CN117150478A - Trust root, chip and data verification method based on system on chip - Google Patents
Trust root, chip and data verification method based on system on chip Download PDFInfo
- Publication number
- CN117150478A CN117150478A CN202311085146.6A CN202311085146A CN117150478A CN 117150478 A CN117150478 A CN 117150478A CN 202311085146 A CN202311085146 A CN 202311085146A CN 117150478 A CN117150478 A CN 117150478A
- Authority
- CN
- China
- Prior art keywords
- result
- image file
- register
- trust
- root
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000013524 data verification Methods 0.000 title claims abstract description 10
- 238000012795 verification Methods 0.000 claims abstract description 133
- 230000005540 biological transmission Effects 0.000 claims abstract description 85
- 238000012545 processing Methods 0.000 claims abstract description 44
- 230000002093 peripheral effect Effects 0.000 claims description 31
- 238000004891 communication Methods 0.000 claims description 26
- 238000007726 management method Methods 0.000 claims description 24
- 239000011159 matrix material Substances 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 238000011161 development Methods 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims 2
- 238000013461 design Methods 0.000 description 20
- 238000010586 diagram Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 13
- 230000008569 process Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000005236 sound signal Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 238000012905 input function Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- COCAUCFPFHUGAA-MGNBDDOMSA-N n-[3-[(1s,7s)-5-amino-4-thia-6-azabicyclo[5.1.0]oct-5-en-7-yl]-4-fluorophenyl]-5-chloropyridine-2-carboxamide Chemical compound C=1C=C(F)C([C@@]23N=C(SCC[C@@H]2C3)N)=CC=1NC(=O)C1=CC=C(Cl)C=N1 COCAUCFPFHUGAA-MGNBDDOMSA-N 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010897 surface acoustic wave method Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a trust root based on a system-on-chip, a chip and a data verification method, which are used for improving data security. Comprising the following steps: the central processing unit, the direct memory access engine, the verification module, the SMU and the SPI are connected through the bus system, and the first memory and the second memory are connected with the bus system through the SPI; the first memory stores a first image file of the BMC; the second memory stores a second image file of the BIOS; the SMU sets the reset of the trust root; the central processing unit acquires configuration information of the trust root and sends the configuration information to the direct memory access engine, the verification module and the SPI; the SPI opens a first data transmission path and a second data transmission path; the direct memory access engine writes the first image file into the verification module through the first data transmission path and writes the second image file into the verification module through the second data transmission path; and the verification module verifies the first image file and the second image file to obtain a verification result. The method can be applied to the fields of computers, cloud computing and the like.
Description
Technical Field
The present application relates to computers, and more particularly, to a trust root, chip and data verification method based on a system on chip.
Background
With the development of internet technology, more and more services are migrated to the network, and in order to ensure the security of the services, a platform capable of providing security services is required. While for platforms that need to provide security services, the basic requirement is that the system itself be trusted. It must therefore be ensured that all code is integrity and authenticity verified from the first instruction run at system start-up to the entire flow of operating system load completion. And secure boot is designed to accomplish this. Since multiple levels of boot images may be required at boot of an operating system, all subsequent images are virtually untrusted as long as any one of the levels of images does not perform the secureboot procedure.
To solve this problem, a root of trust is introduced, which is a component that performs verification, update, and read-write protection on the image at the time of the operating system startup of the server. The method protects the processes of starting, running and exiting the hardware by constructing a reasonable hardware mechanism, and simultaneously, when the system security is threatened and destroyed, the hardware security system has the capability of recovering the whole system to a security state or giving an alarm.
In order to ensure the safe starting of the server, the mirror image file needs to be better protected from leakage. Therefore, a trust root for ensuring the security of the image file is needed.
Disclosure of Invention
The embodiment of the application provides a trust root based on a system on chip, a chip and a data verification method, which are used for avoiding sensitive data to be verified from leaking from the trust root and improving data security.
In view of this, one aspect of the present application provides a root of trust based on a system on chip, comprising: a central processor, a direct memory access engine (Direct Memory Access, DMA engine), a verification module (Crypto), a system management unit (System Management Unit, SMU), a first memory, a second memory, a serial peripheral interface control center (Serial Peripheral interface, SPI), and a bus system; the central processing unit, the direct memory access engine, the verification module, the SMU and the SPI are connected through the bus system; the first memory and the second memory are connected with the bus system through the SPI; the first memory is configured to store a first image file of a baseboard control manager (Baseboard Management Controller, BMC) of a server, wherein the BMC establishes communication with the root of trust via the bus system; the second memory is used for storing a second image file of a basic input output system (Basic Input Output System, BIOS) of the server; the SMU is used for setting the reset of the trust root; the CPU is used for acquiring configuration information of the trust root after the trust root is reset, and sending the configuration information to the direct memory access engine, the verification module and the serial peripheral interface control center through the bus system, wherein the configuration information is a preset verification instruction; the SPI is used for responding to the configuration information to open a first data transmission path and a second data transmission path, wherein the first data transmission path is a transmission path among the first memory, the direct memory access engine and the verification module, and the second data transmission path is a transmission path among the second memory, the direct memory access engine and the verification module; the direct memory access engine is used for writing the first image file into the verification module through the first data transmission path and writing the second image file into the verification module through the second data transmission path; and the verification module is used for calculating and verifying the first image file and the second image file to obtain a verification result.
In one possible design, in another implementation manner of another aspect of the embodiments of the present application, the verification module is further configured to write the verification result into a first register corresponding to the verification module;
the central processing unit is used for reading the check result from the first register and writing the check result into the second register, so that the baseboard control manager BMC reads the check result from the second register according to the bus system and determines the starting operation of the server according to the check result.
In one possible design, in another implementation manner of another aspect of the embodiments of the present application, the verification module is configured to calculate and verify the first image file to obtain a first result, and write the first result into the first register;
the central processing unit is used for reading the first result from the first register and writing the first result into the second register so that the baseboard control manager BMC reads the first result from the second register according to the bus system;
when the baseboard control manager BMC determines that the first image file is successfully checked according to the first result, the checking module is used for calculating and checking the second image file to obtain a second result, and writing the second result into the first register;
The central processing unit is used for reading the second result from the first register and writing the second result into the second register so that the baseboard control manager BMC reads the second result from the second register according to the bus system;
and starting the server when the baseboard control manager BMC determines that the second image file is successfully checked according to the second result.
In one possible design, in another implementation of another aspect of the embodiments of the present application, when the baseboard control manager BMC determines that the first image file fails to verify according to the first result, the first memory is configured to update the first image file to the third image file;
the direct memory access engine is used for writing the third image file into the verification module through the first data transmission path;
the verification module is used for calculating and verifying the third mirror image file to obtain a third result, and writing the third result into the first register;
the central processing unit is used for reading the third result from the first register and writing the third result into the second register so that the baseboard control manager BMC reads the third result from the second register according to the bus system and determines whether the image file of the baseboard control manager BMC is successfully checked according to the third result;
Repeating the above operation until the image file of the baseboard control manager BMC is successfully checked.
In one possible design, in another implementation of another aspect of the embodiments of the present application, when the baseboard control manager BMC determines that the second image file fails to verify according to the second result, the second memory is configured to update the second image file to the fourth image file;
the direct memory access engine is used for writing the fourth image file into the verification module through the second data transmission path;
the verification module is used for calculating and verifying the fourth mirror image file to obtain a fourth result, and writing the fourth result into the first register;
the central processing unit is used for reading the fourth result from the first register and writing the fourth result into the second register so that the baseboard control manager BMC reads the fourth result from the second register according to the bus system and determines whether the image file of the basic input output system BIOS is successfully checked according to the fourth result;
repeating the above operation until the image file of the basic input output system BIOS is successfully checked.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the serial peripheral interface control center SPI is used to close the first data transmission channel and the second data transmission channel after the server is started.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the root of trust further comprises a third memory for storing a third image of the root of trust.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the third memory is integrated with the central processor or the third memory is connected to the central processor through the bus system.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the first memory has its backup memory and the second memory has its backup memory.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the bus system includes an advanced high-performance bus AHB, an advanced peripheral bus APB, and a system management bus Smbus, a bus matrix controller BMC;
the advanced high-performance bus AHB and the advanced peripheral bus APB are used for constructing a secondary bus structure of the trust root;
the bus matrix controller BMC is used for controlling the secondary bus structure;
the system management bus Smbus is configured to establish communication between the baseboard control manager BMC and the trust root.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the system management bus Smbus is configured to establish a mailbox path between the baseboard control manager BMC and the trust root to enable communication between the baseboard control manager BMC and the trust root.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the root of trust further comprises a bridge;
the bridge is configured to implement conversion between the advanced high-performance bus AHB and the advanced peripheral bus APB in the trust root.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the root of trust further comprises a version configuration module;
the version configuration module is used for controlling software deployed on the trust root.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the root of trust is a separately developed chip or a device generated by logic development based on a field programmable gate array.
In another aspect, the application provides a chip comprising the root of trust as described above.
Another aspect of the present application provides a data verification method, which is applied to the trust root in the above aspects, including:
after the trust root is reset, the central processing unit acquires configuration information of the trust root and sends the configuration information to a direct memory access engine, a verification module and a serial peripheral interface control center of the trust root, wherein the configuration information is a preset verification instruction;
the SPI responds to the configuration information to open a first data transmission path and a second data transmission path, wherein the first data transmission path is a transmission path among the first memory, the direct memory access engine and the verification module, and the second data transmission path is a transmission path among the second memory, the direct memory access engine and the verification module;
the direct memory access engine writes the first image file into the verification module through the first data transmission path, and writes the second image file into the verification module through the data transmission path, wherein the first image file is an image file of a baseboard control manager BMC of the server and is stored in a first memory of the trust root, and the second image file is an image file of a basic input output system BIOS of the server and is stored in a second memory of the trust root;
And the verification module calculates and verifies the first image file and the second image file to obtain a verification result.
Another aspect of the present application provides a data verification apparatus, specifically including: after the trust root is reset, the central processing unit is used for acquiring configuration information of the trust root and sending the configuration information to a direct memory access engine, a verification module and a serial peripheral interface control center of the trust root, wherein the configuration information is a preset verification instruction;
the serial peripheral interface control center SPI is used for responding to the configuration information to open a first data transmission path and a second data transmission path, wherein the first data transmission path is a transmission path between a first memory of the trust root, the direct memory access engine and the verification module, the second data transmission path is a transmission path between a second memory of the trust root, the direct memory access engine and the verification module, the first memory is used for storing a first image file of a baseboard control manager BMC of the server, the baseboard control manager BMC and the trust root establish communication through the bus system, and the second memory is used for storing a second image file of a basic input output system BIOS of the server;
The direct memory access engine is used for writing the first image file into the verification module through the first data transmission path and writing the second image file into the verification module through the data transmission path;
and the verification module is used for calculating and verifying the first image file and the second image file to obtain a verification result.
In one possible design, in another implementation manner of another aspect of the embodiments of the present application, the verification module writes the verification result into a first register corresponding to the verification module;
the central processing unit reads the check result from the first register and writes the check result into a second register, so that the baseboard control manager BMC reads the check result from the second register according to the bus system and determines starting operation of the server according to the check result.
In one possible design, in another implementation manner of another aspect of the embodiments of the present application, the verification module is configured to calculate and verify the first image file to obtain a first result, and write the first result into the first register; and when the first image file is determined to be successfully checked according to the first result, the checking module is used for calculating and checking the second image file to obtain a second result, and writing the second result into the first register.
In one possible design, in another implementation of another aspect of the embodiments of the present application, the central processor is configured to read the first result from the first register and write the first result to the second register, so that the baseboard control manager BMC reads the first result from the second register according to the bus system;
when the baseboard control manager BMC determines that the first image file is successfully checked according to the first result, the central processing unit is used for reading the second result from the first register and writing the second result into the second register, so that the baseboard control manager BMC reads the second result from the second register according to the bus system;
and when the baseboard control manager BMC determines that the second image file is successfully checked according to the second result, starting the server.
In one possible design, in another implementation of another aspect of the embodiments of the present application, when it is determined that the first image file fails to verify according to the first result, the first memory is configured to update the first image file to a third image file;
The direct memory access engine is used for writing the third image file into the verification module through the first data transmission path;
the verification module is used for calculating and verifying the third image file to obtain a third result, and writing the third result into the first register;
the central processing unit is configured to read the third result from the first register and write the third result into the second register, so that the baseboard control manager BMC reads the third result from the second register according to the bus system, and determine whether the image file of the baseboard control manager BMC is successfully checked according to the third result;
repeating the above operation until the image file of the baseboard control manager BMC is successfully checked.
In a possible design, in another implementation manner of another aspect of the embodiment of the present application, when it is determined that the second image file fails to verify according to the second result, the second memory is configured to update the second image file to a fourth image file;
the direct memory access engine is used for writing the fourth image file into the verification module through the second data transmission path;
The verification module is used for calculating and verifying the fourth mirror image file to obtain a fourth result, and writing the fourth result into the first register;
the central processing unit is configured to read the fourth result from the first register and write the fourth result into the second register, so that the baseboard control manager BMC reads the fourth result from the second register according to the bus system, and determines whether the image file of the basic input output system BIOS is successfully verified according to the fourth result;
repeating the above operation until the image file of the basic input output system BIOS is successfully checked.
Another aspect of the present application provides a computer apparatus comprising: a memory, a processor, and a bus system;
wherein the memory is used for storing programs;
the processor is used for executing the program in the memory, and the processor is used for executing the method according to the instructions in the program code;
the bus system is used to connect the memory and the processor to communicate the memory and the processor.
Another aspect of the application provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the above method.
In another aspect of the application, a computer program product or computer program is provided, the computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium and executes the computer instructions to cause the computer device to perform the methods provided above.
From the above technical solutions, the embodiment of the present application has the following advantages: the serial peripheral interface control center is utilized to open a direct passage between the memory and the verification module, so that data to be verified are all responsible by the direct memory access engine and do not pass through a central processor in the trust root, and sensitive data to be verified are prevented from being leaked from the trust root.
Drawings
FIG. 1 is a schematic diagram of one embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 2 is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 3 is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 4a is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 4b is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 4c is a schematic diagram of a connection between a root of trust and a server motherboard based on a system-on-chip in an embodiment of the present application;
FIG. 4d is a schematic diagram of another connection embodiment between a root of trust based on a system-on-chip and a server motherboard in an embodiment of the present application;
FIG. 5 is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 6 is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 7 is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 8 is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 9 is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 10 is a schematic diagram of another embodiment of a root of trust based on a system on chip in an embodiment of the application;
FIG. 11 is a schematic diagram of one embodiment of a data verification apparatus employing a root of trust based system on chip in an embodiment of the application;
FIG. 12 is a schematic diagram of another embodiment of a data verification apparatus employing a root of trust based system on chip in an embodiment of the application.
Detailed Description
The embodiment of the application provides a trust root based on a system on chip and a chip, which are used for avoiding the leakage of sensitive data to be verified from the trust root and improving the data security.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "includes" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
With the development of internet technology, more and more services are migrated to the network, and in order to ensure the security of the services, a platform capable of providing security services is required. While for platforms that need to provide security services, the basic requirement is that the system itself be trusted. It must therefore be ensured that all code is integrity and authenticity verified from the first instruction run at system start-up to the entire flow of operating system load completion. And secure boot is designed to accomplish this. Since multiple levels of boot images may be required at boot of an operating system, all subsequent images are virtually untrusted as long as any one of the levels of images does not perform the secureboot procedure. To solve this problem, a root of trust is introduced, which is a component that performs verification, update, and read-write protection on the image at the time of the operating system startup of the server. The method protects the processes of starting, running and exiting the hardware by constructing a reasonable hardware mechanism, and simultaneously, when the system security is threatened and destroyed, the hardware security system has the capability of recovering the whole system to a security state or giving an alarm. In order to ensure the safe starting of the server, the mirror image file needs to be better protected from leakage. Therefore, a trust root for ensuring the security of the image file is needed.
In order to solve the above problems, the present application provides a trust root based on a system on chip, which specifically includes: a central processor, a direct memory access engine (Direct Memory Access, DMA engine), a verification module (Crypto), a system management unit (System Management Unit, SMU), a first memory, a second memory, a serial peripheral interface control center (Serial Peripheral interface, SPI), and a bus system; the central processing unit, the direct memory access engine, the verification module, the SMU and the SPI are connected through the bus system; the first memory and the second memory are connected with the bus system through the SPI; the first memory is configured to store a first image file of a baseboard control manager (Baseboard Management Controller, BMC) of a server, wherein the BMC establishes communication with the root of trust via the bus system; the second memory is used for storing a second image file of a basic input output system (Basic Input Output System, BIOS) of the server; the SMU is used for setting the reset of the trust root; the CPU is used for acquiring configuration information of the trust root after the trust root is reset, and sending the configuration information to the direct memory access engine, the verification module and the serial peripheral interface control center through the bus system, wherein the configuration information is a preset verification instruction; the SPI is used for responding to the configuration information to open a first data transmission path and a second data transmission path, wherein the first data transmission path is a transmission path among the first memory, the direct memory access engine and the verification module, and the second data transmission path is a transmission path among the second memory, the direct memory access engine and the verification module; the direct memory access engine is used for writing the first image file into the verification module through the first data transmission path and writing the second image file into the verification module through the second data transmission path; and the verification module is used for calculating and verifying the first image file and the second image file to obtain a verification result. The serial peripheral interface control center is used for opening a direct passage between the memory and the verification module, so that data to be verified are all responsible by the direct memory access engine and do not pass through the central processor in the trust root, and sensitive data to be verified are prevented from being leaked from the trust root.
For convenience of understanding, the following description will be given of some specific terms involved in the present application:
host: also referred to as a host, the present application mainly refers to a server central processing unit (Central Processing Unit, CPU). The instruction set format supported by The system is not particularly limited, and may be X86 (i.e., the X86 architecture, which is a standard numbered abbreviation of a microprocessor-executed computer language instruction set, which refers to an intel general-purpose computer line, and also identifies a general-purpose set of computer instructions), ARM (i.e., advanced RISC Machine, which is also a microprocessor, which supports an instruction set called ARM instruction set), MIPS (which is also referred to as an abbreviation of Microprocessor without interlocked piped stages architecture, and also as a bilingual term of Millions of Instructions Per Second, which may take The form of a reduced instruction set (Reduced Instruction Set Computing, RISC)) or RISC-V (which is an open source instruction set architecture (Instruction Set Architecture, ISA) based on The Reduced Instruction Set (RISC)) and The like.
Root of Trust (RoT): is a component (Chip or system) for verifying, updating and protecting read-write of the mirror image file of the server. The method is applied to a hardware security system, and generally, a reasonable hardware mechanism is constructed to protect the processes of starting, running and exiting the hardware, and meanwhile, when the security of the system is threatened and destroyed, the hardware security system has the capability of recovering the whole system to a safe state or giving an alarm.
Secure storage (starting Flash): the flash memory block is used for temporarily storing and upgrading a system Image (Image) when the system Image file is updated. Under certain conditions, the status Flash can be converted into formal Flash (or not, depending on the system setting).
System on Chip (SoC): the system is a chip-level system formed by combining a plurality of integrated circuits with specific functions on one chip, wherein a hardware layer comprises a microprocessor/microcontroller, control logic, an on-chip memory, a hardware functional unit, an external communication interface and the like, and a software layer comprises an embedded system and application software.
Register File (RF): is a small storage area within the central processing unit (Central Processing Unit, CPU) for storing data, which is typically used to temporarily store data and results of operations involved in the operations, as well as some information required for the operation of the CPU. Registers typically include the following: general purpose registers: the register is the most common and basic register for program execution codes, and most of the time is needed to operate the registers to realize instruction functions in the process of program execution. A flag register: it includes a number of flag bits for recording a series of states during execution of instructions by the CPU, these flags being most often set and modified automatically by the CPU. Instruction register: the most important register in CPU points to the address where the next instruction to be executed is stored, the CPU works by taking out the instruction pointed to by it and then executing the instruction, and the instruction register continues to point to the next instruction, so that the operation is repeated continuously, which is the basic daily of CPU work. Segment registers: the stored content is closely related to the memory addressing mode in which the CPU is currently operating. When the CPU is in a 16-bit real address mode, the segment register stores the base address of the segment, and when addressing, the segment register content is shifted left by 4 bits (multiplied by 16) to obtain the segment base address plus the intra-segment offset to obtain the final address. When the CPU is operated in the protection mode, the segment register stores a segment base address which is stored in the segment register to indicate which segment the segment register currently "points to". The general registers, segment registers, flag registers, and instruction registers together form a basic instruction execution environment, and the context of a thread is basically the registers, and the contents of the registers are modified when the thread is switched.
It will be appreciated that in the specific embodiment of the present application, related data such as image files and preset instructions are involved, when the above embodiments of the present application are applied to specific products or technologies, user permission or consent is required to be obtained, and the collection, use and processing of related data is required to comply with related laws and regulations and standards of related countries and regions.
The present application provides a trust root based on a system on chip, as shown in fig. 1, the trust root 10 comprises: a central processor 101, a direct memory access engine (Direct Memory Access, DMA engine) 102, a verification module (Crypto) 103, a system management unit (System Management Unit, SMU) 104, a first memory 105, a second memory 106, a serial peripheral interface control center (Serial Peripheral interface, SPI) 107, and a bus system 108; the CPU 101, the DMA engine 102, the verification module 103, the SMU104, and the SPI107 are connected by the bus system 108; the first memory 105 and the second memory 106 are connected to the bus system 108 via the SPI 107; the first memory 105 is configured to store a first image file of a baseboard control manager (Baseboard Management Controller, BMC) of a server, wherein the BMC establishes communication with the root of trust via the bus system; the second memory 106 is configured to store a second image file of a basic input output system (Basic Input Output System, BIOS) of the server; the SMU104 is configured to set a reset of the root of trust; the central processing unit 101 is configured to obtain configuration information of the root of trust after the root of trust is reset, and send the configuration information to the direct memory access engine 102, the verification module 103 and the serial peripheral interface control center 107 through the bus system 108, where the configuration information is a preset verification instruction; the SPI107 is configured to open a first data transmission path and a second data transmission path in response to the configuration information, where the first data transmission path is a transmission path between the first memory 105, the direct memory access engine 104, and the verification module 103, and the second data transmission path is a transmission path between the second memory 106, the direct memory access engine 104, and the verification module 103; the direct memory access engine 104 is configured to write the first image file to the verification module 103 via the first data transmission path and write the second image file to the verification module 103 via the second data transmission path; the verification module 103 is configured to calculate and verify the first image file and the second image file to obtain a verification result. In fig. 1, a thick black line is a bus system 108 in the present application, and a thin black line is the SPI107 in the present application that opens the first data transmission path and the second data transmission path in response to the configuration information.
In the present application, the SPI107 can be understood as one SPI interface, and a plurality of SPI interfaces can be understood. In the case of an SPI interface, time-division multiplexing is required for the read/write operations of the first memory 105 and the second memory 106. When the SPI107 is a plurality of SPI interfaces, one memory may be provided corresponding to one SPI interface. The specific case is not limited herein, as long as reading of data in each memory through the SPI interface can be achieved.
In the present application, the CPU 101, which may also be referred to as a CPU core, is the master of the overall root of trust 10, and the CPU's minimal system includes local instruction stores (Instruction Local Memory, ILM), local data stores (Data local Memory, DLM), JTAG (Joint Test Action Group) interfaces (which are standard interfaces for testing and debugging electronic devices. In the present application, the CPU used by the root of trust 10 may be a lightweight CPU core, such as a control type core using ARM, RISC-V, or the like.
The verification module 103 may use hash verification and elliptic parameter curve verification when performing verification of the image file. It should be understood that the verification module 103 may set a corresponding verification method according to practical situations, which is not limited herein.
While the SMU104 may determine the address allocated by the CPU resetvor on the address space bus based on the type of the CPU 101 upon setting the reset of the root of trust 10. In one exemplary scenario, its CPU reset address is typically set to 0x00000000, but other addresses may be used as the case may be. And the on-chip ROM is allocated with an address space on an address bus, the initial address of the address space can be consistent with the CPU reset vector address, and can be inconsistent with the CPU reset vector address, and how to select the address space is determined according to the chip design requirement.
The SPI107 in the root of trust 10 may also control the first data transmission channel and the second data transmission channel according to the system start-up condition of the server. That is, when the system of the server is not started, the trust root 10 needs to perform read-write operations on the image files in the first memory 105 and the second memory 106, so as to implement operations such as checking, updating, etc. of the image files, so that the SPI107 can control the first data transmission channel and the second data transmission channel to be started. When the system of the server is started, the trust root 10 needs to ensure that the image file of the server cannot be tampered, and the SPI107 in the trust root 10 can control the first data transmission channel and the second data transmission channel to be closed. At this time, the root of trust 10 may also be referred to as switching to the read-write protection mode of the image file, i.e., the filter mode.
In the present application, all control information of the root of trust 10 is generated by the central processing unit 101, wherein the control information can be sent from the bus system 108 to other modules in a register read-write manner. Therefore, the check module 103 and the cpu 101 are configured with their corresponding registers. That is, as shown in FIG. 2, the verification module 103 may configure a first register 1031 and the CPU 101 may configure a second register 1011. It is appreciated that different memory entries may be partitioned in the first register 1031 to store the verification results for different image files. For example, the first register 1031 divides the check result of the image file of the BCM of the storage server in the storage entry 1, and divides the check result of the image file of the BIOS of the storage server in the storage entry 2. And the cpu 101 needs to interact with the server, the second register 1011 may be a register corresponding to a system management bus (System Management Bus, SMB) where the root of trust establishes communication with the server.
When the verification module 103 and the central processing unit 101 are configured with corresponding registers, the trust root may also write the verification result generated by the verification module 103 into the first register 1031; the cpu 101 then reads the check result from the first register 1031 when necessary, and writes the check result to the second register 1011; then, the BMC of the server reads the verification result from the second register 1011 according to the SMB, and determines a start operation of the server according to the verification result.
Optionally, as shown in fig. 3, the root of trust 10 further includes a backup memory 1051 of the first memory 105, and similarly, the root of trust 10 further includes a backup memory 1061 of the second memory 106. Therefore, backup is added for the image files of the BMC and the BIOS, and the image files can be further prevented from being lost, so that the normal starting of the server is ensured.
Optionally, as shown in fig. 4a, the root of trust 10 further comprises a third memory 109, the third memory 109 being configured to store an image file of the root of trust 10. In the present application, the trust root 10 may be configured according to the actual situation, so that it may store an image file related to the configuration information thereof, for verifying the security of the trust root 10. It will be appreciated that the third memory 109 may be coupled to the bus system 108 of the root of trust 10 through the SPI107 as shown in FIG. 4 a; the third memory 109 may also be directly connected to the bus system 108 of the root of trust 10 as shown in fig. 4b, which is not limited in this particular context.
Based on the description of fig. 4a and 4b, it should be understood that the third memory 109 may be integrated in the central processor 101 or may be integrated in the system on chip as a separate memory.
In an exemplary embodiment, as shown in fig. 4c, the third memory 109 is integrated in the system on chip as a separate memory, i.e. the third memory 109 is independent of the central processor 101. In the solution shown in fig. 4c, the trust root 10 is loaded on an IO card, and then the IO card is connected to a system motherboard (i.e. host) of the server through a golden finger, and meanwhile, the central processor 101 establishes Mailbox communication with a BMC in the system motherboard through SMB. The system motherboard also comprises an integrated south bridge (Platform Controller Hub, PCH) and a complex programmable logic device (Complex Programming logic device, CPLD). The root of trust 10 includes two BMC Flash (i.e., the first memory 105 and the backup memory 1051 of the first memory 105 in the present application) and two Bios Flash (i.e., the second memory 106 and the backup memory 1061 of the second memory 106 in the present application) that are backup to each other.
In another exemplary scenario, as shown in fig. 4d, the third memory 109 is integrated into the central processor 101. In the solution shown in fig. 4d, the trust root 10 is loaded on an IO card, and then the IO card is connected to a system motherboard (i.e. host) of the server through a golden finger, and meanwhile, the central processor 101 establishes Mailbox communication with a BMC in the system motherboard through SMB. The system motherboard also comprises an integrated south bridge (Platform Controller Hub, PCH) and a complex programmable logic device (Complex Programming logic device, CPLD). The root of trust 10 includes two BMC Flash (i.e., the first memory 105 and the backup memory 1051 of the first memory 105 in the present application) and two Bios Flash (i.e., the second memory 106 and the backup memory 1061 of the second memory 106 in the present application) that are backup to each other.
Alternatively, as shown in fig. 5, the Bus system 108 of the root of trust 10 may include an Advanced High-performance Bus (AHB) 1081 (black line of the mounted cpu 101, SPI107, direct memory access engine 102, and verification module 103 shown in fig. 5), an Advanced peripheral Bus (Advanced Peripheral Bus, APB) 1082 (black line of the mounted system management unit 104 shown in fig. 5), and a system management Bus (System Management Bus, SMB) 1083. Wherein the AHB1081 may be used to mount high performance, high clock operating frequency devices, while the APB1082 may be used to mount slow speed devices. I.e., the AHB1081 and the APB1082 may constitute a secondary bus structure of the root of trust 10 in the present application. Therefore, different buses are adopted to construct a secondary bus structure and communication between the trust root and the server, so that the isolation of the access between the control unit and the memory in the trust root and the blocking of the external access between the trust root and the server are conveniently realized, and the safety of data is further ensured.
In the present application, a Mailbox channel (i.e., mailbox) may be established between the BMC of the server and the root of trust 10 through the SMB1083 to enable communication between the BMC of the server and the root of trust 10. The mailbox channel is used as a hardware mechanism for process synchronization and data exchange among processors in a multiprocessor system, and has the advantages of relatively wide application range and high speed. The method adopts a Mailbox mode, and mainly carries out multiprocessor communication in a mode of transmitting control information. Depending on the system requirements, different Mail may be defined to implement the system behavior. For example: data transmission of fixed traffic may be defined, or data transmission of fixed blocks may be defined. The data transmission of both communication parties belongs to on-chip parallel data transmission, so that the real-time performance is good and the speed is high. Meanwhile, the method can also be compatible with interrupt and inquiry modes, and reduces the processing time pressure of the control CPU.
Meanwhile, when the secondary bus structure is constructed by using the AHB and the APB, in order to achieve normal data transmission of the bus system, the root of trust 10 may further include a bridge as shown in fig. 6. It is understood that the Bridge may be an APB Bridge or may be a Bridge thereof, so long as the inter-conversion between the AHB and the APB is achieved in this embodiment.
Based on the description of fig. 5 above, in the case that the bus system 108 of the root of trust 10 has multiple types of buses, as shown in fig. 7, the root of trust 10 may further include a bus matrix controller (Bus Matrix Controller, BMC) 111 for controlling the secondary bus structure formed by the AHB and the APB, and at the same time may perform instruction decoding work.
Optionally, in order to implement the wide application of the root of trust 10, as shown in fig. 8, the root of trust 10 may further include a version configuration module 112, where the version configuration module 112 is used to control software deployed on the root of trust 10. I.e. by controlling the software running on the root of trust 10 to provide better service.
Based on the above description, the flow of verifying the image file by the verification module 103 will be described with the flow shown in fig. 9:
After the system is reset, the verification module 103 calculates and verifies the first image file of the BMC of the server to obtain a first result; then the BMC of the server is started and reads the first result; when the BMC determines that the verification of the image file of the BMC is successful according to the first result, triggering the trust root to calculate and verify the second image file of the BIOS of the server to obtain a second result; if the BMC determines that the verification of the image file of the BMC fails according to the first result, triggering the first memory to update the image file of the BMC of the server, and then re-verifying the updated image file of the BMC until the verification of the image file of the BMC of the server is successful, triggering the trust root to calculate and verify the second image file of the BIOS of the server to obtain a second result; the BMC of the server reads the second result; then, when the BMC of the server determines that the verification of the image file of the BIOS is successful according to the second result, the system of the server is started safely, and the trust root is triggered to switch to a read protection mode (also referred to as a filter mode) of the first memory and the second memory; if the BMC of the server determines that the verification of the image file of the BIOS fails according to the second result, triggering a second memory to update the image file of the BIOS, and then re-verifying the updated image file of the BIOS until the verification of the image file of the BIOS of the server is successful.
The system-on-chip based trust root 10 of the present application is illustrated in an exemplary manner and includes CPU, BMC, crytpo, JTAG, ILM, DLM, AHB, APB, APBBRG, SPI (SPI Mem, SPI Filter0/1, SPI Filter2/3, SPI0/1, SPI 2/3), DMA, flash_CSR, flash_Data, version-config, SMBus_slave, SMU, universal asynchronous receiver/Transmitter (Universal Asynchronous Receiver/Transmitter, UART), timer, and General purpose input/output (GPIO) as shown in FIG. 10.
Wherein, the thick line is the AHB, the thin line is the APB, and the finest line is the SPI controlled pass-through data transmission line. Wherein, the SMU is used for setting all modules of the trust root to reset; then the CPU executes a verification process according to a preset instruction and acquires configuration information of the trust root under the current condition; the configuration information is issued to the DMA, the SPI and the Crytpo through the AHB or the APB; the SPI responds to the configuration information to open a direct channel between the DMA, the Flash and the Crytpo; the DMA carries the data in the Flash to the Crytpo through the direct channel; the Crytpo verifies the data; and then the CPU sends the verification result to the BMC of the server main board through the SMBus_slave. And the BMC in the root of trust is used to control the AHB, APB, and SMBus slave. The Version-config is used to control the software running in the root of trust.
The JTAG, UART, GPIO and the like can be used for auxiliary flow implementation and also can be used for debugging (Debug) of a trust root, and corresponding data paths can be opened or closed according to actual needs when a product is finally formed.
Based on the above description, the trust root in the present application may be a chip that is independently developed based on a system on chip, or may be a device that is logically developed based on a field programmable gate array of a system on chip, and is not limited in this specific embodiment, as long as the trust root can be pluggable with the server and implement the function of the trust root.
Referring to fig. 11, fig. 11 is a schematic diagram of a server structure according to an embodiment of the present application, where the server 300 may have a relatively large difference due to different configurations or performances, and may include one or more central processing units (central processing units, CPU) 322 (e.g., one or more processors) and a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) storing application programs 342 or data 344. Wherein the memory 332 and the storage medium 330 may be transitory or persistent. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instruction operations on a server. Still further, the central processor 322 may be configured to communicate with the storage medium 330 and execute a series of instruction operations in the storage medium 330 on the server 300.
The Server 300 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input/output interfaces 358, and/or one or more operating systems 341, such as Windows Server TM ,Mac OS X TM ,Unix TM ,Linux TM ,FreeBSD TM Etc.
In the above embodiment, the trust root may be applied to the server structure shown in fig. 11, that is, the trust root may be connected with the server structure shown in fig. 11 through a golden finger, so as to implement secure startup of the server.
The trust root provided by the present application may be used in a terminal device, please refer to fig. 12, which only shows a portion related to an embodiment of the present application for convenience of explanation, and specific technical details are not disclosed, please refer to a method portion of an embodiment of the present application. In the embodiment of the application, a terminal device is taken as a smart phone for example to describe:
fig. 12 is a block diagram showing a part of a structure of a smart phone related to a terminal device provided by an embodiment of the present application. Referring to fig. 12, the smart phone includes: radio Frequency (RF) circuitry 410, memory 420, input unit 430, display unit 440, sensor 450, audio circuitry 460, wireless fidelity (wireless fidelity, wiFi) module 470, processor 480, and power supply 490. Those skilled in the art will appreciate that the smartphone structure shown in fig. 12 is not limiting of the smartphone and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
The following describes the components of the smart phone in detail with reference to fig. 12:
the RF circuit 410 may be used for receiving and transmitting signals during the process of receiving and transmitting information or communication, in particular, after receiving downlink information of the base station, the downlink information is processed by the processor 480; in addition, the data of the design uplink is sent to the base station. In general, RF circuitry 410 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier (low noise amplifier, LNA), a duplexer, and the like. In addition, the RF circuitry 410 may also communicate with networks and other devices via wireless communications. The wireless communications may use any communication standard or protocol including, but not limited to, global system for mobile communications (global system of mobile communication, GSM), general packet radio service (general packet radio service, GPRS), code division multiple access (code division multiple access, CDMA), wideband code division multiple access (wideband code division multiple access, WCDMA), long term evolution (long term evolution, LTE), email, short message service (short messaging service, SMS), and the like.
The memory 420 may be used to store software programs and modules, and the processor 480 may perform various functional applications and data processing of the smartphone by executing the software programs and modules stored in the memory 420. The memory 420 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, phonebooks, etc.) created according to the use of the smart phone, etc. In addition, memory 420 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
The input unit 430 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the smart phone. In particular, the input unit 430 may include a touch panel 431 and other input devices 432. The touch panel 431, also referred to as a touch screen, may collect touch operations thereon or thereabout by a user (e.g., operations of the user on the touch panel 431 or thereabout using any suitable object or accessory such as a finger, a stylus, etc.), and drive the corresponding connection device according to a predetermined program. Alternatively, the touch panel 431 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch azimuth of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device and converts it into touch point coordinates, which are then sent to the processor 480, and can receive commands from the processor 480 and execute them. In addition, the touch panel 431 may be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave. The input unit 430 may include other input devices 432 in addition to the touch panel 431. In particular, other input devices 432 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.
The display unit 440 may be used to display information input by a user or information provided to the user and various menus of the smart phone. The display unit 440 may include a display panel 441, and optionally, the display panel 441 may be configured in the form of a liquid crystal display (liquid crystal display, LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 431 may cover the display panel 441, and when the touch panel 431 detects a touch operation thereon or nearby, the touch operation is transmitted to the processor 480 to determine the type of the touch event, and then the processor 480 provides a corresponding visual output on the display panel 441 according to the type of the touch event. Although in fig. 12, the touch panel 431 and the display panel 441 are two separate components to implement the input and input functions of the smart phone, in some embodiments, the touch panel 431 and the display panel 441 may be integrated to implement the input and output functions of the smart phone.
The smartphone may also include at least one sensor 450, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 441 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 441 and/or the backlight when the smartphone is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the acceleration in all directions (generally three axes), and can detect the gravity and direction when stationary, and can be used for identifying the application of the gesture of the smart phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration identification related functions (such as pedometer and knocking), and the like; other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc. that may also be configured with the smart phone are not described in detail herein.
Audio circuitry 460, speaker 461, microphone 462 can provide an audio interface between the user and the smartphone. The audio circuit 460 may transmit the received electrical signal after the audio data conversion to the speaker 461, and the electrical signal is converted into a sound signal by the speaker 461 and output; on the other hand, microphone 462 converts the collected sound signals into electrical signals, which are received by audio circuit 460 and converted into audio data, which are processed by audio data output processor 480, and transmitted via RF circuit 410 to, for example, another smart phone, or which are output to memory 420 for further processing.
WiFi belongs to a short-distance wireless transmission technology, and a smart phone can help a user to send and receive emails, browse webpages, access streaming media and the like through a WiFi module 470, so that wireless broadband Internet access is provided for the user. Although fig. 12 shows a WiFi module 470, it is understood that it does not belong to the essential constitution of a smart phone, and can be omitted entirely as required within the scope of not changing the essence of the invention.
The processor 480 is a control center of the smart phone, connects various parts of the entire smart phone using various interfaces and lines, and performs various functions and processes data of the smart phone by running or executing software programs and/or modules stored in the memory 420 and invoking data stored in the memory 420, thereby performing overall monitoring of the smart phone. Optionally, the processor 480 may include one or more processing units; alternatively, the processor 480 may integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., with a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 480.
The smart phone also includes a power supply 490 (e.g., a battery) for powering the various components, optionally in logical communication with the processor 480 through a power management system that performs functions such as managing charge, discharge, and power consumption.
Although not shown, the smart phone may further include a camera, a bluetooth module, etc., which will not be described herein.
The trust root in the above embodiment may be applied to the terminal device structure shown in fig. 12. That is, the trust root can be connected with the terminal device structure shown in fig. 12 through a golden finger, so as to realize the safe starting of the terminal device.
The embodiment of the application also provides a chip which comprises the trust root described in any one of the above.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.
Claims (20)
1. A root of trust based on a system on a chip comprising:
the system comprises a central processing unit, a direct memory access engine, a verification module, a system management unit SMU, a first memory, a second memory, a serial peripheral interface control center SPI and a bus system;
the central processing unit, the direct memory access engine, the verification module, the system management unit SMU and the serial peripheral interface control center SPI are connected through the bus system;
the first memory and the second memory are connected with the bus system through the serial peripheral interface control center SPI;
The first memory is configured to store a first image file of a baseboard control manager BMC of a server, where the baseboard control manager BMC and the trust root establish communication through the bus system;
the second memory is used for storing a second image file of a Basic Input Output System (BIOS) of the server;
the system management unit SMU is used for setting the reset of the trust root;
the central processing unit is used for acquiring configuration information of the trust root after the trust root is reset, and sending the configuration information to the direct memory access engine, the verification module and the serial peripheral interface control center through the bus system, wherein the configuration information is a preset verification instruction;
the serial peripheral interface control center SPI is used for responding to the configuration information to open a first data transmission path and a second data transmission path, wherein the first data transmission path is a transmission path between the first memory, the direct memory access engine and the verification module, and the second data transmission path is a transmission path between the second memory, the direct memory access engine and the verification module;
The direct memory access engine is used for writing the first image file into the verification module through the first data transmission path and writing the second image file into the verification module through the second data transmission path;
and the verification module is used for calculating and verifying the first image file and the second image file to obtain a verification result.
2. The root of trust of claim 1, wherein the verification module is further configured to write the verification result into a first register corresponding to the verification module;
the central processing unit is used for reading the check result from the first register and writing the check result into the second register, so that the baseboard control manager BMC reads the check result from the second register according to the bus system and determines starting operation of the server according to the check result.
3. The root of trust of claim 2, wherein the verification module is configured to calculate and verify the first image file to obtain a first result, and write the first result into the first register;
the central processing unit is used for reading the first result from the first register and writing the first result into the second register, so that the baseboard control manager BMC reads the first result from the second register according to the bus system;
When the baseboard control manager BMC determines that the first image file is successfully checked according to the first result, the checking module is used for calculating and checking the second image file to obtain a second result, and writing the second result into the first register;
the central processing unit is used for reading the second result from the first register and writing the second result into the second register so that the baseboard control manager BMC reads the second result from the second register according to the bus system;
and when the baseboard control manager BMC determines that the second image file is successfully checked according to the second result, starting the server.
4. The root of trust of claim 3, wherein the first memory is configured to update the first image file to a third image file when the baseboard control manager BMC determines that the first image file fails to verify according to the first result;
the direct memory access engine is used for writing the third image file into the verification module through the first data transmission path;
the verification module is used for calculating and verifying the third image file to obtain a third result, and writing the third result into the first register;
The central processing unit is configured to read the third result from the first register and write the third result into the second register, so that the baseboard control manager BMC reads the third result from the second register according to the bus system, and determine whether the image file of the baseboard control manager BMC is successfully checked according to the third result;
repeating the above operation until the image file of the baseboard control manager BMC is successfully checked.
5. The root of trust of claim 3, wherein the second memory is configured to update the second image file to a fourth image file when the baseboard control manager BMC determines that the second image file fails to verify according to the second result;
the direct memory access engine is used for writing the fourth image file into the verification module through the second data transmission path;
the verification module is used for calculating and verifying the fourth mirror image file to obtain a fourth result, and writing the fourth result into the first register;
the central processing unit is configured to read the fourth result from the first register and write the fourth result into the second register, so that the baseboard control manager BMC reads the fourth result from the second register according to the bus system, and determines whether the image file of the basic input output system BIOS is successfully verified according to the fourth result;
Repeating the above operation until the image file of the basic input output system BIOS is successfully checked.
6. A root of trust as claimed in claim 3 wherein the serial peripheral interface control center SPI is configured to close the first data transfer channel and the second data transfer channel after the server is started.
7. The root of trust of any one of claims 1 to 6 further comprising a third memory for storing a third image of the root of trust.
8. The root of trust of claim 7, wherein the third memory is integrated with the central processor or the third memory is coupled to the central processor through the bus system.
9. The root of trust of any of claims 1 to 6, wherein the first memory has its backup memory and the second memory has its backup memory.
10. The root of trust of any one of claims 1 to 6 wherein the bus system comprises an advanced high performance bus AHB, an advanced peripheral bus APB and a system management bus Smbus, bus matrix controller BMC;
The advanced high-performance bus AHB and the advanced peripheral bus APB are used for constructing a secondary bus structure of the trust root;
the bus matrix controller BMC is used for controlling the secondary bus structure;
the system management bus Smbus is configured to establish communication between the baseboard control manager BMC and the trust root.
11. The root of trust of claim 10, wherein the system management bus Smbus is configured to establish a mailbox path between the baseboard control manager BMC and the root of trust to enable communication between the baseboard control manager BMC and the root of trust.
12. The root of trust of claim 10, wherein the root of trust further comprises a bridge;
the bridge is configured to implement conversion between the advanced high-performance bus AHB and the advanced peripheral bus APB in the trust root.
13. The root of trust of any one of claims 1 to 6, 8, 11, wherein the root of trust further comprises a version configuration module;
the version configuration module is used for controlling software deployed on the trust root.
14. The root of trust of any one of claims 1 to 6, 8, 11, wherein the root of trust is a separately developed chip or a device generated for logic development based on a field programmable gate array.
15. A chip, characterized in that it comprises a root of trust as claimed in any one of the preceding claims 1 to 14.
16. A data verification method, applied to a server configured with a root of trust as claimed in any one of claims 1 to 14, comprising:
after the trust root is reset, a central processing unit acquires configuration information of the trust root and sends the configuration information to a direct memory access engine, a verification module and a serial peripheral interface control center of the trust root, wherein the configuration information is a preset verification instruction;
the serial peripheral interface control center SPI responds to the configuration information to open a first data transmission path and a second data transmission path, wherein the first data transmission path is a transmission path between a first memory of the trust root, the direct memory access engine and the verification module, the second data transmission path is a transmission path between a second memory of the trust root, the direct memory access engine and the verification module, the first memory is used for storing a first image file of a baseboard control manager BMC of the server, the baseboard control manager BMC and the trust root establish communication through the bus system, and the second memory is used for storing a second image file of a basic input/output system BIOS of the server;
The direct memory access engine writes the first image file into the verification module through the first data transmission path, and writes the second image file into the verification module through the second data transmission path;
and the verification module calculates and verifies the first image file and the second image file to obtain a verification result.
17. The method of claim 16, wherein the method further comprises:
the verification module writes the verification result into a first register corresponding to the verification module;
the central processing unit reads the check result from the first register and writes the check result into a second register, so that the baseboard control manager BMC reads the check result from the second register according to the bus system and determines starting operation of the server according to the check result.
18. The method of claim 17, wherein the writing the verification result by the verification module into the first register corresponding to the verification module comprises:
the verification module calculates and verifies the first mirror image file to obtain a first result, and writes the first result into the first register; and when the first image file is determined to be successfully checked according to the first result, the check module calculates and checks the second image file to obtain a second result, and writes the second result into the first register.
19. The method of claim 18, wherein the central processor reading the check result from the first register and writing to a second register such that the baseboard control manager BMC reads the check result from the second register according to the bus system and determines the start-up operation of the server according to the check result comprises:
the central processing unit reads the first result from the first register and writes the first result into the second register, so that the baseboard control manager BMC reads the first result from the second register according to the bus system;
when the baseboard control manager BMC determines that the first image file is successfully checked according to the first result, the central processing unit reads the second result from the first register and writes the second result into the second register, so that the baseboard control manager BMC reads the second result from the second register according to the bus system;
and when the baseboard control manager BMC determines that the second image file is successfully checked according to the second result, starting the server.
20. The method according to claim 18 or 19, characterized in that the method further comprises:
When the first image file is determined to fail to be checked according to the first result, the first memory updates the first image file to a third image file;
the direct memory access engine writes the third image file into the verification module through the first data transmission path;
the verification module calculates and verifies the third image file to obtain a third result, and writes the third result into the first register;
the central processing unit reads the third result from the first register and writes the third result into the second register, so that the baseboard control manager BMC reads the third result from the second register according to the bus system and determines whether the image file of the baseboard control manager BMC is successfully checked according to the third result;
repeating the operation until the image file of the baseboard control manager BMC is successfully checked;
when the second image file is determined to fail to be checked according to the second result, the second memory updates the second image file to a fourth image file;
the direct memory access engine writes the fourth image file into the verification module through the second data transmission path;
The verification module calculates and verifies the fourth mirror image file to obtain a fourth result, and writes the fourth result into the first register;
the central processing unit reads the fourth result from the first register and writes the fourth result into the second register, so that the baseboard control manager BMC reads the fourth result from the second register according to the bus system and determines whether the image file of the basic input output system BIOS is successfully checked according to the fourth result;
repeating the above operation until the image file of the basic input output system BIOS is successfully checked.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311085146.6A CN117150478A (en) | 2023-08-25 | 2023-08-25 | Trust root, chip and data verification method based on system on chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311085146.6A CN117150478A (en) | 2023-08-25 | 2023-08-25 | Trust root, chip and data verification method based on system on chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117150478A true CN117150478A (en) | 2023-12-01 |
Family
ID=88911237
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311085146.6A Pending CN117150478A (en) | 2023-08-25 | 2023-08-25 | Trust root, chip and data verification method based on system on chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117150478A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117633920A (en) * | 2023-12-13 | 2024-03-01 | 上海国微芯芯半导体有限公司 | Sensitive data transmission bus architecture, control logic circuit and transmission system |
-
2023
- 2023-08-25 CN CN202311085146.6A patent/CN117150478A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117633920A (en) * | 2023-12-13 | 2024-03-01 | 上海国微芯芯半导体有限公司 | Sensitive data transmission bus architecture, control logic circuit and transmission system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lentz et al. | Secloak: Arm trustzone-based mobile peripheral control | |
| Wang et al. | Exploiting smart-phone usb connectivity for fun and profit | |
| US10445154B2 (en) | Firmware-related event notification | |
| CN106605233B (en) | Providing trusted execution environment using processor | |
| JP4664966B2 (en) | Cooperative embedded agent | |
| EP3761208B1 (en) | Trust zone-based operating system and method | |
| JP6053786B2 (en) | Firmware-based Trusted Platform Module (TPM) for ARM® Trust Zone implementation | |
| US6629157B1 (en) | System and method for virtualizing the configuration space of PCI devices in a processing system | |
| KR101952226B1 (en) | Secure interaction method and device | |
| US7467285B2 (en) | Maintaining shadow page tables in a sequestered memory region | |
| WO2019119408A1 (en) | Manageability engine and automatic firmware validation | |
| CN107567629B (en) | Dynamic firmware module loader in trusted execution environment container | |
| CN117150478A (en) | Trust root, chip and data verification method based on system on chip | |
| WO2023123850A1 (en) | Method and apparatus for implementing firmware root of trust, device, and readable storage medium | |
| CN116339838A (en) | Server starting method and device, electronic equipment and storage medium | |
| CN115686877A (en) | Data interaction method and device, storage medium and computing equipment | |
| CN116679967A (en) | Firmware upgrading method and device for basic input/output system | |
| CN114826785B (en) | Dynamic protection method, system-on-chip, electronic device and medium | |
| CN117806721B (en) | Fault diagnosis drive loading method and device, electronic equipment and storage medium | |
| CN116954708A (en) | System mirror image data processing method, device, equipment and medium | |
| US11698969B1 (en) | Boot security of integrated circuit device | |
| CN114238946B (en) | Device management method, device, electronic device and computer-readable storage medium | |
| CN114154163B (en) | Vulnerability detection method and device | |
| CN114385524B (en) | Embedded firmware simulation system, method and device thereof and electronic equipment | |
| CN116611053A (en) | Trusted execution environment realization method and device and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |