CN117667788B

CN117667788B - Data interaction method, computer system, electronic device and storage medium

Info

Publication number: CN117667788B
Application number: CN202410129339.5A
Authority: CN
Inventors: 管峥朝; 张秀波; 周璐
Original assignee: Suzhou Metabrain Intelligent Technology Co Ltd
Current assignee: Suzhou Metabrain Intelligent Technology Co Ltd
Priority date: 2024-01-30
Filing date: 2024-01-30
Publication date: 2024-04-19
Anticipated expiration: 2044-01-30
Also published as: CN117667788A

Abstract

The invention provides a data interaction method, a computer system, electronic equipment and a storage medium, which are applied to the technical field of data interaction and comprise the following steps: determining a first data packet to be sent to a baseboard management controller, and dividing the first data packet into a plurality of data blocks with target sizes; determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet; generating a second data packet according to unrepeated character string sequences, repeated character string sequences and position information in the plurality of data blocks; and sending the second data packet to the baseboard management controller through the memory mapping type mainboard management controller interface. The data volume transmitted between the basic input and output system and the baseboard management controller can be obviously reduced, so that the data transmission efficiency is improved, the excessive bandwidth occupied by data transmission is avoided, and the use efficiency of the circulation buffer area can also be improved.

Description

Data interaction method, computer system, electronic device and storage medium

Technical Field

The present invention relates to the field of data interaction, and in particular, to a data interaction method, a computer system, an electronic device, and a non-volatile computer readable storage medium.

Background

In the field of server hardware management, communication between a BIOS (basic input/output system) and a BMC (Baseboard Management Controller ) is a key to implementing hardware monitoring and remote management functions. The BIOS is the firmware code during the server startup process, responsible for initializing the server's hardware and loading the operating system. The BMC is a specialized microcontroller that monitors the physical state of the server and performs management tasks such as restarting, logging, and security control.

In conventional server management practice, communication between the BIOS and the BMC depends on various communication interfaces and protocols, and MMBI (Memory-Mapped BMC Interface, memory-mapped motherboard management controller interface) is an important communication mechanism. MMBI map the memory space of the BMC to the BIOS via an eSPI (ENHANCED SERIAL PERIPHERAL INTERFACE ) bus, so that the BIOS can directly access the memory of the BMC, thereby conveniently reading status information and sending management commands, as shown in fig. 1. This mechanism significantly increases the response speed of management instructions, which is an integral part of modern data center server management.

The core of the prior art MMBI is that it provides a direct mapped communication scheme that utilizes the high bandwidth and low latency characteristics of the eSPI bus to achieve efficient communication between the BIOS and the BMC. However, this data transmission method has a problem of low efficiency, particularly in a large-scale data center, the transmission of a large amount of monitoring data may occupy excessive bandwidth, and in a case of limited bandwidth, may cause significant transmission delay.

Disclosure of Invention

In view of the above, there has been proposed to provide a data interaction method, a computer system, an electronic device and a non-volatile computer-readable storage medium, which overcome or at least partially solve the above problems, comprising:

A data interaction method applied to a basic input/output system, wherein the basic input/output system communicates with a baseboard management controller through a memory mapping type motherboard management controller interface, the method comprising:

Determining a first data packet to be sent to the baseboard management controller, and dividing the first data packet into a plurality of data blocks with a target size;

Determining repeated character string sequences in the plurality of data blocks, and determining position information of the repeated character string sequences in the first data packet;

Generating a second data packet according to the unrepeated character string sequence, the repeated character string sequence and the position information in the plurality of data blocks;

and sending the second data packet to the baseboard management controller through the memory mapping type mainboard management controller interface.

Optionally, the determining the repeated character string sequence in the plurality of data blocks includes:

Writing the character string sequence of the data block into a preset dictionary in turn;

when the character string sequence written in the preset dictionary currently is matched with the character string sequence written in the preset dictionary previously, determining that the character string sequence written in the preset dictionary currently is a repeated character string sequence;

the generating a second data packet according to the unrepeated string sequence, the repeated string sequence, and the location information in the plurality of data blocks includes:

Generating a token for the repeated character string sequence, wherein the token comprises a literal length and a matching length corresponding to the repeated character string sequence;

And generating the second data packet according to the preset dictionary, tokens corresponding to the repeated character string sequences and the position information.

Optionally, the method further comprises:

Determining the bandwidth occupied by the current data interaction and the speed of data transmission between the basic input and output system and the baseboard management controller;

determining the transmission priority of the first data packet;

Determining a target compression level according to the bandwidth occupied by the current data interaction, the data transmission speed and the transmission priority; the target compression level is used to determine the length of the matching length.

Optionally, the sending, by the memory mapped motherboard management controller interface, the second data packet to the baseboard management controller includes:

Encrypting the second data packet according to a preset secret key to obtain a third data packet;

And sending the third data packet to the baseboard management controller through the memory mapping type mainboard management controller interface, wherein the baseboard management controller is used for decrypting the third data packet according to the preset key to obtain a second data packet.

Optionally, the method further comprises:

when a preset security event is detected, replacing the preset secret key;

And sending the replaced preset secret key to the baseboard management controller.

Optionally, the method further comprises:

the basic input/output system and the baseboard management controller are used for synchronizing serial numbers;

The sending, by the memory mapped motherboard management controller interface, the second data packet to the baseboard management controller includes:

Adding the currently polled target sequence number in the second data packet;

transmitting a second data packet added with a target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface; the baseboard management controller is used for detecting replay attack of the second data packet according to the target serial number.

Optionally, the method further comprises:

The basic input and output system and the baseboard management controller are synchronized in time;

Adding a target time stamp into the second data packet according to the current system time of the basic input/output system;

sending a second data packet added with a target time stamp to the baseboard management controller through the memory mapping type mainboard management controller interface; the baseboard management controller is used for detecting replay attack of the second data packet according to the target time stamp.

Optionally, the method further comprises:

The basic input/output system and the baseboard management controller are synchronized in sequence number and time;

Adding the currently polled target sequence number in the second data packet;

Adding a target time stamp into a second data packet added with the currently polled target sequence number according to the current system time of the basic input/output system;

Transmitting a second data packet added with the target timestamp and the target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface;

The baseboard management controller is used for detecting whether the target sequence number is smaller than or equal to the last sequence number recorded in the baseboard management controller after receiving the second data packet added with the target timestamp and the target sequence number; discarding the second data packet when the target sequence number is less than or equal to a last sequence number recorded in the baseboard management controller; when the target sequence number is larger than the last sequence number, judging whether the deviation between the target time stamp and the current system time of the baseboard management controller exceeds a preset deviation value; and discarding the second data packet when the deviation between the target timestamp and the current system time of the baseboard management controller exceeds a preset deviation value.

adding redundant check codes into the second data packet to generate a fourth data packet;

Transmitting the fourth data packet to the baseboard management controller through the memory mapped motherboard management controller interface; and the baseboard management controller is used for detecting the content error of the second data packet according to the redundant check code.

Optionally, each of the plurality of data blocks is provided with an identifier; the method further comprises the steps of:

and responding to the data request of the baseboard management controller aiming at the target identifier, and sending the data block corresponding to the target identifier to the baseboard management controller.

The embodiment of the invention also provides a data interaction method which is applied to the baseboard management controller, wherein the baseboard management controller communicates with the basic input/output system through a memory mapping type mainboard management controller interface, and the method comprises the following steps:

Receiving a second data packet sent by the basic input/output system through the memory mapping type main board management controller interface; the second data packet is a first data packet which is determined to be sent to the baseboard management controller by the basic input and output system, and after the first data packet is divided into a plurality of data blocks with target sizes, repeated character string sequences in the plurality of data blocks are determined, and position information of the repeated character string sequences in the first data packet is determined; generating a data packet according to the unrepeated character string sequence, the repeated character string sequence and the position information in the plurality of data blocks;

decompressing the second data packet to obtain the first data packet.

Optionally, after the basic input/output system sequentially writes the character string sequences of the data blocks into a preset dictionary, when the character string sequence currently written into the preset dictionary matches with the character string sequence previously written into the preset dictionary, determining that the character string sequence currently written into the preset dictionary is a repeated character string sequence; generating a token for the repeated character string sequence, wherein the token comprises a literal length and a matching length corresponding to the repeated character string sequence; generating a data packet according to the preset dictionary, tokens corresponding to each repeated character string sequence and the position information;

The decompressing the second data packet to obtain the first data packet includes:

Reading the token and the position information in the second data packet;

and generating the first data packet according to the token, the position information and the data blocks in the preset dictionary.

The embodiment of the invention also provides a computer system, which comprises a basic input/output system and a baseboard management controller, wherein the basic input/output system and the baseboard management controller are communicated through a memory mapping type mainboard management controller interface;

The basic input/output system comprises a compression module, wherein the compression module is used for determining a first data packet to be sent to the baseboard management controller and dividing the first data packet into a plurality of data blocks with target sizes; determining repeated character string sequences in the plurality of data blocks, and determining position information of the repeated character string sequences in the first data packet; generating a second data packet according to the unrepeated character string sequence, the repeated character string sequence and the position information in the plurality of data blocks;

The basic input/output system is used for sending the second data packet to the baseboard management controller through the memory mapping type mainboard management controller interface;

the baseboard management controller comprises a decompression module, wherein the decompression module is used for decompressing the second data packet to obtain the first data packet.

Optionally, the basic input/output system further includes an encryption module, where the encryption module is configured to encrypt the second data packet according to a preset key to obtain a third data packet;

the basic input/output system is used for sending the third data packet to the baseboard management controller through the memory mapping type mainboard management controller interface;

The baseboard management controller further comprises a decryption module, wherein the decryption module is used for decrypting the third data packet according to the preset secret key to obtain a second data packet.

Optionally, the baseboard management controller further includes a replay defense module;

The basic input/output system is used for synchronizing the serial numbers with the baseboard management controller and adding the currently polled target serial numbers into the second data packet; transmitting a second data packet added with a target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface;

And the replay defense module is used for detecting replay attack on the second data packet according to the target sequence number.

The basic input/output system is used for synchronizing time with the baseboard management controller, and adding a target time stamp into the second data packet according to the current system time of the basic input/output system; sending a second data packet added with a target time stamp to the baseboard management controller through the memory mapping type mainboard management controller interface;

The replay defense module is used for detecting replay attack on the second data packet according to the target timestamp.

The basic input/output system is used for synchronizing the sequence number and time with the baseboard management controller, and adding a currently polled target sequence number into the second data packet; adding a target time stamp into a second data packet added with the currently polled target sequence number according to the current system time of the basic input/output system; transmitting a second data packet added with the target timestamp and the target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface;

The replay defense module is used for detecting whether the target sequence number is smaller than or equal to the last sequence number recorded in the baseboard management controller after receiving the second data packet added with the target time stamp and the target sequence number; discarding the second data packet when the target sequence number is less than or equal to a last sequence number recorded in the baseboard management controller; when the target sequence number is larger than the last sequence number, judging whether the deviation between the target time stamp and the current system time of the baseboard management controller exceeds a preset deviation value; and discarding the second data packet when the deviation between the target timestamp and the current system time of the baseboard management controller exceeds a preset deviation value.

Optionally, the baseboard management controller further includes an error checking module;

The basic input/output system is used for adding redundant check codes into the second data packet to generate a fourth data packet; transmitting the fourth data packet to the baseboard management controller through the memory mapped motherboard management controller interface;

And the error checking module is used for detecting content errors of the second data packet according to the redundant check code.

Optionally, each of the plurality of data blocks is provided with an identifier, and the baseboard management controller further includes an error recovery module, where the error recovery module is configured to send a data request for a target identifier to the bios;

The basic input/output system is used for responding to the data request of the baseboard management controller aiming at the target identifier and sending the data block corresponding to the target identifier to the baseboard management controller.

The embodiment of the invention also provides electronic equipment, which comprises a processor, a memory and a computer program stored on the memory and capable of running on the processor, wherein the computer program realizes the data interaction method when being executed by the processor.

The embodiment of the invention also provides a nonvolatile computer readable storage medium, wherein the nonvolatile computer readable storage medium stores a computer program, and the computer program realizes the data interaction method when being executed by a processor.

In the embodiment of the invention, the basic input/output system can firstly determine the first data packet to be sent to the baseboard management controller and divide the first data packet into a plurality of data blocks with target sizes; then determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet; generating a second data packet according to the unrepeated character string sequence, the repeated character string sequence and the position information in the plurality of data blocks; and then, the second data packet is sent to the baseboard management controller through the memory mapping type mainboard management controller interface. Compared with the method that the basic input and output system directly sends the data packet to the baseboard management controller, the embodiment of the invention can obviously reduce the data quantity transmitted between the basic input and output system and the baseboard management controller, thereby improving the data transmission efficiency, further avoiding the data transmission occupying excessive bandwidth and improving the use efficiency of the circulation buffer zone.

Drawings

In order to more clearly illustrate the technical solutions of the present invention, the drawings that are needed in the description of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort to a person skilled in the art.

FIG. 1 is a schematic diagram of a prior art data interaction;

FIG. 2 is a flow chart of the steps of a method of data interaction according to an embodiment of the present invention;

FIG. 3 is a flow chart of steps of another method of data interaction according to an embodiment of the present invention;

FIG. 4 is a flow chart of steps of another method of data interaction according to an embodiment of the present invention;

FIG. 5 is a flow chart of steps of another method of interaction of data according to an embodiment of the present invention;

FIG. 6 is a flow chart of steps of another method of interaction of data according to an embodiment of the present invention;

FIG. 7 is a flow chart of steps of another method of interaction of data according to an embodiment of the present invention;

FIG. 8 is a flow chart of steps of another method of interaction of data according to an embodiment of the present invention;

FIG. 9 is a schematic diagram of a computer system according to an embodiment of the invention;

FIG. 10 is a flow chart of the steps of compression and decompression according to an embodiment of the present invention;

FIG. 11 is a flowchart of steps for replay defense according to an embodiment of the present invention;

FIG. 12 is a flowchart illustrating steps of data interaction between a basic input output system and a baseboard management controller according to an embodiment of the present invention;

FIG. 13 is a schematic diagram of an electronic device according to an embodiment of the present invention;

Fig. 14 is a schematic structural view of a nonvolatile computer-readable storage medium according to an embodiment of the present invention.

Detailed Description

In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description. It will be apparent that the described embodiments are some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

In practical applications, since MMBI does not implement a data compression mechanism, the amount of data transferred between the BIOS and the BMC is larger than actually needed, which not only occupies too much bandwidth, but also reduces the efficiency of the use of the circular buffer. In order to reduce the occupied bandwidth and improve the use efficiency of a circular buffer, the embodiment of the invention provides a data interaction method between a basic input/output system and a baseboard management controller, wherein the data interaction method can be applied to a data interaction scene of a memory mapping type mainboard management controller interface; compared with the method that the basic input and output system directly sends the data packet to the baseboard management controller, the method can obviously reduce the data quantity transmitted between the basic input and output system and the baseboard management controller, thereby improving the data transmission efficiency, further avoiding the data transmission occupying excessive bandwidth and improving the use efficiency of the circulation buffer zone.

Specifically, referring to fig. 2, fig. 2 is a flowchart illustrating steps of a data interaction method according to an embodiment of the present invention; the data interaction method can be applied to a basic input/output system, and the basic input/output system can communicate with a baseboard management controller through a memory mapping type mainboard management controller interface; as shown in fig. 2, the data interaction method may include the steps of:

step 201, determining a first data packet to be sent to a baseboard management controller, and dividing the first data packet into a plurality of data blocks with a target size.

In practical application, the basic input/output system may determine a first data packet to be sent to the baseboard management controller; then, compressing the first data packet; for example, the first data packet may be compressed using LZ4 (Lempel-Ziv 4). LZ4 is an efficient compression algorithm that uses dictionary compression to divide input data into small blocks and then constructs a dictionary to store previous data blocks to find and eliminate redundant information.

Specifically, after determining a first data packet to be sent to the baseboard management controller by the bios, the bios may divide the first data packet into a plurality of data blocks with a target size according to a preset target size. The target size may be set according to practical situations, for example: 16kb (Kilobyte kilobytes), to which embodiments of the invention are not limited.

Step 202, determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet.

After a plurality of data blocks are obtained, the repeated character string sequences in the data blocks, namely the character string sequences with the similarity exceeding a preset value, can be determined; the position information of the repeated character string sequences in the first data packet can be determined while the repeated character string sequences are determined, so that copying can be performed at corresponding positions based on the position information when the data packet is decompressed later.

Step 203, generating a second data packet according to the unrepeated string sequence, the repeated string sequence, and the position information in the plurality of data blocks.

When determining the repeated character string sequences in the plurality of data blocks, determining unrepeated character string sequences in the plurality of data blocks; then, a second data packet having a smaller data amount than the first data packet may be generated based on the unrepeated string sequence, the repeated string sequence, and the position information in the plurality of data blocks.

Step 204, the second data packet is sent to the baseboard management controller through the memory mapped motherboard management controller interface.

After the basic input/output system generates the second data packet, the generated second data packet can be sent to the baseboard management controller through the memory mapping type mainboard management controller interface, so that data interaction between the basic input/output system and the baseboard management controller is realized.

Referring to fig. 3, fig. 3 is a flowchart illustrating steps of another data interaction method according to an embodiment of the present invention, where the data interaction method may include the steps of:

step 301, determining a first data packet to be sent to the baseboard management controller, and dividing the first data packet into a plurality of data blocks with a target size.

In practical application, the basic input/output system may determine a first data packet to be sent to the baseboard management controller; the first packet is then compressed. Specifically, after determining a first data packet to be sent to the baseboard management controller by the bios, the bios may divide the first data packet into a plurality of data blocks with a target size according to a preset target size.

In some possible embodiments, LZ4 may be integrated into the firmware code of the bios as a stand-alone module, ensuring decoupling of the module from other parts for ease of administration and updating.

Step 302, writing the character string sequence of the data block into a preset dictionary in turn.

In the embodiment of the invention, a preset dictionary can be created in advance; then, the character string sequences of the data blocks obtained through segmentation can be written into a preset dictionary in sequence; when the character string sequence is written into the preset dictionary, hash searching can be performed, and repeated character string sequences can be rapidly positioned through a hash algorithm.

Step 303, when the string sequence currently written in the preset dictionary matches the string sequence previously written in the preset dictionary, determining that the string sequence currently written in the preset dictionary is a repeated string sequence.

If the character string sequence written in the preset dictionary currently is detected to be matched with the character string sequence written in the preset dictionary previously, the character string sequence written in the preset dictionary currently can be judged to be a repeated character string sequence; at this time, the repeated character string sequence may not be written into the preset dictionary, i.e., the preset dictionary stores only character string sequences that have not previously appeared.

Step 304, determining the position information of the repeated character string sequence in the first data packet.

Determining the position information of the repeated character string sequence in the first data packet when the repeated character string sequence is determined; the position information may be represented by an offset value that may be used to represent the position of the repeated string sequence in the first data packet.

Step 305, a token is generated for the repeated string sequence, and the token includes a word length and a matching length corresponding to the repeated string sequence.

When determining the repeated character string sequence, generating a token for the repeated character string sequence, wherein the token can store the word length and the matching length corresponding to the repeated character string sequence; the literal length may refer to the length of the currently scanned string sequence, and the matching length refers to the length of the longest string sequence that matches the current string sequence.

In one embodiment of the present invention, to accommodate different transmission requirements, a compression level setting may be defined for LZ 4; different compression levels are selected depending on the rate and urgency of the data transmission. Selecting a higher compression level to reduce the amount of data transferred when the amount of data is large or the transfer is slow; when a fast transmission is required, a lower compression level is selected to reduce processing time. Specifically, different compression levels may be achieved by:

Determining the bandwidth occupied by the current data interaction and the speed of data transmission between the basic input and output system and the baseboard management controller; determining a transmission priority of the first data packet; determining a target compression level according to the bandwidth occupied by the current data interaction, the speed of data transmission and the transmission priority; the target compression level is used to determine the length of the matching length.

In some possible embodiments, the bandwidth occupied by the current data interaction and the speed of data transmission between the basic input output system and the baseboard management controller can be determined first; meanwhile, the transmission priority of the first data packet can be determined; the transmission priority may be preset for the data packet, which is not limited in the embodiment of the present invention.

After determining the bandwidth occupied by the current data interaction, the speed of data transmission and the transmission priority of the first data packet, determining the bandwidth occupied by the current data interaction, the speed of data transmission and the target compression level corresponding to the transmission priority of the first data packet according to a preset rule; by way of example, the compression level may be preset for different bandwidths, speeds of data transmission, and transmission priorities; when determining the bandwidth occupied by the current data interaction, the speed of data transmission and the target compression level corresponding to the transmission priority of the first data packet, the target compression level can be determined based on the preset corresponding relation.

After determining the target compression level, the first data packet may be compressed based on the target compression level; for example, the amount of compression to the first data packet may be determined based on the target compression level; the higher the target compression level, the more compressed the first data packet, and the lower the target compression level, the less compressed the first data packet.

For yet another example, the length of the matching length may be determined based on the target compression level; for example: the greater the target compression level, the longer the length of the matching length, and the smaller the target compression level, the shorter the length of the matching length, which is not limiting in this embodiment of the invention.

And 306, generating a second data packet according to the preset dictionary, the tokens corresponding to the repeated character string sequences and the position information.

In the embodiment of the invention, after the preset dictionary, the tokens corresponding to each repeated character string sequence and the position information of each repeated character string sequence are obtained, a second data packet with smaller data volume than the first data packet can be generated based on the preset dictionary, the tokens corresponding to each repeated character string sequence and the position information.

Step 307, the second data packet is sent to the baseboard management controller through the memory mapped motherboard management controller interface.

In the embodiment of the invention, the basic input/output system can firstly determine the first data packet to be sent to the baseboard management controller and divide the first data packet into a plurality of data blocks with target sizes; then writing the character string sequence of the data block into a preset dictionary in turn; when the character string sequence written in the preset dictionary currently matches with the character string sequence written in the preset dictionary previously, determining that the character string sequence written in the preset dictionary currently is a repeated character string sequence; determining position information of the repeated character string sequence in the first data packet; generating a token aiming at the repeated character string sequence, wherein the token comprises a literal length and a matching length corresponding to the repeated character string sequence; generating a second data packet according to a preset dictionary, tokens corresponding to each repeated character string sequence and position information; and sending the second data packet to the baseboard management controller through the memory mapping type mainboard management controller interface. Compared with the method that the basic input and output system directly sends the data packet to the baseboard management controller, the embodiment of the invention can obviously reduce the data quantity transmitted between the basic input and output system and the baseboard management controller, thereby improving the data transmission efficiency, further avoiding the data transmission occupying excessive bandwidth and improving the use efficiency of the circulation buffer zone.

Referring to fig. 4, fig. 4 is a flowchart illustrating steps of another data interaction method according to an embodiment of the present invention, where the data interaction method may include the steps of:

Step 401, determining a first data packet to be sent to the baseboard management controller, and dividing the first data packet into a plurality of data blocks with a target size.

Step 402, determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in the first data packet.

Step 403, generating a second data packet according to the unrepeated string sequence, the repeated string sequence and the position information in the plurality of data blocks.

Steps 401 to 403 are similar to steps 201 to 203, and are not described herein.

And step 404, encrypting the second data packet according to the preset key to obtain a third data packet.

In practical applications, the existing memory mapped motherboard management controller interface does not include a data encryption or authentication mechanism, so that data transmitted through the interface is easy to be intercepted and tampered, and particularly, when sensitive information is transmitted, the security risk is obviously increased. In order to avoid the risk of interception and tampering during the data interaction through the memory mapped motherboard management controller interface, the bios may encrypt the second data packet with a preset key before sending the second data packet to the baseboard management controller, so as to obtain a third data packet.

Illustratively, AES-128-GCM (Advanced Encryption STANDARD WITH A-bit key in Galois/counter mode, advanced encryption Standard-128 bit-Galois/counter mode) may be employed to encrypt the second data packet; specifically, the second data packet may be first divided into blocks that meet the encryption block size requirements of AES-128-GCM; these blocks may then be independently encrypted by the AES-128-GCM algorithm to obtain a third data packet. The third data packet may comprise a plurality of data blocks independently encrypted by the AES-128-GCM algorithm.

Step 405, sending the third data packet to a baseboard management controller through a memory mapped motherboard management controller interface, where the baseboard management controller is configured to decrypt the third data packet according to a preset key to obtain a second data packet.

After the third data packet is obtained, the third data packet can be sent to the baseboard management controller through the memory mapping type mainboard management controller interface; after receiving the third data packet, the substrate controller can decrypt the third data packet so as to obtain a second data packet; the second data packet may then be further decompressed to obtain the first data packet.

In some possible embodiments, TLS (Transport Layer Security, transport layer security protocol) may be used during transmission when sending the third data packet to the baseboard management controller via the memory mapped motherboard management controller interface to provide an additional layer of security during transmission to prevent data from being intercepted or tampered with.

In an embodiment of the present invention, the method may further include the following steps:

When a preset security event is detected, replacing a preset secret key; and sending the replaced preset secret key to the baseboard management controller.

In practical applications, a preset security event may be set, where the security event may be a preset event interval, or may be other events, for example: an event of occurrence of preset key leakage, etc., to which the embodiment of the present invention is not limited.

When a preset security event is detected to be triggered, the basic input/output system can replace the preset secret key and transmit the replaced preset secret key to the baseboard management controller through a secure transmission channel, such as a transmission channel of TLS; after receiving the replaced preset key, the baseboard management controller can decrypt the received data packet by using the replaced preset key later.

In addition, the baseboard management controller can delete the prior preset key after receiving the replaced preset key and store the replaced preset key.

In the embodiment of the invention, a first data packet to be sent to a baseboard management controller is determined, and the first data packet is divided into a plurality of data blocks with target sizes; determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet; generating a second data packet according to unrepeated character string sequences, repeated character string sequences and position information in the plurality of data blocks; encrypting the second data packet according to a preset secret key to obtain a third data packet; and sending the third data packet to a baseboard management controller through a memory mapping type mainboard management controller interface, wherein the baseboard management controller is used for decrypting the third data packet according to a preset secret key to obtain a second data packet. By the embodiment of the invention, the risks that data is confused and tampered when the basic input/output system communicates with the baseboard management controller through the memory mapping type mainboard management controller interface can be avoided, and the safety of data interaction is improved.

Referring to fig. 5, fig. 5 is a flowchart illustrating steps of another data interaction method according to an embodiment of the present invention, where the data interaction method may include the steps of:

Step 501, determining a first data packet to be sent to a baseboard management controller, and dividing the first data packet into a plurality of data blocks with a target size.

Step 502, determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet.

Step 503, generating a second data packet according to the unrepeated string sequence, the repeated string sequence, and the position information in the plurality of data blocks.

Steps 501 to 503 are similar to steps 201 to 203, and are not repeated here.

Step 504, adding the currently polled target sequence number to the second data packet.

In practical application, the existing MMB lacks effective data uniqueness verification mechanism and synchronization mechanism weak, which results in failure to ensure data novelty and failure to ensure state consistency between the baseboard management controller and the basic input/output system.

In order to ensure the consistency of the state between the baseboard management controller and the basic input output system, the basic input output system may add the currently polled target serial number to the second data packet before sending the second data packet.

The serial number can be an integer which strictly monotonically increases, and the basic input/output system is responsible for updating the value when transmitting data each time, so that the uniqueness of each data packet is ensured; the target sequence number may refer to the currently polled sequence number.

In the initial synchronization phase, a secure handshake procedure is used between the bios and the baseboard management controller, and TLS is used to ensure that the serial numbers are synchronized at both ends, specifically: the basic input/output system and the baseboard management controller are synchronized in serial number.

Illustratively, the bios and the baseboard management controller may synchronize serial numbers through TLS via a secure handshake process.

Step 505, sending the second data packet added with the target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface; the baseboard management controller is used for detecting replay attacks on the second data packet according to the target serial number.

After the target serial number is added in the second data packet, the basic input/output system can send the second data packet added with the target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface.

After receiving the second data packet added with the target sequence number, the baseboard management controller can detect replay attack on the second data packet based on the target sequence number; specifically, when the baseboard management controller receives the second data packet, the target sequence number may be checked first to determine whether the target sequence number is incremented in the expected order. If the received target sequence number is less than or equal to the last sequence number recorded by the baseboard management controller, the baseboard management controller can judge that the second data packet is a replay attack and discard the second data packet immediately, so as to ensure that an attacker cannot deceptively cheat the system by retransmitting the old data packet.

Otherwise, if the received target sequence number is greater than the last sequence number recorded by the baseboard management controller, the second data packet may be subjected to subsequent processing, for example: decryption, decompression, etc., as embodiments of the present invention are not limited in this regard.

In the embodiment of the invention, a first data packet to be sent to a baseboard management controller is determined, and the first data packet is divided into a plurality of data blocks with target sizes; determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet; generating a second data packet according to unrepeated character string sequences, repeated character string sequences and position information in the plurality of data blocks; adding the currently polled target sequence number in the second data packet; transmitting the second data packet added with the target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface; the baseboard management controller is used for detecting replay attacks on the second data packet according to the target serial number. By the embodiment of the invention, the uniqueness of the transmission data between the baseboard management controller and the basic input/output system can be ensured.

Referring to fig. 6, fig. 6 is a flowchart illustrating steps of another data interaction method according to an embodiment of the present invention, where the data interaction method may include the steps of:

Step 601, determining a first data packet to be sent to a baseboard management controller, and dividing the first data packet into a plurality of data blocks with a target size.

Step 602, determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet.

Step 603, generating a second data packet according to the unrepeated string sequence, the repeated string sequence, and the position information in the plurality of data blocks.

Steps 601 to 603 are similar to steps 201 to 203, and are not repeated here.

Step 604, adding a target timestamp to the second data packet according to the current system time of the basic input/output system.

In order to ensure the state consistency between the baseboard management controller and the basic input/output system, the embodiment of the invention can also detect replay attack based on time; specifically, after generating the second data packet, the bios may first determine a current system time of the bios and add a target timestamp to the second data packet based on the current system time.

In an embodiment of the present invention, the foregoing embodiment may further include the steps of:

The basic input and output system and the baseboard management controller perform time synchronization.

In the initial synchronization phase, the time between the basic input output system and the baseboard management controller can be ensured to be synchronous through a safe handshake process through TLS.

Step 605, sending the second data packet added with the target timestamp to the baseboard management controller through the memory mapping type mainboard management controller interface; the baseboard management controller is used for detecting replay attacks on the second data packet according to the target time stamp.

After adding the target timestamp in the second data packet, the basic input/output system can send the second data packet added with the target timestamp to the baseboard management controller through the memory mapping type mainboard management controller interface.

After receiving the second data packet added with the target time stamp, the baseboard management controller can detect replay attack on the second data packet based on the target time stamp; specifically, the baseboard management controller may determine a current system time of the baseboard management controller, and determine a difference between the current system time and a target timestamp; if the difference exceeds a predetermined tolerance time window, the baseboard management controller can determine that the second data packet is a delayed or replayed data packet, and can discard the second data packet.

In one embodiment of the present invention, the steps 504-505 and the steps 604-605 may be performed simultaneously, specifically: steps 504-505 and steps 604-605 may be performed simultaneously by:

Adding the currently polled target sequence number in the second data packet; adding a target time stamp into a second data packet added with the currently polled target sequence number according to the current system time of the basic input output system; and sending the second data packet added with the target time stamp and the target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface.

The baseboard management controller is used for detecting whether the target sequence number is smaller than or equal to the last sequence number recorded in the baseboard management controller after receiving the second data packet added with the target time stamp and the target sequence number; discarding the second data packet when the target sequence number is less than or equal to the last sequence number recorded in the baseboard management controller; when the target sequence number is larger than the last sequence number, judging whether the deviation between the target time stamp and the current system time of the baseboard management controller exceeds a preset deviation value; and discarding the second data packet when the deviation between the target timestamp and the current system time of the baseboard management controller exceeds a preset deviation value.

In practical application, before the basic input/output system sends the second data packet, the target serial number currently polled can be added in the second data packet; meanwhile, a target time stamp can be added in the second data packet added with the currently polled target serial number according to the current system time of the basic input/output system.

After the target time stamp and the target serial number are added in the second data packet, the basic input/output system can send the second data packet added with the target time stamp and the target serial number to the baseboard management controller through the memory mapping type mainboard management controller interface.

The baseboard management controller may detect replay attacks on the second data packet based on the target timestamp and the target sequence number after receiving the second data packet to which the target timestamp and the target sequence number are added.

Specifically, after receiving the second data packet added with the target timestamp and the target sequence number, the baseboard management controller may first detect whether the target sequence number is less than or equal to the last sequence number recorded in the baseboard management controller.

The second data packet may be discarded if the target sequence number is less than or equal to the last sequence number recorded in the baseboard management controller.

Otherwise, if the target sequence number is greater than the last sequence number recorded in the baseboard management controller, it may be further determined whether the deviation between the target timestamp and the current system time of the baseboard management controller exceeds a preset deviation value.

If the deviation of the target timestamp from the current system time of the baseboard management controller exceeds a preset deviation value, discarding the second data packet; otherwise, subsequent decryption, decompression, etc. may be performed on the second data packet, which is not limited in the embodiment of the present invention.

In an embodiment of the present invention, the above embodiment of performing steps 504-505 and steps 604-605 simultaneously may further comprise the steps of:

the basic input/output system and the baseboard management controller are synchronized in sequence number and time.

In some possible embodiments, during the initial synchronization phase, a secure handshake procedure may be used between the bios and the baseboard management controller to ensure that the sequence number and time are synchronized across TLS.

In the embodiment of the invention, a first data packet to be sent to a baseboard management controller is determined, and the first data packet is divided into a plurality of data blocks with target sizes; determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet; generating a second data packet according to unrepeated character string sequences, repeated character string sequences and position information in the plurality of data blocks; adding a target time stamp into the second data packet according to the current system time of the basic input/output system; transmitting the second data packet added with the target time stamp to a baseboard management controller through a memory mapping type mainboard management controller interface; the baseboard management controller is used for detecting replay attacks on the second data packet according to the target time stamp. By the embodiment of the invention, the timeliness of data transmission between the substrate management controller and the basic input/output system can be ensured.

Referring to fig. 7, fig. 7 is a flowchart illustrating steps of another data interaction method according to an embodiment of the present invention, where the data interaction method may include the steps of:

Step 701, determining a first data packet to be sent to a baseboard management controller, and dividing the first data packet into a plurality of data blocks with a target size.

Step 702, determining a repeated string sequence in the plurality of data blocks, and determining position information of the repeated string sequence in the first data packet.

Step 703, generating a second data packet according to the unrepeated string sequence, the repeated string sequence, and the position information in the plurality of data blocks.

Steps 701 to 703 are similar to steps 201 to 203, and are not described herein.

Step 704, adding a redundant check code to the second data packet, and generating a fourth data packet.

In the data transmission process, the existing memory mapping type mainboard management controller interface does not provide a corresponding error detection mechanism to ensure the integrity and consistency of data. Based on this, in the embodiment of the present invention, a redundant check code may be added to the second data packet to obtain the fourth data packet.

Step 705, sending the fourth data packet to the baseboard management controller through the memory mapped motherboard management controller interface; the baseboard management controller is used for detecting content errors of the second data packet according to the redundant check code.

Then, the basic input/output system can send the fourth data packet to the baseboard management controller through the memory mapping type mainboard management controller interface; after receiving the fourth data packet, the baseboard management controller can detect the content error of the second data packet based on the redundant check code. Illustratively, CRC (Cyclic Redundancy Check ) may be used for content error detection, as embodiments of the invention are not limited in this respect.

In one embodiment of the present invention, each of the plurality of data blocks is provided with an identifier; the method may further comprise the steps of:

and responding to the data request of the baseboard management controller for the target identifier, and sending the data block corresponding to the target identifier to the baseboard management controller.

In the data transmission process, once errors occur, the existing memory mapping type mainboard management controller interface does not provide a sufficient error recovery mechanism to ensure the integrity and consistency of data; in order to ensure the integrity and consistency of data, the embodiment of the invention can set a unique identifier for each data block; then, when detecting a data error, the baseboard management controller may request only the data of the target identifier corresponding to the error, without retransmitting the entire data stream.

Specifically, the baseboard management controller may send the target identifier of the data corresponding to the error to the bios; after receiving the data request of the baseboard management controller for the target identifier, the basic input/output system can respond to the request and send the data block corresponding to the target identifier to the baseboard management controller through the memory mapping type mainboard management controller interface.

In the embodiment of the invention, a first data packet to be sent to a baseboard management controller is determined, and the first data packet is divided into a plurality of data blocks with target sizes; determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet; generating a second data packet according to unrepeated character string sequences, repeated character string sequences and position information in the plurality of data blocks; adding a redundant check code into the second data packet to generate a fourth data packet; transmitting the fourth data packet to the baseboard management controller through the memory mapping type mainboard management controller interface; the baseboard management controller is used for detecting content errors of the second data packet according to the redundant check code. By the embodiment of the invention, the reliability of data transmission can be improved. When errors are found, only the data blocks with errors need to be retransmitted, so that the whole data retransmission is avoided, and the time cost and the resource consumption in the transmission process are optimized.

From the perspective of the baseboard management controller, another data interaction method is provided in the embodiment of the present invention, and referring to fig. 8, fig. 8 shows the data interaction method applied to the baseboard management controller, and as shown in fig. 8, the data interaction method may include the following steps:

Step 801, receiving a second data packet sent by the basic input/output system through the memory mapping type motherboard management controller interface; the second data packet is a first data packet which is determined to be sent to the baseboard management controller by the basic input and output system, and after the first data packet is divided into a plurality of data blocks with target sizes, repeated character string sequences in the plurality of data blocks are determined, and position information of the repeated character string sequences in the first data packet is determined; and generating a data packet according to the unrepeated character string sequence, the repeated character string sequence and the position information in the plurality of data blocks.

In the embodiment of the invention, after determining the first data packet to be sent to the baseboard management controller by the basic input output system, the basic input output system may divide the first data packet into a plurality of data blocks with a target size according to a preset target size.

After obtaining a plurality of data blocks, the basic input/output system can firstly determine repeated character string sequences in the data blocks, namely character string sequences with similarity exceeding a preset value; the position information of the repeated character string sequences in the first data packet can be determined while the repeated character string sequences are determined, so that copying can be performed at corresponding positions based on the position information when the data packet is decompressed later.

When determining the repeated character string sequences in the plurality of data blocks, the basic input/output system can also determine unrepeated character string sequences in the plurality of data blocks; then, the bios may generate a second data packet having a smaller data size than the first data packet based on the unrepeated string sequence, the repeated string sequence, and the location information in the plurality of data blocks, and send the second data packet to the baseboard management controller through the memory mapped motherboard management controller interface.

Step 802, decompressing the second data packet to obtain the first data packet.

After receiving the second data packet, the baseboard management controller can decompress the second data packet, so as to obtain a corresponding first data packet.

In an embodiment of the present invention, the second data packet is a sequence of strings of the data block written in the preset dictionary by the bios in sequence, and when the sequence of strings written in the preset dictionary currently matches with the sequence of strings written in the preset dictionary previously, the sequence of strings written in the preset dictionary currently is determined to be a repeated sequence of strings; generating a token aiming at the repeated character string sequence, wherein the token comprises a literal length and a matching length corresponding to the repeated character string sequence; generating a data packet according to a preset dictionary, tokens corresponding to each repeated character string sequence and position information; the above step 802 may be implemented by the following sub-steps:

Sub-step 11, reading the token and the location information in the second data packet.

In some possible embodiments, the baseboard management controller may read the token and the position information of the repeated string sequence after receiving the second data packet.

And a sub-step 12 of generating a first data packet according to the token, the position information and the data blocks in the preset dictionary.

Then, the baseboard management controller can copy the literal quantity to the output buffer area according to the information in the token, and copy the repeated sequence from the previous position in the output buffer area according to the position information and the length information, so as to complete data decompression, and obtain the first data packet.

In the embodiment of the invention, the baseboard management controller receives a second data packet sent by the basic input/output system through the memory mapping type mainboard management controller interface; the second data packet is a first data packet which is determined to be sent to the baseboard management controller by the basic input and output system, and after the first data packet is divided into a plurality of data blocks with target sizes, repeated character string sequences in the plurality of data blocks are determined, and position information of the repeated character string sequences in the first data packet is determined; generating a data packet according to unrepeated character string sequences, repeated character string sequences and position information in a plurality of data blocks; and decompressing the second data packet to obtain the first data packet. Compared with the method that the basic input and output system directly sends the data packet to the baseboard management controller, the embodiment of the invention can obviously reduce the data quantity transmitted between the basic input and output system and the baseboard management controller, thereby improving the data transmission efficiency, further avoiding the data transmission occupying excessive bandwidth and improving the use efficiency of the circulation buffer zone.

It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.

The data interaction method mentioned in the above embodiment may be applied to a computer system specifically; specifically, as shown in fig. 9, the computer system 90 may include a bios 910 and a baseboard management controller 920, where the bios 910 and the baseboard management controller 920 communicate through a memory mapped motherboard management controller interface;

the bios 910 includes a compression module 911, where the compression module 911 is configured to determine a first data packet to be sent to the baseboard management controller 920, and divide the first data packet into a plurality of data blocks with a target size; determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet; generating a second data packet according to unrepeated character string sequences, repeated character string sequences and position information in the plurality of data blocks;

The bios 910 is configured to send the second data packet to the baseboard management controller 920 through the memory mapped motherboard management controller interface;

The baseboard management controller 920 includes a decompression module 921, where the decompression module 921 is configured to decompress the second data packet to obtain the first data packet.

In an embodiment of the present invention, the bios 910 may include a compression module 911 for compressing data; the compression module 911 may be based on LZ 4.

After determining the first data packet, the compression module 911 may divide the first data packet into a plurality of data blocks with a target size according to a preset target size.

After obtaining a plurality of data blocks, the compression module 911 may determine the repeated character string sequences in the data blocks, that is, the character string sequences having the similarity between them exceeding a preset value; the position information of the repeated character string sequences in the first data packet can be determined while the repeated character string sequences are determined, so that copying can be performed at corresponding positions based on the position information when the data packet is decompressed later.

In determining a sequence of repeated strings in a plurality of data blocks, the compression module 911 may also determine a sequence of unrepeated strings in a plurality of data blocks; the compression module 911 may then generate a second data packet having a smaller data amount than the first data packet based on the unrepeated string sequence, the repeated string sequence, and the position information in the plurality of data blocks.

After obtaining the second data packet, the bios 910 may send the second data packet to the baseboard management controller 920 through the memory mapped motherboard management controller interface.

After receiving the second data packet, the decompression module 921 in the baseboard management controller 920 may decompress the second data packet and obtain a corresponding first data packet.

Exemplary, as shown in FIG. 10, a flow chart of the steps of compression and decompression of an embodiment of the present invention is shown; as shown in fig. 10, after determining the first data packet, the first data packet may be first divided into data blocks of 16kb size; the target compression level may then be determined based on the bandwidth occupied by the current data interaction, the speed of the data transmission, and the transmission priority of the first data packet.

When the target compression level is determined, a preset dictionary may be constructed. Then, the character string sequences in the data blocks can be written into a preset dictionary in sequence, hash searching is performed, and repeated character string sequences are rapidly located through a hash algorithm.

In determining the repeated string sequence, a token may also be generated for the repeated string sequence, the information in the token specifying the exact length of the amount of duplicate words that subsequently need to be duplicated; in addition, the position information of the repeated character string sequence in the first data packet, namely, the offset value is stored, and the length of the repeated character string sequence is recorded, so that the compressed second data packet is obtained.

The basic input/output system transmits the second data packet to the baseboard management controller through the security module (namely, the basic input/output system comprises an encryption module, a replay defense module, an error checking module and an error recovery module); after receiving the second data packet, the baseboard management controller can read the token, copy the literal quantity and read the offset; and then combining the data based on the token, the copy literal quantity and the offset value, thereby obtaining a first data packet.

In an embodiment of the present invention, as shown in fig. 9, the bios 910 further includes an encryption module 912, where the encryption module 912 is configured to encrypt the second data packet according to a preset key to obtain a third data packet;

the bios 910 is configured to send the third data packet to the baseboard management controller 920 through the memory mapped motherboard management controller interface;

The baseboard management controller 920 further includes a decryption module 922, where the decryption module 922 is configured to decrypt the third data packet according to a preset key to obtain a second data packet.

In an embodiment of the present invention, the bios 910 may further include an encryption module 912 that encrypts data; specifically, after the compression module 911 obtains the second data packet, the encryption module 912 may encrypt the second data packet according to a preset key, thereby obtaining a third data packet.

After obtaining the third data packet, the bios 910 may send the third data packet to the baseboard management controller 920 through the memory mapped motherboard management controller interface; after receiving the third data packet, the baseboard management controller 920 may decrypt the third data packet according to the preset key by using the decryption module 922 in the baseboard management controller 920 to obtain a second data packet, and further call the decryption module 922 to decrypt the second data packet to obtain the first data packet.

In an embodiment of the present invention, as shown in fig. 9, the baseboard management controller 920 further includes a replay protection module 923;

the bios 910 is configured to synchronize the sequence number with the baseboard management controller 920, and add the currently polled target sequence number to the second data packet; transmitting the second data packet added with the target serial number to the baseboard management controller 920 through the memory mapped motherboard management controller interface;

The replay protection module 923 is configured to perform replay attack detection on the second data packet according to the target sequence number.

In the embodiment of the present invention, during the initial synchronization phase, a secure handshake procedure may be used between the bios 910 and the baseboard management controller 920, and the TLS may be used to ensure that the serial numbers are synchronized at both ends, specifically: the bios 910 performs serial number synchronization with the baseboard management controller 920.

The bios 910 may add the currently polled target sequence number to the second data packet before sending the second data packet. After adding the target sequence number to the second data packet, the bios 910 may send the second data packet with the target sequence number to the baseboard management controller 920 through the memory mapped motherboard management controller interface.

After receiving the second data packet with the target sequence number, the baseboard management controller 920 may perform detection of replay attack on the second data packet by using the replay protection module 923 in the baseboard management controller 920 according to the target sequence number; specifically, when the baseboard management controller 920 receives the second data packet, the replay protection module 923 may first check the target sequence number to determine whether the target sequence number is incremented in the expected order. If the received target sequence number is less than or equal to the last sequence number recorded by the baseboard management controller 920, the replay protection module 923 determines that the second data packet is a replay attack and immediately discards the second data packet, so as to ensure that an attacker cannot spoof the system by retransmitting the old data packet. Conversely, if the received target sequence number is greater than the last sequence number recorded by the baseboard management controller 920, the baseboard management controller 920 may perform subsequent processing on the second data packet, for example: decryption, decompression, etc., as embodiments of the present invention are not limited in this regard.

In another embodiment of the present invention, the replay protection module 923 may further perform detection of replay attacks based on a timestamp, specifically:

The bios 910 is configured to synchronize time with the baseboard management controller 920, and add a target timestamp to the second data packet according to a current system time of the bios 910; the second data packet added with the target timestamp is sent to the baseboard management controller 920 through the memory mapping type motherboard management controller interface;

The replay protection module 923 is configured to perform replay attack detection on the second data packet according to the target timestamp.

In the embodiment of the present invention, during the initial synchronization phase, a secure handshake procedure may be used between the bios 910 and the baseboard management controller 920, and the TLS may be used to ensure that the time is synchronized at both ends, specifically: the bios 910 performs time synchronization with the baseboard management controller 920.

The bios 910 may add a target timestamp to the second data packet based on the current system time of the bios 910 before sending the second data packet. After adding the target timestamp to the second data packet, the bios 910 may send the second data packet to which the target timestamp is added to the baseboard management controller 920 through the memory mapped motherboard management controller interface.

After receiving the second data packet with the target timestamp, the replay protection module 923 in the baseboard management controller 920 may perform replay attack detection on the second data packet according to the target timestamp; specifically, the replay defense module 923 may determine a current system time of the baseboard management controller 920 and determine a difference between the current system time and a target timestamp; if the difference exceeds a predetermined tolerance time window, the replay protection module 923 may determine that the second packet is a delayed or replayed packet, and may discard the second packet.

In another embodiment of the present invention, the replay protection module 923 may further perform detection of replay attacks based on a sequence number and a timestamp, specifically:

The bios 910 is configured to synchronize a sequence number and time with the baseboard management controller 920, and add a currently polled target sequence number to the second data packet; adding a target timestamp to the second data packet added with the currently polled target sequence number according to the current system time of the basic input output system 910; transmitting the second data packet added with the target timestamp and the target serial number to the baseboard management controller 920 through the memory mapped motherboard management controller interface;

The replay protection module 923 is configured to detect, after receiving the second data packet to which the target timestamp and the target sequence number are added, whether the target sequence number is less than or equal to the last sequence number recorded in the baseboard management controller 920; discarding the second packet when the target sequence number is less than or equal to the last sequence number recorded in the baseboard management controller 920; when the target sequence number is greater than the last sequence number, determining whether the deviation between the target timestamp and the current system time of the baseboard management controller 920 exceeds a preset deviation value; when the deviation of the target timestamp from the current system time of the baseboard management controller 920 exceeds a preset deviation value, the second data packet is discarded.

In the embodiment of the present invention, during the initial synchronization phase, a secure handshake procedure may be used between the bios 910 and the baseboard management controller 920, and the TLS may be used to ensure that the time and serial numbers are synchronized at both ends, specifically: the bios 910 performs time and sequence number synchronization with the baseboard management controller 920.

The bios 910 may add a target timestamp to the second data packet based on the current system time of the bios 910 before sending the second data packet. Meanwhile, the currently polled target sequence number can be added in the second data packet.

Next, the bios 910 may send the second data packet with the target timestamp and the target sequence number added to the baseboard management controller 920 through the memory mapped motherboard management controller interface.

The baseboard management controller 920, after receiving the second data packet to which the target timestamp and the target sequence number are added, the replay protection module 923 may perform detection of a replay attack on the second data packet based on the target timestamp and the target sequence number.

Specifically, after receiving the second data packet to which the target time stamp and the target sequence number are added, the playback defense module 923 may first detect whether the target sequence number is less than or equal to the last sequence number recorded in the baseboard management controller 920.

The replay protection module 923 may discard the second data packet if the target sequence number is less than or equal to the last sequence number recorded in the baseboard management controller 920.

Otherwise, if the target sequence number is greater than the last sequence number recorded in the baseboard management controller 920, the replay protection module 923 may further determine whether the deviation between the target timestamp and the current system time of the baseboard management controller 920 exceeds the preset deviation value.

The replay defense module 923 may discard the second data packet if the deviation of the target timestamp from the current system time of the baseboard management controller 920 exceeds a preset deviation value; otherwise, the baseboard management controller 920 may perform subsequent decryption, decompression, etc. on the second data packet, which is not limited in this embodiment of the present invention.

Exemplary, FIG. 11, shows a flowchart of steps for replay defense according to an embodiment of the present invention; as shown in fig. 11, the bios may send the second data packet with the target sequence number and the target timestamp to the baseboard management controller through the transport layer security protocol; after receiving the second data packet, the baseboard management controller can detect the target sequence number first, and if the target sequence number is smaller than or equal to the last sequence number, determine that the second data packet is a replay attack, and discard the second data packet.

Otherwise, if the target sequence number is larger than the last sequence number, detecting a target timestamp; the second data packet may be discarded if it is determined to be sent out over time based on the target timestamp.

In an embodiment of the present invention, as shown in fig. 9, the baseboard management controller 920 further includes an error checking module 924;

the bios 910 is configured to add a redundant check code to the second data packet to generate a fourth data packet; transmitting the fourth data packet to the baseboard management controller 920 through the memory mapped motherboard management controller interface;

the error checking module 924 is configured to perform content error detection on the second data packet according to the redundant check code.

In an embodiment of the present invention, the bios 910 may add a redundant check code to the second data packet to obtain a fourth data packet.

Then, the bios 910 may send the fourth data packet to the baseboard management controller 920 through the memory mapped motherboard management controller interface; after receiving the fourth data packet, the error checking module 924 in the baseboard management controller 920 may perform content error detection on the second data packet based on the redundancy check code. Illustratively, CRC may be used for content error detection, as embodiments of the invention are not limited in this regard.

In one embodiment of the present invention, each of the plurality of data blocks is provided with an identifier; as shown in fig. 9, the baseboard management controller 920 further includes an error recovery module 925, where the error recovery module 925 is configured to send a data request for the target identifier to the bios 910;

The bios 910 is configured to send, in response to a data request of the baseboard management controller 920 for the target identifier, a data block corresponding to the target identifier to the baseboard management controller 920.

In the embodiment of the present invention, when the error recovery module 925 in the baseboard management controller 920 detects a data error, the error recovery module may send a target identifier of the data corresponding to the error to the bios 910; after receiving the data request of the baseboard management controller 920 for the target identifier, the bios 910 may send, in response to the request, a data block corresponding to the target identifier to the baseboard management controller 920 through the memory mapped motherboard management controller interface.

Exemplary, as shown in fig. 12, a flowchart illustrating steps of data interaction between a basic input output system and a baseboard management controller according to an embodiment of the present invention; as shown in fig. 12, after determining the first data packet, the bios may first compress the first data packet using a compression module; the compression module may compress the second packet using an LZ4 algorithm.

After the second data packet is obtained, the compression module can send the second data packet to the encryption module; the encryption module can encrypt the second data packet by using AES-128-GCM, so as to obtain an encrypted data packet; then, the basic input/output system can add a target serial number and a target time stamp into the encrypted data packet, and send the data packet obtained after processing to a baseboard management controller through a memory mapping type mainboard management controller interface; the memory mapping type mainboard management controller interface maps the memory space of the baseboard management controller to the basic input and output system through the enhanced serial peripheral interface bus; and the data transmission is performed according to a transport layer security protocol.

After receiving the data packet, the baseboard management controller can detect replay attack through the replay defense module; after the detection is passed, an error checking module is used for detecting data errors; the error checking module may detect the data packet based on a cyclic redundancy check algorithm.

The error checking module may request retransmission of the data block having the error by the error recovery module after determining the data error; after a complete, correct data packet is obtained, it may be decrypted and pressurized to obtain the first data packet.

It should be noted that, the embodiments of the method portion according to the embodiments of the present invention may be fully or partially applied to the embodiments of the system portion, and the content of the repeated portion in the embodiments of the present invention is not repeated.

In the embodiment of the present invention, the computer system includes a bios 910 and a baseboard management controller 920, where the bios 910 and the baseboard management controller 920 communicate through a memory mapped motherboard management controller interface; the bios 910 includes a compression module 911, where the compression module 911 is configured to determine a first data packet to be sent to the baseboard management controller 920, and divide the first data packet into a plurality of data blocks with a target size; determining repeated character string sequences in a plurality of data blocks, and determining position information of the repeated character string sequences in a first data packet; generating a second data packet according to unrepeated character string sequences, repeated character string sequences and position information in the plurality of data blocks; the bios 910 is configured to send the second data packet to the baseboard management controller 920 through the memory mapped motherboard management controller interface; the baseboard management controller 920 includes a decompression module 921, where the decompression module 921 is configured to decompress the second data packet to obtain the first data packet. Compared with the case that the bios 910 directly sends the data packet to the baseboard management controller 920, the embodiment of the present invention can significantly reduce the amount of data transmitted between the bios 910 and the baseboard management controller 920, thereby improving the data transmission efficiency, further avoiding the excessive bandwidth occupied by data transmission, and improving the use efficiency of the circulation buffer.

The embodiment of the present invention further provides an electronic device, as shown in fig. 13, where the electronic device 13 includes a processor 1301, a memory 1302, and a computer program stored in the memory 1302 and capable of running on the processor, and the computer program implements the above data interaction method when executed by the processor.

The embodiment of the present invention further provides a non-volatile computer readable storage medium, as shown in fig. 14, where the non-volatile computer readable storage medium 14 stores a computer program 1401, and the computer program 1401 implements the above data interaction method when executed by a processor.

For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.

In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.

It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or terminal device that comprises the element.

The foregoing has outlined rather broadly the principles and embodiments of the present invention in order that the detailed description of the invention that follows may be better understood, and in order that the present invention may be better suited to the implementation and interaction of data, a computer system, an electronic device, and a non-transitory computer readable storage medium; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims

1. A data interaction method, applied to a basic input/output system, where the basic input/output system communicates with a baseboard management controller through a memory mapped motherboard management controller interface, the method comprising:

sending the second data packet to the baseboard management controller through the memory mapped motherboard management controller interface;

The second data packet is a data packet generated by the basic input and output system after the character string sequences of the data blocks are written into a preset dictionary in sequence, when the character string sequences written into the preset dictionary at present are matched with the character string sequences written into the preset dictionary at the front, determining that the character string sequences written into the preset dictionary at present are repeated character string sequences, generating a token for the repeated character string sequences, and generating a token according to the preset dictionary, the tokens corresponding to the repeated character string sequences and the position information; the token comprises a literal length and a matching length corresponding to the repeated character string sequence.

2. The method according to claim 1, wherein the method further comprises:

determining the transmission priority of the first data packet;

3. The method of claim 1, wherein the sending the second data packet to the baseboard management controller via the memory mapped motherboard management controller interface comprises:

4. A method according to claim 3, characterized in that the method further comprises:

when a preset security event is detected, replacing the preset secret key;

5. The method according to claim 1, wherein the method further comprises:

Adding the currently polled target sequence number in the second data packet;

6. The method according to claim 1, wherein the method further comprises:

7. The method according to claim 1, wherein the method further comprises:

Adding the currently polled target sequence number in the second data packet;

8. The method of claim 1, wherein the sending the second data packet to the baseboard management controller via the memory mapped motherboard management controller interface comprises:

9. The method of claim 8, wherein each of the plurality of data blocks is provided with an identifier; the method further comprises the steps of:

10. A data interaction method, applied to a baseboard management controller, where the baseboard management controller communicates with a basic input/output system through a memory mapped motherboard management controller interface, the method comprising:

decompressing the second data packet to obtain the first data packet;

11. The method of claim 10, wherein decompressing the second data packet to obtain the first data packet comprises:

Reading the token and the position information in the second data packet;

12. The computer system is characterized by comprising a basic input/output system and a baseboard management controller, wherein the basic input/output system and the baseboard management controller are communicated through a memory mapping type mainboard management controller interface;

The baseboard management controller comprises a decompression module, wherein the decompression module is used for decompressing the second data packet to obtain the first data packet;

13. An electronic device comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, which when executed by the processor implements the method of interaction of data as claimed in any one of claims 1 to 11.

14. A non-transitory computer readable storage medium, characterized in that the non-transitory computer readable storage medium stores thereon a computer program, which when executed by a processor, implements the method of interaction of data according to any of claims 1 to 11.