CN116305082A - Method and device for verifying integrity of kernel operation of operating system based on firmware - Google Patents

Method and device for verifying integrity of kernel operation of operating system based on firmware Download PDF

Info

Publication number
CN116305082A
CN116305082A CN202310080667.6A CN202310080667A CN116305082A CN 116305082 A CN116305082 A CN 116305082A CN 202310080667 A CN202310080667 A CN 202310080667A CN 116305082 A CN116305082 A CN 116305082A
Authority
CN
China
Prior art keywords
firmware
kernel
reference value
runtime service
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310080667.6A
Other languages
Chinese (zh)
Inventor
许鑫
吴保锡
韩春超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202310080667.6A priority Critical patent/CN116305082A/en
Publication of CN116305082A publication Critical patent/CN116305082A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides an integrity verification method and device for kernel operation of an operating system based on firmware, wherein the method comprises the following steps: the kernel calls a first runtime service of the firmware, and creates a reference value of key data based on the first runtime service; the kernel invokes a second runtime service of the firmware, and closes the reference value creation of the firmware based on the second runtime service; the kernel calls a third runtime service of the firmware at regular time, sends an integrity verification request to the firmware, and verifies the integrity of the kernel operation of the operating system based on the integrity verification request and a reference value of the integrity verification. The server is divided into the firmware and the kernel, the kernel data integrity verification runtime service is provided by the firmware, the kernel data verification logic operates in the firmware space and is independent of the kernel space, so that the verification logic in the firmware cannot be hijacked after the kernel is attacked maliciously, the verification process is safer, and the verification result is more credible.

