) chip server and is used for decomposing the BIOS image file by searching the feature words, decompressing each decomposed module code and carrying out safety detection on the decompressed binary code.
As an alternative embodiment, the apparatus further comprises:
the operation and maintenance starting unit is used for converting an initial program corresponding to the operation and maintenance monitoring system into a target program matched with a target machine by using a preset compiler before the BIOS image file is imported into the operation and maintenance monitoring system through remote direct data access so as to carry out operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system; and running the target program through the target machine so as to start the operation and maintenance monitoring system.
As an alternative embodiment, the operation and maintenance monitoring unit is specifically configured to:
reading the BIOS image file from the target machine through remote direct data access; the BIOS image file is stored in the target machine;
performing content analysis on the BIOS image file through the operation and maintenance monitoring system to obtain an analysis result;
and carrying out operation and maintenance monitoring on the BIOS image file based on the analysis result.
As an alternative embodiment, the apparatus further comprises:
the program transplanting unit is used for modifying the source program of the Bootloader to obtain a modified Bootloader; and transplanting the modified Bootloader to the Shenwei (SW 64 instruction set) chip server.
As an alternative embodiment, the SMBIOS table obtaining unit is specifically configured to:
determining an entry address of an SMBIOS table based on the EPS table;
and reading the SMBIOS table through the entry address.
As an alternative embodiment, the apparatus further comprises:
and the result acquisition unit is used for acquiring a security detection result returned by the operation and maintenance monitoring system aiming at the BIOS image file.
In a third aspect, the present application provides a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method for BIOS-level sampling-based operation and maintenance monitoring.
In a fourth aspect, the present application provides an electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the BIOS-level sampling-based operation and maintenance monitoring method.
The application adopts the technical scheme, possesses following beneficial effect at least:
According to the method and the device, the access address and the image file size of the BIOS image file can be determined through the EPS table and the SMBIOS table, the BIOS image file is acquired according to the access address and the BIOS image file size, and then the BIOS image file is imported into the operation and maintenance monitoring system, so that the operation and maintenance monitoring of the BIOS image file is carried out through the operation and maintenance monitoring system, the operation and maintenance monitoring of the BIOS level is realized, the code files in the BIOS image file are safely detected, and the information safety performance of a computer is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow diagram illustrating a method of operation and maintenance monitoring based on BIOS level sampling of the SW64 instruction set, according to an example embodiment;
FIG. 2 is a block diagram architecture diagram of an operation and maintenance monitoring device based on BIOS level sampling of SW64 instruction set, according to an example embodiment;
fig. 3 is a block diagram structural schematic diagram of an electronic device, which is shown according to an exemplary embodiment.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail below. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, based on the examples herein, which are within the scope of the protection sought by those of ordinary skill in the art without undue effort, are intended to be encompassed by the present application.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for monitoring operation and maintenance of BIOS level sampling based on SW64 instruction set according to an exemplary embodiment, the method for monitoring operation and maintenance based on BIOS level sampling includes the following steps:
and S11, acquiring the EPS table from the physical memory according to the characteristic value of the EPS table.
In this embodiment, the execution body may be a terminal device, such as a computer that needs to perform security detection.
Among other things, EPS (Entry Point Structure ) tables can be used to access the SMBIOS tables. Specifically, the execution body may read the content at the physical memory oxfoooooooo-OxFOOOFFFF, find the most significant feature information "_sm_" and "_dmi_" of the EPS table therein, and have 2 strings separated by 10H. After finding "_SM_" and "_DMI_" the EPS table is found, and the position of "_SM_" is the starting point of the EPS table. At this time, the characteristic values are "_sm_" and "_dmi_".
And step S12, acquiring an SMBIOS table according to the EPS table.
The SMBIOS (System Management BIOS) table is a unified specification to be followed by a motherboard or a system manufacturer to display product management information in a standard format. It can be applied to a PC through a standard of system firmware delivering management information. Wherein, the related information is written into BIOS according to SMBIOS standard before leaving factory of PC produced by mainboard manufacturer or OEM manufacturer (Original Equipment Manufacturer ). Such as OEM customization information, etc. In addition, the SMBIOS information also records many hardware information, such as CPU model, cache, memory size, and so on.
Specifically, the execution body may take the 4Byte value at the EPS table 18H-1BH, calculate the SMBIOS table entry address, and then obtain the SMBIOS table based on the SMBIOS table entry address. For example, let the byte values at 18H, 19H, 1AH, and 1BH in the EPS table be a, b, c, d, and perform high-low address conversion on these byte values to obtain the entry addresses of the SMBIOS table, such as address=dx16x256+cx16x256, bx256+a.
After obtaining the entry address of the SMBIOS table, the executing body can read the content of the address segment in the physical memory, determine whether the numerical value of each position in the content of the address segment is matched with the preset corresponding relation, and if so, determine that the correct SMBIOS table is obtained. The preset corresponding relation is as follows:
List one
And step S13, if the numerical value of the content of the physical memory address segment corresponding to the SMBIOS table is matched with a preset corresponding relation, determining that the SMBIOS table is correctly read, and determining the entry address of the BIOS image file and the size of the BIOS image file according to the SMBIOS table.
In this embodiment, the execution body may take the value at the SMBIOS table 09H, and let n be the romize= (n+1) X64Kb. romize is the BIOS image file size.
And the execution body can also perform field analysis on the SMBIOS table to determine the entry address of the BIOS image file.
Step S14, acquiring the BIOS mirror image file according to the entrance address and the size of the BIOS mirror image file; the BIOS image file is stored in a high-end physical memory.
In this embodiment, the execution body may take a value from the entry address, where the value length is romsize, and store the binary file, that is, the BIOS image file of the current machine, so as to implement sampling of the BIOS image file.
The BIOS image file may be formed by encapsulating and combining a plurality of BIOS function code modules or data modules according to a fixed header structure, and a free space is allowed between the modules, and a common filling format is hexadecimal.
The BIOS image file may be mapped to the high-end physical memory for storage. The high-end physical memory refers to a 128MB space between high_memory and OxFFFFFFFF, and the high_memory has an empirical value of 896MB.
Step S15, importing the BIOS image file into an operation and maintenance monitoring system through remote direct data access so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system; the operation and maintenance monitoring system operates on the SW64 chip server and is used for decomposing the BIOS image file by searching the feature words, decompressing each decomposed module code and carrying out security detection on the decompressed binary code.
In this embodiment, the SW64 chip server is a shenwei (SW 64 instruction set) chip server. After the BIOS image file is obtained by sampling, the characteristic words of the head of the modules can be searched in sequence to decompose the contents of each module in the BIOS image file. And then decompressing each decomposed module code by using a preset compression algorithm. And then, carrying out security detection on the obtained binary code, and identifying security risks in the BIOS image file.
The operation and maintenance monitoring system can operate on an SW64 chip server of Shenwei and is used for executing the steps of searching the characteristic words of the module head through the sequence, decomposing the BIOS image file, decompressing the codes of each decomposed module and monitoring the safety risk in the BIOS image file.
As an alternative embodiment, before the BIOS image file is imported into the operation and maintenance monitoring system through remote direct data access, so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system, the method further includes:
converting an initial program corresponding to the operation and maintenance monitoring system into a target program matched with a target machine by using a preset compiler;
and running the target program through the target machine so as to start the operation and maintenance monitoring system.
In this embodiment, the operation and maintenance monitoring system may be generated by cross-compiling. Where cross-compilation refers to the generation of code on one platform that can be executed on another platform. The most important task in compiling is to translate the program into machine code recognizable by the CPU, with different instruction systems due to different architectures. Thus, different CPUs need to have corresponding compilers, while cross-compiling translates the same program code into different CPU corresponding languages as translation.
Specifically, the execution body may convert an initial program (source program) corresponding to the operation and maintenance monitoring system in the host machine into a target module by using an editor, then convert the target module into a solidified and debugged execution program by using a cross compiler, and then convert the solidified and debugged execution program into a machine code which can be identified by a CPU in the target machine by using a cross linker, thereby obtaining the target program. The preset compiler comprises an editor, a cross compiler and a cross linker. Then, the object program is run by the object machine, so that the operation and maintenance monitoring system can be started in the cross compiling environment.
As an alternative implementation manner, the importing the BIOS image file into an operation and maintenance monitoring system through remote direct data access so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system includes:
reading the BIOS image file from the target machine through remote direct data access; the BIOS image file is stored in the target machine;
performing content analysis on the BIOS image file through the operation and maintenance monitoring system to obtain an analysis result;
and carrying out operation and maintenance monitoring on the BIOS image file based on the analysis result.
In this embodiment, remote direct data access (Remote Direct Memory Access, RDMA) techniques are developed to account for server-side data processing delays in network transmissions. RDMA transfers data directly into the memory area of a computer over a network, and moves the data quickly from one system to a remote system memory without any impact on the operating system, thus eliminating the need for more or less computer processing functions. Since it eliminates external memory copy and text exchange operations, memory bandwidth and CPU cycles can be freed up for improved application system performance.
The execution host can call RDMA and read the BIOS image file stored in the physical memory of the target machine, so that the application in the user space can be sent to the local NIC (network card) without the need of executing data copying and the participation of a kernel memory.
And, the local NIC may read the buffered content and transmit the data file to the remote NIC over the network.
And, RDMA information transmitted over the network includes the target virtual address, the memory key, and the BIOS image data itself. Request completion may be handled entirely in user space by polling the user level completion permutation. Alternatively, the kernel memory may be used to process the request if the application sleeps until the request is completed. It can be seen that RDMA operations allow an application to read data from or write data to the memory of a remote application.
And the target NIC can confirm the memory key and directly write the data into the application cache. The remote virtual memory address for operation at this point may be included in the RDMA information.
As an alternative embodiment, the method further comprises:
modifying a source program of the Bootloader to obtain a modified Bootloader;
and transplanting the modified Bootloader to the Shenwei (SW 64 instruction set) chip server.
In this embodiment, the execution body may also perform Bootloader (a kind of system-before-start boot program) migration on a Shenwei (SW 64 instruction set) chip host.
After the Bootloader is transplanted, the operation and maintenance monitoring system starts running from the Bootloader, automatically restores the PC pointer to 0, and starts executing from the 0x0000 address. In addition, an interrupt vector table can be set, so that any interrupt does not need to be responded in the execution process of the Bootloader. Wherein, through setting up the interrupt vector register of ARM, can realize shielding interrupt, unresponsive interrupt. After that, the CPU and the memory space may be initialized and set, while the clock is set, and the operation frequency in the operation and maintenance monitoring system is set to be 200MHz.
And the serial port can check the starting process and state of the system, and simultaneously, an operation platform is provided for the user, IP settings are modified, and the like. The network port mainly provides a high-speed and rapid channel for downloading the operating system.
After the source program of the Bootloader is modified, the Bootloader can be edited to generate a bin file, and the bin file is downloaded to a target board (Shenwei (SW 64 instruction set) chip) through a JTAG interface (an interface for testing the inside of the chip), so that the whole Bootloader is transplanted, and the transplanted Bootloader can be used for guiding an operating system.
The modification operation of the Bootloader source program may include, but is not limited to: program entry pointers are set, stacks and registers of various modes of the CPU are initialized, various peripherals to be used in the system are initialized, and target boards are initialized.
As an optional implementation manner, the obtaining the SMBIOS table according to the EPS table includes:
determining an entry address of an SMBIOS table based on the EPS table;
and reading the SMBIOS table through the entry address.
In this embodiment, the lengths of the SMBIOS data table and the SMBIOS data table header address (entry address) are stored in the EPS tables 16H and 18H, and the information in the SMBIOS data table is accessed by the entry address at 18H in combination with the length at 16H.
As an alternative embodiment, the method further comprises:
and acquiring a security detection result returned by the operation and maintenance monitoring system aiming at the BIOS image file.
In this embodiment, the execution body may further receive a security detection result returned by the operation and maintenance monitoring system for the BIOS image file. The security detection result is used for describing security risks existing in the BIOS level information and codes.
According to the method and the device, the access address and the image file size of the BIOS image file can be determined through the EPS table and the SMBIOS table, the BIOS image file is acquired according to the access address and the BIOS image file size, and then the BIOS image file is imported into the operation and maintenance monitoring system, so that the operation and maintenance monitoring of the BIOS image file is carried out through the operation and maintenance monitoring system, the operation and maintenance monitoring of the BIOS level is realized, the code files in the BIOS image file are safely detected, and the information safety performance of a computer is improved.
Referring to fig. 2, fig. 2 is a schematic block diagram of an operation and maintenance monitoring device based on BIOS level sampling of SW64 instruction set according to an exemplary embodiment, where the operation and maintenance monitoring device based on BIOS level sampling includes:
an EPS table obtaining unit 201, configured to obtain an EPS table from a physical memory according to a feature value of the EPS table;
An SMBIOS table obtaining unit 202, configured to obtain an SMBIOS table according to the EPS table;
the BIOS information determining unit 203 is configured to determine that the SMBIOS table is correctly read if the value of the content of the physical memory address segment corresponding to the SMBIOS table matches a preset correspondence, and determine an entry address of a BIOS image file and a size of the BIOS image file according to the SMBIOS table;
the BIOS sampling unit 204 is configured to obtain the BIOS image file according to the entry address and the BIOS image file size; the BIOS image file is stored in a high-end physical memory;
an operation and maintenance monitoring unit 205, configured to import the BIOS image file into an operation and maintenance monitoring system through remote direct data access, so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system; the operation and maintenance monitoring system operates on a Shenwei (SW 64 instruction set) chip server and is used for decomposing the BIOS image file by searching the feature words, decompressing each decomposed module code and carrying out safety detection on the decompressed binary code.
Wherein the EPS table can be used to access the SMBIOS table. Specifically, the execution body may read the content at the physical memory oxfoooooooo-OxFOOOFFFF, find the most significant feature information "_sm_" and "_dmi_" of the EPS table therein, and have 2 strings separated by 10H. After finding "_SM_" and "_DMI_" the EPS table is found, and the position of "_SM_" is the starting point of the EPS table. At this time, the characteristic values are "_sm_" and "_dmi_".
The SMBIOS (System Management BIOS) table is a unified specification to be followed by a motherboard or a system manufacturer to display product management information in a standard format. It can be applied to a PC through a standard of system firmware delivering management information. Wherein, the related information is written into BIOS according to SMBIOS standard before leaving factory of PC produced by mainboard manufacturer or OEM manufacturer (Original Equipment Manufacturer ). Such as OEM customization information, etc. In addition, the SMBIOS information also records many hardware information, such as CPU model, cache, memory size, and so on.
Specifically, a 4Byte value at the EPS table 18H-1BH may be taken, an SMBIOS table entry address may be calculated, and then the SMBIOS table may be obtained based on the SMBIOS table entry address. For example, let the byte values at 18H, 19H, 1AH, and 1BH in the EPS table be a, b, c, d, and perform high-low address conversion on these byte values to obtain the entry addresses of the SMBIOS table, such as address=dx16x256+cx16x256, bx256+a.
After the entry address of the SMBIOS table is obtained, the content of the address field in the physical memory can be read, whether the numerical value of each position in the content of the address field is matched with the preset corresponding relation is determined, and if the numerical value is matched with the preset corresponding relation, the correct SMBIOS table is determined to be obtained. The preset corresponding relation is shown in the table one.
In this embodiment, the value at the SMBIOS table 09H may be taken, and given that it is n, romsize= (n+1) X64Kb. romize is the BIOS image file size.
And, the field analysis can be performed on the SMBIOS table to determine the entry address of the BIOS image file.
In this embodiment, the value may be taken from the entry address, where the value length is romsize, and the binary file is saved, that is, the BIOS image file of the current machine, so that the sampling implementation of the BIOS image file is realized.
The BIOS image file may be formed by encapsulating and combining a plurality of BIOS function code modules or data modules according to a fixed header structure, and a free space is allowed between the modules, and a common filling format is hexadecimal.
The BIOS image file may be mapped to the high-end physical memory for storage. The high-end physical memory refers to a 128MB space between high_memory and OxFFFFFFFF, and the high_memory has an empirical value of 896MB.
In this embodiment, after the BIOS image file is obtained by sampling, the feature words of the module header may be sequentially searched to decompose the content of each module in the BIOS image file. And then decompressing each decomposed module code by using a preset compression algorithm. And then, carrying out security detection on the obtained binary code, and identifying security risks in the BIOS image file.
The operation and maintenance monitoring system can run on a Shenwei (SW 64 instruction set) chip server of Shenwei and is used for executing the steps of searching the characteristic words of the module head through the sequence, decomposing the BIOS image file, decompressing the decomposed module codes and monitoring the safety risk in the BIOS image file.
As an alternative embodiment, the apparatus further comprises:
the operation and maintenance starting unit is used for converting an initial program corresponding to the operation and maintenance monitoring system into a target program matched with a target machine by using a preset compiler before the BIOS image file is imported into the operation and maintenance monitoring system through remote direct data access so as to carry out operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system; and running the target program through the target machine so as to start the operation and maintenance monitoring system.
In this embodiment, the operation and maintenance monitoring system may be generated by cross-compiling. Where cross-compilation refers to the generation of code on one platform that can be executed on another platform. The most important task in compiling is to translate the program into machine code recognizable by the CPU, with different instruction systems due to different architectures. Thus, different CPUs need to have corresponding compilers, while cross-compiling translates the same program code into different CPU corresponding languages as translation.
Specifically, an initial program (source program) corresponding to the operation and maintenance monitoring system in the host machine can be converted into a target module by using an editor, the target module is converted into a solidified and debugged execution program by using a cross compiler, and the solidified and debugged execution program is converted into a machine code which can be identified by a CPU in the target machine by using a cross linker, so that the target program is obtained. The preset compiler comprises an editor, a cross compiler and a cross linker. Then, the object program is run by the object machine, so that the operation and maintenance monitoring system can be started in the cross compiling environment.
As an alternative embodiment, the operation and maintenance monitoring unit is specifically configured to:
reading the BIOS image file from the target machine through remote direct data access; the BIOS image file is stored in the target machine;
performing content analysis on the BIOS image file through the operation and maintenance monitoring system to obtain an analysis result;
and carrying out operation and maintenance monitoring on the BIOS image file based on the analysis result.
In this embodiment, remote direct data access (Remote Direct Memory Access, RDMA) techniques are developed to account for server-side data processing delays in network transmissions. RDMA transfers data directly into the memory area of a computer over a network, and moves the data quickly from one system to a remote system memory without any impact on the operating system, thus eliminating the need for more or less computer processing functions. Since it eliminates external memory copy and text exchange operations, memory bandwidth and CPU cycles can be freed up for improved application system performance.
The RDMA can be called to read the BIOS image file stored in the physical memory of the target machine, so that the application in the user space can be sent to the local NIC (network card) without executing data copying and participating in the kernel memory.
And, the local NIC may read the buffered content and transmit the data file to the remote NIC over the network.
And, RDMA information transmitted over the network includes the target virtual address, the memory key, and the BIOS image data itself. Request completion may be handled entirely in user space by polling the user level completion permutation. Alternatively, the kernel memory may be used to process the request if the application sleeps until the request is completed. It can be seen that RDMA operations allow an application to read data from or write data to the memory of a remote application.
And the target NIC can confirm the memory key and directly write the data into the application cache. The remote virtual memory address for operation at this point may be included in the RDMA information.
As an alternative embodiment, the apparatus further comprises:
the program transplanting unit is used for modifying the source program of the Bootloader to obtain a modified Bootloader; and transplanting the modified Bootloader to the Shenwei (SW 64 instruction set) chip server.
In this embodiment, bootloader (a kind of system boot program) may be transplanted on the shenwei chip host.
After the Bootloader is transplanted, the operation and maintenance monitoring system starts running from the Bootloader, automatically restores the PC pointer to 0, and starts executing from the 0x0000 address. In addition, an interrupt vector table can be set, so that any interrupt does not need to be responded in the execution process of the Bootloader. Wherein, through setting up the interrupt vector register of ARM, can realize shielding interrupt, unresponsive interrupt. After that, the CPU and the memory space may be initialized and set, while the clock is set, and the operation frequency in the operation and maintenance monitoring system is set to be 200MHz.
And the serial port can check the starting process and state of the system, and simultaneously, an operation platform is provided for the user, IP settings are modified, and the like. The network port mainly provides a high-speed and rapid channel for downloading the operating system.
After the source program of the Bootloader is modified, the Bootloader can be edited to generate a bin file, and the bin file is downloaded to a target board (Shenwei (SW 64 instruction set) chip) through a JTAG interface (an interface for testing the inside of the chip), so that the whole Bootloader is transplanted, and the transplanted Bootloader can be used for guiding an operating system.
The modification operation of the Bootloader source program may include, but is not limited to: program entry pointers are set, stacks and registers of various modes of the CPU are initialized, various peripherals to be used in the system are initialized, and target boards are initialized.
As an alternative embodiment, the SMBIOS table obtaining unit 202 is specifically configured to:
determining an entry address of an SMBIOS table based on the EPS table;
and reading the SMBIOS table through the entry address.
In this embodiment, the lengths of the SMBIOS data table and the SMBIOS data table header address (entry address) are stored in the EPS tables 16H and 18H, and the information in the SMBIOS data table is accessed by the entry address at 18H in combination with the length at 16H.
As an alternative embodiment, the apparatus further comprises:
and the result acquisition unit is used for acquiring a security detection result returned by the operation and maintenance monitoring system aiming at the BIOS image file.
In this embodiment, the lengths of the SMBIOS data table and the SMBIOS data table header address (entry address) are stored in the EPS tables 16H and 18H, and the information in the SMBIOS data table is accessed by the entry address at 18H in combination with the length at 16H.
According to the method and the device, the access address and the image file size of the BIOS image file can be determined through the EPS table and the SMBIOS table, the BIOS image file is acquired according to the access address and the BIOS image file size, and then the BIOS image file is imported into the operation and maintenance monitoring system, so that the operation and maintenance monitoring of the BIOS image file is carried out through the operation and maintenance monitoring system, the operation and maintenance monitoring of the BIOS level is realized, the code files in the BIOS image file are safely detected, and the information safety performance of a computer is improved.
Referring to fig. 3, fig. 3 is a block diagram schematically illustrating an electronic device according to an exemplary embodiment, the electronic device includes:
at least one processor 302; and
a memory 301 communicatively coupled to the at least one processor; wherein,,
the memory 301 stores instructions executable by the at least one processor 302 to enable the at least one processor 302 to perform the methods described above.
Regarding the electronic device in the above embodiment, in practical applications, the electronic device may be a terminal device, a server, or the like, and a specific manner in which the processor 302 executes the program in the memory 301 has been described in detail in the embodiment related to the method, which will not be described in detail herein.
Furthermore, the present application provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the above-described method.
Wherein the storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
It is to be understood that the same or similar parts in the above embodiments may be referred to each other, and that in some embodiments, the same or similar parts in other embodiments may be referred to.
It should be noted that in the description of the present application, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Furthermore, in the description of the present application, unless otherwise indicated, the meaning of "plurality", "multiple" means at least two.
It will be understood that when an element is referred to as being "mounted" or "disposed" on another element, it can be directly on the other element or intervening elements may also be present; when an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may be present, and further, as used herein, connection may comprise a wireless connection; the use of the term "and/or" includes any and all combinations of one or more of the associated listed items.
Any process or method description in a flowchart or otherwise described herein may be understood as: means, segments, or portions of code representing executable instructions including one or more steps for implementing specific logical functions or processes are included in the preferred embodiments of the present application, in which functions may be executed out of order from that shown or discussed, including in a substantially simultaneous manner or in an inverse order, depending upon the functionality involved, as would be understood by those skilled in the art to which the embodiments of the present application pertains.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
Those of ordinary skill in the art will appreciate that all or part of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, and the program may be stored in a computer readable storage medium, where the program when executed includes one or a combination of the steps of the method embodiments.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules may also be stored in a computer readable storage medium if implemented as software functional modules and sold or used as a stand-alone product.
The above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, or the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.
Claims (7)
1. An operation and maintenance monitoring method for BIOS level sampling based on SW64 instruction set, the method comprising:
acquiring an EPS table from a physical memory according to the characteristic value of the EPS table;
acquiring an SMBIOS table according to the EPS table;
if the numerical value of the content of the physical memory address segment corresponding to the SMBIOS table is matched with a preset corresponding relation, determining that the SMBIOS table is correctly read, and determining the entry address of the BIOS image file and the size of the BIOS image file according to the SMBIOS table;
acquiring the BIOS image file according to the entrance address and the size of the BIOS image file; the BIOS image file is stored in a high-end physical memory; the high-end physical memory refers to a 128MB space between high_memory and OxFFFFFFFF, and the high_memory is 896MB;
the BIOS image file is imported into an operation and maintenance monitoring system through remote direct data access, so that the operation and maintenance monitoring system can conduct operation and maintenance monitoring on the BIOS image file; the operation and maintenance monitoring system is operated on the SW64 chip server and is used for decomposing the BIOS image file by searching the feature words, decompressing each decomposed module code and carrying out security detection on the decompressed binary code;
Through remote direct data access, before the BIOS image file is imported into an operation and maintenance monitoring system to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system, the method further includes:
converting an initial program corresponding to the operation and maintenance monitoring system into a target program matched with a target machine by using a preset compiler;
running the target program through the target machine so as to start the operation and maintenance monitoring system in a cross compiling environment;
the method further comprises the steps of:
modifying a source program of the Bootloader to obtain a modified Bootloader;
transplanting the modified Bootloader to the SW64 chip server so that the operation and maintenance monitoring system starts to run from the modified Bootloader; the operation and maintenance monitoring system is provided with an interrupt vector table and an interrupt vector register of the ARM.
2. The method of claim 1, wherein importing the BIOS image file into an operation and maintenance monitoring system via remote direct data access to perform operation and maintenance monitoring on the BIOS image file via the operation and maintenance monitoring system comprises:
reading the BIOS image file from the target machine through remote direct data access; the BIOS image file is stored in the target machine;
Performing content analysis on the BIOS image file through the operation and maintenance monitoring system to obtain an analysis result;
and carrying out operation and maintenance monitoring on the BIOS image file based on the analysis result.
3. The method of claim 1, wherein the obtaining the SMBIOS table from the EPS table comprises:
determining an entry address of an SMBIOS table based on the EPS table;
and reading the SMBIOS table through the entry address.
4. A method according to any one of claims 1 to 3, further comprising:
and acquiring a security detection result returned by the operation and maintenance monitoring system aiming at the BIOS image file.
5. An operation and maintenance monitoring device based on SW64 instruction set BIOS level sampling, the device comprising:
the EPS table acquisition unit is used for acquiring the EPS table from the physical memory according to the characteristic value of the EPS table;
the SMBIOS table acquisition unit is used for acquiring an SMBIOS table according to the EPS table;
the BIOS information determining unit is used for determining that the SMBIOS table is correctly read if the numerical value of the physical memory address segment content corresponding to the SMBIOS table is matched with a preset corresponding relation, and determining the entry address of the BIOS image file and the size of the BIOS image file according to the SMBIOS table;
The BIOS sampling unit is used for acquiring the BIOS image file according to the entrance address and the size of the BIOS image file; the BIOS image file is stored in a high-end physical memory; the high-end physical memory refers to a 128MB space between high_memory and OxFFFFFFFF, and the high_memory is 896MB;
the operation and maintenance monitoring unit is used for importing the BIOS image file into an operation and maintenance monitoring system through remote direct data access so as to perform operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system; the operation and maintenance monitoring system is operated on the SW64 chip server and is used for decomposing the BIOS image file by searching the feature words, decompressing each decomposed module code and carrying out security detection on the decompressed binary code;
the operation and maintenance starting unit is used for converting an initial program corresponding to the operation and maintenance monitoring system into a target program matched with a target machine by using a preset compiler before the BIOS image file is imported into the operation and maintenance monitoring system through remote direct data access so as to carry out operation and maintenance monitoring on the BIOS image file through the operation and maintenance monitoring system; running the target program through the target machine so as to start the operation and maintenance monitoring system in a cross compiling environment;
The apparatus further comprises:
the program transplanting unit is used for modifying the source program of the Bootloader to obtain a modified Bootloader;
transplanting the modified Bootloader to the SW64 chip server so that the operation and maintenance monitoring system starts to run from the modified Bootloader; the operation and maintenance monitoring system is provided with an interrupt vector table and an interrupt vector register of the ARM.
6. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1-4.
7. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310158752.XA CN115840682B (en) | 2023-02-24 | 2023-02-24 | Operation and maintenance monitoring method and device for BIOS (basic input output system) level sampling based on SW64 instruction set |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310158752.XA CN115840682B (en) | 2023-02-24 | 2023-02-24 | Operation and maintenance monitoring method and device for BIOS (basic input output system) level sampling based on SW64 instruction set |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115840682A CN115840682A (en) | 2023-03-24 |
| CN115840682B true CN115840682B (en) | 2023-05-30 |
Family
ID=85580078
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310158752.XA Active CN115840682B (en) | 2023-02-24 | 2023-02-24 | Operation and maintenance monitoring method and device for BIOS (basic input output system) level sampling based on SW64 instruction set |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115840682B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7478147B2 (en) * | 2005-07-21 | 2009-01-13 | International Business Machines Corporation | Method and apparatus for a secure network install |
| CN109032623A (en) * | 2018-07-27 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of initial method and BIOS mirror image of BIOS mirror image |
| CN113110912A (en) * | 2020-01-13 | 2021-07-13 | 中国移动通信有限公司研究院 | Container safety protection method and electronic equipment |
| CN114153503A (en) * | 2021-10-31 | 2022-03-08 | 浪潮(北京)电子信息产业有限公司 | BIOS control method, device and medium |
-
2023
- 2023-02-24 CN CN202310158752.XA patent/CN115840682B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115840682A (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9262283B2 (en) | Method for reading kernel log upon kernel panic in operating system | |
| CN104050080B (en) | User space debugs the method and system of linux kernel | |
| CN106648569B (en) | Target serialization realization method and device | |
| CN107025167B (en) | Method and apparatus for data flow analysis using compiler type information in processor trace logs | |
| US20040111707A1 (en) | Debugger for multiple processors and multiple debugging types | |
| US11640300B2 (en) | Byte comparison method for string processing and instruction processing apparatus | |
| JP2005537533A (en) | Atomization of software | |
| CN106547636A (en) | Debugging system and method | |
| CN116522368A (en) | Firmware decryption analysis method for Internet of things equipment, electronic equipment and medium | |
| US12008171B2 (en) | Program download method for intelligent terminal with memory card identifier and intelligent terminal with memory card identifier | |
| CN115840682B (en) | Operation and maintenance monitoring method and device for BIOS (basic input output system) level sampling based on SW64 instruction set | |
| CN111258802A (en) | Method for capturing application program crash information and related equipment | |
| CN109344083B (en) | Program debugging method, device and equipment and readable storage medium | |
| US8661425B1 (en) | Method, apparatus, and computer-readable medium for storing data associated with a firmware program | |
| CN113656044B (en) | Android installation package compression method and device, computer equipment and storage medium | |
| CN112241141B (en) | Hardware configuration method, system, device and medium of PLC control system | |
| CN110327626B (en) | Virtual server creation method and device | |
| US20160371083A1 (en) | Lock Free Streaming of Executable Code Data | |
| US20120174078A1 (en) | Smart cache for a server test environment in an application development tool | |
| CN115904486A (en) | Code similarity detection method and device | |
| Tang et al. | Basic Knowledge of Firmware | |
| US9141419B1 (en) | Capturing and restoring an appliance image | |
| US11663064B1 (en) | System and method for generating a guest operating system crash dump | |
| CN116580748B (en) | Configuration method, device, equipment and storage medium of memory chip test fixture | |
| Sylve | Towards real-time volatile memory forensics: frameworks, methods, and analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |