CN117220861A - Key burning system, method, intelligent network card and readable storage medium - Google Patents

Abstract

The application provides a key burning system, a method, an intelligent network card and a readable storage medium. The system comprises: the server is connected with the intelligent network card through the peripheral device interconnection bus interface, and the intelligent network card comprises control logic, a key register, a key state register, a key memory and a nonvolatile memory. The method comprises the steps that a key burnt in a nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, a state value of a key state register is set to be a first value; the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

Description

Key burning system, method, intelligent network card and readable storage medium

Technical Field

The present application relates to the field of chips, and in particular, to a key burning system, a key burning method, an intelligent network card, and a readable storage medium.

Background

A Smart card (NIC) is a Network Interface Card (NIC) with computing resources such as processors and memory that is capable of performing a number of network and data processing tasks to provide improved performance and functionality in network communications. The traditional network interface card is mainly responsible for receiving and transmitting data packets, and the intelligent network card is added with computing resources such as a processor, a memory and the like on the basis, so that the intelligent network card can execute some network and data processing tasks on the network card without handing the tasks to a Central Processing Unit (CPU) of a host server for processing. Thus, the load of the host server can be lightened, and the efficiency and performance of network communication are improved. The intelligent network card is widely applied to scenes such as data centers, cloud computing, high-performance computing, network virtualization and the like, and can improve the overall performance and efficiency of the server.

The primary function of the intelligent network card is typically implemented using register transfer level (Register Transfer Level, RTL) logic code, which may be encrypted using a key, and the RTL logic file will not run when the key is absent or does not match. However, the existing key burning has the problems of complex burning and low stability.

Disclosure of Invention

The embodiment of the invention provides a key burning system, a key burning method, an intelligent network card and a readable storage medium, which can conveniently and stably burn keys.

In a first aspect, a key burning system is provided, including: the system comprises a server and an intelligent network card, wherein the server is connected with the intelligent network card through a peripheral device interconnection bus interface, and the intelligent network card comprises control logic, a secret key register, a secret key state register, a secret key memory and a nonvolatile memory;

the server is used for sending a first network message to the intelligent network card through the peripheral device interconnection bus interface, or receiving a second network message sent by the intelligent network card through the peripheral device interconnection bus interface;

the intelligent network card is used for providing hardware logic for forwarding network messages and a software logic file which is operated under the condition that the key stored in the nonvolatile memory passes verification, so that the hardware logic is called to forward the first network messages received through the peripheral device interconnection bus interface to a network side, or forward the second network messages of the network side to the server through the peripheral device interconnection bus interface; wherein,

The key burnt in the nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, the state value of the key state register is set to be a first value, wherein the first value is used for indicating that the key burning is completed;

the first key in the nonvolatile memory is burnt from the key memory to the nonvolatile memory under the condition that the control logic detects that the state value of the key state register is a second value, wherein the second value is used for indicating that the key memory receives the key;

the first key in the key memory is sent to the key memory by the key register, after the key memory stores the first key, the state value of the key state register is set to a second value, wherein the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, and when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

In some possible designs, the key status register is used to write a default key upon a reset.

In some possible designs, the intelligent network card is configured to replace a first key in the nonvolatile memory with a second key, where the second key is sent by the server to the key register through the peripheral device interconnection bus interface to replace the default key, the key register sends the replaced second key to the key memory, the key memory is sent to the nonvolatile memory, after the key memory stores the first key, the state value of the key state register is set to a second value, and in a case where the control logic detects that the state value of the key state register is the second value, the state value of the key state register is written from the key memory to the nonvolatile memory, and after the second key is written to the nonvolatile memory, the state value of the key state register is set to the first value.

In some possible designs, the software logic file disables operation if the key verification is not passed.

In some possible designs, the server is configured to send a key write request to the intelligent network card through the peripheral interconnect bus interface;

the intelligent network card is used for setting the state value of the key state register to be a third value under the condition that the key writing request is received, wherein the third value is used for indicating that the key register is ready for receiving the key.

In some possible designs, the key register is configured to cache data outside of the key before the state value of the key state register changes to the third value, or after the state value of the key state register changes to the second value.

In some possible designs, the key in the nonvolatile memory is burned in by the control logic through a virtual joint test action group interface.

In a second aspect, an intelligent network card is provided, the intelligent network card has a peripheral device interconnection bus interface, and the intelligent network card includes control logic, a key register, a key status register, a key memory and a nonvolatile memory;

the intelligent network card is used for providing hardware logic for forwarding network messages and a software logic file which is operated under the condition that the secret key stored in the nonvolatile memory passes verification, so that the hardware logic is called to forward a first network message received through the peripheral device interconnection bus interface to a network side, or forward a second network message of the network side to the server through the peripheral device interconnection bus interface; wherein,

The key burnt in the nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, the state value of the key state register is set to be a first value, wherein the first value is used for indicating that the key burning is completed;

the first key in the nonvolatile memory is burnt from the key memory to the nonvolatile memory under the condition that the control logic detects that the state value of the key state register is a second value, wherein the second value is used for indicating that the key memory receives the key;

the first key in the key memory is sent to the key memory by the key register, after the key memory stores the first key, the state value of the key state register is set to a second value, wherein the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, and when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

In a third aspect, a key burning method is provided, which is applied to a key burning system, where the key burning system includes: the system comprises a server and an intelligent network card, wherein the server is connected with the intelligent network card through a peripheral device interconnection bus interface, and the intelligent network card comprises control logic, a secret key register, a secret key state register, a secret key memory and a nonvolatile memory;

a server is utilized to send a first network message to the intelligent network card through the peripheral device interconnection bus interface, or receive a second network message sent by the intelligent network card through the peripheral device interconnection bus interface;

providing hardware logic for forwarding a network message through an intelligent network card and a software logic file which is operated under the condition that a secret key stored in the nonvolatile memory passes verification, so as to call the hardware logic to forward the first network message received through the peripheral device interconnection bus interface to a network side, or forward a second network message of the network side to the server through the peripheral device interconnection bus interface; wherein,

the key burnt in the nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, the state value of the key state register is set to be a first value, wherein the first value is used for indicating that the key burning is completed;

The first key in the nonvolatile memory is burnt from the key memory to the nonvolatile memory under the condition that the control logic detects that the state value of the key state register is a second value, wherein the second value is used for indicating that the key memory receives the key;

the first key in the key memory is sent to the key memory by the key register, after the key memory stores the first key, the state value of the key state register is set to a second value, wherein the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, and when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

In a fourth aspect, a key burning method is provided and applied to an intelligent network card, where the intelligent network card has a peripheral device interconnection bus interface, and the intelligent network card includes control logic, a key register, a key status register, a key memory and a nonvolatile memory;

Providing hardware logic for forwarding a network message through an intelligent network card and a software logic file which is operated under the condition that a secret key stored in the nonvolatile memory passes verification, so as to call the hardware logic to forward a first network message received through the peripheral device interconnection bus interface to a network side, or forward a second network message of the network side to the server through the peripheral device interconnection bus interface; wherein,

the key burnt in the nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, the state value of the key state register is set to be a first value, wherein the first value is used for indicating that the key burning is completed;

the first key in the nonvolatile memory is burnt from the key memory to the nonvolatile memory under the condition that the control logic detects that the state value of the key state register is a second value, wherein the second value is used for indicating that the key memory receives the key;

the first key in the key memory is sent to the key memory by the key register, after the key memory stores the first key, the state value of the key state register is set to a second value, wherein the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, and when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

In a fifth aspect, there is provided a readable storage medium storing computer instructions that, when executed on an electronic device, cause the electronic device to perform the method of the third or fourth aspect.

In the above scheme, the key is sent to the intelligent network card for storage through the peripheral component interconnection bus (peripheral component interconnect express, PCIE) interface by the server, because the service data of the network card is often sent to the intelligent network card through the PCIE interface, therefore, compared with the original mode of passing through the joint test action group (joint test action group, JTAG), the burning of the key and the PCIE interface are not required to be set at the same time, and the burning of the key is not required to be performed by using the JTAG simulator, and when the key is required to be modified, the intelligent network card must be detached from the server, the key can be changed by using the JTAG simulator. However, because the key is burned by using the PCIE interface, the key register used is a general purpose register in the intelligent network card, so after the key register is reset, data is written by default, and the data is considered as a default key, so that the written key is not the key intended by the user.

Drawings

In order to more clearly describe the embodiments of the present application or the technical solutions in the background art, the following description will describe the drawings that are required to be used in the embodiments of the present application or the background art.

FIG. 1 is a schematic diagram of a key burning system according to the present application;

FIG. 2 is a schematic diagram of an intelligent network card according to the present application;

FIG. 3 is a schematic diagram of a key burning process according to the present application;

fig. 4 is a flow chart of a key burning method according to the present application.

Detailed Description

Embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. The terminology used in the description of the embodiments of the application herein is for the purpose of describing particular embodiments of the application only and is not intended to be limiting of the application.

Referring to fig. 1, fig. 1 is a schematic structural diagram of a key burning system according to the present application. As shown in fig. 1, the key burning system may include a server 10 and a smart network card 20. The server 10 and the intelligent network card 20 are connected through a peripheral component interconnect express (Peripheral Component Interconnect Express, PCIE) interface 30.

The server 10 typically includes a Processor (Processor), memory (Storage), storage and network interface (Network Interface), power and heat dissipation system (Power and Cooling System), and the like. The processor is a core component of the server and is responsible for executing computing tasks and processing data. Common processors include Intel Xeon, AMD EPYC, etc., which typically have multiple cores and threads to provide higher computational power and parallel processing power. Memory is used to store data and program code during server operation, and servers typically require large amounts of memory in order to support concurrent processing and fast read and write of data. In addition, to improve data reliability and error correction capability, server memory typically employs error correction code (Error Correcting Code, ECC) techniques. The memory may include a Hard Disk Drive (HDD), a solid state Disk (Solid State Drive, SSD), flash memory storage, and the like. The network interface is a connection interface between the server and the network for transmission and communication of data. The server typically has multiple network interfaces to support multiple network connections and concurrent transmissions. The network interface may support different types of network protocols and interfaces, such as ethernet, fibre channel, infiniBand (InfiniBand), etc. The power supply and heat dissipation system is used for providing a stable power supply and effective heat dissipation to ensure the normal operation of the server. To ensure reliability, servers are often equipped with redundant power supplies and cooling fans to provide power backup and fault recovery capabilities and to ensure that the servers remain at the proper temperature under high load conditions.

The intelligent network card 20 is used for providing hardware logic and software logic files for forwarding network messages. The intelligent network card 20 may perform various network acceleration and offloading operations such as network packet filtering, traffic analysis, load balancing, packet reassembly and fragmentation, protocol offloading, secure encryption and decryption, etc., to provide faster network transmission speeds, lower latency, and better network security. As shown in fig. 2, the intelligent network card in this embodiment includes: processor 110, registers 120, memory 130, control logic 140, and the like.

The processor 110 is used to perform network and data processing tasks. Processor 110 may be a general-purpose processor (e.g., x86 architecture) or a special-purpose processor (e.g., network processor), or the like. The processor 110 adopts a high-performance multi-core architecture, has stronger computing and processing capabilities, can efficiently process a large amount of network data, optimizes network tasks, has specific network function support such as hardware-accelerated data packet filtering, load balancing, virtualization support and the like, can process various network protocols such as TCP/IP, UDP, IPSec and the like to support the transmission and processing of the network data, and has safety functions such as hardware-accelerated encryption and decryption, safety authentication, firewall and the like to protect the safety of the network data. Optionally, the processor may also be provided with programmable capabilities, which may be customized and expanded as needed to meet specific application requirements.

Registers 120 may include general purpose registers (General Purpose Registers), program Counter (Program Counter), flag registers, special purpose registers (Special Purpose Registers), and so forth. Among these, general-purpose registers are registers for storing temporary data and intermediate results, e.g., storing integer data, addresses, operands of instructions, and the like. The program counter is a register for storing an address of a next instruction to be executed, and sequential execution of the program is realized by continuously updating a value of the program counter to point to the next instruction to be executed. The flag register is used for storing the running state of the processor and the register of the flag bit, and can record the information of the operation result, overflow flag, comparison result, interrupt enabling and the like of the processor. Special purpose registers are used for special function registers such as stack pointers, heap pointers, keys, etc. that are used to support special operations and special data operations of the processor. In a specific embodiment, general purpose registers may be used as key registers and key status registers.

The Memory 130 may include a static random access Memory (Static Random Access Memory, SRAM), a dynamic random access Memory (Dynamic Random Access Memory, DRAM), a Non-Volatile Memory (NVM), and the like. The SRAM has high read-write speed and low power consumption, and is suitable for storing temporary data, a buffer area, a table and the like. The DRAM is mainly used for storing large-capacity data and program codes, because the DRAM has a large capacity but relatively slow read/write speed, and is suitable for storing network data packets, configuration information, operating system codes, and the like. NVM is used to store persistent data such as configuration information, firmware, and journaling, because NVM has the property that data is not lost after power down, and can be used to store important configuration and journaling information. In a specific embodiment, the key memory may be part of a static random access memory or a dynamic random access memory.

Control logic 140 may be a component with some control capability, or the like.

PCIE interface 30 is a high-speed serial bus interface for connecting internal components of the computer. The PCIE interface features include: the high-speed serial transmission mode is adopted, multi-channel and multi-differential signals are supported, and higher data transmission speed and bandwidth are provided. According to different versions and channel configurations, the speed of the PCIE interface can reach 2.5GT/s, 5GT/s, 8GT/s, 16GT/s and the like; supporting multi-channel transmission, wherein each channel can simultaneously transmit data, each channel can be connected with a plurality of devices, and high-speed transmission and communication of data are realized through interconnection and forwarding among the devices; PCIE devices may be plugged in or out while the computer is running without requiring the computer to be restarted. In addition, PCIE also supports dynamic configuration, and may automatically detect and configure newly inserted devices, allocate resources for them, and so on. PCIE interfaces have different specifications and slot types, including PCIE x1, PCIE x4, PCIE x8, PCIE x16, and so on.

The intelligent network card is a hardware logic provided by a field-programmable gate array (field-programmable gate array, FPGA) or an application-specific integrated circuit (ASIC), but the intelligent network card needs to be operated and needs to cooperate with software logic files.

Under the normal working condition of the server and the intelligent network card, the server sends the first network message to the intelligent network card through the PCIE interface, and the intelligent network card forwards the first network message to the network side. Or the intelligent network card receives the second network message sent by the network side and then sends the second network message to the server through the PCIE interface. That is, in the case of normal operation, the data communication between the server and the intelligent network card is performed through the PCIE interface.

The normal operation of the intelligent network card is not supported by hardware logic and software logic files. In order to avoid the software logic file from being illegally stolen, the software logic file can be encrypted through a secret key. If the key verification is not passed, the software logic file is forbidden to run, and if the key verification is passed, the software logic file can be run normally. Thus, the key is of great importance to ensure that software logic files are not misused.

The process of burning the key will be described in detail with reference to fig. 3.

Before the intelligent network card leaves the factory, the first secret key can be burnt into the intelligent network card. Specifically, the intelligent network card is reset. Upon reset of the intelligent network card, the intelligent network card resets the processor 110, memory 130, etc., but the control logic 140 at least controls the key registers not to be reset. Because the key register is a general purpose register, when the general purpose register is reset, a default value is written, which can be mistakenly considered that the user writes the key, so that the user cannot verify the key, and finally the user cannot run the software logic file. Optionally, in addition to key registers, control logic 140 may also control key status registers and the like to not be reset.

The server 10 sends a first key write request to the intelligent network card 20 via the PCIE interface 30. Accordingly, the intelligent network card receives the first key write request sent by the server 10. After the first key write request is received by the intelligent network card 20, the state value of the key state register is set to 0xf. Here, 0xf indicates that the key register is ready for reception of the key. The server 10 then sends the first key to the intelligent network card 20 via the PCIE interface 30. The intelligent network card 20 then buffers the first key into a key register. After the first key is cached by the key register, the first key is sent to the key memory for storage. After the key memory stores the first key, the intelligent network card 20 sets the state value of the key state register to 0xe. Here, 0xe indicates that the key register receives the key completion. Under the condition that the control logic detects that the state value of the key state register is 0xe, the first key is burnt into the nonvolatile memory from the key memory through a virtual Joint Test Action Group (JTAG) interface, and then the state value of the key state register is set to be 0x1, wherein 0x1 is used for indicating that the key burning is completed. After detecting that the state value of the key state register is 0x1, the control logic controls the key register to reset and write a default numerical value.

After the first key is burned into the nonvolatile memory, the software logic file in the intelligent network card 20 may be encrypted using the first key. After encryption, if the user sends the authentication key to the intelligent network card and the authentication key matches the first key stored in the nonvolatile memory, the intelligent network card 20 may run the software logic file to perform normally. If the software logic files in the intelligent network card 20 are not matched, the operation of the software logic files in the intelligent network card 20 is forbidden, and the intelligent network card 20 cannot work normally. In a normal working state, the intelligent network card can receive the message of the network side and forward the message to the server, receive the message of the server and forward the message to the network side and the like. In an abnormal working state, the intelligent network card cannot receive the message of the network side and forward the message to the server, cannot receive the message of the server and forward the message to the network side and the like. Obviously, if the intelligent network card can receive the message of the network side and forward the message to the server, receive the message of the server and forward the message to the network side, however, other functions and components have problems, and the intelligent network card can be considered to work normally at the moment.

After the intelligent network card 20 works normally, the server 10 and the intelligent network card 20 can transmit network messages through the PCIE interface 30, that is, the server 10 sends a first network message to the intelligent network card 20 through the PCIE interface 30, or the intelligent network card 20 sends a second network message to the server 10 through the PCIE interface 30.

In the key burning system, only one server is connected with one intelligent network card, however, in practical application, the intelligent network card may be used by two or more servers at the same time, or one server may be connected with two or more intelligent network cards, and the server may be an entity server or a virtual server, which is not limited herein specifically.

In the above example, because the packet transmission of the server and the intelligent network card adopts the PCIE interface and the PCIE interface is also adopted when the key burning is performed, compared with the packet transmission of the server and the intelligent network card adopts the PCIE interface and the JTAG interface when the key burning is performed, one JTAG interface can be saved, thereby reducing the space occupied by the interface. Moreover, under the condition that the server and the intelligent network card work normally, the secret key can be burnt through the PCIE interface, the normal work between the intelligent network card and the server is not required to be disconnected, the intelligent network card is pulled out of the server, and the secret key can be burnt through an emulator of the JTAG interface. In addition, the mechanical design of the PCIE interface is better than the mechanical design of the JTAG interface, and jitter is not easy to occur when key programming is performed, so that programming errors or interruption are caused. However, since the key is written through the JTAG interface at design time, the control logic is required to write the key into the nonvolatile memory through the virtual JTAG interface.

In the above example, 0x1 is taken as the first value, 0xe is taken as the second value, and 0xf is taken as the third value, but in practical application, the first value, the second value, and the third value may be other values, which are only taken as examples, and no specific limitation should be made.

Referring to fig. 4, fig. 4 is a flow chart of a key burning method according to the present application. As shown in fig. 4, the key burning method of the present embodiment includes:

s101: and burning the first secret key into a nonvolatile memory of the intelligent network card through the server.

In some possible embodiments, the smart network card is reset first. When the intelligent network card resets, the intelligent network card resets the processor, the memory, etc., but the control logic at least controls the key register not to be reset. Because the key register is a general purpose register, when the general purpose register is reset, a default value is written, which can be mistakenly considered that the user writes the key, so that the user cannot verify the key, and finally the user cannot run the software logic file. Alternatively, the control logic may control the key status register, or the like, not to be reset in addition to the key register.

In some possible embodiments, the server sends the first key write request to the intelligent network card through the PCIE interface. Accordingly, the intelligent network card receives a first key write request sent by the server. After receiving the first key write request, the intelligent network card sets the state value of the key state register to 0xf. Here, 0xf indicates that the key register is ready for reception of the key. Then, the server sends the first key to the intelligent network card through the PCIE interface. The intelligent network card then buffers the first key into a key register. After the first key is cached by the key register, the first key is sent to the key memory for storage. After the key memory stores the first key, the intelligent network card sets the state value of the key state register to 0xe. Here, 0xe indicates that the key register receives the key completion. Under the condition that the control logic detects that the state value of the key state register is 0xe, the first key is burnt into the nonvolatile memory from the key memory through a virtual Joint Test Action Group (JTAG) interface, and then the state value of the key state register is set to be 0x1, wherein 0x1 is used for indicating that the key burning is completed. After detecting that the state value of the key state register is 0x1, the control logic controls the key register to reset and write a default numerical value.

S102: a first key stored in a nonvolatile memory is verified. If the verification is passed, the flow proceeds to step S103, and if the verification is not passed, the flow is ended.

In some possible embodiments, after the first key is burned into the nonvolatile memory, the software logic file in the smart network card may be encrypted using the first key. After encryption, if the user sends the verification key to the intelligent network card, and the verification key is matched with the first key stored in the nonvolatile memory, the intelligent network card can operate the software logic file, so that the intelligent network card works normally, if the verification key is not matched with the first key, the software logic file in the intelligent network card is forbidden to operate, and the intelligent network card cannot work normally. In a normal working state, the intelligent network card can receive the message of the network side and forward the message to the server, receive the message of the server and forward the message to the network side and the like. In an abnormal working state, the intelligent network card cannot receive the message of the network side and forward the message to the server, cannot receive the message of the server and forward the message to the network side and the like. Obviously, if the intelligent network card can receive the message of the network side and forward the message to the server, receive the message of the server and forward the message to the network side, however, other functions and components have problems, and the intelligent network card can be considered to work normally at the moment.

S103: and running a software logic file in the intelligent network card.

S104: and sending the first network message to the intelligent network card by using the server through the PCIE interface, or receiving the second network message sent by the intelligent network card through the PCIE interface.

S105: and the hardware logic for providing network message forwarding through the intelligent network card forwards the first network message received through the PCIE interface to the network side, or forwards the second network message of the network side to the server through the PCIE interface.

S106: and burning the second key into a nonvolatile memory of the intelligent network card through the server.

In some possible embodiments, the first key in the nonvolatile memory may be rewritten into the second key through the PCIE interface during normal operation of the server and the intelligent network card. Specifically, the server sends a second key write request to the intelligent network card through the PCIE interface. Correspondingly, the intelligent network card receives a second key write request sent by the server. After receiving the second key write request, the intelligent network card sets the status value of the key status register to 0xf. The server then sends the second key to the intelligent network card via the PCIE interface. The intelligent network card then buffers the second key into the key register. After the second key is cached by the key register, the second key is sent to the key memory for storage. After the key memory stores the second key, the intelligent network card sets the state value of the key state register to 0xe. And under the condition that the control logic detects that the state value of the key state register is 0xe, the second key is burnt into the nonvolatile memory from the key memory through the virtual joint test action group interface, and then the state value of the key state register is set to be 0x1. After detecting that the state value of the key state register is 0x1, the control logic controls the key register to reset and write a default numerical value. It can be understood that the second key may directly cover the first key, so that the security performance may be better, or the second key may not cover the first key, but may be stored in another new address, and after a period of time or after writing in the third key, the first key is erased, so that in the case of writing in the second key, the software logic file may be ensured to be able to run through the first key.

Because the key register belongs to the general register in the intelligent network card, the access speed of the general register in the intelligent network card is high, the resources of the general register are very precious, and the burning of the key only occurs in a small part of time, so the key register can be fully utilized. Specifically, the key register is used as a storage key after the state value of the key state register is detected to be set to 0xf until the state value of the key state register is detected to be set to 0x1, but is used for caching other data than the key, such as image data, audio data, intermediate variables generated in the calculation process, and the like, before the state value of the key state register is detected to be set to 0xf or after the state value of the key state register is detected to be set to 0x 1. Since the key register itself needs to be cached as other data in addition to being stored as a key, a default value must be written after reset.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions which, when loaded and executed on a computer, produce, in whole or in part, a process or function in accordance with embodiments of the present invention. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one network site, computer, server, or data center to another network site, computer, server, or data center via wired (e.g., coaxial cable, optical fiber, digital subscriber line) or wireless (e.g., infrared, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer and may also be a data storage device, such as a server, data center, etc., that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape, etc.), an optical medium (e.g., DVD, etc.), or a semiconductor medium (e.g., solid state disk), etc.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.

Claims (11)

1. A key burning system, comprising: the system comprises a server and an intelligent network card, wherein the server is connected with the intelligent network card through a peripheral device interconnection bus interface, and the intelligent network card comprises control logic, a secret key register, a secret key state register, a secret key memory and a nonvolatile memory;

the server is used for sending a first network message to the intelligent network card through the peripheral device interconnection bus interface, or receiving a second network message sent by the intelligent network card through the peripheral device interconnection bus interface;

the intelligent network card is used for providing hardware logic for forwarding network messages and a software logic file which is operated under the condition that the key stored in the nonvolatile memory passes verification, so that the hardware logic is called to forward the first network messages received through the peripheral device interconnection bus interface to a network side, or forward the second network messages of the network side to the server through the peripheral device interconnection bus interface; wherein,

The key burnt in the nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, the state value of the key state register is set to be a first value, wherein the first value is used for indicating that the key burning is completed;

the first key in the nonvolatile memory is burnt from the key memory to the nonvolatile memory under the condition that the control logic detects that the state value of the key state register is a second value, wherein the second value is used for indicating that the key memory receives the key;

the first key in the key memory is sent to the key memory by the key register, after the key memory stores the first key, the state value of the key state register is set to a second value, wherein the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, and when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

2. The system of claim 1, wherein the key status register is configured to write a default key upon a reset.

3. The system of claim 2, wherein the system further comprises a controller configured to control the controller,

the intelligent network card is used for replacing a first key in the nonvolatile memory with a second key, wherein the second key is sent to the key register by the server through the peripheral interconnection bus interface to replace the default key, the replaced second key is sent to the key memory by the key register, the key memory is sent to the nonvolatile memory, after the first key is stored in the key memory, the state value of the key state register is set to be a second value, and the second key in the nonvolatile memory is burnt into the nonvolatile memory from the key memory under the condition that the control logic detects that the state value of the key state register is the second value, and after the second key is burnt into the nonvolatile memory, the state value of the key state register is set to be the first value.

4. The system of claim 1, wherein the software logic file disables execution if the key verification is not passed.

5. The system of claim 1, wherein the system further comprises a controller configured to control the controller,

the server is used for sending a key writing request to the intelligent network card through the peripheral device interconnection bus interface;

the intelligent network card is used for setting the state value of the key state register to be a third value under the condition that the key writing request is received, wherein the third value is used for indicating that the key register is ready for receiving the key.

6. The system of claim 1, wherein the system further comprises a controller configured to control the controller,

the key register is configured to buffer data outside the key before the state value of the key state register becomes the third value or after the state value of the key state register becomes the second value.

7. The system of claim 1, wherein the key in the nonvolatile memory is burned in by the control logic through a virtual joint test action group interface.

8. The intelligent network card is characterized by comprising a peripheral device interconnection bus interface, wherein the intelligent network card comprises control logic, a key register, a key state register, a key memory and a nonvolatile memory;

The intelligent network card is used for providing hardware logic for forwarding network messages and a software logic file which is operated under the condition that the secret key stored in the nonvolatile memory passes verification, so that the hardware logic is called to forward a first network message received through the peripheral device interconnection bus interface to a network side, or forward a second network message of the network side to the server through the peripheral device interconnection bus interface; wherein,

the key burnt in the nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, the state value of the key state register is set to be a first value, wherein the first value is used for indicating that the key burning is completed;

the first key in the nonvolatile memory is burnt from the key memory to the nonvolatile memory under the condition that the control logic detects that the state value of the key state register is a second value, wherein the second value is used for indicating that the key memory receives the key;

the first key in the key memory is sent to the key memory by the key register, after the key memory stores the first key, the state value of the key state register is set to a second value, wherein the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, and when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

9. The key burning method is characterized by being applied to a key burning system, wherein the key burning system comprises the following steps: the system comprises a server and an intelligent network card, wherein the server is connected with the intelligent network card through a peripheral device interconnection bus interface, and the intelligent network card comprises control logic, a secret key register, a secret key state register, a secret key memory and a nonvolatile memory;

a server is utilized to send a first network message to the intelligent network card through the peripheral device interconnection bus interface, or receive a second network message sent by the intelligent network card through the peripheral device interconnection bus interface;

providing hardware logic for forwarding a network message through an intelligent network card and a software logic file which is operated under the condition that a secret key stored in the nonvolatile memory passes verification, so as to call the hardware logic to forward the first network message received through the peripheral device interconnection bus interface to a network side, or forward a second network message of the network side to the server through the peripheral device interconnection bus interface; wherein,

the key burnt in the nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, the state value of the key state register is set to be a first value, wherein the first value is used for indicating that the key burning is completed;

The first key in the nonvolatile memory is burnt from the key memory to the nonvolatile memory under the condition that the control logic detects that the state value of the key state register is a second value, wherein the second value is used for indicating that the key memory receives the key;

the first key in the key memory is sent to the key memory by the key register, after the key memory stores the first key, the state value of the key state register is set to a second value, wherein the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, and when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

10. The key burning method is characterized by being applied to an intelligent network card, wherein the intelligent network card is provided with a peripheral device interconnection bus interface, and comprises control logic, a key register, a key state register, a key memory and a nonvolatile memory;

Providing hardware logic for forwarding a network message through an intelligent network card and a software logic file which is operated under the condition that a secret key stored in the nonvolatile memory passes verification, so as to call the hardware logic to forward a first network message received through the peripheral device interconnection bus interface to a network side, or forward a second network message of the network side to the server through the peripheral device interconnection bus interface; wherein,

the key burnt in the nonvolatile memory is a first key, and after the first key is burnt in the nonvolatile memory, the state value of the key state register is set to be a first value, wherein the first value is used for indicating that the key burning is completed;

the first key in the nonvolatile memory is burnt from the key memory to the nonvolatile memory under the condition that the control logic detects that the state value of the key state register is a second value, wherein the second value is used for indicating that the key memory receives the key;

the first key in the key memory is sent to the key memory by the key register, after the key memory stores the first key, the state value of the key state register is set to a second value, wherein the first key in the key register is sent to the key register by the server through the peripheral device interconnection bus interface, and when the key register is reset by the intelligent network card, the key register is kept not to be reset under the control of the control logic, and after the state value of the key state register is detected to be the first value, the key register is reset.

11. A readable storage medium storing computer instructions which, when run on an electronic device, cause the electronic device to perform the method of claim 8 or 9.