Description

Method and device for verifying integrity of kernel operation of operating system based on firmware
Technical Field
The present invention relates to the field of server technologies, and in particular, to a method and an apparatus for verifying the integrity of kernel operation of a firmware-based operating system.
Background
With the continuous improvement of malicious attack technology, the kernel of the operating system is also faced with malicious attack or malicious tampering. For example, the system call table hijacking technology can replace the system call which is sourced in the kernel with the system call containing the monitoring logic, so that the operation of reading/writing sensitive data by a user is no longer safe. The kernel of the operating system also has some security mechanisms to ensure the security of the kernel, such as virtual memory authority control to prevent the key data of the kernel from being modified and integrity detection function from detecting, but these mechanisms all depend on the logic of the kernel, once the kernel is attacked maliciously, an attacker can close or bypass the security mechanism of the kernel.
However, the kernel integrity verification framework only verifies the integrity of the program when loading the program file, and cannot verify the integrity of the kernel critical data. And the verification logic and the verification reference value are both in the kernel memory space and also face the risk of being attacked maliciously.
Therefore, how to avoid the risk caused by the storage location of the verification logic and the verification reference value is a technical problem that needs to be solved currently.
Disclosure of Invention
The invention provides an integrity verification method and device for kernel operation of an operating system based on firmware, which are used for solving the defects existing in the prior art, effectively avoiding the risk of the operating system being attacked by malicious, ensuring safer verification process and ensuring more credible verification result.
The invention provides an integrity verification method for operating system kernel operation based on firmware, which comprises the following steps:
in an initialization stage of the kernel, the kernel calls a first runtime service of firmware, and creates a reference value of key data based on the first runtime service;
determining that the initialization phase of the kernel is finished, and calling a second runtime service of the firmware by the kernel, and closing the reference value creation of the firmware based on the second runtime service;
the kernel regularly calls a third runtime service of the firmware, sends an integrity verification request to the firmware, and verifies the integrity of the kernel operation of the operating system based on the integrity verification request and a reference value of the integrity verification.
According to the method for verifying the integrity of the kernel operation of the operating system based on the firmware, in the initialization stage of the kernel, the kernel calls a first runtime service of the firmware, creates a reference value of key data based on the first runtime service, and comprises the following steps:
in the initialization stage of the kernel, the kernel determines the data type of the key data;
and calling the first runtime services for a plurality of times based on the creation time of the key data of different data types, and creating a reference value of each key data based on each first runtime service.
According to the method for verifying the integrity of the kernel operation of the operating system based on the firmware, the reference value creation of closing the firmware based on the second runtime service comprises the following steps:
determining an execution of the second runtime service based on whether a target reference value is set;
and closing the creation of the reference value of the firmware under the condition that the second runtime service is executed.
The method for verifying the integrity of the kernel operation of the operating system based on the firmware, provided by the invention, further comprises the following steps:
and if the second runtime service is not executed, continuing to execute the reference value for creating the key data.
The method for verifying the integrity of the kernel operation of the operating system based on the firmware, provided by the invention, further comprises the following steps:
the kernel calls a fourth runtime service of the firmware, and initializes memory data based on the fourth runtime service;
the firmware clears the reference value and resets the target reference value and verifies that the restart logic is performing an operating system restart.
According to the method for verifying the integrity of the kernel operation of the operating system based on the firmware, which is provided by the invention, the kernel calls the third runtime service of the firmware at regular time, and sends an integrity verification request to the firmware, and the firmware verifies the integrity of the kernel operation of the operating system based on the integrity verification request and a reference value of the integrity verification, and the method comprises the following steps:
the kernel periodically calls a third runtime service of the firmware based on a timer mechanism and sends an integrity verification request to the firmware;
the firmware responds to the integrity verification request, reads current critical data based on the recorded data type and the data address, obtains a summary value, compares the summary value with a reference value of integrity verification, and obtains a comparison result;
and the kernel determines normal operation based on the comparison result, and the firmware verifies the integrity of the operation of the kernel of the operating system.
The method for verifying the integrity of the kernel operation of the operating system based on the firmware, provided by the invention, further comprises the following steps:
the kernel performs an alarm or shutdown operation based on the comparison result, or the firmware performs a restart operation based on the comparison result.
The invention also provides an integrity verification device for operating system kernel operation based on firmware, comprising:
the creation module is used for calling a first runtime service of the firmware by the kernel in an initialization stage of the kernel, and creating a reference value of key data based on the first runtime service;
the closing module is used for determining that the initialization phase of the kernel is finished, the kernel calls a second runtime service of the firmware, and the reference value creation of the firmware is closed based on the second runtime service;
and the verification module is used for enabling the kernel to call the third runtime service of the firmware at regular time, sending an integrity verification request to the firmware, and verifying the integrity of the kernel operation of the operating system based on the integrity verification request and the reference value of the integrity verification by the firmware.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the integrity verification method of the kernel running of the operating system based on the firmware when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of integrity verification of firmware-based operating system kernel execution as described in any of the above.
The invention also provides a computer program product comprising a computer program which when executed by a processor implements a method of integrity verification of firmware-based operating system kernel execution as described in any of the above.
According to the method and the device for verifying the integrity of the kernel operation of the operating system based on the firmware, the first runtime service of the firmware is called by the kernel in the initialization stage of the kernel, the reference value of key data is created based on the first runtime service, then the end of the initialization stage of the kernel is determined, the second runtime service of the firmware is called by the kernel, the reference value of the firmware is closed based on the second runtime service, finally the third runtime service of the firmware is called by the kernel at regular time, an integrity verification request is sent to the firmware, and the integrity of the kernel operation of the operating system is verified by the firmware based on the integrity verification request. The invention divides the server into firmware and kernel, provides kernel data integrity verification run-time service through the firmware, can provide key data integrity verification function of the operating system kernel for the firmware providing the run-time service for the operating system, and the kernel data verification logic runs in the firmware space, is independent of the kernel space, ensures that the kernel cannot hijack the verification logic in the firmware after being attacked maliciously, thus the verification process is safer, and the verification result is more credible.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for verifying the integrity of kernel execution of a firmware-based operating system according to the present invention;
FIG. 2 is a computer boot timing diagram of a method of integrity verification of firmware-based operating system kernel execution provided by the present invention;
FIG. 3 is a server restart timing diagram of the method for verifying the integrity of firmware-based operating system kernel execution provided by the present invention;
FIG. 4 is a flowchart of an integrity verification method for firmware-based operating system kernel execution provided by the present invention;
FIG. 5 is a schematic diagram of an integrity verification device for firmware-based operating system kernel operation provided by the present invention;
FIG. 6 is a complete system architecture diagram of an integrity verification device for firmware-based operating system kernel execution provided by the present invention;
fig. 7 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, the method for verifying the integrity of the kernel operation of the firmware-based operating system provided by the invention is applied to a server, wherein the server comprises a kernel and firmware, and the method comprises the following steps:
step 110, in an initialization stage of the kernel, the kernel invokes a first runtime service of firmware, and creates a reference value of key data based on the first runtime service;
step 120, determining that the initialization phase of the kernel is finished, and calling a second runtime service of the firmware by the kernel, and closing the reference value creation of the firmware based on the second runtime service;
step 130, the kernel calls the third runtime service of the firmware at regular time, and sends an integrity verification request to the firmware, and the firmware verifies the integrity of the kernel operation of the operating system based on the integrity verification request and the reference value of the integrity verification.
It should be noted first that the runtime service RS (RuntimeService) in this embodiment may include: the first, second and third runtime services are running interfaces between Firmware (Firmware) and the kernel in the server running process.
It should be further noted that, firmware (Firmware) is a program stored in a memory of a computer motherboard, and is responsible for self-checking, initializing, etc. operations of computer hardware (such as a hard disk, a memory, etc.). After the firmware completes self-checking and initialization of the hardware equipment, the operating system boot program is loaded and operated to start the operating system. After the operating system is started, the firmware code continues to reside in the memory to provide runtime services for the operating system.
An operating system kernel: the most basic part of the operating system abstracts the hardware details and allocates computer resources (CPU, memory, storage, etc.) to programs running thereon. The operating system kernel resides in memory throughout, scheduling various computer resources.
The first runtime service is the reference value setting RS, the second runtime service is the reference value flag setting RS, and the third runtime service is the kernel data verification RS.
Specifically, the above step 110 is a process of setting the reference value, and the integrity value of the data in the memory is calculated according to the provided data memory address and recorded in the memory space of the firmware.
The kernel creates a reference value of the critical data through the first runtime service, and cannot modify or acquire integrity information of the critical data. It should be noted that the critical data in the kernel is classified into various types, such as a system call table, a kernel data read-only area, and the like. Therefore, the kernel calls the runtime service to specify the data type, and the kernel calls the runtime service multiple times in the initialization stage according to the difference of the key data creation occasions to create the reference value of each data.
The above step 120 is a process of completing and stopping the setting of the reference value. Since the kernel only needs to create a verification benchmark for critical data during the initialization phase. Therefore, when the initialization process is completed, the reference value setting function of the firmware is closed before the user process scheduling is started, and the kernel attacker is prevented from modifying the created verification reference in the firmware.
The concrete implementation is as follows: and determining whether a target reference value (reference value flag bit) is set, if so, stopping the reference value setting, and if not, continuing to set the reference value. The target reference value is determined according to the second runtime service.
Step 130 described above is the process of integrity verification. The kernel calls a third runtime service at regular time, initiates a verification request, and the firmware calculates the current data abstract value according to the recorded data type and the data memory address and compares the current data abstract value with the reference value.
If the verification is successful, the kernel continues to run and continues to call the third runtime service at regular time to perform integrity verification of the system operation.
If verification fails, the firmware executes a power-off operation to shut down the computer, so that loss caused by malicious attack is prevented.
It should be noted that, the kernel calls the third runtime service at regular time, requests the firmware to verify the integrity of the key data of the kernel, and the kernel only initiates the request, and the execution process of the verification logic and the verification reference value are both in the firmware memory space. Therefore, the kernel data verification logic can be ensured to run in the firmware space, and the verification logic in the firmware can not be hijacked after the kernel is attacked maliciously independently of the kernel space.
According to the method for verifying the integrity of the kernel operation of the operating system based on the firmware, the first runtime service of the firmware is called by the kernel in the initialization stage of the kernel, the reference value of key data is created based on the first runtime service, then the end of the initialization stage of the kernel is determined, the second runtime service of the firmware is called by the kernel, the reference value creation of the firmware is closed based on the second runtime service, finally the third runtime service of the firmware is called by the kernel at regular time, an integrity verification request is sent to the firmware, and the integrity of the kernel operation of the operating system is verified by the firmware based on the integrity verification request. The invention divides the server into firmware and kernel, provides kernel data integrity verification run-time service through the firmware, can provide key data integrity verification function of the operating system kernel for the firmware providing the run-time service for the operating system, and the kernel data verification logic runs in the firmware space, is independent of the kernel space, ensures that the kernel cannot hijack the verification logic in the firmware after being attacked maliciously, thus the verification process is safer, and the verification result is more credible.
In some optional embodiments, in the initialization stage of the kernel, the kernel invokes a first runtime service of firmware, creates a reference value of critical data based on the first runtime service, and includes:
in the initialization stage of the kernel, the kernel determines the data type of the key data;
and calling the first runtime services for a plurality of times based on the creation time of the key data of different data types, and creating a reference value of each key data based on each first runtime service.
It is to be understood that the present embodiment is a specific procedure of reference value creation.
In this embodiment, since the key data in the kernel is classified into multiple classes, such as a system call table, a kernel data read-only area, and the like. Therefore, the kernel calls the runtime service to specify the data type, and the kernel calls the runtime service for multiple times according to the creation time of the key data in the initialization stage and creates the reference value of each data according to the different creation time of the key data.
In some optional embodiments, the creating the reference value based on the second runtime service turning off the firmware includes:
determining an execution of the second runtime service based on whether a target reference value is set;
and closing the creation of the reference value of the firmware under the condition that the second runtime service is executed.
And if the second runtime service is not executed, continuing to execute the reference value for creating the key data.
Specifically, in the present embodiment, it is verified whether the target reference value (flag bit) is set, and if the flag bit is set, it is explained that the flag bit setting RS, i.e., the second runtime service, has been executed, the reference value is no longer allowed to be set or changed. If the flag bit is not set, the subsequent reference value setting operation is normally performed.
Referring to fig. 2, fig. 2 is a timing diagram of a computer start-up of the method for verifying the integrity of the kernel operation of the firmware-based operating system according to the present invention.
The method comprises the steps of firmware self-checking, namely initializing, loading a running boot loader, running a kernel, initializing the kernel, sending a kernel key data address to the firmware, calculating a reference value by the firmware, setting a query function by the kernel closing reference value, updating a flag bit, setting the flag bit of the firmware and initializing the kernel.
In some alternative embodiments, further comprising:
the kernel calls a fourth runtime service of the firmware, and initializes memory data based on the fourth runtime service;
the firmware clears the reference value and resets the target reference value and verifies that the restart logic is performing an operating system restart.
It is easy to understand that this embodiment is a process of restarting an operating system by using firmware. When the operating system executes the restart or fast restart, the data such as the service initialization memory and the like during the restart operation of the firmware are required to be called, when the firmware executes the restart service, the existing reference value information is cleared, the flag bit is reset, and the operation of creating the reference value can be normally executed by the new kernel when the operating system executes the fast restart.
Referring to fig. 3, fig. 3 is a server restart timing diagram of the firmware-based method for verifying the integrity of kernel operation of an operating system according to the present invention.
Firstly, loading a new kernel, executing reboot system call, calling a firmware restart RS, deleting an existing reference value, restarting other operations of the RS by the firmware, initializing the new kernel, sending an internal key data address to the firmware, calculating the new kernel reference value by the firmware, setting a function of closing the reference value by the kernel, updating the flag bit, setting the firmware flag bit and initializing other steps by the kernel.
In the embodiment, a quick restart mechanism is considered, and the firmware can construct a verification reference based on a newly started kernel by means of clearing the flag bit in firmware restart service, so that the application scene of the invention is further ensured.
In some alternative embodiments, the kernel periodically invokes a third runtime service of the firmware, sends an integrity verification request to the firmware, and verifies the integrity of the operating system kernel operation based on the integrity verification request and a reference value for integrity verification, including:
the kernel periodically calls a third runtime service of the firmware based on a timer mechanism and sends an integrity verification request to the firmware;
the firmware responds to the integrity verification request, reads current critical data based on the recorded data type and the data address, obtains a summary value, compares the summary value with a reference value of integrity verification, and obtains a comparison result;
and the kernel determines normal operation based on the comparison result, and the firmware verifies the integrity of the operation of the kernel of the operating system.
This embodiment is a detailed process of integrity verification.
The kernel periodically invokes a third runtime service of the firmware based on the timer mechanism, sending an integrity verification request to the firmware. And the firmware responds to the integrity verification request, reads the current critical data based on the recorded data type and the data address, obtains a digest value, compares the digest value with a reference value of the integrity verification, and obtains a comparison result.
The kernel performs different operations based on the comparison result, specifically as follows:
1. the kernel determines normal operation based on the comparison result, and the firmware verifies the integrity of the operation of the kernel of the operating system.
2. The kernel performs an alarm or shutdown operation based on the comparison result, or the firmware performs a restart operation based on the comparison result.
Specifically, in this embodiment, a kernel timer is started first, and an integrity verification request is triggered and executed at regular time by using a timer mechanism in the kernel. Calculating the current data digest value: when the firmware integrity verification service runs, the current key data is read according to the recorded data type and the data address, and the digest value is calculated. Verifying key data integrity: the firmware integrity verification service compares the data reference value with the calculated current abstract value, and executes different system operations according to the comparison result.
If the two types of the integrity verification requests are consistent, the kernel normally operates, a timer is set, and the integrity verification requests are triggered regularly; if the verification results are inconsistent, the key data is tampered, the abnormal verification results can be returned, the kernel can execute the operations such as alarming or shutdown, and the firmware can execute the restarting operation, so that the malicious attack is prevented from further affecting the user operating system.
Referring to fig. 4, fig. 4 is an integrity verification flowchart of an integrity verification method for kernel operation of a firmware-based operating system according to the present invention, including the following steps:
step 410, starting a timer by the kernel, and calling a reference value verification RS at regular time;
step 420, when the kernel timer reaches a preset time, calling a reference value verification RS;
step 430, the firmware reads and calculates the current key data integrity value;
step 440, the firmware verifies the key data integrity;
step 450, judging whether the data is complete; if yes, go to step 460, if not, return to step 410;
step 460, execute the restart or alarm operation.
The following describes an integrity verification device for operating system kernel operation based on firmware, and the integrity verification device for operating system kernel operation based on firmware described below and the integrity verification method for operating system kernel operation based on firmware described above can be referred to correspondingly.
Referring to fig. 5, the device for verifying the integrity of kernel operation of a firmware-based operating system provided by the present invention is applied to a server, where the server includes a kernel and firmware, and the device includes:
a creating module 510, configured to, in an initialization stage of the kernel, invoke a first runtime service of firmware, and create a reference value of key data based on the first runtime service;
a closing module 520, configured to determine that an initialization phase of the kernel ends, where the kernel invokes a second runtime service of the firmware, and close a reference value creation of the firmware based on the second runtime service;
and a verification module 530, configured to cause the kernel to call a third runtime service of the firmware at regular time, send an integrity verification request to the firmware, and verify the integrity of the kernel operation of the operating system based on the integrity verification request and a reference value of the integrity verification.
It should be noted first that the runtime service RS (RuntimeService) in this embodiment may include: the first, second and third runtime services are running interfaces between Firmware (Firmware) and the kernel in the server running process.
It should be further noted that, firmware (Firmware) is a program stored in a memory of a computer motherboard, and is responsible for self-checking, initializing, etc. operations of computer hardware (such as a hard disk, a memory, etc.). After the firmware completes self-checking and initialization of the hardware equipment, the operating system boot program is loaded and operated to start the operating system. After the operating system is started, the firmware code continues to reside in the memory to provide runtime services for the operating system.
An operating system kernel: the most basic part of the operating system abstracts the hardware details and allocates computer resources (CPU, memory, storage, etc.) to programs running thereon. The operating system kernel resides in memory throughout, scheduling various computer resources.
The first runtime service is the reference value setting RS, the second runtime service is the reference value flag setting RS, and the third runtime service is the kernel data verification RS.
Specifically, the creation module 510 is configured to set the reference value, calculate the integrity value of the data in the memory according to the provided data memory address, and record the integrity value in the memory space of the firmware.
The kernel creates a reference value of the critical data through the first runtime service, and cannot modify or acquire integrity information of the critical data. It should be noted that the critical data in the kernel is classified into various types, such as a system call table, a kernel data read-only area, and the like. Therefore, the kernel calls the runtime service to specify the data type, and the kernel calls the runtime service multiple times in the initialization stage according to the difference of the key data creation occasions to create the reference value of each data.
The shutdown module 520 performs a function of completing and stopping the setting of the reference value. Since the kernel only needs to create a verification benchmark for critical data during the initialization phase. Therefore, when the initialization process is completed, the reference value setting function of the firmware is closed before the user process scheduling is started, and the kernel attacker is prevented from modifying the created verification reference in the firmware.
The concrete implementation is as follows: and determining whether a target reference value (reference value flag bit) is set, if so, stopping the reference value setting, and if not, continuing to set the reference value. The target reference value is determined according to the second runtime service.
The verification module 530 is a function of integrity verification. The kernel calls a third runtime service at regular time, initiates a verification request, and the firmware calculates the current data abstract value according to the recorded data type and the data memory address and compares the current data abstract value with the reference value.
If the verification is successful, the kernel continues to run and continues to call the third runtime service at regular time to perform integrity verification of the system operation.
If verification fails, the firmware executes a power-off operation to shut down the computer, so that loss caused by malicious attack is prevented.
It should be noted that, the kernel calls the third runtime service at regular time, requests the firmware to verify the integrity of the key data of the kernel, and the kernel only initiates the request, and the execution process of the verification logic and the verification reference value are both in the firmware memory space. Therefore, the kernel data verification logic can be ensured to run in the firmware space, and the verification logic in the firmware can not be hijacked after the kernel is attacked maliciously independently of the kernel space.
According to the integrity verification device for operating system kernel operation based on the firmware, the first runtime service of the firmware is called by the kernel in the initialization stage of the kernel, the reference value of key data is created based on the first runtime service, then the end of the initialization stage of the kernel is determined, the second runtime service of the firmware is called by the kernel, the reference value creation of the firmware is closed based on the second runtime service, finally the third runtime service of the firmware is called by the kernel at regular time, an integrity verification request is sent to the firmware, and the integrity of the kernel operation of the operating system is verified by the firmware based on the integrity verification request. The invention divides the server into firmware and kernel, provides kernel data integrity verification run-time service through the firmware, can provide key data integrity verification function of the operating system kernel for the firmware providing the run-time service for the operating system, and the kernel data verification logic runs in the firmware space, is independent of the kernel space, ensures that the kernel cannot hijack the verification logic in the firmware after being attacked maliciously, thus the verification process is safer, and the verification result is more credible.
Referring to fig. 6, fig. 6 is a complete system structure diagram of an integrity verification device for kernel operation of a firmware-based operating system provided by the present invention, and a computer memory 600 includes a firmware memory 610 and a kernel memory 620;
the firmware memory 610 includes a reference value setting RS611, a reference value flag setting RS612, a kernel data verification RS613, a restart RS614, a kernel reference value 615, and a reference value setting flag 616;
the kernel memory 620 includes a reference value setting 621, an integrity verification timer 622, and a restart 623.
In some optional embodiments, in the initialization stage of the kernel, the kernel invokes a first runtime service of firmware, creates a reference value of critical data based on the first runtime service, and includes:
in the initialization stage of the kernel, the kernel determines the data type of the key data;
and calling the first runtime services for a plurality of times based on the creation time of the key data of different data types, and creating a reference value of each key data based on each first runtime service.
It is to be understood that the present embodiment is a specific procedure of reference value creation.
In this embodiment, since the key data in the kernel is classified into multiple classes, such as a system call table, a kernel data read-only area, and the like. Therefore, the kernel calls the runtime service to specify the data type, and the kernel calls the runtime service for multiple times according to the creation time of the key data in the initialization stage and creates the reference value of each data according to the different creation time of the key data.
In some optional embodiments, the creating the reference value based on the second runtime service turning off the firmware includes:
determining an execution of the second runtime service based on whether a target reference value is set;
and closing the creation of the reference value of the firmware under the condition that the second runtime service is executed.
In some alternative embodiments, further comprising:
and if the second runtime service is not executed, continuing to execute the reference value for creating the key data.
Specifically, in the present embodiment, it is verified whether the target reference value (flag bit) is set, and if the flag bit is set, it is explained that the flag bit setting RS, i.e., the second runtime service, has been executed, the reference value is no longer allowed to be set or changed. If the flag bit is not set, the subsequent reference value setting operation is normally performed.
In some alternative embodiments, further comprising:
the kernel calls a fourth runtime service of the firmware, and initializes memory data based on the fourth runtime service;
the firmware clears the reference value and resets the target reference value and verifies that the restart logic is performing an operating system restart.
It is easy to understand that this embodiment is a process of restarting an operating system by using firmware. When the operating system executes the restart or fast restart, the data such as the service initialization memory and the like during the restart operation of the firmware are required to be called, when the firmware executes the restart service, the existing reference value information is cleared, the flag bit is reset, and the operation of creating the reference value can be normally executed by the new kernel when the operating system executes the fast restart.
In some alternative embodiments, the kernel periodically invokes a third runtime service of the firmware, sends an integrity verification request to the firmware, and verifies the integrity of the operating system kernel operation based on the integrity verification request and a reference value for integrity verification, including:
the kernel periodically calls a third runtime service of the firmware based on a timer mechanism and sends an integrity verification request to the firmware;
the firmware responds to the integrity verification request, reads current critical data based on the recorded data type and the data address, obtains a summary value, compares the summary value with a reference value of integrity verification, and obtains a comparison result;
and the kernel determines normal operation based on the comparison result, and the firmware verifies the integrity of the operation of the kernel of the operating system.
In some alternative embodiments, further comprising:
the kernel performs an alarm or shutdown operation based on the comparison result, or the firmware performs a restart operation based on the comparison result.
This embodiment is a detailed process of integrity verification.
The kernel periodically invokes a third runtime service of the firmware based on the timer mechanism, sending an integrity verification request to the firmware. And the firmware responds to the integrity verification request, reads the current critical data based on the recorded data type and the data address, obtains a digest value, compares the digest value with a reference value of the integrity verification, and obtains a comparison result.
The kernel performs different operations based on the comparison result, specifically as follows:
1. the kernel determines normal operation based on the comparison result, and the firmware verifies the integrity of the operation of the kernel of the operating system.
2. The kernel performs an alarm or shutdown operation based on the comparison result, or the firmware performs a restart operation based on the comparison result.
Specifically, in this embodiment, a kernel timer is started first, and an integrity verification request is triggered and executed at regular time by using a timer mechanism in the kernel. Calculating the current data digest value: when the firmware integrity verification service runs, the current key data is read according to the recorded data type and the data address, and the digest value is calculated. Verifying key data integrity: the firmware integrity verification service compares the data reference value with the calculated current abstract value, and executes different system operations according to the comparison result.
If the two types of the integrity verification requests are consistent, the kernel normally operates, a timer is set, and the integrity verification requests are triggered regularly; if the verification results are inconsistent, the key data is tampered, the abnormal verification results can be returned, the kernel can execute the operations such as alarming or shutdown, and the firmware can execute the restarting operation, so that the malicious attack is prevented from further affecting the user operating system.
Fig. 7 illustrates a physical schematic diagram of an electronic device, as shown in fig. 7, which may include: processor 710, communication interface (Communications Interface) 720, memory 730, and communication bus 740, wherein processor 710, communication interface 720, memory 730 communicate with each other via communication bus 740. Processor 710 may invoke logic instructions in memory 730 to perform an integrity verification method of firmware-based operating system kernel execution, the method comprising:
in an initialization stage of the kernel, the kernel calls a first runtime service of firmware, and creates a reference value of key data based on the first runtime service;
determining that the initialization phase of the kernel is finished, and calling a second runtime service of the firmware by the kernel, and closing the reference value creation of the firmware based on the second runtime service;
the kernel regularly calls a third runtime service of the firmware, sends an integrity verification request to the firmware, and verifies the integrity of the kernel operation of the operating system based on the integrity verification request and a reference value of the integrity verification.
Further, the logic instructions in the memory 730 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, where the computer program product includes a computer program, where the computer program can be stored on a non-transitory computer readable storage medium, where the computer program when executed by a processor can perform an integrity verification method for firmware-based kernel operation provided by the above methods, where the method includes:
in an initialization stage of the kernel, the kernel calls a first runtime service of firmware, and creates a reference value of key data based on the first runtime service;
determining that the initialization phase of the kernel is finished, and calling a second runtime service of the firmware by the kernel, and closing the reference value creation of the firmware based on the second runtime service;
the kernel regularly calls a third runtime service of the firmware, sends an integrity verification request to the firmware, and verifies the integrity of the kernel operation of the operating system based on the integrity verification request and a reference value of the integrity verification.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method for integrity verification of firmware-based operating system kernel execution provided by the methods described above, the method comprising:
in an initialization stage of the kernel, the kernel calls a first runtime service of firmware, and creates a reference value of key data based on the first runtime service;
determining that the initialization phase of the kernel is finished, and calling a second runtime service of the firmware by the kernel, and closing the reference value creation of the firmware based on the second runtime service;
the kernel regularly calls a third runtime service of the firmware, sends an integrity verification request to the firmware, and verifies the integrity of the kernel operation of the operating system based on the integrity verification request and a reference value of the integrity verification.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. An integrity verification method for kernel execution of a firmware-based operating system, the method being applied to a server, the server including a kernel and firmware, the method comprising:
in an initialization stage of the kernel, the kernel calls a first runtime service of firmware, and creates a reference value of key data based on the first runtime service;
determining that the initialization phase of the kernel is finished, and calling a second runtime service of the firmware by the kernel, and closing the reference value creation of the firmware based on the second runtime service;
the kernel regularly calls a third runtime service of the firmware, sends an integrity verification request to the firmware, and verifies the integrity of the kernel operation of the operating system based on the integrity verification request and a reference value of the integrity verification.
2. The method for verifying the integrity of the kernel execution of the firmware-based operating system according to claim 1, wherein the kernel invokes a first runtime service of the firmware during an initialization phase of the kernel, creates a reference value of critical data based on the first runtime service, and comprises:
in the initialization stage of the kernel, the kernel determines the data type of the key data;
and calling the first runtime services for a plurality of times based on the creation time of the key data of different data types, and creating a reference value of each key data based on each first runtime service.
3. The method of integrity verification of firmware-based operating system kernel execution of claim 1, wherein said closing reference value creation of said firmware based on said second runtime service comprises:
determining an execution of the second runtime service based on whether a target reference value is set;
and closing the creation of the reference value of the firmware under the condition that the second runtime service is executed.
4. The method for integrity verification of firmware-based operating system kernel execution of claim 3, further comprising:
and if the second runtime service is not executed, continuing to execute the reference value for creating the key data.
5. The method for integrity verification of firmware-based operating system kernel execution of claim 3, further comprising:
the kernel calls a fourth runtime service of the firmware, and initializes memory data based on the fourth runtime service;
the firmware clears the reference value and resets the target reference value and verifies that the restart logic is performing an operating system restart.
6. The method of claim 1, wherein the kernel timing invokes a third runtime service of the firmware, sending an integrity verification request to the firmware, the firmware verifying the integrity of the operating system kernel execution based on the integrity verification request and a reference value for integrity verification, comprising:
the kernel periodically calls a third runtime service of the firmware based on a timer mechanism and sends an integrity verification request to the firmware;
the firmware responds to the integrity verification request, reads current critical data based on the recorded data type and the data address, obtains a summary value, compares the summary value with a reference value of integrity verification, and obtains a comparison result;
and the kernel determines normal operation based on the comparison result, and the firmware verifies the integrity of the operation of the kernel of the operating system.
7. The method of integrity verification of firmware-based operating system kernel execution of claim 6, further comprising:
the kernel performs an alarm or shutdown operation based on the comparison result, or the firmware performs a restart operation based on the comparison result.
8. An integrity verification apparatus for kernel execution of a firmware-based operating system, the apparatus being applied to a server, the server comprising a kernel and firmware, the apparatus comprising:
the creation module is used for calling a first runtime service of the firmware by the kernel in an initialization stage of the kernel, and creating a reference value of key data based on the first runtime service;
the closing module is used for determining that the initialization phase of the kernel is finished, the kernel calls a second runtime service of the firmware, and the reference value creation of the firmware is closed based on the second runtime service;
and the verification module is used for enabling the kernel to call the third runtime service of the firmware at regular time, sending an integrity verification request to the firmware, and verifying the integrity of the kernel operation of the operating system based on the integrity verification request and the reference value of the integrity verification by the firmware.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of integrity verification of firmware-based operating system kernel execution of any one of claims 1 to 7 when the program is executed by the processor.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the method of integrity verification of firmware-based operating system kernel execution of any of claims 1 to 7.
CN202310080667.6A 2023-02-02 2023-02-02 Method and device for verifying integrity of kernel operation of operating system based on firmware Pending CN116305082A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310080667.6A CN116305082A (en) 2023-02-02 2023-02-02 Method and device for verifying integrity of kernel operation of operating system based on firmware

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310080667.6A CN116305082A (en) 2023-02-02 2023-02-02 Method and device for verifying integrity of kernel operation of operating system based on firmware

Publications (1)

Publication Number Publication Date
CN116305082A true CN116305082A (en) 2023-06-23

Family

ID=86796876

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310080667.6A Pending CN116305082A (en) 2023-02-02 2023-02-02 Method and device for verifying integrity of kernel operation of operating system based on firmware

Country Status (1)

Country Link
CN (1) CN116305082A (en)

Similar Documents

Publication Publication Date Title
JP5767751B2 (en) Method, computing platform, and program for verifying BIOS
EP2840492A1 (en) Method and apparatus for modifying a computer program in a trusted manner
CN107330320B (en) Method and device for monitoring application process
JP2003525484A (en) Protected boot flow
TW201506788A (en) Secure boot override in a computing device equipped with unified-extensible firmware interface (UEFI)-compliant firmware
EP2867770A1 (en) Methods, systems and apparatus to capture error conditions in lightweight virtual machine managers
US10007785B2 (en) Method and apparatus for implementing virtual machine introspection
US8838952B2 (en) Information processing apparatus with secure boot capability capable of verification of configuration change
CN115062307B (en) Open POWER-based program integrity checking method, system, terminal and storage medium
CN113448682B (en) Virtual machine monitor loading method and device and electronic equipment
CN111090546B (en) Method, device and equipment for restarting operating system and readable storage medium
US9465643B1 (en) Systems and methods for monitoring a primary operating system (OS) and/or migrating data using an OS hypervisor
CN117130672A (en) Server start flow control method, system, terminal and storage medium
US7269722B1 (en) Preview of UNIX boot process from multi-user level
US20200244461A1 (en) Data Processing Method and Apparatus
KR101013419B1 (en) Guarding apparatus and method for system
US9804932B2 (en) Method and device for processing data and electronic apparatus
CN116305082A (en) Method and device for verifying integrity of kernel operation of operating system based on firmware
WO2021135995A1 (en) Method and apparatus for processing virtual machine component
CN114217905A (en) High-availability recovery processing method and system for virtual machine
CN114153503A (en) BIOS control method, device and medium
WO2022093186A1 (en) Code execution using trusted code record
CN112784276A (en) Method and device for realizing credibility measurement
CN111258805B (en) Hard disk state monitoring method and device for server and computer device
CN117093399A (en) System starting method, system on chip, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination