CN116628675A - Password recovery method, device, computer apparatus, storage medium and program product - Google Patents
Password recovery method, device, computer apparatus, storage medium and program product Download PDFInfo
- Publication number
- CN116628675A CN116628675A CN202310537454.1A CN202310537454A CN116628675A CN 116628675 A CN116628675 A CN 116628675A CN 202310537454 A CN202310537454 A CN 202310537454A CN 116628675 A CN116628675 A CN 116628675A
- Authority
- CN
- China
- Prior art keywords
- password
- bios
- hash value
- recovery
- bmc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011084 recovery Methods 0.000 title claims abstract description 270
- 238000000034 method Methods 0.000 title claims abstract description 88
- 238000004590 computer program Methods 0.000 claims description 52
- 238000012795 verification Methods 0.000 claims description 52
- 238000001514 detection method Methods 0.000 claims description 28
- 238000012545 processing Methods 0.000 claims description 25
- 230000004044 response Effects 0.000 claims description 10
- 238000010586 diagram Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000004364 calculation method Methods 0.000 description 3
- 241001290266 Sciaenops ocellatus Species 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The present application relates to a password recovery method, apparatus, computer device, storage medium, and program product. The method comprises the following steps: under the condition that firmware updating is completed for the BIOS, the encryption password and the first hash value which are obtained according to the initial BIOS password corresponding to the BIOS before the firmware updating is carried out for the BIOS are obtained from the BMC, the accuracy check is carried out on the first hash value by utilizing the encryption password, and if the first hash value passes the check, the recovery BIOS password corresponding to the BIOS is obtained according to the encryption password. By adopting the method, the security of BIOS passwords can be improved.
Description
Technical Field
The present application relates to the field of password management technology, and in particular, to a password recovery method, apparatus, computer device, storage medium, and program product.
Background
The BIOS (Basic Input Output System ) is a set of programs solidified on a ROM chip in a main board in a server, and in order to improve the security of the server, BIOS passwords of the BIOS are set to control access and set authority of the BIOS in the use process, wherein the BIOS passwords comprise passwords of a manager and a user, and the set BIOS passwords are stored in Flash of the main board.
When the BIOS performs firmware update, the BIOS password may be lost. In the conventional technology, the BIOS password is sent to the BMC (Baseboard Management Controller ) for storage. After the BIOS firmware is updated, the BIOS password is obtained from the BMC, so that the BIOS password is recovered.
However, the above password recovery method has a problem of poor security of the BIOS password.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a password recovery method, apparatus, computer device, storage medium, and program product that can improve BIOS password security.
In a first aspect, the present application provides a password recovery method, which is applied to a BIOS. The method comprises the following steps:
under the condition that firmware updating is completed for the BIOS, an encryption password and a first hash value are obtained from the BMC, wherein the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating is performed for the BIOS;
performing accuracy check on the first hash value by using the encryption password;
and if the first hash value passes the verification, acquiring a recovery BIOS password corresponding to the BIOS according to the encryption password.
In the password recovery method, when firmware update is completed on the BIOS, the encryption password and the first hash value obtained according to the initial BIOS password corresponding to the BIOS before the firmware update is performed on the BIOS are obtained from the BMC, the accuracy of the first hash value is checked by using the encryption password, and if the first hash value passes the check, the recovery BIOS password corresponding to the BIOS is obtained according to the encryption password. In the conventional technology, the BIOS password is directly sent to the BMC for storage before the BIOS firmware is updated, and the BIOS password is directly obtained from the BMC after the BIOS firmware is updated, so that the BIOS password is recovered, however, the BIOS password is easy to be tampered or replaced in the BMC, and the password is not checked after the BIOS password is obtained from the BMC in the above method, so that the problem of low security of the BIOS password exists. In the embodiment of the application, before the firmware update of the BIOS is performed, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS, the encrypted password and the first hash value are sent to the BMC for storage, and after the firmware update of the BIOS is completed, the BIOS checks the first hash value stored in the BMC to obtain a check result of whether the password stored in the BMC is tampered or replaced, and the recovery BIOS password corresponding to the BIOS is obtained. In this embodiment, the initial BIOS password is encrypted and then stored in the BMC, so that the possibility that the BIOS password is tampered or replaced is reduced, and the BIOS also checks the first hash value after the firmware update is completed, thereby improving the security of the BIOS password.
In one embodiment, the verifying the accuracy of the first hash value using the encryption password includes:
decrypting the encrypted password to obtain a decrypted password;
and utilizing the decryption password to carry out accuracy check on the first hash value.
In this embodiment, the decryption password is obtained by performing decryption processing on the encryption password, and then the accuracy of the first hash value is checked by using the decryption password, if the verification is passed, it is determined that the BIOS password is not tampered or replaced, and if it is determined that the BIOS password is not tampered or replaced, the BIOS password is recovered from the decryption password, thereby improving the security of the BIOS password.
In one embodiment, the verifying the accuracy of the first hash value using the decryption password includes:
performing hash operation on the decryption password to obtain a second hash value;
comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, determining that the first hash value passes the verification.
In this embodiment, a second hash value is obtained by performing hash operation on the decrypted password, and then the first hash value and the second hash value are compared, and if the first hash value is the same as the second hash value, it is determined that the first hash value passes the verification. By verifying whether the first hash value before updating the BIOS firmware is the same as the second hash value after updating the BIOS firmware, whether the BIOS password is tampered or replaced is determined, so that the safety of the BIOS password is improved, and meanwhile, the scheme for determining whether the BIOS password is tampered or replaced by using the method is simple, and the efficiency of acquiring and recovering the BIOS password can be improved.
In one embodiment, the obtaining the recovery BIOS password corresponding to the BIOS according to the encryption password includes:
the decryption password is determined to be the recovery BIOS password.
In this embodiment, by determining the decryption password as the recovery BIOS password, the recovery BIOS password that is not tampered can be obtained after the BIOS firmware is updated, so that the user can conveniently use the recovery BIOS password to perform BIOS management.
In one embodiment, the method further comprises:
acquiring the initial BIOS password under the condition that a password acquisition condition is met, wherein the password acquisition condition comprises at least one of equipment power-on, password setting operation detection or password updating operation detection;
respectively carrying out encryption processing and hash operation on the initial BIOS password to obtain the encryption password and the first hash value;
the encrypted password and the first hash value are sent to the BMC.
In this embodiment, under the condition that the password obtaining condition is met, an initial BIOS password is obtained, then encryption processing and hash operation are respectively performed on the initial BIOS password to obtain an encrypted password and a first hash value, and the encrypted password and the first hash value are sent to the BMC. The method can encrypt and protect the initial BIOS password and then store the password in the BMC, so that the possibility of tampering or replacing the BIOS password is reduced, and the safety of the BIOS password is improved.
In one embodiment, the method further comprises:
and generating a password recovery success message, and sending the password recovery success message to the BMC, wherein the password recovery success message is used for the user side to acquire the password recovery success message from the BMC.
In this embodiment, by generating the password recovery success message and sending the password recovery success message to the BMC, the user side can obtain the password recovery success message from the BMC, so that timeliness of the user side for obtaining the password recovery success message is improved, and under the condition that the user side knows the password recovery success message, the user can conveniently use the recovery BIOS password to perform BIOS management.
In one embodiment, the method further comprises:
if the first hash value is not checked, generating a password recovery failure message, and sending the password recovery failure message to the BMC, wherein the password recovery failure message is used for the user side to acquire the password recovery failure message from the BMC.
In this embodiment, if the first hash value is not checked, a password recovery failure message is generated and sent to the BMC, so that the user terminal can obtain the password recovery failure message from the BMC, the timeliness of the user terminal for obtaining the password recovery failure message is improved, and under the condition that the user terminal knows the password recovery failure message, the user can reset the BIOS password, so as to use the new BIOS password to perform BIOS management.
In a second aspect, the present application provides a password recovery method, which is applied to a BMC. The method comprises the following steps:
receiving a password acquisition request sent by a BIOS;
transmitting an encrypted password and a first hash value to the BIOS in response to the password acquisition request;
the password obtaining request is sent after the firmware updating of the BIOS is completed, the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating of the BIOS is performed, and the encryption password and the first hash value are used for the BIOS to perform accuracy checking on the first hash value by using the encryption password so as to obtain a recovery BIOS password corresponding to the BIOS.
In this embodiment, the BMC receives a password obtaining request sent by the BIOS, and sends the encrypted password and the first hash value to the BIOS in response to the password obtaining request, so that the BIOS can obtain the encrypted password and the first hash value stored before the firmware update of the BIOS from the BMC after the firmware update is completed, and further, the BIOS can perform accuracy check by using the encrypted password and the first hash value to obtain the restored BIOS password corresponding to the BIOS. In the conventional technology, the BIOS password is directly sent to the BMC for storage before the BIOS firmware is updated, and the BIOS password is directly obtained from the BMC after the BIOS firmware is updated, so that the BIOS password is recovered, however, the BIOS password is easy to be tampered or replaced in the BMC, and the password is not checked after the BIOS password is obtained from the BMC in the above method, so that the problem of low security of the BIOS password exists. In the embodiment of the application, before the firmware update of the BIOS is performed, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS, the encrypted password and the first hash value are sent to the BMC for storage, and after the firmware update of the BIOS is completed, the BIOS checks the first hash value stored in the BMC to obtain a check result of whether the password stored in the BMC is tampered or replaced, and the recovery BIOS password corresponding to the BIOS is obtained. In this embodiment, the initial BIOS password is encrypted and then stored in the BMC, so that the possibility that the BIOS password is tampered or replaced is reduced, and the BIOS also checks the first hash value after the firmware update is completed, thereby improving the security of the BIOS password.
In one embodiment, the method further comprises:
receiving the encryption password and the first hash value sent by the BIOS;
the encryption password and the first hash value are obtained by the BIOS performing encryption processing and hash operation on an obtained initial BIOS password, wherein the initial BIOS password is obtained by the BIOS under the condition that password obtaining conditions are met, and the password obtaining conditions comprise at least one of equipment power-on, password setting operation detection or password updating operation detection.
In this embodiment, the BMC receives an encrypted password and a first hash value sent by the BIOS, where the encrypted password and the first hash value are obtained by performing encryption processing and hash operation on an obtained initial BIOS password by the BIOS, where the initial BIOS password is obtained by the BIOS under a condition that a password obtaining condition is satisfied, and the password obtaining condition includes at least one of powering on a device, detecting a password setting operation, or detecting a password updating operation. The BMC can store the encrypted password and the first hash value in the BMC, so that the possibility that the BIOS password is tampered or replaced is reduced, and after the BIOS firmware is updated, the BIOS can acquire the encrypted password and the first hash value from the BMC, so that the BIOS can verify the first hash value, and the security of the BIOS password can be improved. Meanwhile, since the initial BIOS password is obtained when the device is powered on, the password setting operation is detected or the password updating operation is detected each time, the initial BIOS password is the latest password, and subsequent processing is carried out by using the latest password, so that the error initial BIOS password can be prevented from being encrypted and subjected to hash calculation.
In one embodiment, the method further comprises:
and receiving a password recovery success message sent by the BIOS, wherein the password recovery success message is generated under the condition that the first hash value passes verification, and the password recovery success message is used for the user side to acquire the password recovery success message.
In this embodiment, after the first hash value passes the verification, the BMC receives the password recovery success message sent by the BIOS, so that the user terminal can obtain the password recovery success message from the BMC, which improves the timeliness of the user terminal for obtaining the password recovery success message, and facilitates the user to use the recovered BIOS password to perform BIOS management under the condition that the user terminal knows the password recovery success message.
In one embodiment, the method further comprises:
and receiving a password recovery failure message sent by the BIOS, wherein the password recovery failure message is generated under the condition that the first hash value check is not passed, and the password recovery failure message is used for the user side to acquire the password recovery failure message.
In this embodiment, after the verification of the first hash value fails, the BMC receives the password recovery failure message sent by the BIOS, so that the user side can obtain the password recovery failure message from the BMC, which improves the timeliness of the user side in obtaining the password recovery failure message, and under the condition that the user side knows the password recovery failure message, the user can reset the BIOS password, so as to use the new BIOS password to perform BIOS management.
In a third aspect, the application further provides a password recovery device. The device comprises:
the first acquisition module is used for acquiring an encryption password and a first hash value from the BMC under the condition that firmware updating is completed on the BIOS, wherein the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating is performed on the BIOS;
the verification module is used for verifying the accuracy of the first hash value by utilizing the encryption password;
and the second acquisition module is used for acquiring the recovery BIOS password corresponding to the BIOS according to the encryption password if the first hash value passes the verification.
In a fourth aspect, the application further provides a password recovery device. The device comprises:
the first receiving module is used for receiving a password acquisition request sent by the BIOS;
the sending module is used for responding to the password acquisition request and sending the encrypted password and the first hash value to the BIOS;
the password obtaining request is sent after the firmware updating of the BIOS is completed, the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating of the BIOS is performed, and the encryption password and the first hash value are used for the BIOS to perform accuracy checking on the first hash value by using the encryption password so as to obtain a recovery BIOS password corresponding to the BIOS.
In a fifth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the above method when the processor executes the computer program.
In a sixth aspect, the present application also provides a computer readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the above method.
In a seventh aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, realizes the following steps.
According to the password recovery method, the device, the computer equipment, the storage medium and the program product, under the condition that firmware updating is completed on the BIOS, the encryption password and the first hash value which are obtained according to the initial BIOS password corresponding to the BIOS before the firmware updating is carried out on the BIOS are obtained from the BMC, the accuracy check is carried out on the first hash value by utilizing the encryption password, and if the first hash value passes the check, the recovery BIOS password corresponding to the BIOS is obtained according to the encryption password. In the conventional technology, the BIOS password is directly sent to the BMC for storage before the BIOS firmware is updated, and the BIOS password is directly obtained from the BMC after the BIOS firmware is updated, so that the BIOS password is recovered, however, the BIOS password is easy to be tampered or replaced in the BMC, and the password is not checked after the BIOS password is obtained from the BMC in the above method, so that the problem of low security of the BIOS password exists. In the embodiment of the application, before the firmware update of the BIOS is performed, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS, the encrypted password and the first hash value are sent to the BMC for storage, and after the firmware update of the BIOS is completed, the BIOS checks the first hash value stored in the BMC to obtain a check result of whether the password stored in the BMC is tampered or replaced, and the recovery BIOS password corresponding to the BIOS is obtained. In this embodiment, the initial BIOS password is encrypted and then stored in the BMC, so that the possibility that the BIOS password is tampered or replaced is reduced, and the BIOS also checks the first hash value after the firmware update is completed, thereby improving the security of the BIOS password.
Drawings
FIG. 1 is a diagram of a password recovery method in the prior art;
FIG. 2 is an application environment diagram of a password recovery method in one embodiment;
FIG. 3 is a flow chart of a password recovery method in one embodiment;
FIG. 4 is a flow diagram of a first hash value check in one embodiment;
FIG. 5 is a flowchart illustrating a first hash value verification process according to another embodiment;
FIG. 6 is a schematic block diagram of BIOS firmware updated in one embodiment;
FIG. 7 is a flowchart of a password recovery method according to another embodiment;
FIG. 8 is a schematic block diagram of BIOS firmware before update in one embodiment;
FIG. 9 is a diagram of BIOS password recovery in one embodiment;
FIG. 10 is a schematic diagram of BIOS communicating with a BMC in one embodiment;
FIG. 11 is a flowchart of a password recovery method according to another embodiment;
FIG. 12 is a flowchart of a password recovery method according to another embodiment;
FIG. 13 is a block diagram of a password recovery device in one embodiment;
FIG. 14 is a block diagram of a password recovery device in another embodiment;
fig. 15 is an internal structural view of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The BIOS (Basic Input Output System ) is a set of programs solidified on a ROM chip in a main board in a server, and in order to improve the security of the server, BIOS passwords of the BIOS are set to control access and set authority of the BIOS in the use process, wherein the BIOS passwords comprise passwords of a manager and a user, and the set BIOS passwords are stored in Flash of the main board. When the BIOS performs firmware update, the BIOS password may be lost. In the actual server operation and maintenance process, in order to ensure the security of the BIOS password, the BIOS password before the recovery after the BIOS firmware update is required.
In the conventional technology, as shown in fig. 1, a BIOS password is sent to a BMC (Baseboard Management Controller ) for storage. After updating the BIOS firmware, the BIOS obtains the BIOS password from the BMC by using an intelligent platform management interface or a management standard based on HTTPs service in the starting process, and then stores the BIOS password locally, thereby recovering the BIOS password.
However, the above password recovery method directly sends the BIOS password to the BMC, where the BIOS password may be tampered with or replaced. After the BIOS firmware is updated, the BIOS directly acquires the BIOS password from the BMC as a recovery password, and the BIOS password is not verified. Therefore, the password recovery method has the problem of poor BIOS password security.
Aiming at the problems, a password recovery method capable of improving the password security of the BIOS is provided, and the password recovery method provided by the embodiment of the application can be applied to an application environment shown in fig. 2. The BIOS201 communicates with the BMC202 via a universal serial bus local area network (LanOver Usb channel). The BIOS201 is a program on a Flash memory (Flash rom) chip, and may operate as a stand-alone module or be executed by a processor of the server 203.
In one embodiment, as shown in fig. 3, a password recovery method is provided, and the method is applied to the BIOS in fig. 2 for illustration, and includes the following steps:
s301, under the condition that firmware updating is completed for the BIOS, an encryption password and a first hash value are obtained from the BMC, wherein the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating is performed for the BIOS.
The initial BIOS password may be a BIOS password set by a user, and the initial BIOS password may be stored on a flash memory chip of the main board, and the initial BIOS password may include passwords of an administrator and a user. Specifically, when the device is powered on, a password setting operation is detected or a password updating operation is detected, the BIOS acquires an initial BIOS password from the flash memory chip; the BIOS encrypts the obtained initial BIOS password by using the generated secret key to obtain an encrypted password, and simultaneously, hashes the initial BIOS password to obtain a first hash value. The BIOS sends the encrypted password and the first hash value to the BMC, and after the firmware update of the BIOS is completed, the BIOS can acquire the encrypted password and the first hash value stored in the BMC.
S302, performing accuracy check on the first hash value by using the encryption password.
In the embodiment of the application, the BIOS can decrypt the encrypted password at least once to obtain a decrypted password, then carry out hash operation on the decrypted password to obtain a second hash value, and the BIOS compares the first hash value with the second hash value so as to carry out accuracy verification.
For example, the BIOS may decrypt the encrypted password twice by using the key, perform hash operation on the decrypted password obtained after decryption to obtain a second hash value, and perform similarity judgment on the second hash value and the first hash value.
S303, if the first hash value passes the verification, acquiring a recovery BIOS password corresponding to the BIOS according to the encryption password.
If the BIOS judges that the first hash value passes the verification, the BIOS can decrypt the encrypted password to obtain a recovery BIOS password corresponding to the BIOS.
For example, the second hash value and the first hash value are subjected to similarity judgment, and if the second hash value is the same as the first hash value, the BIOS can decrypt the encrypted password to obtain a recovered BIOS password corresponding to the BIOS.
In the password recovery method, when firmware update is completed on the BIOS, the encryption password and the first hash value obtained according to the initial BIOS password corresponding to the BIOS before the firmware update is performed on the BIOS are obtained from the BMC, the accuracy of the first hash value is checked by using the encryption password, and if the first hash value passes the check, the recovery BIOS password corresponding to the BIOS is obtained according to the encryption password. In the conventional technology, the BIOS password is directly sent to the BMC for storage before the BIOS firmware is updated, and the BIOS password is directly obtained from the BMC after the BIOS firmware is updated, so that the BIOS password is recovered, however, the BIOS password is easy to be tampered or replaced in the BMC, and the password is not checked after the BIOS password is obtained from the BMC in the above method, so that the problem of low security of the BIOS password exists. In the embodiment of the application, before the firmware update of the BIOS is performed, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS, the encrypted password and the first hash value are sent to the BMC for storage, and after the firmware update of the BIOS is completed, the BIOS checks the first hash value stored in the BMC to obtain a check result of whether the password stored in the BMC is tampered or replaced, and the recovery BIOS password corresponding to the BIOS is obtained. In this embodiment, the initial BIOS password is encrypted and then stored in the BMC, so that the possibility that the BIOS password is tampered or replaced is reduced, and the BIOS also checks the first hash value after the firmware update is completed, thereby improving the security of the BIOS password.
In the scenario of performing the accuracy check on the first hash value using the encryption password, in one embodiment, as shown in fig. 4, the step S302 includes:
s401, performing decryption processing on the encrypted password to obtain a decrypted password.
The decryption process may be a decryption process performed using a key.
In this embodiment, the encryption password obtained by the BMC may be decrypted by using the key to obtain the decrypted password, i.e., the decrypted password.
S402, performing accuracy check on the first hash value by using the decryption password.
Optionally, the accuracy verification may be that the decryption password is hashed to obtain a second hash value, the second hash value is multiplied by a preset correction coefficient to obtain a corrected second hash value, the corrected second hash value is compared with the first hash value, and if the similarity between the corrected second hash value and the first hash value is greater than a preset similarity threshold, it may be determined that the first hash value passes the verification, that is, after the firmware update is completed for the BIOS, the BIOS password is not tampered or replaced.
In general, the decryption password may be subjected to hash calculation to obtain a second hash value, the second hash value is compared with the first hash value, and if the similarity between the second hash value and the first hash value is greater than a preset similarity threshold, it may be determined that the first hash value passes verification, that is, after the firmware update is completed for the BIOS, the BIOS password is not tampered or replaced.
In this embodiment, the decryption password is obtained by performing decryption processing on the encryption password, and then the accuracy of the first hash value is checked by using the decryption password, if the verification is passed, it is determined that the BIOS password is not tampered or replaced, and if it is determined that the BIOS password is not tampered or replaced, the BIOS password is recovered from the decryption password, thereby improving the security of the BIOS password.
In the scenario of performing the accuracy check on the first hash value using the decryption password, in one embodiment, as shown in fig. 5, S402 includes:
s501, carrying out hash operation on the decryption password to obtain a second hash value.
Where the hash operation is to map binary values of arbitrary length to shorter fixed length binary values, which are called hash values.
In this embodiment, a hash algorithm may be used to perform a hash operation on the decrypted password to obtain a set of binary values, i.e., to obtain a second hash value.
S502, comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, determining that the first hash value passes the verification.
The first hash value is obtained from the BMC under the condition that firmware updating is completed for the BIOS; the second hash value is obtained by decrypting the encrypted password obtained from the BMC and then performing hash operation under the condition that firmware updating is completed for the BIOS.
In general, the first hash value and the second hash value may be compared, and if the first hash value is the same as the second hash value, it may be determined that the first hash value passes verification, that is, after the firmware update is completed for the BIOS, the BIOS password is not tampered or replaced; if the first hash value is different from the second hash value, the BIOS password is tampered or replaced after the BIOS finishes updating the firmware can be determined.
In this embodiment, a second hash value is obtained by performing hash operation on the decrypted password, and then the first hash value and the second hash value are compared, and if the first hash value is the same as the second hash value, it is determined that the first hash value passes the verification. By verifying whether the first hash value before updating the BIOS firmware is the same as the second hash value after updating the BIOS firmware, whether the BIOS password is tampered or replaced is determined, so that the safety of the BIOS password is improved, and meanwhile, the scheme for determining whether the BIOS password is tampered or replaced by using the method is simple, and the efficiency of acquiring and recovering the BIOS password can be improved.
As shown in fig. 6, after the BIOS obtains the encrypted password and the first hash value, the encrypted password is decrypted to obtain a decrypted password, and the decrypted password is hashed to obtain a second hash value, and the second hash value is compared with the first hash value to determine whether the BIOS password is tampered or replaced.
In the scenario of obtaining the BIOS password corresponding to the BIOS according to the encrypted password, in one embodiment, the step S303 includes:
the decryption password is determined to be the recovery BIOS password.
In general, a decryption password that passes the accuracy check of the first hash value by using the decryption password may be determined as the recovery BIOS password.
In this embodiment, by determining the decryption password as the recovery BIOS password, the recovery BIOS password that is not tampered can be obtained after the BIOS firmware is updated, so that the user can conveniently use the recovery BIOS password to perform BIOS management.
In one embodiment, as shown in fig. 7, the password recovery method further includes:
s701, acquiring an initial BIOS password if a password acquisition condition is satisfied, where the password acquisition condition includes at least one of powering on the device, detecting a password setting operation, or detecting a password updating operation.
The password acquisition condition may include at least one of a device power-up, detection of a password set operation, or detection of a password update operation, among others. The initial BIOS password may be the current BIOS password.
In this embodiment, when the device is powered on, a password setting operation is detected, or a password updating operation is detected, an initial BIOS password is obtained from the Flash chip in the BIOS startup process.
S702, respectively carrying out encryption processing and hash operation on the initial BIOS password to obtain an encrypted password and a first hash value.
In this embodiment, the BIOS may generate an encrypted key by using the current platform data, and encrypt the initial BIOS password by using the encrypted key to obtain an encrypted password, and perform hash operation on the initial BIOS password to obtain a first hash value.
S703, sending the encrypted password and the first hash value to the BMC.
In this embodiment, the BIOS may package the encrypted password and the first hash value, and send the packaged encrypted password and the first hash value to the BMC.
In this embodiment, under the condition that the password obtaining condition is met, an initial BIOS password is obtained, then encryption processing and hash operation are respectively performed on the initial BIOS password to obtain an encrypted password and a first hash value, and the encrypted password and the first hash value are sent to the BMC. The method can encrypt and protect the initial BIOS password and then store the password in the BMC, so that the possibility of tampering or replacing the BIOS password is reduced, and the safety of the BIOS password is improved.
As shown in fig. 8, the BIOS encrypts the initial BIOS password by using a key to obtain an encrypted password, and performs a hash operation on the initial BIOS password to obtain a first hash value, so that the encrypted password and the first hash value may be packaged and sent to the BMC.
In one embodiment, the password recovery method further comprises:
and generating a password recovery success message, and sending the password recovery success message to the BMC, wherein the password recovery success message is used for the user side to acquire the password recovery success message from the BMC.
The password recovery success message may be a message generated when the BIOS passes the first hash value verification.
Generally, after the BIOS verifies the first hash value, the BIOS may generate a password recovery success message, and send the password recovery success message to the BMC, and the user side may obtain the password recovery success message from the BMC.
In this embodiment, by generating the password recovery success message and sending the password recovery success message to the BMC, the user side can obtain the password recovery success message from the BMC, so that timeliness of the user side for obtaining the password recovery success message is improved, and under the condition that the user side knows the password recovery success message, the user can conveniently use the recovery BIOS password to perform BIOS management.
In one embodiment, the password recovery method further comprises:
if the first hash value is not checked, generating a password recovery failure message, and sending the password recovery failure message to the BMC, wherein the password recovery failure message is used for the user side to acquire the password recovery failure message from the BMC.
Generally, if the first hash value is not verified, the BIOS may generate a password recovery failure message, and send the password recovery failure message to the BMC, and the user side may obtain the password recovery failure message from the BMC.
In this embodiment, if the first hash value is not checked, a password recovery failure message is generated and sent to the BMC, so that the user terminal can obtain the password recovery failure message from the BMC, the timeliness of the user terminal for obtaining the password recovery failure message is improved, and under the condition that the user terminal knows the password recovery failure message, the user can reset the BIOS password, so as to use the new BIOS password to perform BIOS management.
As shown in fig. 9, before updating the BIOS firmware, the BIOS encrypts the initial BIOS password with a key to obtain an encrypted password, and performs a hash operation on the initial BIOS password to obtain a first hash value, and may package the encrypted password and the first hash value and send the encrypted password and the first hash value to the BMC. After the BIOS firmware is updated, the BIOS obtains the encrypted password and the first hash value from the BMC, decrypts the encrypted password to obtain a decrypted password, performs hash operation on the decrypted password to obtain a second hash value, compares the second hash value with the first hash value to obtain a recovered BIOS password, and determines whether the BIOS password is tampered or replaced.
Optionally, the communication between the BIOS and the BMC is implemented based on Redfish in-band communication, as shown in fig. 10, and a local area network (Lan Over Usb channel) between the BIOS and the BMC based on a universal serial bus sends the encrypted password and the first hash value to the BMC, or obtains the encrypted password and the first hash value from the BMC. Among them, redfish is a management standard based on HTTPs services.
In one embodiment, as shown in fig. 11, a password recovery method is provided, and the method is applied to the BMC in fig. 2 for illustration, and includes the following steps:
s1101, receiving a password acquisition request sent by the BIOS.
In this embodiment, after the BIOS completes the firmware update, the BIOS may send a password acquisition request to the BMC, and the BMC may receive the password acquisition request sent by the BIOS.
S1102, in response to the password acquisition request, the encrypted password and the first hash value are sent to the BIOS.
The password acquisition request is sent after the BIOS completes firmware updating, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS before the BIOS is updated with firmware, and the encrypted password and the first hash value are used for the BIOS to carry out accuracy check on the first hash value by using the encrypted password so as to acquire the recovery BIOS password corresponding to the BIOS.
In this embodiment, the BMC may send the encrypted password and the first hash value stored in the BMC to the BIOS in response to the password acquisition request.
In addition, the password acquisition request is sent to the BMC by the BIOS after the BIOS finishes firmware update, and the encrypted password is obtained by encrypting the initial BIOS password corresponding to the BIOS before the BIOS is subjected to firmware update; the first hash value is obtained by performing hash operation on an initial BIOS password corresponding to the BIOS before firmware update is performed on the BIOS. The encryption password and the first hash value can be used for the BIOS to carry out accuracy check on the first hash value by utilizing the encryption password so as to obtain a recovery BIOS password corresponding to the BIOS.
In this embodiment, the BMC receives a password obtaining request sent by the BIOS, and sends the encrypted password and the first hash value to the BIOS in response to the password obtaining request, so that the BIOS can obtain the encrypted password and the first hash value stored before the firmware update of the BIOS from the BMC after the firmware update is completed, and further, the BIOS can perform accuracy check by using the encrypted password and the first hash value to obtain the restored BIOS password corresponding to the BIOS. In the conventional technology, the BIOS password is directly sent to the BMC for storage before the BIOS firmware is updated, and the BIOS password is directly obtained from the BMC after the BIOS firmware is updated, so that the BIOS password is recovered, however, the BIOS password is easy to be tampered or replaced in the BMC, and the password is not checked after the BIOS password is obtained from the BMC in the above method, so that the problem of low security of the BIOS password exists. In the embodiment of the application, before the firmware update of the BIOS is performed, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS, the encrypted password and the first hash value are sent to the BMC for storage, and after the firmware update of the BIOS is completed, the BIOS checks the first hash value stored in the BMC to obtain a check result of whether the password stored in the BMC is tampered or replaced, and the recovery BIOS password corresponding to the BIOS is obtained. In this embodiment, the initial BIOS password is encrypted and then stored in the BMC, so that the possibility that the BIOS password is tampered or replaced is reduced, and the BIOS also checks the first hash value after the firmware update is completed, thereby improving the security of the BIOS password.
In one embodiment, the password recovery method further comprises:
and receiving the encryption password and the first hash value sent by the BIOS.
The encryption password and the first hash value are obtained by performing encryption processing and hash operation on the acquired initial BIOS password by the BIOS, wherein the initial BIOS password is acquired by the BIOS under the condition that password acquisition conditions are met, and the password acquisition conditions comprise at least one of equipment power-on, password setting operation detection or password updating operation detection.
In this embodiment, before updating the BIOS firmware, the BIOS encrypts the initial BIOS password to obtain an encrypted password, performs a hash operation on the initial BIOS password to obtain a first hash value, and then sends the encrypted password and the first hash value to the BMC, where the BMC may receive the encrypted password and the first hash value sent by the BIOS. When the device is powered on, a password setting operation is detected or a password updating operation is detected, the BIOS acquires the BIOS password.
In this embodiment, the BMC receives an encrypted password and a first hash value sent by the BIOS, where the encrypted password and the first hash value are obtained by performing encryption processing and hash operation on an obtained initial BIOS password by the BIOS, where the initial BIOS password is obtained by the BIOS under a condition that a password obtaining condition is satisfied, and the password obtaining condition includes at least one of powering on a device, detecting a password setting operation, or detecting a password updating operation. The BMC can store the encrypted password and the first hash value in the BMC, so that the possibility that the BIOS password is tampered or replaced is reduced, and after the BIOS firmware is updated, the BIOS can acquire the encrypted password and the first hash value from the BMC, so that the BIOS can verify the first hash value, and the security of the BIOS password can be improved. Meanwhile, since the initial BIOS password is obtained when the device is powered on, the password setting operation is detected or the password updating operation is detected each time, the initial BIOS password is the latest password, and subsequent processing is carried out by using the latest password, so that the error initial BIOS password can be prevented from being encrypted and subjected to hash calculation.
In one embodiment, the password recovery method further comprises:
and receiving a password recovery success message sent by the BIOS, wherein the password recovery success message is generated under the condition that the first hash value passes the verification, and the password recovery success message is used for the user side to acquire the password recovery success message.
Optionally, after the BIOS verifies the first hash value, the BIOS may send a password recovery success message to the BMC, and then the BMC may receive the password recovery success message, and the BMC stores the password recovery success message locally, so that the user side may obtain the password recovery success message from the BMC.
In this embodiment, after the first hash value passes the verification, the BMC receives the password recovery success message sent by the BIOS, so that the user terminal can obtain the password recovery success message from the BMC, which improves the timeliness of the user terminal for obtaining the password recovery success message, and facilitates the user to use the recovered BIOS password to perform BIOS management under the condition that the user terminal knows the password recovery success message.
In one embodiment, the password recovery method further comprises:
and receiving a password recovery failure message sent by the BIOS, wherein the password recovery failure message is generated under the condition that the first hash value verification is not passed, and the password recovery failure message is used for the user side to acquire the password recovery failure message.
Optionally, after the BIOS fails to verify the first hash value, the BIOS may send a password recovery failure message to the BMC, and then the BMC may receive the password recovery failure message, and the BMC stores the password recovery failure message locally, so that the user side may obtain the password recovery failure message from the BMC.
In this embodiment, after the verification of the first hash value fails, the BMC receives the password recovery failure message sent by the BIOS, so that the user side can obtain the password recovery failure message from the BMC, which improves the timeliness of the user side in obtaining the password recovery failure message, and under the condition that the user side knows the password recovery failure message, the user can reset the BIOS password, so as to use the new BIOS password to perform BIOS management.
Embodiments of the present disclosure are described below in conjunction with a specific password recovery scenario, as shown in fig. 12:
under the condition that password acquisition conditions are met, the BIOS encrypts an initial BIOS password to obtain an encrypted password, and meanwhile, the BIOS performs hash operation on the initial BIOS password to obtain a first hash value; the BIOS sends the encrypted password and the first hash value to the BMC for the BMC to store; after the user side sends a BIOS firmware update request, the BIOS performs BIOS firmware update; after the BIOS firmware is updated, the BIOS decrypts the encrypted password to obtain a decrypted password, and performs hash operation on the decrypted password to obtain a second hash value; the BIOS compares the first hash value with the second hash value, if the first hash value is the same as the second hash value, the verification is passed, the decrypted password is used as a recovery BIOS password and is stored in the BIOS, a password recovery success message is generated, and the password recovery success message is sent to the BMC so that the user side can acquire the password recovery success message from the BMC; if the first hash value is different from the second hash value, the verification is failed, the initial BIOS password is considered to be tampered or replaced in the BMC, the BIOS generates a password recovery failure message, and the password recovery failure message is sent to the BMC so that the user side can acquire the password recovery failure message from the BMC.
It should be understood that, although the steps in the flowcharts related to the above embodiments are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a password recovery device for realizing the above related password recovery method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of one or more password recovery devices provided below may be referred to the limitation of the password recovery method hereinabove, and will not be repeated here.
In one embodiment, as shown in fig. 13, there is provided a password recovery apparatus 1300 comprising: a first acquisition module 1301, a verification module 1302, and a second acquisition module 1303, wherein:
the first obtaining module 1301 is configured to obtain, from the BMC, an encryption password and a first hash value when firmware update is completed for the BIOS, where the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before firmware update is performed for the BIOS.
A verification module 1302 is configured to verify the accuracy of the first hash value using the encrypted password.
The second obtaining module 1303 is configured to obtain, if the first hash value passes the verification, a recovery BIOS password corresponding to the BIOS according to the encrypted password.
In one embodiment, the verification module 1302 includes:
and the first determining unit is used for decrypting the encrypted password to obtain a decrypted password.
And the verification unit is used for verifying the accuracy of the first hash value by using the decryption password.
In one embodiment, the verification unit is specifically configured to perform hash operation on the decrypted password to obtain a second hash value; and comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, determining that the first hash value passes the verification.
In one embodiment, the second obtaining module 1303 includes:
and the second determining unit is used for determining the decryption password as the recovery BIOS password.
In one embodiment, password recovery apparatus 1300 further comprises:
and the third acquisition module is used for acquiring the initial BIOS password under the condition that the password acquisition condition is met, wherein the password acquisition condition comprises at least one of equipment power-on, password setting operation detection or password updating operation detection.
And the determining module is used for respectively carrying out encryption processing and hash operation on the initial BIOS password to obtain an encrypted password and a first hash value.
And the first sending module is used for sending the encrypted password and the first hash value to the BMC.
In one embodiment, password recovery apparatus 1300 further comprises:
the second sending module is used for generating a password recovery success message and sending the password recovery success message to the BMC, wherein the password recovery success message is used for the user side to acquire the password recovery success message from the BMC.
In one embodiment, password recovery apparatus 1300 further comprises:
and the third sending module is used for generating a password recovery failure message if the first hash value is not checked, and sending the password recovery failure message to the BMC, wherein the password recovery failure message is used for the user side to acquire the password recovery failure message from the BMC.
In one embodiment, as shown in fig. 14, there is provided a password recovery apparatus 1400 comprising: a first receiving module 1401 and a transmitting module 1402, wherein:
the first receiving module 1401 is configured to receive a password acquisition request sent by the BIOS.
The sending module 1402 is configured to send the encrypted password and the first hash value to the BIOS in response to the password acquisition request.
The password acquisition request is sent after the BIOS completes firmware updating, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS before the BIOS is updated with firmware, and the encrypted password and the first hash value are used for the BIOS to carry out accuracy check on the first hash value by using the encrypted password so as to acquire the recovery BIOS password corresponding to the BIOS.
In one embodiment, password recovery apparatus 1400 further comprises:
and the second receiving module is used for receiving the encryption password and the first hash value sent by the BIOS.
The encryption password and the first hash value are obtained by performing encryption processing and hash operation on the acquired initial BIOS password by the BIOS, wherein the initial BIOS password is acquired by the BIOS under the condition that password acquisition conditions are met, and the password acquisition conditions comprise at least one of equipment power-on, password setting operation detection or password updating operation detection.
In one embodiment, password recovery apparatus 1400 further comprises:
the third receiving module is configured to receive a password recovery success message sent by the BIOS, where the password recovery success message is generated when the first hash value passes verification, and the password recovery success message is used for the user side to obtain the password recovery success message.
In one embodiment, password recovery apparatus 1400 further comprises:
the fourth receiving module is configured to receive a password recovery failure message sent by the BIOS, where the password recovery failure message is generated when the first hash value check fails, and the password recovery failure message is used for the user side to obtain the password recovery failure message.
The above-described respective modules in the password recovery apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 15. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a password recovery method.
It will be appreciated by those skilled in the art that the structure shown in fig. 15 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements are applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
under the condition that firmware updating is completed for the BIOS, an encryption password and a first hash value are obtained from the BMC, wherein the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating is performed for the BIOS;
performing accuracy check on the first hash value by using an encryption password;
and if the first hash value passes the verification, acquiring a recovery BIOS password corresponding to the BIOS according to the encryption password.
In one embodiment, the processor when executing the computer program further performs the steps of:
decrypting the encrypted password to obtain a decrypted password;
and carrying out accuracy check on the first hash value by using the decryption password.
In one embodiment, the processor when executing the computer program further performs the steps of:
performing hash operation on the decryption password to obtain a second hash value;
and comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, determining that the first hash value passes the verification.
In one embodiment, the processor when executing the computer program further performs the steps of:
the decryption password is determined to be the recovery BIOS password.
In one embodiment, the processor when executing the computer program further performs the steps of:
under the condition that the password acquisition condition is met, acquiring an initial BIOS password, wherein the password acquisition condition comprises at least one of equipment power-on, password setting operation detection or password updating operation detection;
respectively carrying out encryption processing and hash operation on the initial BIOS password to obtain an encrypted password and a first hash value;
the encrypted password and the first hash value are sent to the BMC.
In one embodiment, the processor when executing the computer program further performs the steps of:
and generating a password recovery success message, and sending the password recovery success message to the BMC, wherein the password recovery success message is used for the user side to acquire the password recovery success message from the BMC.
In one embodiment, the processor when executing the computer program further performs the steps of:
if the first hash value is not checked, generating a password recovery failure message, and sending the password recovery failure message to the BMC, wherein the password recovery failure message is used for the user side to acquire the password recovery failure message from the BMC.
In one embodiment, the processor when executing the computer program further performs the steps of:
receiving a password acquisition request sent by a BIOS;
transmitting the encrypted password and the first hash value to the BIOS in response to the password acquisition request;
the password acquisition request is sent after the BIOS completes firmware updating, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS before the BIOS is updated with firmware, and the encrypted password and the first hash value are used for the BIOS to carry out accuracy check on the first hash value by using the encrypted password so as to acquire the recovery BIOS password corresponding to the BIOS.
In one embodiment, the processor when executing the computer program further performs the steps of:
receiving an encryption password and a first hash value sent by a BIOS;
the encryption password and the first hash value are obtained by performing encryption processing and hash operation on the acquired initial BIOS password by the BIOS, wherein the initial BIOS password is acquired by the BIOS under the condition that password acquisition conditions are met, and the password acquisition conditions comprise at least one of equipment power-on, password setting operation detection or password updating operation detection.
In one embodiment, the processor when executing the computer program further performs the steps of:
and receiving a password recovery success message sent by the BIOS, wherein the password recovery success message is generated under the condition that the first hash value passes the verification, and the password recovery success message is used for the user side to acquire the password recovery success message.
In one embodiment, the processor when executing the computer program further performs the steps of:
and receiving a password recovery failure message sent by the BIOS, wherein the password recovery failure message is generated under the condition that the first hash value verification is not passed, and the password recovery failure message is used for the user side to acquire the password recovery failure message.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
under the condition that firmware updating is completed for the BIOS, an encryption password and a first hash value are obtained from the BMC, wherein the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating is performed for the BIOS;
performing accuracy check on the first hash value by using an encryption password;
and if the first hash value passes the verification, acquiring a recovery BIOS password corresponding to the BIOS according to the encryption password.
In one embodiment, the computer program when executed by the processor further performs the steps of:
decrypting the encrypted password to obtain a decrypted password;
and carrying out accuracy check on the first hash value by using the decryption password.
In one embodiment, the computer program when executed by the processor further performs the steps of:
performing hash operation on the decryption password to obtain a second hash value;
and comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, determining that the first hash value passes the verification.
In one embodiment, the computer program when executed by the processor further performs the steps of:
the decryption password is determined to be the recovery BIOS password.
In one embodiment, the computer program when executed by the processor further performs the steps of:
under the condition that the password acquisition condition is met, acquiring an initial BIOS password, wherein the password acquisition condition comprises at least one of equipment power-on, password setting operation detection or password updating operation detection;
respectively carrying out encryption processing and hash operation on the initial BIOS password to obtain an encrypted password and a first hash value;
the encrypted password and the first hash value are sent to the BMC.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and generating a password recovery success message, and sending the password recovery success message to the BMC, wherein the password recovery success message is used for the user side to acquire the password recovery success message from the BMC.
In one embodiment, the computer program when executed by the processor further performs the steps of:
if the first hash value is not checked, generating a password recovery failure message, and sending the password recovery failure message to the BMC, wherein the password recovery failure message is used for the user side to acquire the password recovery failure message from the BMC.
In one embodiment, the computer program when executed by the processor further performs the steps of:
receiving a password acquisition request sent by a BIOS;
transmitting the encrypted password and the first hash value to the BIOS in response to the password acquisition request;
the password acquisition request is sent after the BIOS completes firmware updating, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS before the BIOS is updated with firmware, and the encrypted password and the first hash value are used for the BIOS to carry out accuracy check on the first hash value by using the encrypted password so as to acquire the recovery BIOS password corresponding to the BIOS.
In one embodiment, the computer program when executed by the processor further performs the steps of:
receiving an encryption password and a first hash value sent by a BIOS;
the encryption password and the first hash value are obtained by performing encryption processing and hash operation on the acquired initial BIOS password by the BIOS, wherein the initial BIOS password is acquired by the BIOS under the condition that password acquisition conditions are met, and the password acquisition conditions comprise at least one of equipment power-on, password setting operation detection or password updating operation detection.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and receiving a password recovery success message sent by the BIOS, wherein the password recovery success message is generated under the condition that the first hash value passes the verification, and the password recovery success message is used for the user side to acquire the password recovery success message.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and receiving a password recovery failure message sent by the BIOS, wherein the password recovery failure message is generated under the condition that the first hash value verification is not passed, and the password recovery failure message is used for the user side to acquire the password recovery failure message.
In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:
under the condition that firmware updating is completed for the BIOS, an encryption password and a first hash value are obtained from the BMC, wherein the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating is performed for the BIOS;
performing accuracy check on the first hash value by using an encryption password;
and if the first hash value passes the verification, acquiring a recovery BIOS password corresponding to the BIOS according to the encryption password.
In one embodiment, the computer program when executed by the processor further performs the steps of:
decrypting the encrypted password to obtain a decrypted password;
and carrying out accuracy check on the first hash value by using the decryption password.
In one embodiment, the computer program when executed by the processor further performs the steps of:
performing hash operation on the decryption password to obtain a second hash value;
and comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, determining that the first hash value passes the verification.
In one embodiment, the computer program when executed by the processor further performs the steps of:
The decryption password is determined to be the recovery BIOS password.
In one embodiment, the computer program when executed by the processor further performs the steps of:
under the condition that the password acquisition condition is met, acquiring an initial BIOS password, wherein the password acquisition condition comprises at least one of equipment power-on, password setting operation detection or password updating operation detection;
respectively carrying out encryption processing and hash operation on the initial BIOS password to obtain an encrypted password and a first hash value;
the encrypted password and the first hash value are sent to the BMC.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and generating a password recovery success message, and sending the password recovery success message to the BMC, wherein the password recovery success message is used for the user side to acquire the password recovery success message from the BMC.
In one embodiment, the computer program when executed by the processor further performs the steps of:
if the first hash value is not checked, generating a password recovery failure message, and sending the password recovery failure message to the BMC, wherein the password recovery failure message is used for the user side to acquire the password recovery failure message from the BMC.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Receiving a password acquisition request sent by a BIOS;
transmitting the encrypted password and the first hash value to the BIOS in response to the password acquisition request;
the password acquisition request is sent after the BIOS completes firmware updating, the encrypted password and the first hash value are obtained according to the initial BIOS password corresponding to the BIOS before the BIOS is updated with firmware, and the encrypted password and the first hash value are used for the BIOS to carry out accuracy check on the first hash value by using the encrypted password so as to acquire the recovery BIOS password corresponding to the BIOS.
In one embodiment, the computer program when executed by the processor further performs the steps of:
receiving an encryption password and a first hash value sent by a BIOS;
the encryption password and the first hash value are obtained by performing encryption processing and hash operation on the acquired initial BIOS password by the BIOS, wherein the initial BIOS password is acquired by the BIOS under the condition that password acquisition conditions are met, and the password acquisition conditions comprise at least one of equipment power-on, password setting operation detection or password updating operation detection.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and receiving a password recovery success message sent by the BIOS, wherein the password recovery success message is generated under the condition that the first hash value passes the verification, and the password recovery success message is used for the user side to acquire the password recovery success message.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and receiving a password recovery failure message sent by the BIOS, wherein the password recovery failure message is generated under the condition that the first hash value verification is not passed, and the password recovery failure message is used for the user side to acquire the password recovery failure message.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.
Claims (16)
1. A method of password recovery, the method comprising:
under the condition that firmware updating is completed for the BIOS, an encryption password and a first hash value are obtained from the BMC, wherein the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating is performed for the BIOS;
performing accuracy check on the first hash value by using the encryption password;
And if the first hash value passes the verification, acquiring a recovery BIOS password corresponding to the BIOS according to the encryption password.
2. The method of claim 1, wherein said verifying the accuracy of the first hash value using the encryption password comprises:
decrypting the encrypted password to obtain a decrypted password;
and carrying out accuracy check on the first hash value by using the decryption password.
3. The method of claim 2, wherein said verifying the accuracy of the first hash value using the decryption password comprises:
performing hash operation on the decryption password to obtain a second hash value;
and comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, determining that the first hash value passes the verification.
4. A method according to claim 2 or 3, wherein said obtaining, according to the encrypted password, a recovery BIOS password corresponding to the BIOS comprises:
and determining the decryption password as the recovery BIOS password.
5. The method according to claim 1, wherein the method further comprises:
Acquiring the initial BIOS password under the condition that a password acquisition condition is met, wherein the password acquisition condition comprises at least one of equipment power-on, password setting operation detection or password updating operation detection;
respectively carrying out encryption processing and hash operation on the initial BIOS password to obtain the encryption password and the first hash value;
and sending the encrypted password and the first hash value to the BMC.
6. The method according to claim 1, wherein the method further comprises:
and generating a password recovery success message, and sending the password recovery success message to the BMC, wherein the password recovery success message is used for a user side to acquire the password recovery success message from the BMC.
7. The method according to claim 1, wherein the method further comprises:
if the first hash value is not checked, generating a password recovery failure message, and sending the password recovery failure message to the BMC, wherein the password recovery failure message is used for a user side to acquire the password recovery failure message from the BMC.
8. A method of password recovery, the method comprising:
Receiving a password acquisition request sent by a BIOS;
transmitting an encrypted password and a first hash value to the BIOS in response to the password acquisition request;
the password obtaining request is sent after the firmware updating of the BIOS is completed, the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating of the BIOS is carried out, and the encryption password and the first hash value are used for the BIOS to carry out accuracy checking on the first hash value by utilizing the encryption password so as to obtain a recovery BIOS password corresponding to the BIOS.
9. The method of claim 8, wherein the method further comprises:
receiving the encryption password and the first hash value sent by the BIOS;
the encryption password and the first hash value are obtained by the BIOS performing encryption processing and hash operation on the obtained initial BIOS password, wherein the initial BIOS password is obtained by the BIOS under the condition that password obtaining conditions are met, and the password obtaining conditions comprise at least one of equipment power-on, password setting operation detection or password updating operation detection.
10. The method of claim 8, wherein the method further comprises:
and receiving a password recovery success message sent by the BIOS, wherein the password recovery success message is generated under the condition that the first hash value passes verification, and the password recovery success message is used for a user side to acquire the password recovery success message.
11. The method of claim 8, wherein the method further comprises:
and receiving a password recovery failure message sent by the BIOS, wherein the password recovery failure message is generated under the condition that the first hash value check is not passed, and the password recovery failure message is used for a user side to acquire the password recovery failure message.
12. A password recovery device, the device comprising:
the first acquisition module is used for acquiring an encryption password and a first hash value from the BMC under the condition that firmware updating is completed on the BIOS, wherein the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating is performed on the BIOS;
the verification module is used for verifying the accuracy of the first hash value by utilizing the encryption password;
And the second acquisition module is used for acquiring the recovery BIOS password corresponding to the BIOS according to the encryption password if the first hash value passes the verification.
13. A password recovery device, the device comprising:
the first receiving module is used for receiving a password acquisition request sent by the BIOS;
the sending module is used for responding to the password acquisition request and sending an encrypted password and a first hash value to the BIOS;
the password obtaining request is sent after the firmware updating of the BIOS is completed, the encryption password and the first hash value are obtained according to an initial BIOS password corresponding to the BIOS before the firmware updating of the BIOS is carried out, and the encryption password and the first hash value are used for the BIOS to carry out accuracy checking on the first hash value by utilizing the encryption password so as to obtain a recovery BIOS password corresponding to the BIOS.
14. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 11 when the computer program is executed.
15. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 11.
16. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310537454.1A CN116628675A (en) | 2023-05-12 | 2023-05-12 | Password recovery method, device, computer apparatus, storage medium and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310537454.1A CN116628675A (en) | 2023-05-12 | 2023-05-12 | Password recovery method, device, computer apparatus, storage medium and program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116628675A true CN116628675A (en) | 2023-08-22 |
Family
ID=87635717
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310537454.1A Pending CN116628675A (en) | 2023-05-12 | 2023-05-12 | Password recovery method, device, computer apparatus, storage medium and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116628675A (en) |
-
2023
- 2023-05-12 CN CN202310537454.1A patent/CN116628675A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10887086B1 (en) | Protecting data in a storage system | |
| TWI567579B (en) | Method and apparatus for key provisioning of hardware devices | |
| US20210328773A1 (en) | Trusted startup methods and apparatuses of blockchain integrated station | |
| US9621549B2 (en) | Integrated circuit for determining whether data stored in external nonvolative memory is valid | |
| JP6675227B2 (en) | Information processing apparatus, information processing system, information processing method, and program | |
| US9122888B2 (en) | System and method to create resilient site master-key for automated access | |
| US9256499B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
| US9122882B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
| US20140133652A1 (en) | Semiconductor device and information processing system for encrypted communication | |
| US9064133B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
| US20070150755A1 (en) | Microcomputer, method for writing program to microcomputer, and writing system | |
| JP5299286B2 (en) | Distributed information generation apparatus, restoration apparatus, verification apparatus, and secret information distribution system | |
| US10985914B2 (en) | Key generation device and key generation method | |
| CN111917540A (en) | Data encryption and decryption method and device, mobile terminal and storage medium | |
| US9054864B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
| US9762388B2 (en) | Symmetric secret key protection | |
| US11146389B2 (en) | Method and apparatus for ensuring integrity of keys in a secure enterprise key manager solution | |
| CN110674511A (en) | Offline data protection method and system based on elliptic curve encryption algorithm | |
| CN116628675A (en) | Password recovery method, device, computer apparatus, storage medium and program product | |
| WO2022001689A1 (en) | User data recovery method and apparatus, terminal and computer storage medium | |
| US20220179567A1 (en) | Memory system and method of managing encryption key | |
| CN111143863A (en) | Data processing method, device, equipment and computer readable storage medium | |
| CN113572599B (en) | Power data transmission method, data source equipment and data access equipment | |
| KR101765209B1 (en) | Apparatus and method for safe booting | |
| CN116094764A (en) | Power grid data storage method, device and equipment of power monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |