CN117395087A - BMC implementation method and system based on domestic processor - Google Patents
BMC implementation method and system based on domestic processor Download PDFInfo
- Publication number
- CN117395087A CN117395087A CN202311698661.1A CN202311698661A CN117395087A CN 117395087 A CN117395087 A CN 117395087A CN 202311698661 A CN202311698661 A CN 202311698661A CN 117395087 A CN117395087 A CN 117395087A
- Authority
- CN
- China
- Prior art keywords
- processor
- address
- interface
- trusted
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000004891 communication Methods 0.000 claims description 46
- 238000012544 monitoring process Methods 0.000 claims description 5
- 241001290266 Sciaenops ocellatus Species 0.000 claims description 4
- 108010028984 3-isopropylmalate dehydratase Proteins 0.000 claims description 3
- 101100498818 Arabidopsis thaliana DDR4 gene Proteins 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims description 3
- 239000013078 crystal Substances 0.000 claims description 3
- 230000006870 function Effects 0.000 description 10
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000000306 component Substances 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000017525 heat dissipation Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004377 microelectronic Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a BMC realizing method and a system based on a domestic processor, wherein the BMC realizing method based on the domestic processor is characterized in that a network interface is monitored to obtain target data of a BMC system, whether a first condition is met or not is judged, if yes, the aim of the target data is to obtain state information of a server, the state information of the server is sent to an external trusted terminal corresponding to a selected trusted IP address to ensure data safety, an address number corresponding to the selected trusted IP address is marked as a target number, then the target number is sent to an access terminal, and the access terminal can obtain the target data to an external trusted terminal based on the preset address set only under the condition that the preset address set is known, so that the data safety of the server is ensured, and the data leakage is prevented; therefore, the problem that the existing BMC is easy to be attacked by the network and the safety is to be improved is solved.
Description
Technical Field
The invention relates to the technical field of baseboard management controllers, in particular to a BMC (baseboard management controller) implementation method and system based on a domestic processor.
Background
CPU (Central Processing Unit), central processing unit; BMC (Baseboard Manager Controller), i.e. baseboard management controller; BMC is an independent management system embedded in a server; the system is an independent system independent of other hardware on the server, and can monitor and manage the power supply, the temperature and the like of the whole server system; the system is a core component of user data centralized operation and maintenance management equipment such as Internet, communication, finance and the like, and plays an important role in safe and reliable operation, remote centralized management and control of a server.
The BMC mainly comprises two parts, namely hardware and software: the management personnel can carry out remote management on the server through the BMC, for example, monitor and manage the temperature, voltage, fan rotation speed and other information of the server, and can also realize remote control of power-on or power-off of the server; the manager can conveniently manage the server without reaching the machine room where the server is located; because the communication network port of the BMC is public, the existing BMC is easy to be attacked by the network, and data leakage occurs to the server, namely the security of the existing BMC needs to be improved.
Disclosure of Invention
The invention mainly aims to provide a BMC implementation method and system based on a domestic processor, and aims to solve the problems that the existing BMC is easy to be attacked by a network and the safety is to be improved.
The technical scheme provided by the invention is as follows:
a BMC implementation method based on a domestic processor is applied to a BMC system based on the domestic processor; the system comprises a processor, an FPGA module, an SODIMM connector and a plurality of external trusted terminals; the FPGA module and the SODIMM connector are both in communication connection with the processor; the SODIMM connector is used for being embedded into an SODIMM slot of the server main board so as to enable the processor to be in communication connection with the server; a network interface is arranged between the SODIMM connector and the processor; the processor is in communication connection with an external trusted terminal through a network interface; the method comprises the following steps:
the processor monitors the network interface to acquire network data of the access network interface, marks the data of the access network interface as target data, and acquires a source IP address of the target data;
after receiving the target data, the processor judges whether a first condition is satisfied: the processor acquires the state information of the server;
if yes, the processor acquires a preset address set, wherein the preset address set comprises a plurality of trusted IP addresses and unique address numbers corresponding to the trusted IP addresses, and the trusted IP addresses are the IP addresses of external trusted terminals;
the processor randomly selects 1 trusted IP address from a preset address set, and sends the state information of the server to an external trusted terminal corresponding to the selected trusted IP address;
the processor marks the address number corresponding to the selected trusted IP address as a target number, sends the target number to the source IP address of the target data, and then disconnects the communication connection with the source IP address of the target data.
Preferably, the system further comprises a management terminal capable of being communicatively connected with the processor through a network interface; the method further comprises the steps of:
the management terminal acquires a preset address set input by a user;
after receiving the target number, the management terminal acquires a trusted IP address corresponding to the target number in a preset address set and marks the trusted IP address as a first target address;
the management terminal establishes communication connection with an external trusted terminal corresponding to the first target address and sends an acquisition instruction;
and after receiving the acquisition instruction, the external trusted terminal corresponding to the first target address sends the state information of the server to the management terminal.
Preferably, the system further comprises a memory module in communicative connection with the processor; the preset address set is stored in a storage module; after receiving the acquisition instruction, the external trusted terminal corresponding to the first target address sends the state information of the server to the management terminal, and then the method further comprises the following steps:
the external trusted terminal corresponding to the first target address generates a feedback instruction and sends the feedback instruction to the processor, wherein the feedback instruction comprises a second target address, and the second target address is an IP address corresponding to the management terminal corresponding to the acquisition instruction;
and after receiving the feedback instruction, the processor restores the communication connection with the second target address.
Preferably, after receiving the feedback instruction, the processor resumes the communication connection with the second target address, and then further includes:
the processor marks the second target address as a trusted address;
after receiving the target data, the processor judges whether a first condition is met, and then the method further comprises the following steps:
if yes, the processor judges whether the source IP address of the target data is a trusted address;
if the address is a trusted address, the processor sends the state information of the server to a source IP address of target data;
if the address is not the trusted address, executing the steps that the processor acquires a preset address set and then.
Preferably, the processor monitors the network interface to obtain network data of the access network interface, marks the data of the access network interface as target data, and obtains a source IP address of the target data, and then further includes:
after receiving the target data, the processor judges whether a second condition is satisfied: the processor generates an instruction for powering up or powering down the server;
if yes, the processor prohibits executing the instruction of powering up or powering down the server, and checks whether the user name and the password in the target data are correct;
if so, the processor allows the execution of instructions for powering up or powering down the server;
if not, the processor marks the source IP address of the target data as an abnormal address.
Preferably, the processor randomly selects 1 trusted IP address from a preset address set, and sends the state information of the server to an external trusted terminal corresponding to the selected trusted IP address, and then the method further includes:
the external trusted terminal marks the time of receiving the state information of the server as the starting time;
the external trusted terminal judges whether an acquisition instruction is received within a preset time period from the starting moment;
if yes, the external trusted terminal sends the state information of the server to the management terminal, and then the state information of the server is deleted;
if not, the external trusted terminal deletes the state information of the server.
Preferably, the system further comprises an external interface layer, an application layer, a software architecture layer and a basic hardware layer; the external interface layer comprises a WebGUI interface, a Redfish protocol interface, an IPMI interface, an SSH interface and a display interface; the application layer comprises a state monitoring application, a platform control application, a sensor management application, an event recording application, an abnormality reporting application and a firmware management application; the software architecture layer comprises a Linux operating system and operating system starting firmware; the basic hardware layer comprises a memory unit and a power module.
Preferably, the processor is a domestic processor; the maximum frequency of the memory unit supports 2400MHz; the FPGA module is used for expanding the GPIO interface; the power supply module is used for supplying power to the BMC system; the memory module uses an on-board eMMC memory chip, and the maximum capacity of the memory module supports 64GB; the software architecture layer also comprises an embedded operating system developed based on OpenBMC, wherein the embedded operating system starting firmware is U-BOOT firmware.
Preferably, the BMC system supports a standard IPMB protocol; the external interface layer also comprises a PCIE interface, an LPC interface, a USB interface, an I2C interface, an ADC interface, a display interface, an I3C interface, a UART interface, an SGPIO interface, a PWM and TACH interface, an SPI interface, a JTAG interface and a CLOCK interface which are arranged between the SODIMM connector and the processor; the memory unit is a DDR4 memory unit and is in communication connection with the processor through a 32-bit channel; the storage module is a flash memory module; the processor is also connected with a first Bootstrap unit and a second Bootstrap unit through SPI interface communication; the processor is also connected with a crystal oscillator; the FPGA module is in communication connection with the processor through a UART interface and a GPIO interface; the FPGA module is in communication connection with the SODIMM connector through a GPIO interface; the FPGA module is also connected with a JTAG debugging interface.
The invention also provides a BMC system based on the domestic processor, and a BMC implementation method based on the domestic processor is applied; the system comprises a processor, an FPGA module, an SODIMM connector and a plurality of external trusted terminals; the FPGA module and the SODIMM connector are both in communication connection with the processor; the SODIMM connector is used for being embedded into an SODIMM slot of the server main board so as to enable the processor to be in communication connection with the server; a network interface is arranged between the SODIMM connector and the processor; the processor is communicatively coupled to an external trusted terminal via a network interface.
Through the technical scheme, the following beneficial effects can be realized:
the BMC implementation method based on the domestic processor monitors a network interface to acquire target data of the access BMC system, judges whether a first condition is met, if yes, proves that the target data aim at acquiring state information of a server is needed, sends the state information of the server to an external trusted terminal corresponding to a selected trusted IP address, marks an address number corresponding to the selected trusted IP address as a target number, and then sends the target number to an access terminal, and the access terminal can acquire the target data to the external trusted terminal based on the preset address set only under the condition that the preset address set is known, so that the data security of the server is ensured, and data leakage is prevented; therefore, the problem that the existing BMC is easy to be attacked by the network and the safety is to be improved is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to the structures shown in these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a first embodiment of a BMC implementation method based on a domestic processor according to the present invention;
fig. 2 is a block diagram of a BMC system based on a domestic processor according to the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The invention provides a BMC (baseboard management controller) implementation method and system based on a domestic processor.
As shown in fig. 1 and fig. 2, in an embodiment of a BMC implementation method based on a domestic processor provided by the present invention, the BMC implementation method based on a domestic processor is applied to a BMC system based on a domestic processor; the system includes a processor, an FPGA module, a sodim (small outline dual in-line memory module) connector, and a plurality of external trusted terminals; the FPGA module and the SODIMM connector are both in communication connection with the processor; the SODIMM connector is used for being embedded into an SODIMM slot of the server main board so as to enable the processor to be in communication connection with the server; a network interface is arranged between the SODIMM connector and the processor; the processor is in communication connection with an external trusted terminal through a network interface; the embodiment comprises the following steps:
step S110: the processor monitors the network interface to obtain network data accessing the network interface, marks the data accessing the network interface as target data, and obtains a source IP address of the target data.
Specifically, the target data herein is the access data of the external access terminal to the BMC system, which may be the access of a normal manager or the access of other non-manager, and is at a security risk, and needs to be identified to make different corresponding measures.
Step S120: after receiving the target data, the processor judges whether a first condition is satisfied: the processor obtains status information of the server (such as voltage value, current value, fan rotation speed, and case temperature of the server motherboard).
Specifically, if the processor acquires the state information of the server after receiving the target data, it proves that the target data aims at acquiring the state information of the server, and the state information of the server belongs to sensitive data of a user, so that the server cannot be easily sent to the outside, and data security management and control are required.
If yes, step S130 is executed: the processor acquires a preset address set, wherein the preset address set comprises a plurality of trusted IP addresses and unique address numbers corresponding to the trusted IP addresses, and the trusted IP addresses are the IP addresses of external trusted terminals.
Specifically, the external trusted terminals are other terminals which are not in the same physical address with the server, and the external trusted terminals are completely trusted terminals which are set by the user.
Step S140: the processor randomly selects 1 trusted IP address from the preset address set, and sends the state information of the server to an external trusted terminal corresponding to the selected trusted IP address.
Specifically, the state information of the server is sent to the external trusted terminal corresponding to the selected trusted IP address, so that the data security can be ensured.
Step S150: the processor marks the address number corresponding to the selected trusted IP address as a target number, sends the target number to the source IP address (i.e. the access end) of the target data, and then disconnects the communication connection with the source IP address of the target data.
Specifically, the target number is sent to the source IP address (i.e., the access terminal) of the target data, and the access terminal desiring to obtain the server state information can obtain the target data from the external trusted terminal based on the preset address set only if knowing the preset address set (at this time, the access terminal is proved to be a trusted user terminal), so as to ensure the data security and prevent the data leakage.
In addition, after the destination number is sent to the source IP address of the destination data (i.e., the access end), the communication connection with the source IP address of the destination data is disconnected, so that the access end is prevented from continuously accessing the BMC system, and the access end can continuously access the BMC system only after the access end successfully obtains the state information of the server (i.e., the access end is proven to be a safe and trusted terminal) (refer to the third embodiment specifically).
The BMC implementation method based on the domestic processor monitors a network interface to acquire target data of the access BMC system, judges whether a first condition is met, if yes, proves that the target data aim at acquiring state information of a server is needed, sends the state information of the server to an external trusted terminal corresponding to a selected trusted IP address, marks an address number corresponding to the selected trusted IP address as a target number, and then sends the target number to an access terminal, and the access terminal can acquire the target data to the external trusted terminal based on the preset address set only under the condition that the preset address set is known, so that the data security of the server is ensured, and data leakage is prevented; therefore, the problem that the existing BMC is easy to be attacked by the network and the safety is to be improved is solved.
In a second embodiment of the BMC implementation method based on a domestic processor according to the present invention, based on the first embodiment, the system further includes a management terminal (i.e. a terminal used by a manager) capable of being communicatively connected to the processor through a network interface; the embodiment further comprises the following steps:
step S210: the management terminal acquires a preset address set input by a user.
Specifically, the management terminal is a terminal used by a manager, so that a preset address set input by a user can be acquired, and the state information of the server can be acquired more safely.
Step S220: after receiving the target number, the management terminal acquires the trusted IP address corresponding to the target number in a preset address set and marks the trusted IP address as a first target address.
Step S230: and the management terminal establishes communication connection with an external trusted terminal corresponding to the first target address and sends an acquisition instruction.
Step S240: and after receiving the acquisition instruction, the external trusted terminal corresponding to the first target address sends the state information of the server to the management terminal.
The embodiment provides a specific scheme for managing how the terminal obtains the state information of the server based on the preset address set.
In a third embodiment of the BMC implementation method based on a domestic processor provided by the present invention, based on the second embodiment, the system further includes a storage module communicatively connected to the processor, and specifically, the storage module is communicatively connected to the processor through an SDIO (Secure Digital Input and Output, secure digital input output interface); the preset address set is stored in a storage module; step S240, further comprising the following steps:
step S310: and the external trusted terminal corresponding to the first target address generates a feedback instruction and sends the feedback instruction to the processor, wherein the feedback instruction comprises a second target address, and the second target address is an IP address corresponding to the management terminal corresponding to the acquisition instruction.
Step S320: and after receiving the feedback instruction, the processor restores the communication connection with the second target address.
Specifically, if the external access terminal successfully acquires the state information of the server from the external trusted terminal, the external trusted terminal correspondingly generates a feedback instruction (the IP address of the access terminal is marked as a second target address), and the processor resumes the communication connection between the second target addresses based on the feedback instruction, so as to ensure that the access terminal corresponding to the second target address can continue to normally communicate with the BMC system.
In a fourth embodiment of the present invention, based on the third embodiment, step S320 further includes the following steps:
step S410: the processor marks the second target address as a trusted address.
Step S120, further includes:
if yes, step S430 is executed: the processor determines whether the source IP address of the target data is a trusted address.
Step S440: if the address is a trusted address, the processor sends the state information of the server to the source IP address of the target data.
Specifically, if the address is a trusted address, the state information of the server is directly sent to the source IP address of the target data.
Step S450: if not, step S140 and the following steps are performed.
Specifically, if the address is not trusted, step S140 and the following steps are performed.
In a fifth embodiment of the present invention, based on the first embodiment, step S110, further includes the following steps:
step S510: after receiving the target data, the processor judges whether a second condition is satisfied: the processor generates instructions for powering up or powering down the server.
If yes, step S520 is executed: the processor prohibits execution of instructions to power up or power down the server and verifies whether the user name and password in the target data are correct.
Specifically, if the processor generates an instruction to perform power-on or power-off operation on the server after receiving the target data of the access terminal, it proves that the target data aims at controlling the server, and the server is a high-risk and sensitive operation and needs to be subjected to security verification, so that whether the user name and the password in the target data are correct or not is directly checked, and only if the user name and the password are correct, the control on the server is allowed.
Step S530: if so, the processor allows execution of instructions to power up or power down the server.
Step S540: if not, the processor marks the source IP address of the target data as an abnormal address.
In a sixth embodiment of the present invention, based on the second embodiment, step S140 further includes the following steps:
step S610: the external trusted terminal marks the time when the state information of the server is received as the starting time.
Step S620: the external trusted terminal determines whether the acquisition instruction has been received within a preset time period (for example, 10 seconds) from the start time.
If yes, step S630 is executed: after the external trusted terminal transmits the state information of the server to the management terminal, the state information of the server is deleted.
If not, go to step S640: the external trusted terminal deletes the state information of the server.
Specifically, after the external trusted terminal receives the state information of the server, judging whether the access terminal sends an acquisition instruction to the external trusted terminal within a preset duration; if not, the access terminal is proved to have no preset address set, namely the access terminal is not a trusted and safe terminal, so that the external trusted terminal directly deletes the state information of the server.
In a seventh embodiment of the BMC implementation method based on a domestic processor provided by the present invention, based on the first embodiment, the system further includes an external interface layer, an application layer, a software architecture layer, and a basic hardware layer; the external interface layer comprises a WebGUI (Web Graphical User Interface) interface, a Redfish protocol interface (Redfish is a management standard based on HTTPs service and is used for realizing equipment management), an IPMI interface (intelligent platform management interface), an SSH interface (Struts, spring, hibernate or Spring MVC, spring, hibernate) and a display interface; the application layer comprises a state monitoring application, a platform control application, a sensor management application, an event recording application, an abnormality reporting application and a firmware management application; the software architecture layer comprises a Linux operating system and operating system starting firmware; the basic hardware layer comprises a processor, an FPGA module, a storage module, a memory unit and a power supply module.
In an eighth embodiment of the BMC implementation method based on a domestic processor provided by the invention, based on the seventh embodiment, the processor is a domestic processor, such as a Feiteng E2000 series processor, a Loongson 2K0500 and other domestic CPUs; the capacity of the memory unit is 4GB, the frequency of the memory unit is supported to 2400MHz at maximum, and the design of high capacity and high speed is adopted to ensure the fluency of the BMC system; the chip of the memory unit adopts domestic memory chips such as a purple light national Xin and a long Xin memory; the memory unit is in communication connection with the processor through a 32-bit channel; the FPGA module is used to extend GPIO interfaces (General-purpose input/output) to develop preset functions, such as: a power-on and power-off function of a server main board, an SPI interface (Serial Peripheral Interface, synchronous serial bus), an I2C interface (Inter-Integrated Circuit) expansion function and the like; the FPGA module adopts an Anlu science and technology EF2L series model; the power module comprises a plurality of paths of DC-DC power conversion chips (the DC-DC power conversion refers to the conversion of electric energy with one voltage value into electric energy with another voltage value in a direct current circuit) for supplying power to the BMC system; the DC-DC power supply conversion chip adopts a domestic power supply chip such as a long-range microelectronic power supply, a Hangzhou Ai Nuo power supply and the like; the memory module uses an onboard eMMC (Embedded Multi Media Card) memory chip, the capacity is supported to be 64GB at maximum, and an eMMC chip such as Jiang Bo Dragon memory, yangtze river memory and the like is adopted; the software architecture layer also includes an embedded operating system developed based on OpenBMC (Board Management Controller), where the embedded operating system BOOT firmware is U-BOOT (a type of BOOT loader that is an open source BOOT loader) firmware.
In a ninth embodiment of the present invention, based on the eighth embodiment, the BMC system supports a standard IPMB (Intelligent Platform Management BUS ) protocol; the external interface layer further comprises a serial port, a PCIE (peripheral component interconnect express, high-speed serial computer expansion bus) interface, a LPC (Low pin count Bus) interface, a USB interface, an I2C interface, an ADC (analog-to-digital converter) interface, a display interface, an I3C (MIPI Alliance Improved Inter Integrated Circuit) interface, a UART (Universal Asynchronous Receiver and Transmitter ) interface, an SGPIO (Serial General Purpose Input/Output) interface, a GPIO interface (General-purpose input/Output), a PWM (Pulse Width Modulation, duty cycle) and TACH (tachometer) interface, a SPI (Serial Peripheral Interface) interface, a JTAG (Joint Test Action Group, joint test working group) interface, and a CLOCK interface (CLOCK signal interface) which are arranged between the sodim connector and the processor; the memory unit is DDR4 (fourth generation Double Date Rate Synchronous Dynamic Random Access Memory) memory unit and is in communication connection with the processor through a 32-bit channel; the storage module is a flash memory module; the processor is also connected with a first Bootstrap unit (a storage unit operated through a serial interface) and a second Bootstrap unit through SPI interface communication; the processor is also connected with a crystal oscillator (the frequency is 50 MHz); the FPGA module is in communication connection with the processor through a UART interface and a GPIO interface; the FPGA module is in communication connection with the SODIMM connector through a GPIO interface; the FPGA module is also connected with a JTAG debugging interface; the power module uses 3.3-12V voltage inputs through the sodim connector.
The interface between the processor and the SODIMM connector is described in detail below:
the PCIE interface includes 2 paths: wherein 1-way is configured as EP (EndPoint) mode by default for communication with the server, and 1-way is configured as RC (Root Complex) mode for extended implementation of other interface functions: such as USB interfaces, SATA interfaces, serial ports, and the like.
The network interfaces include RGMII (Reduced Gigabit Media Independent Interface) interfaces and RMII (Reduced Media Independent Interface) interfaces: the RGMII interface supports 1000Base-T (namely gigabit Ethernet), default IP is set to 192.168.20.100 for Web remote access to the BMC system, status information of a server is displayed, related operation can be carried out, and therefore a remote management function is realized; the RMII interface is configured for use with NCSI (network connectivity status detection) functions;
LPC interface: the LPC slave mode is supported for communication with the server motherboard.
ADC interface: the ADC acquisition channel is used for being connected with the voltage monitoring module so as to monitor the voltage of the server in real time.
The display interface comprises a VGA interface: the VGA interface is used for connecting with the display equipment to display the server interface, so that the server can conveniently manage locally.
Serial port: for communication with the motherboard to implement SOL (Serial Over LAN) functions.
I3C interface: the dual-purpose memory is used for mounting DDR5 (fifth generation Double Date Rate Synchronous Dynamic Random Access Memory) memory SPDHub (serial detection hub) chips so as to realize the functions of memory unit training, power supply configuration, temperature detection alarm and the like.
I2C interface: the temperature sensor is used for mounting the temperature sensor so as to realize the temperature monitoring of the server main board; and the system is also used for multiplexing into an SMBus bus (System Management Bus ) to be connected with a chip of the power module, so that the power module is monitored, and the voltage of the voltage module is regulated in real time.
USB interface: the USB2.0 interface supports an OTG (On-The-Go) function, and is used for connecting with a USB interface of a server main board to realize a KVM (Keyboard Video Mouse) function.
PWM and TACH interfaces: the 8 paths of PWM and TACH interfaces are used for connecting fans of the server so as to monitor and control the rotation speed of the fans and ensure good heat dissipation of the server.
SPI interface: the SPIFlash (a storage unit operated through a serial interface) for connecting the server realizes a BIOS (Basic Input Output System) function of remotely updating the server.
JTAG interface: and CPLD (Complex Programmable Logic Device) or FPGA modules used for connecting the servers to realize remote updating of CPLD or FPGA of the servers by the BMC system.
SGPIO interface: configured as a general purpose GPIO interface.
GPIO interface: the system comprises 36 GPIO interfaces, which can be used for management of power-on, state and the like of a server; the 26 GPIO interfaces connected with the FPGA module support custom setting.
The invention also provides a BMC system based on the domestic processor, and a BMC implementation method based on the domestic processor is applied; the system comprises a processor, an FPGA module, an SODIMM connector and a plurality of external trusted terminals; the FPGA module and the SODIMM connector are both in communication connection with the processor; the SODIMM connector is used for being embedded into an SODIMM slot of the server main board so as to enable the processor to be in communication connection with the server; a network interface is arranged between the SODIMM connector and the processor; the processor is communicatively coupled to an external trusted terminal via a network interface.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and including several instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.
Claims (10)
1. The BMC implementation method based on the domestic processor is characterized by being applied to a BMC system based on the domestic processor; the system comprises a processor, an FPGA module, an SODIMM connector and a plurality of external trusted terminals; the FPGA module and the SODIMM connector are both in communication connection with the processor; the SODIMM connector is used for being embedded into an SODIMM slot of the server main board so as to enable the processor to be in communication connection with the server; a network interface is arranged between the SODIMM connector and the processor; the processor is in communication connection with an external trusted terminal through a network interface; the method comprises the following steps:
the processor monitors the network interface to acquire network data of the access network interface, marks the data of the access network interface as target data, and acquires a source IP address of the target data;
after receiving the target data, the processor judges whether a first condition is satisfied: the processor acquires the state information of the server;
if yes, the processor acquires a preset address set, wherein the preset address set comprises a plurality of trusted IP addresses and unique address numbers corresponding to the trusted IP addresses, and the trusted IP addresses are the IP addresses of external trusted terminals;
the processor randomly selects 1 trusted IP address from a preset address set, and sends the state information of the server to an external trusted terminal corresponding to the selected trusted IP address;
the processor marks the address number corresponding to the selected trusted IP address as a target number, sends the target number to the source IP address of the target data, and then disconnects the communication connection with the source IP address of the target data.
2. The method for implementing BMC based on domestic processor as claimed in claim 1, wherein the system further comprises a management terminal capable of being communicatively connected with the processor through a network interface; the method further comprises the steps of:
the management terminal acquires a preset address set input by a user;
after receiving the target number, the management terminal acquires a trusted IP address corresponding to the target number in a preset address set and marks the trusted IP address as a first target address;
the management terminal establishes communication connection with an external trusted terminal corresponding to the first target address and sends an acquisition instruction;
and after receiving the acquisition instruction, the external trusted terminal corresponding to the first target address sends the state information of the server to the management terminal.
3. The method for implementing the BMC based on the domestic processor according to claim 2, wherein the system further comprises a memory module communicatively connected with the processor; the preset address set is stored in a storage module; after receiving the acquisition instruction, the external trusted terminal corresponding to the first target address sends the state information of the server to the management terminal, and then the method further comprises the following steps:
the external trusted terminal corresponding to the first target address generates a feedback instruction and sends the feedback instruction to the processor, wherein the feedback instruction comprises a second target address, and the second target address is an IP address corresponding to the management terminal corresponding to the acquisition instruction;
and after receiving the feedback instruction, the processor restores the communication connection with the second target address.
4. The method for implementing BMC based on a domestic processor as claimed in claim 3, wherein after receiving the feedback instruction, the processor resumes the communication connection with the second target address, and further comprising:
the processor marks the second target address as a trusted address;
after receiving the target data, the processor judges whether a first condition is met, and then the method further comprises the following steps:
if yes, the processor judges whether the source IP address of the target data is a trusted address;
if the address is a trusted address, the processor sends the state information of the server to a source IP address of target data;
if the address is not the trusted address, executing the steps that the processor acquires a preset address set and then.
5. The method of claim 1, wherein the processor monitors the network interface to obtain network data accessing the network interface, marks the data accessing the network interface as target data, and obtains a source IP address of the target data, and further comprising:
after receiving the target data, the processor judges whether a second condition is satisfied: the processor generates an instruction for powering up or powering down the server;
if yes, the processor prohibits executing the instruction of powering up or powering down the server, and checks whether the user name and the password in the target data are correct;
if so, the processor allows the execution of instructions for powering up or powering down the server;
if not, the processor marks the source IP address of the target data as an abnormal address.
6. The method for implementing BMC based on domestic processor as claimed in claim 2, wherein the processor randomly selects 1 trusted IP address from a preset address set, and sends the state information of the server to an external trusted terminal corresponding to the selected trusted IP address, and further comprising:
the external trusted terminal marks the time of receiving the state information of the server as the starting time;
the external trusted terminal judges whether an acquisition instruction is received within a preset time period from the starting moment;
if yes, the external trusted terminal sends the state information of the server to the management terminal, and then the state information of the server is deleted;
if not, the external trusted terminal deletes the state information of the server.
7. The method for implementing BMC based on a domestic processor according to claim 1, wherein the system further comprises an external interface layer, an application layer, a software architecture layer and a basic hardware layer; the external interface layer comprises a WebGUI interface, a Redfish protocol interface, an IPMI interface, an SSH interface and a display interface; the application layer comprises a state monitoring application, a platform control application, a sensor management application, an event recording application, an abnormality reporting application and a firmware management application; the software architecture layer comprises a Linux operating system and operating system starting firmware; the basic hardware layer comprises a memory unit and a power module.
8. The BMC implementation method based on a domestic processor according to claim 7, wherein the processor is a domestic processor; the maximum frequency of the memory unit supports 2400MHz; the FPGA module is used for expanding the GPIO interface; the power supply module is used for supplying power to the BMC system; the memory module uses an on-board eMMC memory chip, and the maximum capacity of the memory module supports 64GB; the software architecture layer also comprises an embedded operating system developed based on OpenBMC, wherein the embedded operating system starting firmware is U-BOOT firmware.
9. The method for implementing the BMC based on the domestic processor according to claim 8, wherein the BMC system supports a standard IPMB protocol; the external interface layer also comprises a PCIE interface, an LPC interface, a USB interface, an I2C interface, an ADC interface, a display interface, an I3C interface, a UART interface, an SGPIO interface, a PWM and TACH interface, an SPI interface, a JTAG interface and a CLOCK interface which are arranged between the SODIMM connector and the processor; the memory unit is a DDR4 memory unit and is in communication connection with the processor through a 32-bit channel; the storage module is a flash memory module; the processor is also connected with a first Bootstrap unit and a second Bootstrap unit through SPI interface communication; the processor is also connected with a crystal oscillator; the FPGA module is in communication connection with the processor through a UART interface and a GPIO interface; the FPGA module is in communication connection with the SODIMM connector through a GPIO interface; the FPGA module is also connected with a JTAG debugging interface.
10. A BMC system based on a domestic processor, wherein the BMC implementation method based on a domestic processor as claimed in any of claims 1 to 9 is applied; the system comprises a processor, an FPGA module, an SODIMM connector and a plurality of external trusted terminals; the FPGA module and the SODIMM connector are both in communication connection with the processor; the SODIMM connector is used for being embedded into an SODIMM slot of the server main board so as to enable the processor to be in communication connection with the server; a network interface is arranged between the SODIMM connector and the processor; the processor is communicatively coupled to an external trusted terminal via a network interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311698661.1A CN117395087B (en) | 2023-12-12 | 2023-12-12 | BMC implementation method and system based on domestic processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311698661.1A CN117395087B (en) | 2023-12-12 | 2023-12-12 | BMC implementation method and system based on domestic processor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117395087A true CN117395087A (en) | 2024-01-12 |
| CN117395087B CN117395087B (en) | 2024-02-20 |
Family
ID=89467087
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311698661.1A Active CN117395087B (en) | 2023-12-12 | 2023-12-12 | BMC implementation method and system based on domestic processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117395087B (en) |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102467217A (en) * | 2010-11-19 | 2012-05-23 | 鸿富锦精密工业(深圳)有限公司 | Synchronous obtaining method of power state |
| US20120317425A1 (en) * | 2011-06-13 | 2012-12-13 | Hon Hai Precision Industry Co., Ltd. | Power supply control system and method |
| CN105528545A (en) * | 2015-12-09 | 2016-04-27 | 浪潮电子信息产业股份有限公司 | Homemade 64-bit ARM processor-based server and safety design method |
| CN105790935A (en) * | 2016-03-15 | 2016-07-20 | 山东超越数控电子有限公司 | Independent-software-and-hardware-technology-based trusted authentication server |
| CN108632403A (en) * | 2018-03-30 | 2018-10-09 | 天津麒麟信息技术有限公司 | A kind of MAC and IP address transmission method based on Feiteng processor |
| CN209281294U (en) * | 2019-02-21 | 2019-08-20 | 成都申威科技有限责任公司 | A kind of EEB server master board based on 1621 processor of Shen prestige and Shen Wei ICH2 chipset |
| CN209281295U (en) * | 2019-02-21 | 2019-08-20 | 成都申威科技有限责任公司 | A kind of BMC support plate based on SODIMM interface |
| CN210899202U (en) * | 2020-01-02 | 2020-06-30 | 合肥市卓怡恒通信息安全有限公司 | Switching system of remote management module and trusted management module based on Loongson server |
| US20200301949A1 (en) * | 2019-03-19 | 2020-09-24 | Andrew Ka-Ching WONG | System and method for determining data patterns using data mining |
| US20200342109A1 (en) * | 2019-04-29 | 2020-10-29 | Hewlett Packard Enterprise Development Lp | Baseboard management controller to convey data |
| US20200344269A1 (en) * | 2019-04-25 | 2020-10-29 | Super Micro Computer, Inc. | Network switches with secured switch ports to baseboard management controllers |
| CN212749835U (en) * | 2020-08-07 | 2021-03-19 | 郑州信大先进技术研究院 | Safe credible computer based on domestic TPM encryption module |
| CN112838952A (en) * | 2021-01-04 | 2021-05-25 | 联想(北京)有限公司 | Data transmission method of baseboard management controller, BMC, server and medium |
| CN112905529A (en) * | 2021-03-09 | 2021-06-04 | 北京中电智诚科技有限公司 | Chip based on FT chip D2000 and FT-2000/4 |
| CN217506431U (en) * | 2021-12-09 | 2022-09-27 | 长治市卓怡恒通信息安全有限公司 | BMC board card based on Loongson platform |
| CN115292239A (en) * | 2022-07-06 | 2022-11-04 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Integrated computer based on Shenwei 831 processor |
| CN115657542A (en) * | 2022-10-24 | 2023-01-31 | 中国电子信息产业集团有限公司第六研究所 | Trusted technology-based domestic information security processing system and processing method |
| CN116055254A (en) * | 2023-01-10 | 2023-05-02 | 华中科技大学 | Safe and trusted gateway system, control method, medium, equipment and terminal |
-
2023
- 2023-12-12 CN CN202311698661.1A patent/CN117395087B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102467217A (en) * | 2010-11-19 | 2012-05-23 | 鸿富锦精密工业(深圳)有限公司 | Synchronous obtaining method of power state |
| US20120317425A1 (en) * | 2011-06-13 | 2012-12-13 | Hon Hai Precision Industry Co., Ltd. | Power supply control system and method |
| CN105528545A (en) * | 2015-12-09 | 2016-04-27 | 浪潮电子信息产业股份有限公司 | Homemade 64-bit ARM processor-based server and safety design method |
| CN105790935A (en) * | 2016-03-15 | 2016-07-20 | 山东超越数控电子有限公司 | Independent-software-and-hardware-technology-based trusted authentication server |
| CN108632403A (en) * | 2018-03-30 | 2018-10-09 | 天津麒麟信息技术有限公司 | A kind of MAC and IP address transmission method based on Feiteng processor |
| CN209281294U (en) * | 2019-02-21 | 2019-08-20 | 成都申威科技有限责任公司 | A kind of EEB server master board based on 1621 processor of Shen prestige and Shen Wei ICH2 chipset |
| CN209281295U (en) * | 2019-02-21 | 2019-08-20 | 成都申威科技有限责任公司 | A kind of BMC support plate based on SODIMM interface |
| US20200301949A1 (en) * | 2019-03-19 | 2020-09-24 | Andrew Ka-Ching WONG | System and method for determining data patterns using data mining |
| US20200344269A1 (en) * | 2019-04-25 | 2020-10-29 | Super Micro Computer, Inc. | Network switches with secured switch ports to baseboard management controllers |
| US20200342109A1 (en) * | 2019-04-29 | 2020-10-29 | Hewlett Packard Enterprise Development Lp | Baseboard management controller to convey data |
| CN210899202U (en) * | 2020-01-02 | 2020-06-30 | 合肥市卓怡恒通信息安全有限公司 | Switching system of remote management module and trusted management module based on Loongson server |
| CN212749835U (en) * | 2020-08-07 | 2021-03-19 | 郑州信大先进技术研究院 | Safe credible computer based on domestic TPM encryption module |
| CN112838952A (en) * | 2021-01-04 | 2021-05-25 | 联想(北京)有限公司 | Data transmission method of baseboard management controller, BMC, server and medium |
| CN112905529A (en) * | 2021-03-09 | 2021-06-04 | 北京中电智诚科技有限公司 | Chip based on FT chip D2000 and FT-2000/4 |
| CN217506431U (en) * | 2021-12-09 | 2022-09-27 | 长治市卓怡恒通信息安全有限公司 | BMC board card based on Loongson platform |
| CN115292239A (en) * | 2022-07-06 | 2022-11-04 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Integrated computer based on Shenwei 831 processor |
| CN115657542A (en) * | 2022-10-24 | 2023-01-31 | 中国电子信息产业集团有限公司第六研究所 | Trusted technology-based domestic information security processing system and processing method |
| CN116055254A (en) * | 2023-01-10 | 2023-05-02 | 华中科技大学 | Safe and trusted gateway system, control method, medium, equipment and terminal |
Non-Patent Citations (1)
| Title |
|---|
| 苏振宇;: "基于国产BMC的服务器安全启动技术研究与实现", 《信息安全研究》, no. 09, 5 September 2017 (2017-09-05) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117395087B (en) | 2024-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10402207B2 (en) | Virtual chassis management controller | |
| TWI618380B (en) | Management methods, service controller devices and non-stransitory, computer-readable media | |
| US9710045B2 (en) | Managing network wake-up commands | |
| US6895285B2 (en) | Computer system status monitoring | |
| CN102132523B (en) | Device power management using network connections | |
| US9645954B2 (en) | Embedded microcontroller and buses | |
| US7185229B2 (en) | Method and system for performing remote maintenance operations on a battery powered computer | |
| US20080043769A1 (en) | Clustering system and system management architecture thereof | |
| US20160070627A1 (en) | Backup management control in a server system | |
| CN110554943B (en) | Multi-node server CMC management system and method based on I3C | |
| US20150082063A1 (en) | Baseboard management controller state transitions | |
| CN110658758A (en) | Control method and control system | |
| CN102880527B (en) | Data recovery method of baseboard management controller | |
| TWI567536B (en) | Power management circuit, server and power management method thereof | |
| EP3319283B1 (en) | Server data port learning at data switch | |
| CN114116378B (en) | Method, system, terminal and storage medium for acquiring PCIe (peripheral component interconnect express) equipment temperature | |
| KR100376939B1 (en) | Method to manage after-sales service of computer and a/s system of computer using thereof | |
| CN108757536A (en) | A kind of electronic equipment and control method for fan | |
| CN117395087B (en) | BMC implementation method and system based on domestic processor | |
| CN110109802A (en) | A kind of real-time method and system for reading hard disk temperature | |
| CN100550771C (en) | Realize the method and system of long-distance loading monoboard fastener | |
| CN104571098A (en) | Remote self-diagnosis method based on Atom platform | |
| CN106649002A (en) | Server and method for automatically overhauling baseboard management controller | |
| CN210776379U (en) | GPU Box system | |
| TWM598968U (en) | Out-of-band external control equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |