CN116702149A - Trusted measurement method, server and chip - Google Patents
Trusted measurement method, server and chip Download PDFInfo
- Publication number
- CN116702149A CN116702149A CN202210191295.XA CN202210191295A CN116702149A CN 116702149 A CN116702149 A CN 116702149A CN 202210191295 A CN202210191295 A CN 202210191295A CN 116702149 A CN116702149 A CN 116702149A
- Authority
- CN
- China
- Prior art keywords
- server
- component
- measurement
- chip
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000691 measurement method Methods 0.000 title abstract description 10
- 238000005259 measurement Methods 0.000 claims abstract description 545
- 238000000034 method Methods 0.000 claims abstract description 60
- 238000004891 communication Methods 0.000 claims abstract description 24
- 230000001133 acceleration Effects 0.000 claims description 58
- 238000012545 processing Methods 0.000 claims description 42
- 230000017525 heat dissipation Effects 0.000 claims description 40
- 230000006870 function Effects 0.000 claims description 25
- 230000008569 process Effects 0.000 claims description 24
- 238000001816 cooling Methods 0.000 claims description 18
- 239000007788 liquid Substances 0.000 claims description 9
- 238000013528 artificial neural network Methods 0.000 claims description 7
- 230000009977 dual effect Effects 0.000 claims description 6
- 238000007726 management method Methods 0.000 description 334
- 238000004422 calculation algorithm Methods 0.000 description 18
- 238000011161 development Methods 0.000 description 13
- 238000013461 design Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 238000006243 chemical reaction Methods 0.000 description 9
- 230000004927 fusion Effects 0.000 description 9
- 230000002093 peripheral effect Effects 0.000 description 9
- 230000008859 change Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 6
- 239000007787 solid Substances 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000002955 isolation Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 230000004069 differentiation Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000001427 coherent effect Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000000750 progressive effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
- JBWKIWSBJXDJDT-UHFFFAOYSA-N triphenylmethyl chloride Chemical compound C=1C=CC=CC=1C(C=1C=CC=CC=1)(Cl)C1=CC=CC=C1 JBWKIWSBJXDJDT-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Abstract
The application provides a trusted measurement method, a server and a chip, wherein the method is applied to the server, the server comprises a management chip and a component, the management chip and the component establish communication connection through a bus, and the method comprises the following steps: the management chip performs trusted measurement on the management system, acquires a first measurement report of the management system, the first measurement report is used for representing the integrity of the management system, the management chip acquires a second measurement report from the component, the second measurement report is used for indicating the integrity of the component, and the management chip performs trusted measurement on the server according to the first measurement report and the second measurement report, so that the trusted measurement of the component by the server is realized, and the safety of the server is improved.
Description
Technical Field
The present application relates to the field of computers, and in particular, to a trusted measurement method, a server, and a chip.
Background
Microsoft and intel have been the Wintel consortium for the promotion of the development of the personal computer (personal computer, PC) industry since the 80 s of the last century. The two companies are working closely together within the PC industry to drive the faster development of the computing industry and to gradually impact other computing devices such as servers. The application scenes of the computing devices such as the server are more, the configuration types are more, and the requirements on reliability are higher. Meanwhile, the server has huge commercial volume and is a focus of ecological construction of open industry.
Taking a traditional server as an example, the current industry ecology of the traditional server has the following characteristics:
the degree of standardization is not high: the conventional server has a certain component standardization basis, for example, components such as a memory bank, a solid state disk (solid state drive, SSD), a peripheral component interconnect express (peripheral component interconnect express, PCIE) card and the like have respective standards. The component standardization greatly contributes to industry ecology and resource sharing, and reduces development work of a part of server complete machine manufacturers. However, the standardized components occupy less space in the whole server, which makes the development of the server motherboard further require more manpower to complete the adaptation of the standardized components and the non-standardized components.
The calculation force is not enough in diversity: in the context of massive data, big data analysis, machine learning, and large development of artificial intelligence, application of special processors such as an image processor (graphics processing unit, GPU), a processor decentralized processing unit (data processing unit, DPU), a neural network processor (neural-network processing unit, NPU) and the like is very wide, a single system of a device of a traditional server cannot meet current needs, complexity of hardware devices of the server is significantly improved, a service processing system, a GPU, an IO component, a storage component and a management system are included in the server, and multiple architecture mixtures may exist in the multiple systems, such as an X86 architecture and an ARM architecture.
Further, the trusted measurement is a technical means for ensuring that the server operates in a desired trusted state, and by performing the trusted measurement on the server, a third party can be effectively prevented from acquiring control authority of the server by replacing a component or upgrading or mirroring illegal software in the operation stage of the server, wherein the measurement refers to measurement report of the acquisition server in the first starting and operation process, and whether the system is illegally tampered in the operation process is analyzed and judged according to measurement rules or models.
When a trusted measurement is performed on a server, a central processing unit (central processing unit, CPU) usually performs measurement on the server to obtain a measurement report of the CPU, and whether the whole server is in a trusted state is determined according to the measurement report of the CPU. However, in the scene of power diversity, the server not only comprises a service processor, but also comprises a GPU (graphics processing unit), a storage component, an IO (input/output) component, a heat dissipation component and other components, and only the trusted measurement is carried out on the service processing system, so that a third party can easily obtain the control authority of the server through the other component systems as a springboard, the current trusted measurement of the traditional server has loopholes, and the security of the server is low.
Disclosure of Invention
The application provides a trusted measurement method, a server and a chip, which are used for solving the problems that the current trusted measurement of the server has loopholes and the security performance of the server is low.
In a first aspect, there is provided a trusted metric method for use with a server comprising a management chip and a component, the management chip and component establishing a communication connection over a bus, the method comprising the steps of: the management chip performs trusted measurement on the management system, acquires a first measurement report of the management system, the first measurement report is used for identifying the integrity of the management system, the management chip acquires a second measurement report from the component, the second measurement report is used for indicating the integrity of the component, and the management chip performs trusted measurement on the server according to the first measurement report and the second measurement report.
The method described in the first aspect is implemented, the management chip is used for measuring the management system to obtain a first measurement report, the component system is used for measuring the component to obtain a second measurement report, the management chip is used for collecting the second measurement report of the component, and the server is subjected to trusted measurement in combination with the first measurement report and the second measurement report, so that all systems in the server including the component system and the management system can perform trusted measurement, a third party is prevented from obtaining the control authority of the server through the component system as a springboard, and the security of the server is improved.
In one possible implementation manner, the management chip is a BMC chip in the server, and the IO component includes a network card or a PCIE expansion card server of the high-speed serial computer expansion bus standard; the storage component comprises one or more of a hard disk backboard, an expansion board (expander) and a PCIE switch (switch); the computing component comprises a Central Processing Unit (CPU), a Double Data Rate (DDR) and a power supply; the acceleration component comprises a carrier board and an acceleration card interconnect switch (switch), wherein the acceleration card comprises one or more of an image processor (graphics processing unit, GPU), a processor decentralized processing unit (data processing unit, DPU), a neural network processor (neural-network processing unit, NPU); the memory expansion assembly comprises a carrier plate and one or more of a memory expansion chip, a dual in-line memory module (DIMM) and a memory level storage medium (storage class memory, SCM) medium; the heat dissipation assembly comprises one or more of air cooling heat dissipation and liquid cooling heat dissipation.
According to the implementation mode, the collection of the first measurement report and the second measurement report and the trusted measurement of the server are realized through the BMC chip, and the trusted measurement is free from considering how to perform resource isolation due to the fact that the BMC chip and the CPU have the advantage of computing resource isolation, so that a design threshold is reduced, and a double-system security architecture for independent hardware protection is realized. Meanwhile, the BMC chip is used for making an embedded management system facing the full life cycle of the server, interfaces for interacting with an external network are few, the exposed surface of the network is far less than that of a service processor, and the BMC chip is used for realizing the credibility measurement, so that the possibility of being attacked by a third party through the network can be reduced. In addition, the BMC chip is used as a core of the management system, and has the advantage of establishing communication connection with each component naturally, so that some components which cannot expose interfaces to the outside can also send the generated second measurement report to the BMC chip, the credibility measurement of all the components of the server is realized, and the safety of the server is improved.
In one possible implementation, the management chip performs a trusted measurement on the management system in the case that the service is started for the first time, or the management chip periodically performs a trusted measurement on the management system in the running process of the server.
By implementing the implementation manner, the component can receive the notification of the management chip when the management chip performs the trusted measurement, and perform the trusted measurement on the component system in response to the notification, so that the management chip can realize complete trusted measurement on the server in the first starting and running processes of the server, and realize the trusted measurement protection on the full life cycle of the server.
In one possible implementation, the first measurement report is obtained after the management chip measures the code of the management system, and the second measurement report is obtained after the component measures the code of the component system.
Specifically, the first measurement report may include identity information of the management chip and a measurement value of the management chip, where the identity information of the management chip includes a software identifier, a software version, a firmware identifier, and a firmware version of the management chip, and may further include other information describing the identity of the software and/or firmware of the management chip. The metric value of the management chip is used to indicate the integrity of the management chip. Similarly, the second metric report for the component also includes identity information for the component and a metric value for the component, the metric value for the component being indicative of the integrity of the component.
Alternatively, the management chip may obtain the measurement value of the management core by hashing (hash) or hashing a software code segment of the management system, or obtain the measurement value of the management chip by calculating a digest value of a static file of the management system by a hash algorithm, or obtain the measurement value of the management chip by hashing a process used when the management system runs and a memory code of the kernel module, or traverse and measure a memory of the management system in a pseudo-random manner to obtain the measurement value of the management chip, where it should be understood that the above-mentioned method of obtaining the measurement value is used for illustration, and the management chip may also use other methods to obtain the measurement value related to the integrity of the management system, which is not limited in the present application.
According to the implementation mode, the management chip measures the codes of the management system to obtain the first measurement report, the component measures the codes of the component system to obtain the second measurement report, so that the first measurement report comprises the integrity information of the management system, the second measurement report comprises the integrity information of the component system, and therefore the management chip can verify the integrity of software and firmware in the server according to the first measurement report and the second measurement report, and the credible measurement of the server is achieved.
In one possible implementation, the management chip may obtain a trusted metric format of the server, convert the first metric report and the second metric report into a third metric report corresponding to the trusted metric format, and perform a trusted metric on the server according to the third metric report.
In the implementation manner, as the starting sequence of the firmware software is not uniform standard format when the components of the servers of different manufacturers and architectures are started, the first measurement report and the second measurement report of each component can be subjected to format conversion after the first measurement report and the second measurement report of the management system are collected by the management chip, so that the first measurement report and the second measurement report are adapted to the measurement format of the authentication node, and the problem of measurement failure caused by different measurement formats is avoided.
In one possible implementation, the third measurement report includes identity information of the server and a measurement value of the server, where the measurement value of the server is used to indicate integrity of the server, and when the management chip authenticates the third measurement report, the management chip may obtain, locally or remotely, a standard measurement value of the server according to the identity information of the server, and perform a trusted measurement on the server according to the measurement value of the server and the standard measurement value of the server.
In a specific implementation, the identity information of the server may be obtained according to the identity information of the management chip in the first measurement report and the identity information of the component in the second measurement report, and the metric value of the server may be obtained according to the metric value of the management chip in the first measurement report and the metric value of the component in the second measurement report.
Optionally, the management chip may measure the management system step by step according to the starting sequence of each software and firmware of the component system, to obtain a first measurement report of the management chip. In short, after the software or firmware measurement started first is trusted, the software or firmware started at the next stage can be measured.
It should be noted that, since the management chip obtains the first measurement report for the management system in a step-by-step measurement manner, the first measurement report may include identity information of one or more firmware or software in the management system and corresponding measurement values, and may be specifically determined according to the service processing logic.
Optionally, the measurement value of the server in the third measurement report may be a measurement value of a series of components and management chips, or may be a value integrated according to the measurement value of a component and the measurement value of the management chip, or may be an integrated value integrated by the measurement value of a part of components and the measurement value of the management chip, or further includes the measurement value of another part of components and the measurement value of the management chip. The management chip may exchange the sequence of the measurement values recorded in the first measurement report and the second measurement report, or may integrate the measurement values, which may be specifically determined according to the trusted measurement format of the authentication node, and the present application is not specifically limited thereto. The trusted measurement format may be obtained after the management chip establishes communication connection with the authentication node.
According to the implementation mode, the management chip is used for obtaining the trusted measurement format required by the server for trusted authentication, and converting the first measurement report and the second measurement report to obtain the third measurement report corresponding to the trusted measurement format, so that the problem that the trusted measurement of the server is incompatible due to different server architectures, manufacturers and the like can be avoided.
In one possible implementation, the management chip may send a third metric report to the authentication node, and the authentication node may also compare the standard metric value with the metric value of the server in the third metric report, to implement a trusted metric for the server.
Alternatively, the management chip may also perform a trusted measurement on the server for the third measurement report, without performing the trusted measurement on the server through the authentication node. Specifically, the management chip may obtain a standard metric value corresponding to the server according to the identity information of the server in the third metric report, and perform trusted metric on the server according to the standard metric value and the metric value in the third metric report, where the standard metric value of the server may be downloaded by the management chip in advance or may be obtained remotely from the authentication node.
According to the implementation mode, the management chip can perform the trusted measurement on the third measurement report, and can also send the third measurement report to the authentication node for performing the trusted measurement, so that the trusted measurement method provided by the application has higher flexibility, can select a mode required by a user according to an actual service scene, and has wider scheme applicability.
Optionally, the standard measurement value of the server may be a preset standard measurement value, or may be determined according to a first measurement value obtained when the server performs the trusted measurement for the first time, where the first measurement value may include a measurement value of a component when the server is started and a measurement value of a management chip.
According to the implementation mode, the first measurement value is used as the standard measurement value, if the server is tampered with software or firmware by a third party in the running process, the measurement value of the server changes, so that whether the server changes in the running process can be judged by using the first measurement value as the standard measurement value, and the credible measurement of the server is realized. In a specific implementation, the standard metric value may be a single value or a series of values formed by a plurality of values, where the standard metric value corresponds to a standard value required by a trusted metric format, and may be specifically determined according to an actual processing situation, and the present application is not specifically limited.
In one possible implementation manner, after the management chip generates the third metric report, the third metric report may be encrypted by a preset key, and then the encrypted third metric report is sent to the authentication node, and the authentication node may decrypt the encrypted third metric report by the preset key to obtain the third metric report, and perform the trusted metric on the third metric report.
In a specific implementation, the remote public key and the remote certificate private key may be keys in an encryption algorithm, where the encryption algorithm may be an asymmetric encryption algorithm (RSA), MD5, a symmetric encryption algorithm, and so on, and the present application is not limited to a specific implementation of the encryption algorithm.
According to the implementation mode, the management chip encrypts the third measurement report and transmits the third measurement report to the authentication node for trusted measurement, so that the third measurement report can be prevented from being acquired by a third party in a network interception mode in the measurement process, and the true accuracy of a measurement result is ensured.
In a second aspect, a server is provided, including a management chip and a component, where the management chip and the component establish a communication connection through a bus, and the management chip is configured to perform a trusted measurement on a management system, obtain a first measurement report of the management system, where the first measurement report is used to represent integrity of the management system, and the component is configured to perform a trusted measurement on a component system, obtain a second measurement report of the component system, where the second measurement report is used to represent integrity of the component system, and obtain the second measurement report from the component, and perform a trusted measurement on the server according to the first measurement report and the second measurement report.
The server described in the second aspect is implemented, the management chip is used for measuring the management system to obtain a first measurement report, the management chip is used for measuring the component system to obtain a second measurement report, the management chip is used for collecting the second measurement report of the component, and the server is subjected to trusted measurement in combination with the first measurement report and the second measurement report, so that all systems in the server including the component system and the management system can perform trusted measurement, a third party is prevented from obtaining the control authority of the server through the component system as a springboard, and the security of the server is improved.
In one possible implementation, the component includes at least one of: the system comprises a computing component, a storage component, an IO component, an acceleration component, a memory expansion component and a heat dissipation component.
In a possible implementation manner, the management chip is used for carrying out credibility measurement on the management system under the condition that the server is started for the first time; or the management chip is used for periodically carrying out credibility measurement on the management system in the running process of the server.
In one possible implementation, the second measurement report is obtained by measuring the code of the component system by the component, and the first measurement report is obtained by measuring the code of the management system by the management chip.
In a possible implementation manner, the management chip is used for acquiring a trusted measurement format of the server and converting the first measurement report and the second measurement report into a third measurement report corresponding to the trusted measurement format; and the management chip is used for carrying out credibility measurement on the server according to the third measurement report.
In one possible implementation, the third metric report includes the identity information of the server and a metric value of the server, where the metric value of the server is used to indicate the integrity of the server, and the management chip is used to obtain a standard metric value of the server from a local or remote location according to the identity information of the server, and perform a trusted metric on the server according to the metric value of the server and the standard metric value of the server.
In a possible implementation manner, the management chip is configured to send a third metric report to the authentication node, so that the authentication node performs a trusted metric on the server according to the third metric report.
In one possible implementation, the IO component includes a network card or a riser; the storage component comprises one or more of a hard disk backboard, an Expander and a PCIE switch; the computing component comprises a CPU, a DDR and a power supply; the acceleration component includes a carrier plate and an acceleration card interconnect switch, wherein the acceleration card includes one or more of the image processors GPU, DPU, NPU; the memory expansion assembly comprises a carrier plate and one or more of a memory expansion chip, a DIMM and an SCM medium; the heat dissipation assembly comprises one or more of air cooling heat dissipation and liquid cooling heat dissipation.
In one possible implementation, the management chip is a motherboard management controller BMC chip in the server.
In a third aspect, a chip is provided, where a server where the chip is located includes a component, where the chip and the component establish a communication connection through a bus, and the chip includes: the system comprises a management system measurement unit, a management system measurement unit and a server measurement unit, wherein the management system measurement unit is used for carrying out trusted measurement on a management system, the first measurement report is used for representing the integrity of the management system, the management system measurement unit is used for obtaining a second measurement report from a component, the second measurement report is used for indicating the integrity of the component, and the server measurement unit is used for carrying out trusted measurement on a server according to the first measurement report and the second measurement report.
The chip described in the third aspect is implemented, the chip measures the management system to obtain a first measurement report, measures the component system to obtain a second measurement report through the component, collects the second measurement report of the component through the chip, and performs trusted measurement on the server by combining the first measurement report and the second measurement report, so that all systems in the server including the component system and the management system can perform trusted measurement, thereby avoiding a third party from obtaining the control authority of the server through the component system as a springboard, and improving the security of the server.
In one possible implementation, the component includes at least one of: the system comprises a computing component, a storage component, an IO component, an acceleration component, a memory expansion component and a heat dissipation component.
In a possible implementation manner, the management system measurement unit is configured to perform a trusted measurement on the management system when the server is started for the first time, or the management system measurement unit is configured to perform a trusted measurement on the management system periodically during the operation of the server.
In one possible implementation, the second measurement report is obtained by measuring the code of the component system by the component, and the first measurement report is obtained by measuring the code of the management system by the chip.
In a possible implementation manner, the server measurement unit is configured to obtain a trusted measurement format of the server, and convert the first measurement report and the second measurement report into a third measurement report corresponding to the trusted measurement format; and the server measurement unit is used for carrying out credibility measurement on the server according to the third measurement report.
In a possible implementation manner, the third measurement report includes the identity information of the server and the measurement value of the server, and the server measurement unit is configured to obtain the standard measurement value of the server from a local or remote location according to the identity information of the server, and perform the trusted measurement on the server according to the measurement value of the server and the standard measurement value of the server.
In a possible implementation, the server metric unit is configured to send a third metric report to the authentication node, so that the authentication node performs a trusted metric on the server according to the third metric report.
In one possible implementation, the IO component includes a network card or a riser; the storage component comprises one or more of a hard disk backboard, an Expander and a PCIE switch; the computing component comprises a CPU, a DDR and a power supply; the acceleration component includes a carrier plate and an acceleration card interconnect switch, wherein the acceleration card includes one or more of the image processors GPU, DPU, NPU; the memory expansion assembly comprises a carrier plate and one or more of a memory expansion chip, a DIMM and an SCM medium; the heat dissipation assembly comprises one or more of air cooling heat dissipation and liquid cooling heat dissipation.
In one possible implementation, the chip is a Baseboard Management Controller (BMC) chip in a server.
In a fourth aspect, a chip is provided, the chip comprising a traffic core and a security core, the security core being for running instructions to implement a method as described in the first aspect or any one of the possible implementations of the first aspect, and the management core being for running instructions to implement management functions.
In a fifth aspect, a chip is provided, the chip comprising a computing unit and a memory, the memory storing code, the computing unit comprising functionality for executing the respective modules of the first aspect or any of the possible implementations of the first aspect.
In a sixth aspect, there is provided a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the method of the above aspects.
In a seventh aspect, a computer program product comprising instructions is provided, comprising a computer program or instructions which, when run on a computer, cause the computer to perform the method according to the method embodiments described above.
Further combinations of the present application may be made to provide further implementations based on the implementations provided in the above aspects.
Drawings
FIG. 1 is a schematic diagram of a trusted metrology system provided by the present application;
FIG. 2 is a schematic diagram of another architecture of a trusted metrology system provided by the present application;
FIG. 3 is a schematic diagram of an interaction flow of a trusted metrology system provided by the present application;
FIG. 4 is a flow chart of steps of a trusted measurement method provided by the present application;
FIG. 5 is a schematic diagram of a chip according to the present application;
fig. 6 is a schematic diagram of another structure of a chip according to the present application.
Detailed Description
The following description of the technical solutions according to the embodiments of the present application will be given with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
First, a new architecture of the server provided by the application is explained.
The traditional server main board has high technical threshold for development, and besides the functions of a central processing unit (central processing unit, CPU), the traditional server main board also comprises functions of bus fan-out, power fan-out, maintenance management and the like, and related circuits of the CPU on the main board come from reference designs given by CPU manufacturers, and the reference designs provided by different CPU manufacturers are completely different, so that a great amount of resources and time are required for development and design of the main board. In order to meet the requirements of quick updating of computing products such as servers, the manufacturers of the whole machines need to put more effort on differentiated innovation, but only focus on the aspect of low-level hardware specification comparison. Therefore, the method can not only meet the requirements of various scenes and calculation power of customers, but also force the whole manufacturer to fall into the low-efficiency homogeneous competition inner coil. Along with the presentation of the trend of computing power diversity, more processor manufacturers emerge, more processor products with different architectures are introduced, and the iteration speed of various processors is also rapidly improved. Meanwhile, the power consumption of the processor is continuously increased, and the heat dissipation technology of the conventional server cannot meet the requirements. In addition, in order to improve system performance, new media types (e.g., intel pushes 3D Xpoint new nonvolatile media, etc.) and modalities are also being introduced in the industry, which also require new architecture support and adaptation. In order to develop a server adapting to the technical trend, manufacturers of the whole machine need to put huge development workload, but design schemes of the same main board or the whole machine cannot be reused due to the difference of different products. Therefore, the whole industry puts higher demands on the aspects of cross-architecture sharing components of the server, cross-generation evolution, time To Market (TTM) shortening, total operation cost (total cost of operation, TCO) reduction and the like, and further development of the industry needs to construct a more open and standardized server architecture, improve development efficiency, improve part reuse degree and provide more flexibility and differentiation.
The present application proposes an innovative peer-to-peer interconnect architecture (also referred to as a server new architecture or new architecture). In the architecture, the traditional main board is split into a base board (Basic Computing Unit, BCU) and an Extension board (EXU), and the base board is matched with the Extension board to realize the different functionsAnd the specification and the form of the mainboard required by the scene are supported. In addition, the same computing device may include one base board and one expansion board, the same computing device may also include a plurality of base boards and one expansion board, and the same computing device may also include one base board and a plurality of expansion boards. The base board comprises a CPU, a Double Data Rate (DDR) and a related power supply, and provides general computing power and expansion interfaces such as peripheral storage, input/output (IO), acceleration and the like. Base plate supportAnd the like, different series of CPUs. Optionally, the base board supports heterogeneous processors, i.e., the base board may support different types of processors, e.g., the base board supports a CPU, as well as any one or any combination of application-specific integrated circuits (application-specific integrated circuit, ASIC), programmable logic devices (programmable logic device, PLD), complex program logic devices (complex programmable logical device, CPLD), field-programmable gate arrays (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL), system on chip (SoC), software defined architecture (software-defined infrastructure, SDI) chips, artificial intelligence (artificial intelligence, AI) chips, and the like.
Further, according to the service requirements and hardware attributes, the embodiment of the application provides at least 6 foundation boards in different forms, which are respectively aimed at different computing performances and memory configurations. For convenience of description, these 6 kinds of base plates are designated as A1, A2, B1, B2, C1, and C2, respectively. In this embodiment, "P" represents the number of processors, P is an integer greater than 0, and "DPC" represents each Channel dual in-line memory module Per Channel (DIMM Per Channel). For example, the A1-modality base board supports one processor, inserting one DIMM per channel (abbreviated as 1P1 DPC); the base board of the A2 form supports one processor, inserting one or two DIMMs per channel (abbreviated as 1P2DPC or 1P1 DPC); the base board of the B1 architecture supports two processors, one DIMM per channel (abbreviated as 2P1 DPC) or one processor, one or two DIMMs per channel (abbreviated as 1P2DPC or 1P1 DPC); the base board of the B2 architecture supports two processors, one or two DIMMs per channel (abbreviated as 2P2DPC or 2P1 DPC), or one processor, one or two DIMMs per channel (abbreviated as 1P2DPC or 1P1 DPC); the base board of the C1 architecture supports four processors, one DIMM per channel (abbreviated as 4P1 DPC), or two processors, one or two DIMMs per channel (abbreviated as 2P2DPC or 2P1 DPC); the C2-shaped base board supports four processors, one or two DIMMs per channel (abbreviated as 4P2DPC or 4P1 DPC), or two processors, one or two DIMMs per channel (abbreviated as 2P2DPC or 2P1 DPC). With the development of technology, the package size of the CPU, the memory channel and the DIMM number may be changed, but the standard size and the installation hole site of the main board will remain unchanged, so that the compatible evolution of the base board across generations and across series can be ensured when the base board is updated. For example: the B2-mode base board supports 2P2DPC (2P 32 DIMM) at the current 8-channel DDR per CPU. After the number of CPU memory channels has risen to 12, 2P2DPC (2P 48 DIMM) will not be realized. Then, the B2 configuration may support 2P1DPC (2P 24 DIMM), while 2P2DPC (2P 48 DIMM) may be implemented with other configurations such as C1, since the mounting hole locations and the base board dimensions are standard, direct replacement and mounting.
The expansion board comprises a main board management controller (Baseboard Management Controller, BMC) chip, a management system and a bridge (for example, a platform path controller (Platform Controller Hub, PCH) of an Intel system), is used for managing and expanding the base board, and is used as a management center of the whole system to provide management functions such as equipment, safety, energy efficiency, reliability and the like. Wherein the BMC may also be referred to as a baseboard management controller.
In the new architecture, the base board is in communication connection with the components through a PCIE, a high-speed bus such as a memory interconnect (Compute Express Link, CXL), or a unified bus (UB or Ubus), and is connected with the expansion board through a management interface. In a specific implementation, the specific connection modes of the foundation plate and the component and the foundation plate and the expansion plate comprise: the soft connection mode of the connection is realized by a cable, or the hard connection mode of the connection is realized by a connector. Advancing oneFurther, a component is a generic term for a type of device or apparatus. The components are different in function and comprise a STorage component (STORage Unit, STU), an IO component (Input Output Unit, IOU), an acceleration component (ACceleration Unit, ACU), a memory expansion component (Memory Expansion Unit, MEU), a heat dissipation component, a calculation component, a management component and the like. The foundation plate supports Kunpeng, The expansion board provides management functions and power supply for the base board and each expansion component. The power supply and the radiator can be selected differently under the support of the expansion board.
It is noted that a base board, or expansion board, of a device containing a processor, memory, baseboard management controller may also be one of the components.
The storage component comprises a hard disk backboard, an expansion board (Expander), a PCIE switch (switch) and the like, and is used for expanding system storage and supporting a plurality of media and forms such as a mechanical Hard Disk Drive (HDD)/a Solid State Drive (SSD)/a nonvolatile high-speed transmission bus (Non-Volatile Memory express, NVMe)/a storage class memory (Storage Class Memory, SCM) and the like.
The IO component comprises components such as a Riser and the like, realizes the expansion of system IO, and supports PCIE standard cards and open computing item (Open Compute Project, OCP) cards.
Acceleration components include Riser, carrier board, acceleration card interconnect switch (switch), etc., providing system acceleration component expansion and interconnect functionality.
The memory expansion assembly comprises a carrier plate, a memory expansion chip, a dual in-line memory module (DIMM) and SCM media, and the like, and provides functions of expanding memory bandwidth and content capacity of the system.
The heat dissipation assembly is used for dissipating heat of the computing equipment or hardware in the computing equipment and comprises air cooling heat dissipation, liquid cooling heat dissipation or combination of the two heat dissipation modes. It should be understood that the structure, type and number of heat dissipating components do not constitute limitations on the solution to be protected by the present application.
Computing components, central processing units (central processing unit, CPU), memory, etc., provide general purpose computing capabilities.
A management component, a baseboard management controller, etc., provides a device for equipment management.
On the other hand, in the conventional server architecture, due to evolution reasons such as power supply, number of memory channels, number of IOs, rate, etc., slots (sockets) of a processor (e.g., a central processing unit (central processing unit, CPU)) are generally only compatible per generation (two small upgrades of rack/Tock), and it is difficult to be compatible across generations. The main board provided by the application can be provided with an external interface in a standardized mode, and can be expanded in various external modes such as a cable and the like in a flexible connection mode, so that the related power supply of the processor and the difference caused by interconnection among different processors, components and the components can be shielded. The change of components such as the memory is only contained in the main board, and the cross-generation compatible function of the main board is realized. Thus, for each manufacturer, when the processor is updated, the complete machine, the components and the like matched with the processor can not be replaced, so that the matched components have longer life cycle. The customer can replace the latest components at any time on the premise of not changing the chassis and not increasing the workload of hardware development, and the latest calculation force in the industry is used most quickly. For the whole manufacturer, after the new architecture of the server is subjected to cross-generation upgrading and cross-series evolution, the upgrading of the processor or the replacement of different processor manufacturers can be realized by simply replacing the base plate, the original development mode is subverted, and a new industry mode is derived.
In addition to providing a new architecture for a server, the new architecture for a server also implements hardware standardization, including standardization of a base board and standardization of component interfaces, in order to support diverse computing power and diverse devices.
The standardization of the base board includes standardization of dimensions, mounting sites, interface electrical characteristics, management interface protocols and parameters, and the like. Wherein, table 1 is an example of a basic board interface description table provided by the application.
Table 1 shows an example of a description of a basic board interface provided by the present application
The power supply adopts unified 12V input, and the interior of the base board is converted into various required power supplies through DC/DC conversion. Considering future evolution of I/O and differentiation of different CPUs, the embodiment defines a Flexible I/O interface based on UBC and UBCDD connectors, which is used for replacing the original PCIE interface. The Flexible I/O interface can be flexibly configured into PCIE/HCCS/SAS/SATA/Ethernet interfaces according to requirements. The BCU management interface mainly comprises a common low-speed maintenance interface, such as an interface of I2C, UART, JTAG, and is compatible with management of a common processor platform.
Standardization of computing system internal component interfaces: the components comprise an expansion board, a power supply component, a heat dissipation component, a storage component, an IO component, an acceleration component, a memory component and the like, and the electrical interface, the management interface and the parameters of the components are standardized without defining and restricting the physical size, the installation, the position and the like of the components, so that a wide innovation space is provided, and differentiation and flexible expansion are supported. The external interfaces of the component except the power supply and the high-speed signals, and the rest low-speed management interfaces are defined as shown in the following table 2:
Table 2 is an example of a component low-speed management interface definition table provided by the present application
In addition to the interfaces of the EXU and the BCU, other interfaces are connected with each component through the EXU. It should be noted that the present embodiment only defines the functions of these interfaces, and is not limited to a specific pin layout (PINMAP) manner, and any implementation manner capable of implementing the functions is within the scope of the present embodiment.
It should be noted that the contents of the foregoing tables 1 and 2 are only an example provided to assist in explaining the technical solution of the present application, and in a specific implementation, the new architecture of the server, the interface of the base board, and the low-speed interface of the functional component may each include more or less contents.
In addition, the application also provides an intelligent management software, the management object template is realized according to the standardized requirement of the new architecture of the server, after the server is powered on, the management software automatically detects the components through the standard management bus and acquires the self-description information of the components, and then the management object instance is created according to the management object template, so that the management software self-adaption management is realized, the management software intelligent is realized, and the automatic discovery and the automatic adaption of the components are supported.
Next, an application scenario of "trusted metrics" according to the present application will be described.
The trusted measurement is a technical means for ensuring that the server operates in a desired trusted state, and by performing the trusted measurement on the server, a third party can be effectively prevented from acquiring the control authority of the server by replacing a component or upgrading and mirroring illegal software in the operation stage of the server, wherein the measurement refers to the measurement report of the acquisition server in the operation process, and whether the system is illegally tampered in the operation process is judged according to rule or model analysis.
In general, a trusted measurement scheme of a server uses a service processor as a core and a service system as a granularity where the service processor is located, specifically, a server can configure a security chip (trusted platform module, a TPM) and the service processor, the TPM can develop progressive measurement according to a starting sequence of each component in the service system, the measurement result is written into a platform configuration register (platform configuration register, PCR) of the TPM step by step, and an external authentication node can acquire the measurement result in the PCR register from the TPM, and based on the measurement result, the server is trusted measured.
However, as the server continuously develops towards the direction of diversity of computing power, the server not only comprises a main service system, but also comprises other computing power systems, a management system and the like, and the TPM performs step-by-step measurement according to the starting sequence of each component in the main service system, which is equivalent to performing trusted measurement on the main service system only, so that a third party can easily obtain the control authority of the server through other systems as springboards.
In addition, because the starting orders of all the components in the service processing systems under different server architectures are also different, for example, the ARM architecture is an open architecture, and has no definite PCR register allocation rule or unified trusted measurement scheme, the architecture difference can cause the problem of incompatibility of the trusted measurement of the servers.
In summary, the current trusted measurement of the traditional server has loopholes, and it is difficult to perform the trusted measurement on other systems except the main service processing system, so that the security of the server is low.
The application provides a trusted measurement scheme based on the new architecture of the server, which is used for solving the problem that the security performance of the server is low due to the fact that the trusted measurement of the server has loopholes and other systems except a main service processing system are difficult to perform trusted measurement.
As shown in fig. 1, fig. 1 is a schematic structural diagram of a trusted metric system provided in the present application, where the trusted metric system may be deployed in the new architecture of the server in the foregoing. As shown in fig. 1, from the system dimension, the aforementioned server new architecture may include a system trust center, a node trust center, and trusted components. Different layer components respectively construct corresponding credible characteristics, a node credible center is used as a center component of a server, simultaneously is used as a credible root of the node, is responsible for credible management of the whole node, and is constructed according to CC EAL 4+/national secret secondary capacity. The trusted capability of the component is built in coordination with the node trust center.
In order to better understand the present application, in the embodiment of fig. 1, the components are abstracted into a trusted IO component, a trusted computing component, a trusted storage component and a trusted acceleration component according to service characteristics, and it should be understood that the above-mentioned component division manner is slightly different from the component division manner in the foregoing. Each type of component may correspond to the following physical components:
trusted IO component: the PCI express card comprises components such as a Riser and the like, realizes the expansion of system IO, and supports a PCIE standard card and an OCP card;
a trusted computing component: the internal part comprises a CPU, a DDR and a related power supply, and provides expansion interfaces such as general computing capacity, peripheral storage, IO, acceleration and the like;
trusted storage component: the system comprises a hard disk backboard, an Expander, a PCIE switch and the like, and is used for storing and expanding a system and supporting various media such as an HDD/SSD/NVMe/SCM and the like;
trusted acceleration component: including carrier boards and accelerator card interconnect switches, etc., provide system accelerator component expansion and interconnect functionality.
The trusted design requirements for each of the above components may be as shown in table 3 below. Wherein the "rule" characteristic of the component in table 3 is to be used as the basic functional requirement of the safe and trusted design of the component, and the additional "suggestion" characteristic is to be used as the differentiated functional requirement of the safe and trusted design of the component, which is not mandatory, and is selected by each component according to the actual service requirement.
Table 3 examples of trusted design requirements for various components in a trusted metrics system provided by the present application
/>
As shown in table 3, the system trust center is used to measure the trust of the server, and is a system trust management software. The system trust center can comprise a system attestation center, a system secret management center, a system trust root, a system tenninal policy control and an access authentication server. The system attestation center is used for realizing the functions of the server such as credibility measurement, credibility authentication and the like, the system secret management center is used for decrypting information sent by the node credibility center, the system toughness policy control is used for realizing policy distribution and control, the system toughness is improved, the access authentication server is used for carrying out access credibility authentication on the server, and the system credibility root is used for supporting the realization of the functions. The nodes in table 3 are the new architecture servers in the foregoing.
The node trusted center may be a management chip in the foregoing, where the node trusted center includes at least functions such as a node trusted root, trusted start, secure start, component access authentication, node trusted root, trusted start, firmware encryption, trusted platform control module (trusted platform control module, TPCM), and the like, and may further add functions such as component one-key sensitive data clearing, component centralized security upgrade, node toughness policy, chassis security, and the like according to actual service requirements.
The trusted component can comprise a trusted IO component, a trusted computing component, a trusted storage component and a trusted acceleration component, wherein the trusted computing component is used for performing trusted protection on computing operation environment and data, the trusted IO component is used for performing high-performance trusted service transmission, the trusted storage component is used for performing high-new-energy lasting trusted protection, the trusted acceleration component is used for performing high-performance trusted service co-processing acceleration, and the trusted system bus is used for realizing trusted bus standard ecology.
It can be understood that the components can design corresponding functional requirements for safe and reliable components based on the characteristics of the components and combining actual service requirements, the components can combine safe and reliable functions as required, the coupling between the functions is reduced as much as possible when the safe and reliable functions are designed, and the access trusted authentication and the measurement trusted of the components are realized by a node trusted center, so that the reliability complexity of the components is reduced.
It should be noted that the trusted root in table 3 is a protection mechanism for implementing integrity of the computer system, and is a basis for constructing a trusted metric environment. In terms of a trust metric theory, a trust chain is not breakable through gradual transmission, and for constructing a secure start chain, a hardware state at the time of power-up is a trusted base of the trust chain, also called Root of trust (Root), and a strict trusted Root is often realized based on a mechanism provided by hardware, so that a more complete statement should be a hardware trusted Root. Depending on the role, the use of the hardware root of trust may also vary, such as reporting, launching, metrics, storage, etc.
In a specific implementation, a component main chip (namely a main control chip of a board, namely a chip started first when the board is powered on) is connected with a component flash through a MUX (change over switch), so that collection of firmware verification and measurement reports of safe starting of component firmware is realized, and the measurement reports are supported to be sent to a node trusted center for trusted measurement.
It should be noted that, for the computing component, the node trusted center may be additionally supported to directly access the flash of the component, so as to implement the secure boot check of the CPU BIOS and the identity measurement of the trusted boot, and meanwhile, be responsible for the firmware check of the BIOS secure upgrade.
Optionally, the component is connected with a trusted management channel of the node trusted center, so that the functions of collection and security upgrading of the measurement report are realized. The node trusted center may be a BMC chip, and the BMC chip may run node trusted management software.
In the embodiment of the application, the node trust center performs trusted measurement on the BMC system through the center trust root to generate a first measurement report of the BMC system, the hardware trust root on the trusted computing component can measure the local component system to generate a second measurement report of the component, the node trust center can convert the first measurement report and the second measurement report into a third measurement report corresponding to the measurement format according to the measurement format of the server, and then the third measurement report is sent to the system trust center for the system trust center to perform trusted measurement on the server according to the third measurement report.
In summary, the application provides a trusted measurement scheme based on the new architecture of the server, and the scheme obtains the measurement report of each component in the server through the node trusted center, so that not only can the trusted measurement be carried out on the system with the unexposed interface to realize the trusted measurement of all the systems and even components of the whole server, but also the format conversion can be carried out on the measurement report of each component after the measurement report of each component is obtained, so that the measurement report accords with the unified rule of the trusted measurement, and the problem that the trusted measurement is incompatible due to the architecture difference is solved.
Fig. 2 is another schematic structural diagram of a trusted metric system provided by the present application, it should be understood that, the trusted metric system shown in fig. 1 is described in terms of a system dimension, and fig. 2 is described in terms of a hardware dimension, and as shown in fig. 1, the trusted metric system includes a server 100 and an authentication node 200 from the hardware dimension, where a communication connection is established between the server 100 and the authentication node 200 through a network, and may be specifically a wired network or a wireless network, such as an ethernet or UBUS-N bus, where the present application is not limited specifically.
Authentication node 200 may be a physical server such as an X86, ARM server, or the like; the present application is not particularly limited, and may also be a Virtual Machine (VM) implemented based on a general-purpose physical server in combination with network function virtualization (network functions virtualization, NFV) technology, where the VM refers to a complete computer system that has a complete hardware system function and operates in a completely isolated environment through software simulation. The authentication node 200 may be deployed with the system trust center in the embodiment of fig. 1, and may be used as a measurement center to perform a trust measurement on the measurement report sent by the server 100.
The server 100 may be a physical server, and the architecture of the server is a new architecture in the foregoing, where a main board of the server is split into a base board, an extension board, and components, and descriptions of the new architecture, the base board, the extension board, and the components may refer to the foregoing, and a detailed description is not repeated herein. In a specific implementation, the server 100 may be a single server, or may be a node in a server cluster, and the present application is not limited in particular. Alternatively, the server 100 may also be a storage server or an edge computing device, where the architecture of the storage server and the edge computing device is the new architecture in the foregoing.
Further, the server 100 may be divided into a plurality of units, modules or periods, and as shown in fig. 2, for example, the server 100 includes a management chip 110 and components 120, where the number of components 120 may be one or more, and the present application is not limited in particular. A connection may be established between management chip 110 and component 120 via bus 130.
The management chip 110 may include an interface and a processor, where the processor may include integrated circuits and/or devices that may program logic devices (programmable logic device, PLD) or a combination thereof. The PLD is a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL), or any combination thereof. The management chip 110 may also include a motherboard, also referred to as a printed circuit board (printed circuit boards, PCB), for the printed processor. Alternatively, the management chip 110 may be a processor of a reduced instruction set machine (advanced RSIC machine, ARM) architecture. The management chip 110 may be deployed with the node trust center described in fig. 1.
The management chip 110 may be deployed with a management system, where the management system may be an intelligent system in the foregoing, and the management system is configured to implement management on each system in the server according to a standardized requirement of a new architecture of the server, specifically may automatically detect a component through a standard management bus and obtain self-description information of the component, and then create a management object instance according to a management object template, thereby implementing management software self-adaptive management to implement management software intellectualization, and support automatic discovery and automatic adaptation of the component, and as a management center of the entire server 100, provide management functions such as equipment, security, energy efficiency, reliability, and so on.
Optionally, the management chip 110 may be a BMC chip in the foregoing, which may also be referred to as a server intelligent management system (intelligent baseboard management controller, iBMC) or a baseboard management controller, and referring to the foregoing, it can be known that the BMC chip is located on an expansion board of a new architecture server, is a management expansion of the baseboard, is a management center of the whole system, is a server embedded management system facing the full life cycle of the server, and provides a series of management tools such as hardware status monitoring, deployment, energy saving, security, and the like.
It can be understood that, referring to the foregoing, the BMC chip and each component may be connected in a communication manner through various interfaces shown in table 3, so that the trusted measurement system provided by the present application obtains the measurement report of each component in the server through the management chip 110, and may perform trusted measurement on the system without exposing the interface, so as to implement trusted measurement on all systems and even components of the entire server.
Component 120 may include a storage component, an IO component, an acceleration component, a computation component, a memory expansion component, and a heat dissipation component, where the IO component includes a network card or a riser; the storage component comprises one or more of a hard disk backboard, an Expander and a PCIE switch; the computing component comprises a CPU, a DDR and a power supply; the acceleration component includes a carrier plate and an acceleration card interconnect switch, wherein the acceleration card includes one or more of the image processors GPU, DPU, NPU; the memory expansion assembly comprises a carrier plate and one or more of a memory expansion chip, a DIMM and an SCM medium; the heat dissipation assembly comprises one or more of air cooling heat dissipation and liquid cooling heat dissipation.
The storage component, the IO component, the acceleration component, the memory expansion component, and the heat dissipation component may refer to the related descriptions in the foregoing embodiments, and the description is not repeated here, and it is to be noted that the computing component is a base board in the description of the new architecture of the server and may include a CPU, a DDR, and a power supply. It should be understood that, for the sake of understanding, the base board is divided into the components 120 as one computing component, and the components may also have a more variety of division manners, and may specifically be divided according to an actual service processing scenario, which is not limited herein. The component 120 is configured with a component system, such as a service processing system corresponding to a computing Component (CPU), an image processing system corresponding to an acceleration component (such as a GPU), a storage system corresponding to a storage component (such as a solid state disk), and so on, which are not illustrated herein.
Bus 130 may include an out-of-band bus, which may include a PCIE, CXL, or UB high-speed bus, and a high-speed bus, which may be a serial peripheral interface (serial peripheral interface, SPI) bus, a system management bus (systemmanagement bus, SMBUS), an RS202C, RS422C, USB bus, or the like, as the present application is not particularly limited.
The management chip 110 may be in communication connection with the IO component, the storage component, and the acceleration component through an out-of-band bus, such as an SPI bus, an SMBUS, or the like, and the management chip 110 may be deployed with a corresponding out-of-band bus controller to implement communication connection with the IO component, the storage component, and the acceleration component. The management chip 110 is communicatively connected to the computing components through a high-speed bus, such as a PCIE bus, a UB bus, and the like, and the management chip 110 may also be deployed with a corresponding high-speed bus controller, such as an End Point (EP) controller of PCIE, an EP controller of UB, and the like. The bus 130 between the CPU and the management chip 110 may include a management interface, wherein the management interface type may include GE, VGA, USB, UART, PWR BTN, UID BTN, etc., and a specific description of the management interface may refer to table 3 in the foregoing, and a detailed description is not repeated here.
The management chip 110 may also be externally hung on the BMC chip in the foregoing, in this case, the management chip 110 establishes communication connection with the BMC chip, the storage component, the IO component, and the acceleration component through an out-of-band bus, for example, an SPI bus, an SMBUS bus, etc., where the management chip is deployed with a corresponding out-of-band bus controller to implement the communication connection. The management chip 110 establishes a communication connection with a computing component (such as a CPU) through a high-speed bus, such as a PCIE bus, a UB bus, and the like, which is not particularly limited by the present application.
It can be understood that the application performs the trusted measurement on each component in the server and the BMC chip itself through the BMC chip, and the BMC chip and the CPU have the advantage of computing resource isolation, so that the trusted measurement does not need to consider how to perform resource isolation any more, the design threshold is reduced, and the dual-system security architecture of independent hardware protection is realized. Meanwhile, the BMC chip is used for making an embedded management system facing the full life cycle of the server, interfaces for interacting with an external network are few, the exposed surface of the network is far less than that of a service processor, and the BMC chip is used for realizing the credibility measurement, so that the possibility of being attacked by a third party through the network can be reduced.
In the embodiment of the application, the management chip 110 can verify the software and hardware states of the BMC management system by adopting a safe and reliable starting mode when the server is electrified and started, ensure the integrity of the software and hardware of the BMC management system, and avoid a third party from acquiring the control authority of the server by replacing firmware during storage and transportation. In a specific implementation, the power-on start protection can be realized through the BSBC software, the management chip 110 can be set to be unchangeable in factory, and supports a self-defined safe start strategy, and the code safety protection is set according to service requirements. After the integrity of the firmware is checked successfully, the management chip 110 can be started, otherwise, the processing such as warning notification of the incomplete firmware or power-down of the server is performed.
In the embodiment of the application, the management chip 110 can perform the trusted measurement on the server when the server is powered on for the first time, and can also perform the trusted measurement on the server with a certain frequency in the running process of the server. The process flow of the trusted measurement of the server by the management chip 110 may be as follows: the management chip 110 may perform a trusted metric on the management system, obtain a first metric report of the management system, where the first metric report is used to represent the integrity of the management system, and the management chip 110 obtains a second metric report from the component 120, where the second metric report is a trusted metric report of the component system, where the second metric report is used to indicate the integrity of the component, and perform a trusted metric on the server according to the first metric report and the second metric report. It should be noted that the integrity of the system means that the system itself is not modified, deleted or added by unauthorized means.
In a specific implementation, the component 120 may include a component main chip (i.e. a main control chip of the board, i.e. a chip that is first started when the board is powered on), and the measurement of the component system is implemented by integrating a security subsystem or an external security chip in the component main chip, so as to obtain a second measurement report of the component 120. Similarly, the component main chip can also adopt a safe and reliable starting mode to check the software and hardware state of the component system, ensure the integrity of the software and hardware, avoid a third party to acquire the control authority of the component by replacing firmware during storage and transportation, and specifically can be connected with the component flash through a MUX (change over switch) to realize the safe starting of the component firmware and the identity measurement of the reliable starting.
Alternatively, the first measurement report may include the identity information of the management chip 110 and the measurement value of the management chip 110, where the identity information of the management chip 110 includes the software identifier, the software version, the firmware identifier, and the firmware version of the management chip 110, and may further include other information describing the identity of the software and/or firmware of the management chip 110. The metric value of the management chip 110 is used to indicate the integrity of the management chip 110. Similarly, the second metric report may include the identity information of the component 120 and the metric value of the component 120, where the identity information of the component 120 and the metric value of the component 120 may refer to the above description related to the identity information of the management chip 110 and the metric value of the management chip 110, and the detailed description is not repeated here.
In a specific implementation, the measurement value of the management chip 110 may be obtained after the management chip 110 measures the code of the management system, and the measurement value of the component 120 may be obtained after the component 120 measures the code of the component system, where the measurement value is used to indicate the state of the system software, and the measurement value may well indicate whether the system software firmware changes, is tampered by a third party, and if the system is tampered by the third party, the measurement value of the system will change.
Alternatively, the component 120 may obtain the measurement value of the component system by hashing (hash) or hashing a software code segment of the component system, or obtain the measurement value of the component system by calculating a digest value of a static file of the component system by a hash algorithm, or obtain the measurement value of the component by hashing a process used when the component system runs and a memory code of a kernel module, or may traverse and measure a device memory in a pseudo-random manner to obtain the measurement value of the component, which should be understood that the above-mentioned method of obtaining the measurement value is used for illustration, and the component 120 may also use other methods to obtain the measurement value related to the integrity of the component system.
In a specific implementation, the component 120 may measure the component system step by step according to the starting sequence of each software and firmware of the component system, to obtain a second measurement report of the component system. In short, after the software or firmware measurement started first is trusted, the software or firmware started at the next stage can be measured. For example, the software firmware starting sequence of the service processing system of the computing Component (CPU) is a CPU chip, a firmware a, an operating system a and an application a, after the CPU chip is started, the firmware a is measured to obtain a measurement value of the firmware a and sent to the management chip 110, after the management chip 110 returns the measurement result of the firmware a to the management chip, the CPU chip and/or the firmware a can measure a code segment of the operating system a to obtain a measurement value of the operating system a and send the measurement value to the management chip 110, and after the management chip wants the measurement result of the operating system a returned to the management chip to be trusted, the CPU chip, the firmware a and the operating system a can perform a trusted measurement on the application a, and so on, which is not described herein.
It should be noted that, the management chip 110 may be deployed with the node trusted root described in the embodiment of fig. 1, and the component 120 may be deployed with the component trusted root of fig. 1 implementing both descriptions. In a specific implementation, the trusted root includes identity information and a metric code. The identity information is an identity code information capable of identifying the management chip 110, such as a device unique identification code (unique device secret, UDS) or a firmware signature of a part of software or firmware in the management chip 110. The measurement code is used for measuring firmware started at the later stage. Of course, the hardware root of trust may also include more, which is not specifically limited by the present application.
For example, the starting sequence of the acceleration component is the acceleration component trusted root, firmware a, firmware B and firmware C, after the acceleration component trusted root starts, the next started firmware a can be measured by using the metric code, a second metric report including the acceleration component UDS is generated and returned to the management chip 110, after the management chip 110 performs the trusted measurement on the first metric report and the second metric report through the external authentication node 200, the acceleration component trusted root can receive the information that the firmware a measures the trusted information, the acceleration component trusted root can measure the next started firmware B, and so on. It should be noted that, the firmware B may be measured by a component trusted root, or may be measured by the firmware a, which may be specifically determined according to an actual service situation, which is not limited by the present application.
It should be understood that the management chip 110 may also obtain the first metric report in the progressive metric manner, which is not repeated herein.
It should be noted that, since the component 120 obtains the second metric report for the component system in a stepwise metric manner, the second metric report sent by the component 120 to the management chip 110 may include identity information of one or more firmware or software of the component system and corresponding metric values, and may be specifically determined according to service processing logic. For example, the starting sequence of the acceleration components is firmware a, firmware B and firmware C, and the second metric report received by the management chip 110 may include the identity information of firmware a and the metric values of firmware a, and may also include the identity information of firmware a, firmware B and firmware C and the respective metric values, which are not specifically limited in the present application, and the writing sequence is the metric values of firmware a, firmware B and firmware C. Similarly, the first metric report obtained by the management chip 110 in the stepwise metric manner for the management system may also include one or more firmware or identity information of the software and corresponding metric values, and the number of the software or firmware metric values included in the first metric report and the second metric report may be determined according to the actual situation, which is not limited in the present application.
In an embodiment, the management chip 110 may obtain a trusted metrics format of the server, convert the first metrics report and the second metrics report into a third metrics report corresponding to the trusted metrics format, and then perform a trusted metrics on the server according to the third metrics report. In particular implementations, the management chip 110 may send a third metric report to the authentication node 200 for the authentication node 200 to perform a trusted metric on the server based on the third metric report.
It can be understood that, referring to the foregoing, the starting sequence of the firmware software is not uniform standard format when the components of the servers of different manufacturers and architectures are started, and after the management chip 110 collects the first measurement report of the management system and the second measurement report of each component, the format conversion can be performed on the first measurement report and the second measurement report, so that the first measurement report and the second measurement report are adapted to the measurement format of the authentication node 200, and the problem of measurement failure caused by different measurement formats is avoided.
In a specific implementation, the third metric report may include identity information of a server and a metric value of the server, where the metric value of the server is used to indicate integrity of the server, the identity information of the server may be obtained according to the identity information of the management chip 110 in the first metric report and the identity information of the component 120 in the second metric report, and the metric value of the server may be obtained according to the metric value of the management chip 110 in the first metric report and the metric value of the component 120 in the second metric report. The identity information of the server is used for the authentication node 200 to obtain a standard measurement value corresponding to the server, and the server is trusted to measure by comparing the standard measurement value with the measurement value sent by the management chip 110.
Optionally, the measurement value of the server in the third measurement report may be a measurement value of a series of components and management chips, or may be a value integrated according to the measurement value of a component and the measurement value of the management chip, or may be an integrated value integrated by the measurement value of a part of components and the measurement value of the management chip, or further includes the measurement value of another part of components and the measurement value of the management chip. The management chip 110 may exchange the order of the metric values recorded in the first metric report and the second metric report, or may integrate the metric values, which may be specifically determined according to the trusted metric format of the authentication node 200, and the present application is not limited thereto specifically. The trusted measurement format may be obtained after the management chip 110 establishes a communication connection with the authentication node 200.
For example, assume that the trusted measurement format of the authentication node 200 for performing the feasible authentication on the component X is that the component X is measured firstly by the component X, then by the component X, the component X is measured secondly by the component X, after the measurement results of the component X and the component X are trusted, the measurement value of the component B is overlapped with the measurement value of the component C to obtain an overlapped measurement value, and the trusted measurement is performed on the component C according to the overlapped measurement value, which is simply described as the measurement sequence in the trusted measurement format of the authentication node 200 is: firmware a, firmware B, and overlay metric BC, assuming that the starting order of component X is firmware B, firmware a, and firmware C, the metric order of each firmware in the second metric report received by management chip 110 is: the management chip may adjust the order in the second measurement report of firmware to the measurement order corresponding to the trusted measurement format, so that the authentication node 200 may perform the trusted measurement on the server according to the trusted measurement format. It should be understood that the foregoing examples are provided for the purpose of illustration and are not intended to be limiting.
Alternatively, the management chip 110 may also perform a trusted measurement on the server for the third measurement report, without performing a trusted measurement on the server through the authentication node 200. Specifically, the management chip 110 may obtain the standard metric value corresponding to the server according to the identity information of the server in the third metric report, and perform the trusted metric on the server according to the standard metric value and the metric value in the third metric report, where the standard metric value of the server may be downloaded by the management chip 110 in advance or may be obtained remotely from the authentication node 200, and the application is not limited in detail.
For example, before a user purchases a server, a standard metric value and a trusted metric format may be acquired from a server provider, the management chip 110 measures the management system to obtain a first metric report, the component 120 measures the component system to obtain a second metric report, and after the component system measures the component system to obtain a second metric report, the management chip 110 may convert the first metric report and the second metric report into a third metric report according to the trusted metric format acquired in advance and perform a trusted metric of a service according to the third metric report and the standard metric value.
Alternatively, the standard measurement value of the server may be a preset standard measurement value, or may be determined according to a first measurement value obtained when the server performs the trusted measurement for the first time, where the first measurement value may include a measurement value of the component 120 and a measurement value of the management chip 110 when the server is started, and it may be understood that if the server is tampered with software or firmware by a third party in the running process, the measurement value of the server will change, so that whether the server changes in the running process can be determined by using the first measurement value as the standard measurement value, and the trusted measurement of the server is implemented. In a specific implementation, the standard metric value may be a single value or a series of values formed by a plurality of values, where the standard metric value corresponds to a standard value required by a trusted metric format, and may be specifically determined according to an actual processing situation, and the present application is not specifically limited.
Referring to fig. 3, a measurement process of the trusted measurement system provided by the present application is described below, and fig. 3 is a schematic diagram of an interaction flow of the trusted measurement system provided by the present application, where the interaction flow described in fig. 3 includes a component-side flow, a management chip-side flow, and an authentication node-side flow, where the component-side describes a content implemented by the component 120 in the foregoing content, the management chip-side describes a content implemented by the management chip 110, and the authentication node-side describes a content implemented by the authentication node 200, which are respectively explained below.
Component side: the hardware root of trust, firmware signature, and application memory on component 120 generate a component fusion identity certificate through a hash algorithm. The component fusion identity certificate may be a second metric report in the foregoing content, and the hardware trusted root may refer to the description of the foregoing content, which is not repeated herein, and the firmware signature may be identity information of software firmware in the foregoing content, specifically may also be UDS or the like, and the application memory is a memory in which a code executed by an application of the component system is located, and may be a metric value in the foregoing content obtained by hashing the code. Similarly, the management chip 110 may also perform measurement on the management system according to the step flow described in the component side to obtain a first measurement report, which may also be referred to as the management system fusion identity certificate.
Management chip side: the converged identity certificate of each component of the BMC hardware trusted root on the management chip 110 and the converged identity certificate of the management system are converged to obtain a node converged identity certificate, where the node converged identity certificate may be the third measurement report in the foregoing, that is, the management chip 110 performs operations such as format conversion on a plurality of converged identity certificates according to the trusted measurement format of the authentication node 200, so as to obtain the node converged identity certificate.
Optionally, the management chip 110 may further encrypt the node fusion identity certificate (i.e. the third measurement report), for example, in the signature calculation operation shown in fig. 3, and perform signature calculation on the node fusion identity certificate according to the remote proof private key to obtain the signature of the node fusion identity certificate.
Authentication node side: the authentication node 200 may verify the received node fusion identity certificate and the signature of the node fusion identity certificate by using a remote certificate public key, and compare the node fusion identity certificate with a standard metric value after the verification is passed, so as to determine a trusted metric result of the server.
The remote proof public key and the remote proof private key may be keys in an encryption algorithm, where the encryption algorithm may be an asymmetric encryption algorithm (RSA), MD5, a symmetric encryption algorithm, and the like, and the present application is not limited to a specific implementation of the encryption algorithm.
In summary, in the trusted measurement system provided by the application, the measurement report of each component in the server is obtained through the management chip, so that not only can the trusted measurement be carried out on the system with an unexposed interface to realize the trusted measurement of all the systems and even components of the whole server, but also the format conversion can be carried out on the measurement report of each component after the measurement report of each component is obtained, so that the measurement report accords with the unified rule of the trusted measurement, and the problem that the trusted measurement is incompatible due to the architecture difference is solved.
The following explains the trusted measurement method provided by the present application with reference to fig. 4, and the trusted measurement method can be applied to the new architecture server shown in fig. 1 to 3, and the method can include the following steps:
step S410: the management chip 110 performs a trusted metric on the management system, and obtains a first metric report of the management system, where the first metric report is used to identify the integrity of the management system.
In an embodiment, the management chip 110 may be a BMC chip in the foregoing, where the description of the BMC chip may refer to the foregoing embodiment, and the description is not repeated here.
In an embodiment, the management chip 110 performs a trusted measurement on the management system in the case that the service is started for the first time, or the management chip 110 periodically performs a trusted measurement on the management system during the operation of the server.
In an embodiment, the first measurement report may include identity information of the management chip 110 and a measurement value of the management chip 110, where the identity information of the management chip 110 includes a software identification, a software version, a firmware identification, and a firmware version of the management chip 110, and may include other information describing the identity of the software and/or firmware of the management chip 110. The metric value of the management chip 110 is used to indicate the integrity of the management chip 110.
In a specific implementation, the measurement value of the management chip 110 may be obtained after the management chip 110 measures the code of the management system, where the measurement value is used to indicate the state of the system software, and the measurement value may well indicate whether the system software firmware changes, is tampered by a third party, and if the system is tampered by the third party, the measurement value of the system will change.
Alternatively, the management chip 110 may obtain the measurement value of the management core by hashing (hash) or hashing a software code segment of the management system, or obtain the measurement value of the management chip by calculating a digest value of a static file of the management system by a hash algorithm, or obtain the measurement value of the management chip by hashing a process used when the management system runs and a memory code of the kernel module, or traverse and measure the memory of the management system in a pseudo-random manner to obtain the measurement value of the management chip, which is to be understood that the above-mentioned method of obtaining the measurement value may be used by the management chip 110 to obtain the measurement value related to the integrity of the management system by other methods, which is not limited in detail in the present application.
In a specific implementation, the management chip 110 may measure the management system step by step according to the starting sequence of each software and firmware of the component system, so as to obtain a first measurement report of the management chip 110. In short, after the software or firmware measurement started first is trusted, the software or firmware started at the next stage can be measured.
It should be noted that, since the management chip 110 obtains the first measurement report in a stepwise measurement manner for the management system, the first measurement report may include identity information of one or more firmware or software in the management system and corresponding measurement values, and may be specifically determined according to the service processing logic.
Step S420: the management chip 110 obtains a second metric report from the component 120, the second metric report being a trusted metric report for the component system, the second metric report being indicative of the integrity of the component.
In one embodiment, the above-described assembly includes at least one of: a computing component, a storage component, an IO component, and an acceleration component. The descriptions of the computing component, the storage component, the IO component and the acceleration component may refer to the related descriptions of the foregoing embodiments, and the descriptions are not repeated here.
In one embodiment, the second measurement report is obtained by measuring the code of the component system by the component, and the first measurement report is obtained by measuring the code of the management system by the management chip. The manner in which the component 120 obtains the second measurement report may refer to the manner in which the management chip 110 obtains the first measurement report in step S410, which is not repeated here.
Step S430: the management chip 110 performs a trusted metric on the server based on the first metric report and the second metric report.
In one possible implementation, the management chip 110 may obtain a trusted metrics format of the server, convert the first metrics report and the second metrics report into a third metrics report corresponding to the trusted metrics format, and perform a trusted metrics on the server according to the third metrics report.
It can be understood that, referring to the foregoing, the starting sequence of the firmware software is not uniform standard format when the components of the servers of different manufacturers and architectures are started, and after the management chip 110 collects the first measurement report of the management system and the second measurement report of each component, the format conversion can be performed on the first measurement report and the second measurement report, so that the first measurement report and the second measurement report are adapted to the measurement format of the authentication node 200, and the problem of measurement failure caused by different measurement formats is avoided.
In one possible implementation, the third measurement report includes identity information of the server and a measurement value of the server, where the measurement value of the server is used to indicate integrity of the server, and when the management chip authenticates the third measurement report, the management chip may obtain, locally or remotely, a standard measurement value of the server according to the identity information of the server, and perform a trusted measurement on the server according to the measurement value of the server and the standard measurement value of the server. In a specific implementation, the identity information of the server may be obtained according to the identity information of the management chip 110 in the first measurement report and the identity information of the component 120 in the second measurement report, and the metric value of the server may be obtained according to the metric value of the management chip 110 in the first measurement report and the metric value of the component 120 in the second measurement report.
Optionally, the measurement value of the server in the third measurement report may be a measurement value of a series of components and management chips, or may be a value integrated according to the measurement value of a component and the measurement value of the management chip, or may be an integrated value integrated by the measurement value of a part of components and the measurement value of the management chip, or further includes the measurement value of another part of components and the measurement value of the management chip. The management chip 110 may exchange the order of the metric values recorded in the first metric report and the second metric report, or may integrate the metric values, which may be specifically determined according to the trusted metric format of the authentication node 200, and the present application is not limited thereto specifically. The trusted measurement format may be obtained after the management chip 110 establishes a communication connection with the authentication node 200.
In a possible implementation manner, the management chip 110 may also send a third metric report to the authentication node 200, and the authentication node 200 may also compare the standard metric value with the metric value of the server in the third metric report, so as to implement a trusted metric for the server.
Alternatively, the management chip 110 may also perform a trusted measurement on the server for the third measurement report, without performing a trusted measurement on the server through the authentication node 200. Specifically, the management chip 110 may obtain the standard metric value corresponding to the server according to the identity information of the server in the third metric report, and perform the trusted metric on the server according to the standard metric value and the metric value in the third metric report, where the standard metric value of the server may be downloaded by the management chip 110 in advance or may be obtained remotely from the authentication node 200, and the application is not limited in detail.
Alternatively, the standard measurement value of the server may be a preset standard measurement value, or may be determined according to a first measurement value obtained when the server performs the trusted measurement for the first time, where the first measurement value may include a measurement value of the component 120 and a measurement value of the management chip 110 when the server is started, and it may be understood that if the server is tampered with software or firmware by a third party in the running process, the measurement value of the server will change, so that whether the server changes in the running process can be determined by using the first measurement value as the standard measurement value, and the trusted measurement of the server is implemented. In a specific implementation, the standard metric value may be a single value or a series of values formed by a plurality of values, where the standard metric value corresponds to a standard value required by a trusted metric format, and may be specifically determined according to an actual processing situation, and the present application is not specifically limited.
In one possible implementation, after the management chip 110 generates the third metric report, the third metric report may be encrypted by a preset key, and then the encrypted third metric report is sent to the authentication node 200, and the authentication node 200 may decrypt the encrypted third metric report by the preset key to obtain the third metric report, and perform the trusted metric on the third metric report. In a specific implementation, the above process may refer to the detailed description in the embodiment of fig. 3, and the detailed description is not repeated here. The remote public key and the remote attestation private key may be keys in an encryption algorithm, which may be an asymmetric encryption algorithm (RSA), MD5, a symmetric encryption algorithm, etc., and the present application is not limited to a specific implementation of the encryption algorithm.
In summary, according to the trusted measurement method provided by the application, the measurement report of each component in the server is obtained through the management chip, so that not only can the trusted measurement be carried out on the system with an unexposed interface to realize the trusted measurement of all the systems and even components of the whole server, but also the format conversion can be carried out on the measurement report of each component after the measurement report of each component is obtained, so that the measurement report accords with the unified rule of the trusted measurement, and the problem that the trusted measurement is incompatible due to the architecture difference is solved.
Fig. 5 is a schematic diagram of a chip according to the present application, and the chip 500 may be the management chip 110 in the foregoing, and as shown in fig. 5, the chip may include a management system measurement unit 510, an acquisition unit 520, and a server measurement unit 530.
The management system measurement unit 510 is configured to perform a trusted measurement on the management system, obtain a first measurement report of the management system, where the first measurement report is used to represent the integrity of the management system;
an obtaining unit 520, configured to obtain a second measurement report from the component, where the second measurement report is a trusted measurement report of the component system, and the second measurement report is used to indicate the integrity of the component;
a server metric unit 530, configured to perform a trusted metric on the server according to the first metric report and the second metric report.
In one possible implementation, the component includes at least one of: the system comprises a computing component, a storage component, an IO component, an acceleration component, a memory expansion component and a heat dissipation component.
In a possible implementation manner, the management system measurement unit 510 is configured to perform a trusted measurement on the management system when the server is started for the first time, or the management system measurement unit 510 is configured to perform a trusted measurement on the management system periodically during the operation of the server.
In one possible implementation, the second measurement report is obtained by measuring the code of the component system by the component, and the first measurement report is obtained by measuring the code of the management system by the chip.
In a possible implementation manner, the server measurement unit 530 is configured to obtain a trusted measurement format of the server, and convert the first measurement report and the second measurement report into a third measurement report corresponding to the trusted measurement format; a server metrics unit 530 for performing a trusted metric on the server based on the third metrics report.
In a possible implementation, the third metric report includes the identity information of the server and the metric value of the server, and the server metric unit 530 is configured to obtain the standard metric value of the server from a local or remote location according to the identity information of the server, and perform a trusted metric on the server according to the metric value of the server and the standard metric value of the server.
In a possible implementation, the server measurement unit 530 is configured to send a third measurement report to the authentication node, so that the authentication node performs a trusted measurement on the server according to the third measurement report.
In one possible implementation, the IO component includes a network card or a riser; the storage component comprises one or more of a hard disk backboard, an Expander and a PCIE switch; the computing component comprises a CPU, a DDR and a power supply; the acceleration component includes a carrier plate and an acceleration card interconnect switch, wherein the acceleration card includes one or more of the image processors GPU, DPU, NPU; the memory expansion assembly comprises a carrier plate and one or more of a memory expansion chip, a DIMM and an SCM medium; the heat dissipation assembly comprises one or more of air cooling heat dissipation and liquid cooling heat dissipation.
In one possible implementation, the chip 500 is a motherboard management controller, BMC, chip in a server.
In summary, the application provides the measurement report of each component in the server which can be obtained by the chip, not only can the system with the unexposed interface be subjected to the credible measurement, and the credible measurement of all the systems and even components of the whole server can be realized, but also the measurement report of each component can be subjected to format conversion after being obtained, so that the measurement report accords with the unified rule of the credible measurement, and the problem that the credible measurement is incompatible in the server due to the architecture difference is solved.
Fig. 6 is another schematic structural diagram of a chip provided by the present application, and the chip 600 is a management chip in the embodiment of fig. 1 to 5. Further, the chip 600 includes a computing unit 601, a memory 602, and a communication interface 603, where the computing unit 601, the memory 602, and the communication interface 603 communicate through a bus 604, and also communicate through other means such as wireless transmission.
The computing unit 601 is a programmed logic device (Programmable Logic Device, PLD). Such as complex programmable logic devices (Complex Programmable Logic Device, CPLD), field-programmable gate arrays (Field-Programmable Gate Array, FPGA), general-purpose array logic (Generic Array Logic, GAL), or any combination thereof. The computing unit 601 executes various types of digitally stored instructions, such as software or firmware programs stored in the memory 602, that enable the chip 600 to provide a wide variety of services.
The memory 602 is used for storing program codes and is controlled by the computing unit 601 to execute the processing steps of the management chip 110 in any of the embodiments of fig. 1-5. The program code includes one or more software units, where the one or more software units are a management system measurement unit, an obtaining unit and a service measurement unit in the embodiment of fig. 5, where the management system measurement unit is configured to perform a trusted measurement on a management system, obtain a first measurement report of the management system, obtain a second measurement report from a component, and the server measurement unit is configured to perform a trusted measurement on a server according to the first measurement report and the second measurement report, and detailed descriptions of embodiments of fig. 1 to 5 are omitted herein.
The memory 602 includes read only memory and random access memory, and provides instructions and data to the computing unit 601. The memory 602 also includes non-volatile random access memory. For example, the memory 602 may be used to store a first metric report, a second metric report, and a third metric report, and may also be used to store a key used to encrypt the third metric report.
The memory 602 is either volatile memory or nonvolatile memory, or includes both volatile and nonvolatile memory. The nonvolatile memory is a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory is random access memory (random access memory, RAM), which acts as external cache memory. By way of example and not limitation, many forms of RAM are used, such as Static RAM (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM). Also, a hard disk (hard disk), a U-disk (universal serial bus, USB), a flash memory (flash), an SD card (secure digital memory Card, SD card), a memory stick, etc., the hard disk being a Hard Disk Drive (HDD), a Solid State Disk (SSD), a mechanical hard disk (mechanical hard disk, HDD), etc., the present application is not particularly limited.
The communication interface 603 is a wired interface (e.g. an ethernet interface), an internal interface (e.g. a high-speed serial computer expansion bus (Peripheral Component Interconnect express, PCIE) bus interface), a wired interface (e.g. an ethernet interface) or a wireless interface (e.g. a cellular network interface or using a wireless lan interface) for communicating with other servers or units, and in a specific implementation, the communication interface 603 is configured to send a third metric report to the authentication node and obtain a second metric report from the component. In a specific implementation, the specific implementation of the communication interface 603 may refer to the interface description about the BMC chip in the foregoing table 2 implementation, and the description is not repeated here.
Bus 604 is a peripheral component interconnect express (Peripheral Component Interconnect Express, PCIE) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, a unified bus (Ubus or UB), a computer quick link (compute express link, CXL), a cache coherent interconnect protocol (cache coherent interconnect for accelerators, CCIX), or the like. The bus 604 includes an out-of-band bus, a high-speed bus, and the like, and the above description of the out-of-band bus and the high-speed bus may refer to the embodiments of fig. 1 to 5, and the description thereof will not be repeated here. For clarity of illustration, the various buses are labeled as bus 604 in the figures.
It should be noted that fig. 6 is merely one possible implementation of the embodiment of the present application, and the chip 600 may further include more or fewer components in practical applications, which is not limited herein. For details not shown or described in the embodiments of the present application, refer to the related descriptions in the foregoing embodiments of fig. 1 to 5, which are not repeated here.
An embodiment of the present application provides a computer-readable storage medium including: the computer-readable storage medium having stored therein computer instructions; the computer instructions, when executed on a computer, cause the computer to perform the trusted metric method described in the method embodiments above.
Embodiments of the present application provide a computer program product comprising instructions, including a computer program or instructions, which when run on a computer, cause the computer to perform the trusted metric method described in the method embodiments above.
The embodiment of the application provides a chip which comprises a service core and a security core, wherein the security core is used for realizing the management function of the BMC chip in the content, and the security core is used for realizing the credibility measuring method in the embodiment of the method.
The above embodiments are implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, the above-described embodiments are implemented in whole or in part in the form of a computer program product. The computer program product includes at least one computer instruction. When the computer program instructions are loaded or executed on a computer, the processes or functions in accordance with embodiments of the present application are produced in whole or in part. The computer is a general purpose computer, special purpose computer, computer network, or other programming device. The computer instructions are stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, from one website, computer, server, or data center by wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. Computer-readable storage media are any available media that can be accessed by a computer or data storage nodes, such as servers, data centers, etc., that contain at least one collection of available media. The medium is a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., high-density digital video disc (digital video disc, DVD), or a semiconductor medium.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various equivalents may be substituted and equivalents will fall within the true scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (29)
1. A method of trusted metrics, the method being applied to a server comprising a management chip and a component, the management chip and the component establishing a communication connection over a bus, the method comprising:
the management chip performs trusted measurement on a management system, and obtains a first measurement report of the management system, wherein the first measurement report is used for representing the integrity of the management system;
the management chip obtains a second metric report from the component, wherein the second metric report is a trusted metric report of the component system and is used for indicating the integrity of the component;
and the management chip performs credibility measurement on the server according to the first measurement report and the second measurement report.
2. The method of claim 1, wherein the component comprises at least one of: the system comprises a computing component, a storage component, an IO component, an acceleration component, a memory expansion component and a heat dissipation component.
3. The method according to claim 1 or 2, wherein the management chip performs a trusted measurement on the management system in case of the first start-up of the server, or the management chip performs a trusted measurement on the management system periodically during the operation of the server.
4. A method according to any one of claims 1 to 3, wherein the second measurement report is obtained by measuring the code of the component system by the component, and the first measurement report is obtained by measuring the code of the management system by the management chip.
5. The method of any one of claims 1 to 4, wherein the managing the server for the trusted metrics from the first metric report and the second metric report by the management chip comprises:
the management chip acquires a trusted measurement format of the server, and converts the first measurement report and the second measurement report into a third measurement report corresponding to the trusted measurement format;
And the management chip performs trusted measurement on the server according to the third measurement report.
6. The method of claim 5, wherein the third metric report includes identity information of the server and a metric value of the server, the metric value of the server being used to indicate integrity of the server, and wherein the managing chip authenticating the third metric report comprises:
and the management chip acquires the standard measurement value of the server from the local or remote according to the identity information of the server, and performs trusted measurement on the server according to the measurement value of the server and the standard measurement value of the server.
7. The method of claim 5 or 6, wherein the managing the server for trusted metrics from the third metrics report by the management chip comprises:
and the management chip sends the third measurement report to an authentication node so that the authentication node can perform trusted measurement on the server according to the third measurement report.
8. The method according to any one of claims 1 to 7, wherein,
the IO component comprises a network card or a PCIE expansion card server which is a high-speed serial computer expansion bus standard;
The storage component comprises one or more of a hard disk backboard, an expansion board Expander, PCIE switch;
the computing component comprises a Central Processing Unit (CPU), a Double Data Rate (DDR) and a power supply;
the acceleration component comprises a carrier plate and an acceleration card interconnection switch, wherein the acceleration card comprises one or more of an image processor GPU, a processor decentralized processing unit DPU and a neural network processor NPU;
the memory expansion assembly comprises a carrier plate and one or more of a memory expansion chip, a dual in-line memory module DIMM and a memory level storage medium SCM medium;
the heat dissipation assembly comprises one or more of air cooling heat dissipation and liquid cooling heat dissipation.
9. The method according to any of claims 1 to 8, wherein the management chip is a motherboard management controller, BMC, chip in a server.
10. A server is characterized by comprising a management chip and a component, wherein the management chip and the component establish communication connection through a bus,
the management chip is used for carrying out credible measurement on the management system, and acquiring a first measurement report of the management system, wherein the first measurement report is used for representing the integrity of the management system;
The component is used for carrying out credibility measurement on the component system and obtaining a second measurement report of the component system, wherein the second measurement report is used for representing the integrity of the component system;
the management chip is used for acquiring a second measurement report from the component, and carrying out credibility measurement on the server according to the first measurement report and the second measurement report.
11. The server of claim 10, wherein the component comprises at least one of: the system comprises a computing component, a storage component, an IO component, an acceleration component, a memory expansion component and a heat dissipation component.
12. The server according to claim 10 or 11, wherein,
the management chip is used for carrying out credibility measurement on the management system under the condition that the server is started for the first time; or alternatively, the process may be performed,
and the management chip is used for periodically carrying out credibility measurement on the management system in the running process of the server.
13. The server according to any of the claims 10-12, wherein the second measurement report is obtained after the component measures the code of the component system, and the first measurement report is obtained after the management chip measures the code of the management system.
14. The server according to any one of claims 10 to 13, wherein the management chip is configured to obtain a trusted metric format of the server, and convert the first metric report and the second metric report into a third metric report corresponding to the trusted metric format;
and the management chip is used for carrying out trusted measurement on the server according to the third measurement report.
15. The server of claim 14, wherein the third metric report includes identity information of the server and a metric value of the server, the metric value of the server being used to indicate the integrity of the server, the management chip being used to obtain a standard metric value of the server locally or remotely according to the identity information of the server, and to perform a trusted metric on the server according to the metric value of the server and the standard metric value of the server.
16. The server according to claim 14 or 15, wherein the management chip is configured to send the third metric report to an authentication node for the authentication node to perform a trusted metric on the server according to the third metric report.
17. The server according to any one of the claims 10 to 16, wherein,
the IO component comprises a network card or a PCIE expansion card server which is a high-speed serial computer expansion bus standard;
the storage component comprises one or more of a hard disk backboard, an expansion board Expander, PCIE switch;
the computing component comprises a Central Processing Unit (CPU), a Double Data Rate (DDR) and a power supply;
the acceleration component comprises a carrier plate and an acceleration card interconnection switch, wherein the acceleration card comprises one or more of an image processor GPU, a processor decentralized processing unit DPU and a neural network processor NPU;
the memory expansion assembly comprises a carrier plate and one or more of a memory expansion chip, a dual in-line memory module DIMM and a memory level storage medium SCM medium;
the heat dissipation assembly comprises one or more of air cooling heat dissipation and liquid cooling heat dissipation.
18. The server according to any of the claims 10 to 17, wherein the management chip is a motherboard management controller, BMC, chip in the server.
19. A chip, wherein a server where the chip is located includes a component, and the chip and the component establish a communication connection through a bus, the chip comprising:
The management system measurement unit is used for carrying out trusted measurement on the management system and obtaining a first measurement report of the management system, wherein the first measurement report is used for representing the integrity of the management system;
an obtaining unit, configured to obtain a second measurement report from the component, where the second measurement report is a trusted measurement report of the component system, and the second measurement report is used to indicate the integrity of the component;
and the server measurement unit is used for carrying out credibility measurement on the server according to the first measurement report and the second measurement report.
20. The chip of claim 19, wherein the component comprises at least one of: the system comprises a computing component, a storage component, an IO component, an acceleration component, a memory expansion component and a heat dissipation component.
21. The chip according to claim 19 or 20, wherein the management system measurement unit is configured to perform a trusted measurement on the management system when the server is started for the first time, or the management system measurement unit is configured to perform a trusted measurement on the management system periodically during operation of the server.
22. The chip of any one of claims 19 to 21, wherein the second measurement report is obtained by measuring a code of the component system by the component, and the first measurement report is obtained by measuring a code of the management system by the chip.
23. The chip according to any one of claims 19 to 22, wherein the server metric unit is configured to obtain a trusted metric format of the server, and convert the first metric report and the second metric report into a third metric report corresponding to the trusted metric format;
and the server measurement unit is used for carrying out credibility measurement on the server according to the third measurement report.
24. The chip of claim 23, wherein the third metric report includes identity information of the server and a metric value of the server, and wherein the server metric unit is configured to obtain, locally or remotely, a standard metric value of the server according to the identity information of the server, and perform a trusted metric on the server according to the metric value of the server and the standard metric value of the server.
25. The chip of claim 23 or 24, wherein the server measurement unit is configured to send the third measurement report to an authentication node for the authentication node to perform a trusted measurement on the server according to the third measurement report.
26. The chip of any one of claims 19 to 25, wherein,
The IO component comprises a network card or a PCIE expansion card server which is a high-speed serial computer expansion bus standard;
the storage component comprises one or more of a hard disk backboard, an expansion board Expander, PCIE switch;
the computing component comprises a Central Processing Unit (CPU), a Double Data Rate (DDR) and a power supply;
the acceleration component comprises a carrier plate and an acceleration card interconnection switch, wherein the acceleration card comprises one or more of an image processor GPU, a processor decentralized processing unit DPU and a neural network processor NPU;
the memory expansion assembly comprises a carrier plate and one or more of a memory expansion chip, a dual in-line memory module DIMM and a memory level storage medium SCM medium;
the heat dissipation assembly comprises one or more of air cooling heat dissipation and liquid cooling heat dissipation.
27. The chip of any one of claims 19 to 26, wherein the chip is a baseboard management controller, BMC, chip in a server.
28. A chip comprising a traffic core and a security core, the security core being for executing instructions to implement the method of any one of claims 1 to 9, the management core being for executing instructions to implement management functions.
29. A chip, characterized in that it comprises a computing unit and a memory, said memory being intended to store code, said computing unit being intended to execute said code to implement the method according to any of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210191295.XA CN116702149A (en) | 2022-02-28 | 2022-02-28 | Trusted measurement method, server and chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210191295.XA CN116702149A (en) | 2022-02-28 | 2022-02-28 | Trusted measurement method, server and chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116702149A true CN116702149A (en) | 2023-09-05 |
Family
ID=87824480
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210191295.XA Pending CN116702149A (en) | 2022-02-28 | 2022-02-28 | Trusted measurement method, server and chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116702149A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116881928A (en) * | 2023-09-06 | 2023-10-13 | 联想长风科技(北京)有限公司 | Trusted rapid measurement method and trusted computer |
| CN117806777A (en) * | 2024-02-29 | 2024-04-02 | 苏州元脑智能科技有限公司 | Virtual environment starting integrity verification method, device, system, equipment and medium |
| CN117806777B (en) * | 2024-02-29 | 2024-05-10 | 苏州元脑智能科技有限公司 | Virtual environment starting integrity verification method, device, system, equipment and medium |
-
2022
- 2022-02-28 CN CN202210191295.XA patent/CN116702149A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116881928A (en) * | 2023-09-06 | 2023-10-13 | 联想长风科技(北京)有限公司 | Trusted rapid measurement method and trusted computer |
| CN116881928B (en) * | 2023-09-06 | 2023-11-17 | 联想长风科技(北京)有限公司 | Trusted rapid measurement method and trusted computer |
| CN117806777A (en) * | 2024-02-29 | 2024-04-02 | 苏州元脑智能科技有限公司 | Virtual environment starting integrity verification method, device, system, equipment and medium |
| CN117806777B (en) * | 2024-02-29 | 2024-05-10 | 苏州元脑智能科技有限公司 | Virtual environment starting integrity verification method, device, system, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3582129B1 (en) | Technologies for secure hardware and software attestation for trusted i/o | |
| CN107025406B (en) | Motherboard, computer-readable storage device, and firmware verification method | |
| US11487852B2 (en) | Blockchain-based license management | |
| US9037839B2 (en) | Secure startup of information processing apparatus including determining whether configuration information for hardware resources of the information processing apparatus have been modified | |
| US11494495B2 (en) | System and method for firmware image integrity verification | |
| US11868474B2 (en) | Securing node groups | |
| US20230140209A1 (en) | System and method for secure access to a distributed virtual firmware network drive | |
| CN116702149A (en) | Trusted measurement method, server and chip | |
| CN115708040A (en) | Mainboard and computing equipment | |
| US11514193B2 (en) | Validating secure assembly and delivery of multiple information handling systems installed in a shared chassis | |
| WO2023160701A1 (en) | Component communication method and computing device | |
| WO2023160705A1 (en) | Component authentication method and apparatus | |
| CN110569042B (en) | System, method, equipment and storage medium for supporting function of updating FPGA in virtual machine | |
| US20230306141A1 (en) | Real-time management of delta inventory certificates for component validation using eventing and cloud infrastructures | |
| US20230127882A1 (en) | Generating an inventory certificate for validation of information handling systems | |
| US20230127223A1 (en) | Physical port validation for information handling systems | |
| EP4258146A1 (en) | Computer system, trusted functional assembly, and operation method | |
| US11810062B2 (en) | Validating secure modifications to information handling systems | |
| CN116702148A (en) | Trusted computing method, chip and server | |
| CN116700747A (en) | Firmware upgrading method, control device and system | |
| US20240134998A1 (en) | Systems and methods for vulnerability proofing when configuring an ihs | |
| US11985258B2 (en) | Split chain of digital certificates for supply chain integrity | |
| US20240104215A1 (en) | Systems and methods for secure firmware updates | |
| US20240134989A1 (en) | Systems and methods for bmc firmware identity based access control | |
| US20240135001A1 (en) | Systems and methods for vulnerability proofing machine learning recommendations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |