CN117873800A - Security detection method and device for server component, server and medium - Google Patents

Security detection method and device for server component, server and medium Download PDF

Info

Publication number
CN117873800A
CN117873800A CN202410044568.7A CN202410044568A CN117873800A CN 117873800 A CN117873800 A CN 117873800A CN 202410044568 A CN202410044568 A CN 202410044568A CN 117873800 A CN117873800 A CN 117873800A
Authority
CN
China
Prior art keywords
server
management controller
baseboard management
replaced
server component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410044568.7A
Other languages
Chinese (zh)
Inventor
冯鹏斌
肖时航
王晓玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Metabrain Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Metabrain Intelligent Technology Co Ltd filed Critical Suzhou Metabrain Intelligent Technology Co Ltd
Priority to CN202410044568.7A priority Critical patent/CN117873800A/en
Publication of CN117873800A publication Critical patent/CN117873800A/en
Pending legal-status Critical Current

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Programmable Controllers (AREA)

Abstract

The invention provides a safety detection method, a device, a server and a medium of a server component, relates to the field of servers, and is applied to complex programmable logic devices in the server, wherein the method comprises the following steps: when triggering the security detection operation, sending first encryption information corresponding to the baseboard management controller, and verifying whether the baseboard management controller is replaced according to whether the baseboard management controller responds to the first encryption information correctly or not; when the baseboard management controller is determined to be replaced, the control server is powered down; when the baseboard management controller is not replaced, acquiring second encryption information from each server component, and verifying whether replaced server components exist in each server component by using the second encryption information; controlling the replaced server component to be powered down when the replaced server component is determined to exist; the safety detection function can be realized by adopting an independent hardware structure, so that the stability and safety of detection can be improved.

Description

Security detection method and device for server component, server and medium
Technical Field
The present invention relates to the field of servers, and in particular, to a method, an apparatus, a server, and a medium for detecting security of a server component.
Background
In the related art, in order to avoid the server security problem that is easily caused by malicious replacement of the server components, a central processing unit or a baseboard management controller may be generally used to perform security detection on the replacement condition of each component in the server. However, the central processor can only perform replacement detection on a small number of server components, and needs to perform detection based on the data stored in the flash memory; the baseboard management controller also needs to detect based on the data stored in its internal flash memory. Furthermore, if the cpu and the baseboard management controller undergo a flash replacement, they cannot be reliably detected. Meanwhile, since the central processing unit and the baseboard management controller belong to the server component as well, when the central processing unit and the baseboard management controller are replaced maliciously, the security detection of the server component cannot be realized.
Disclosure of Invention
The invention aims to provide a safety detection method, a device, a server and a medium for a server component, which can realize the safety detection function by adopting an independent hardware structure, thereby improving the stability and safety of detection.
In order to solve the above technical problems, the present invention provides a method for detecting security of a server component, which is applied to a complex programmable logic device in a server, and the method includes:
When triggering a security detection operation, sending first encryption information corresponding to a baseboard management controller to the baseboard management controller, and verifying whether the baseboard management controller is replaced according to whether the baseboard management controller responds to the first encryption information correctly or not;
when the baseboard management controller is determined to be replaced, the control server is powered down;
when the baseboard management controller is not replaced, acquiring second encryption information from each server component, and verifying whether replaced server components exist in each server component by using the second encryption information;
and controlling the replaced server component to be powered down when the replaced server component is determined to exist.
Optionally, said verifying whether said baseboard management controller is replaced according to whether said baseboard management controller responds correctly to said first encryption information includes:
judging whether the baseboard management controller returns response information corresponding to the first encryption information or not;
if not, judging that the baseboard management controller is replaced;
if the response information is returned, judging whether the response information accords with a preset format;
If yes, judging that the baseboard management controller is not replaced;
if not, it is determined that the baseboard management controller has been replaced.
Optionally, the method further comprises:
in the initialization stage, the first encryption information sent by the baseboard management controller is received and stored; and the first encryption information is obtained by encrypting the serial number of the main board.
Optionally, the obtaining second encryption information from each server component and verifying whether a replaced server component exists in each server component by using the second encryption information includes:
acquiring the second encryption information from a designated register in a field replaceable unit inside each server component, and judging whether the second encryption information is identical to the stored identification information corresponding to each server component;
if the server components are the same, judging that the corresponding server components are not replaced;
if the server components are different, the corresponding server components are judged to be replaced.
Optionally, the baseboard management controller is in bus communication with each of the server components through the complex programmable logic device;
the method further comprises the steps of:
in a normal working stage, intercepting bus signals of the baseboard management controller accessing the field replaceable units inside the server components in a bus, and judging whether the bus signals access the designated registers;
If yes, shielding the bus signal.
Optionally, the method further comprises:
in an initialization stage, monitoring a write signal sent by the baseboard management controller to a designated register in a field replaceable unit inside each server component in a bus, acquiring the second encryption information from the write signal, and storing the second encryption information as the identification information; the second identification information is encrypted using the original field replaceable unit information of the server component.
Optionally, after the second encryption information is obtained from each of the server components, the method further includes:
when the second encrypted information cannot be acquired, it is determined that the corresponding server component has been replaced.
The invention also provides a safety detection device of the server component, which is applied to a complex programmable logic device in the server, and comprises:
the first verification module is used for sending first encryption information corresponding to the baseboard management controller when the security detection operation is triggered, and verifying whether the baseboard management controller is replaced according to whether the baseboard management controller responds to the first encryption information correctly or not;
The server power-down module is used for controlling the server to power down when the baseboard management controller is determined to be replaced;
a second verification module configured to acquire second encryption information from each of the server components when it is determined that the baseboard management controller is not replaced, and verify whether a replaced server component exists in each of the server components using the second encryption information;
and the server component power-down module is used for controlling the replaced server component to power down when the presence of the replaced server component is determined.
The present invention also provides a server provided with a complex programmable logic device for performing the security detection method of a server component as described above.
The present invention also provides a computer-readable storage medium having stored therein computer-executable instructions that, when loaded and executed by a processor, implement a method of security detection for a server component as described above.
The invention provides a safety detection method of a server component, which is applied to a complex programmable logic device in a server, and comprises the following steps: when triggering a security detection operation, sending first encryption information corresponding to a baseboard management controller to the baseboard management controller, and verifying whether the baseboard management controller is replaced according to whether the baseboard management controller responds to the first encryption information correctly or not; when the baseboard management controller is determined to be replaced, the control server is powered down; when the baseboard management controller is not replaced, acquiring second encryption information from each server component, and verifying whether replaced server components exist in each server component by using the second encryption information; and controlling the replaced server component to be powered down when the replaced server component is determined to exist.
Therefore, the invention can complete the safety detection of each server component by adopting the complex programmable logic device, when the safety detection operation is triggered, the invention can firstly send the first encryption information corresponding to the baseboard management controller, and verify whether the baseboard management controller is replaced according to whether the baseboard management controller responds to the first encryption information correctly or not; when the baseboard management controller is determined to be replaced, the control server is powered down; the complex programmable logic device may also obtain second encryption information from each server component when it is determined that the baseboard management controller is not replaced, and verify whether a replaced server component exists in each server component using the second encryption information, and when it is determined that a replaced server component exists, it may control the replaced server component to be powered down. From the main control device, the function implementation of the complex programmable logic device is to generate a logic gate circuit through a hardware description language, and the complex programmable logic device is solidified in the server, so that the safety detection function can be realized by adopting hardware, the defect that the flash memory, the central processing unit and the baseboard management controller cannot be reliably detected due to malicious replacement and tampering can be avoided, and the stability and safety of detection can be improved. The invention also provides a safety detection device of the server component, a server and a computer readable storage medium, which have the beneficial effects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an internal structure of a server according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating an internal structure of another server according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for detecting security of a server component according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a server component security scheme according to an embodiment of the present invention;
FIG. 5 is a flowchart of an anti-counterfeiting code generation process according to an embodiment of the present invention;
FIG. 6 is a flow chart of an anti-counterfeiting detection process according to an embodiment of the present invention;
fig. 7 is a block diagram of a security detection device for a server component according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the related art, in order to avoid the server security problem that is easily caused by malicious replacement of the server components, a central processing unit or a baseboard management controller may be generally used to perform security detection on the replacement condition of each component in the server. In the scheme of adopting a Central Processing Unit (CPU) as a main control chip to carry out security detection on a server component, after the CPU is started, BIOS Firmware (FW) is loaded from a BIOS Flash memory (BIOS Flash, basic Input Output System, basic input output system), and partial component information is read and checked by utilizing codes in the Firmware, if the component information is inconsistent with the information stored in the BIOS Flash memory, the verification fails, and the starting cannot be carried out. In the scheme of adopting the baseboard management controller (BMC, baseboard Management Controller) as a main control chip to carry out security detection on the server component, similar to the previous scheme, after the baseboard management controller loads baseboard management controller firmware (BMC FM) from a baseboard management controller Flash (BMC Flash), the code in the firmware is used for completing reading and checking of component information. However, the central processing unit can only perform replacement detection on a small number of server components, and the detection process is complex. Meanwhile, the central processing unit and the baseboard management controller are required to load firmware from the flash memory and detect based on the data stored in the flash memory, and further, if the central processing unit and the baseboard management controller are subjected to flash memory replacement, the central processing unit and the baseboard management controller cannot reliably detect the data. Meanwhile, since the central processing unit and the baseboard management controller belong to the server component as well, when the central processing unit and the baseboard management controller are replaced maliciously, the security detection of the server component cannot be realized. In view of this, the present invention may provide a security detection method for a server component, which may implement a security detection function by using an independent hardware structure, and in particular may set a complex programmable logic device (Complex Programmable Logic Device ) in the server, and implement all security detection functions by using logic gates in the complex programmable logic device, so as to improve stability and security of security detection.
For ease of understanding, the deployment of complex programmable logic devices within a server will be briefly described below. Referring to fig. 1, fig. 1 is a schematic diagram of an internal structure of a server according to an embodiment of the invention, wherein the internal structure of the server may include a baseboard management controller 10, a complex programmable logic device 20, and a plurality of server components 30, and buses 40 are used to connect the baseboard management controller 10, the complex programmable logic device 20, and the plurality of server components 30. It should be noted that, in the scenario shown in fig. 1, the baseboard management controller 10 needs to perform bus communication with the plurality of server components 30 through the complex programmable logic device 20, that is, the complex programmable logic device 20 is disposed between the baseboard management controller 10 and the buses of the server components 30, and the complex programmable logic device 20 can intercept and snoop the bus signals. Of course, another connection manner as shown in fig. 2 may be provided in the present invention, and fig. 2 is a schematic diagram of an internal structure of another server provided in the embodiment of the present invention, wherein the baseboard management controller 10, the complex programmable logic device 20 and the plurality of server components 30 are in one-to-one communication by using the bus 40, and the baseboard management controller 10 does not need to perform bus communication with the plurality of server components 30 through the complex programmable logic device 20. However, in the scenario shown in fig. 2, since the complex programmable logic device 20 cannot manage the bus communication between the baseboard management controller 10 and the server components 30, it is unavoidable that the information in each server component 30 is tampered with maliciously by the baseboard management controller 10, and thus only a poor security detection result can be obtained, so that it is preferable to deploy the complex programmable logic device 20 by using the connection method shown in fig. 1. In other words, for the scenario shown in fig. 1, since the baseboard management controller 10 needs to perform bus communication with each server component 30 through the complex programmable logic device 20, the complex programmable logic device 20 can intercept and detect the bus signal sent by the baseboard management controller 10 to each server component 30 in the bus, and when the bus signal maliciously accessing the server component 30 is found, the complex programmable logic device 20 can actively shield, so as to avoid the baseboard management controller 10 maliciously accessing each server component 30, thereby obtaining better security detection effect. It should be noted that the embodiment of the present invention is not limited to the specific type of the server component 30, and may be, for example, a central processing unit, a memory, a hard disk, a network card, a graphics card, etc.; the embodiment of the present invention is not limited to the specific type of the bus 40, and may be, for example, an I2C bus (Inter-Integrated Circuit, two-wire serial bus), an I3C bus (Improved Inter Integrated Circuit, modified two-wire serial bus), etc., which may be selected according to practical application requirements.
Based on the above description of the deployment of the complex programmable logic device in the server, the security detection method of the server component provided by the embodiment of the present invention will be described in detail below. Referring to fig. 3, fig. 3 is a flowchart of a method for detecting security of a server component according to an embodiment of the present invention, where the method is applied to a complex programmable logic device in a server, and may include:
and S301, when the security detection operation is triggered, sending first encryption information corresponding to the baseboard management controller, and verifying whether the baseboard management controller is replaced according to whether the baseboard management controller responds to the first encryption information correctly or not.
In the embodiment of the invention, the security detection operation is the operation of performing security detection on the baseboard management controller and each server component, and the operation can be triggered when the complex programmable logic device is powered on or periodically. It is worth pointing out that the periodic triggering can avoid the condition that the power-on detection is bypassed by maliciously replacing the substrate management controller and each server component in a hot plug mode, and a better detection effect can be achieved.
Further, in the embodiment of the invention, the management capability of the baseboard management controller to each server component is considered to be strong, and further the influence of malicious replacement of the baseboard management controller on the security of the server is larger, so that the baseboard management controller is subjected to security detection first. The embodiment of the invention verifies whether the baseboard management controller is replaced or not in an interactive mode. Specifically, the first encryption information corresponding to the baseboard management controller may be transmitted to the baseboard management controller, and whether the baseboard management controller is replaced or not is verified according to whether the baseboard management controller correctly responds to the first encryption information or not. In other words, specific interaction logic is arranged between the complex programmable logic device and the trusted baseboard management controller, and the interaction logic is as follows: the complex programmable logic device and the trusted baseboard management controller can agree on specific first encryption information and a specific response mode of the trusted baseboard management controller for the first encryption information, and after the complex programmable logic device sends the first encryption information to the trusted baseboard management controller, the trusted baseboard management controller needs to respond to the first encryption information according to the agreed response mode. Because the first encryption information can only be analyzed and responded by the trusted baseboard management controller, the complex programmable logic device can send the first encryption information to the baseboard management controller to be tested when the security detection is carried out, and if the baseboard management controller to be tested is determined to respond according to a contracted response mode, the baseboard management controller to be tested is determined not to be replaced; otherwise, if it is determined that the baseboard management controller to be tested fails to respond according to the agreed response mode or the baseboard management controller to be tested does not respond at all, it can be determined that the baseboard management controller to be tested has been replaced. It should be noted that, the embodiment of the present invention is not limited to a specific response manner of the trusted baseboard management controller to the first encrypted information, for example, the trusted baseboard management controller needs to send the response information with the preset format to the complex programmable logic device. And after receiving the response information sent by the baseboard management controller to be tested, the complex programmable logic device can judge whether the response information has a preset format, if so, the baseboard management controller to be tested can judge that the response is correct, otherwise, the baseboard management controller to be tested can judge that the response is wrong.
Based on this, the verifying whether the baseboard management controller is replaced according to whether the baseboard management controller correctly responds to the first encryption information may include:
step 11: judging whether the baseboard management controller returns response information corresponding to the first encryption information or not; if the return is made, the step 13 is entered; if not, go to step 12;
step 12: determining that the baseboard management controller has been replaced;
step 13: judging whether the response information accords with a preset format or not; if yes, go to step 14; if not, go to step 15;
step 14: determining that the baseboard management controller is not replaced;
step 15: it is determined that the baseboard management controller has been replaced.
Furthermore, the preset format can be solidified in a complex programmable logic device based on a logic gate circuit; and for the first encryption information, the first encryption information can be issued to the complex programmable logic device by the baseboard management controller in the initialization stage. The embodiment of the invention is not limited to a specific generation mode of the first encryption information, for example, the baseboard management controller can encrypt the first encryption information by using the identification information of the baseboard management controller, and can encrypt the first encryption information by using the serial number of the mainboard of the server. In order to facilitate verifying the correspondence between the baseboard management controller and the server motherboard, the first encryption information may be obtained by encrypting the motherboard serial number. Further, the initialization stage may be set at a factory stage of the server, that is, the first encryption information may be written into the complex programmable logic device when the server is shipped, so that the security of the server after shipment can be ensured.
Based on this, the method may further include:
step 21: in the initialization stage, the first encryption information sent by the baseboard management controller is received and stored; and the first encryption information is obtained by encrypting the serial number of the main board.
S302, when the baseboard management controller is determined to be replaced, the control server is powered down.
When the baseboard management controller is determined to be replaced, the complex programmable logic device can determine that the condition of safe operation of the server is not met currently, so that the complete machine of the server can be controlled to be powered down, and the server is prevented from working in unsafe scenes. In other words, the complex programmable logic device may also form control over the server power supply.
S303, when the baseboard management controller is not replaced, second encryption information is acquired from each server component, and whether replaced server components exist in each server component is verified by using the second encryption information.
When it is determined that the baseboard management controller is not replaced, the complex programmable logic device needs to further determine whether each server component is replaced. The embodiment of the invention sets the second encryption information in the trusted server component, and utilizes the complex programmable logic device to check the preset second encryption information in each server component to be tested to determine whether each server component to be tested is replaced or not. Specifically, the second encryption information may be preset in the trusted server component, and the second encryption information corresponding to each trusted server component may be different, so as to establish a corresponding relationship between each trusted server component and the different second encryption information. Since the second encrypted information is encrypted, the external device cannot recognize the information. And when the complex programmable logic device performs security detection, the second encryption information can be obtained from each server component to be detected, whether the server component to be detected has a replacement condition or not is verified by using the second encryption information, if so, the replaced server component can be subjected to power-down processing, and if not, the server component can be allowed to normally operate. It should be noted that, the embodiment of the present invention is not limited to how the complex programmable logic device verifies the second encryption information, for example, the complex programmable logic device may further store the identification information of each trusted server component, where the identification information is the same as the second encryption information, and further the complex programmable logic device may compare the second encryption information obtained by the complex programmable logic device with the stored identification information corresponding to each server component, if the second encryption information is the same, it indicates that the server component is not replaced, otherwise, it indicates that the server component is replaced.
Further, the embodiment of the invention is not limited to the setting position of the second encryption information in the server component, and can be set according to the actual application requirement. For example, the second encryption information may be provided in a designated register in a field replaceable unit (FRU, field Replace Unit) inside each server component, and the complex programmable logic device may then obtain the second encryption information from the designated register in the field replaceable unit inside each server component. It should be noted that, since the complex programmable logic device can be connected to each server part through the I2C bus or the I3C bus, and the field replaceable unit inside the server part is provided with the I2C interface, the complex programmable logic device can access the designated register of the field replaceable unit through the I2C bus signal and obtain the second encrypted information therefrom.
Based on this, the acquiring the second encryption information from each of the server components and verifying whether the replaced server component exists in each of the server components using the second encryption information may include:
step 31: acquiring the second encryption information from a designated register in a field replaceable unit inside each server component, and judging whether the second encryption information is identical to the stored identification information corresponding to each server component; if so, go to step 32; if not, go to step 33;
Step 32: determining that the corresponding server component is not replaced;
step 33: it is determined that the corresponding server component has been replaced.
Of course, if the complex programmable logic device cannot obtain the second encryption information from the server component to be tested at all, it may also be directly determined that the server component to be tested has been replaced.
Based on this, after acquiring the second encryption information from each of the server components, it may further include:
step 41: when the second encrypted information cannot be acquired, it is determined that the corresponding server component has been replaced.
Further, in the embodiment of the present invention, since the complex programmable logic device may be disposed between the baseboard management controller and each server component, the baseboard management controller needs to perform bus communication with each server component through the complex programmable logic device, so that the complex programmable logic device may intercept and detect bus signals sent by the baseboard management controller to each server component, thereby shielding access of the baseboard management controller to the designated registers in the field replaceable units in each server component. Specifically, because the I2C bus signal includes the device address and the register address, in the normal working phase, the complex programmable logic device can intercept the bus signal of the baseboard management controller accessing the field replaceable unit inside each server component in the bus, and determine whether the bus signal accesses the designated register, if so, the bus signal can be directly shielded to prevent the baseboard management controller from contacting the designated register.
Based on this, the baseboard management controller performs bus communication with each of the server components through the complex programmable logic device; the method further comprises the steps of:
step 51: in a normal working stage, intercepting bus signals of the baseboard management controller accessing the field replaceable units inside the server components in a bus, and judging whether the bus signals access the designated registers; if so, go to step 52;
step 52: the bus signal is masked.
Of course, if it is determined that the bus signal does not access the above-mentioned designated registers in the field replaceable unit, the complex programmable logic device may also verify the register address accessed by the bus signal, the type of operation performed by the bus signal, or both, and mask the bus signal if it is determined that the verification is not passed, taking into account that the information stored in the field replaceable unit is typically important identification information of the server component, in order to avoid the baseboard management controller modifying the information in the field replaceable unit.
Based on this, after determining whether the bus signal accesses the specified register, it further includes:
Step 61: if the bus signal is determined not to access the specified register, verifying the register address accessed by the bus signal and/or the operation type executed by the bus signal;
step 62: shielding the bus signal when it is determined that the bus signal is not verified;
step 63: when it is determined that the bus signal has passed the authentication, the bus signal is sent to the corresponding server component.
Further, the second encrypted information may be issued by the baseboard management controller to each server component during the initialization phase, and intercepted and saved on the bus by the complex programmable logic device. The embodiment of the invention is not limited to a specific generation manner of the second encryption information, for example, the second identification information can be obtained by encrypting the original field replaceable unit information of the server component.
Based on this, the method may further include:
step 71: in an initialization stage, monitoring a write signal sent by the baseboard management controller to a designated register in a field replaceable unit inside each server component in the bus, acquiring the second encryption information from the write signal, and storing the second encryption information as the identification information; the second identification information is encrypted using the original field replaceable unit information of the server component.
And S304, controlling the replaced server component to be powered down when the replaced server component is determined to exist.
When it is determined that the replaced server component exists, the replaced server component can be independently controlled to be powered down, considering that the replaced server component easily has an influence on the running safety of the server.
And S305, when the fact that the replaced server component does not exist is determined, the detection is exited.
Based on the above embodiment, the present invention can complete the security detection of each server component by using a complex programmable logic device, and when the security detection operation is triggered, it can firstly send first encryption information corresponding to the baseboard management controller, and verify whether the baseboard management controller is replaced according to whether the baseboard management controller correctly responds to the first encryption information; when the baseboard management controller is determined to be replaced, the control server is powered down; the complex programmable logic device may also obtain second encryption information from each server component when it is determined that the baseboard management controller is not replaced, and verify whether a replaced server component exists in each server component using the second encryption information, and when it is determined that a replaced server component exists, it may control the replaced server component to be powered down. From the main control device, the function implementation of the complex programmable logic device is to generate a logic gate circuit through a hardware description language, and the complex programmable logic device is solidified in the server, so that the safety detection function can be realized by adopting hardware, the defect that the flash memory, the central processing unit and the baseboard management controller cannot be reliably detected due to malicious replacement and tampering can be avoided, and the stability and safety of detection can be improved.
The above-mentioned security detection method will be described in detail based on a specific block diagram and a flowchart.
Referring to fig. 4, fig. 4 is a schematic diagram of a server component security scheme according to an embodiment of the invention. From the general architecture, the baseboard management controller connects the baseboard management controller flash memory and the field replaceable unit of the server Motherboard (MB, moltherboard), then connects to the complex programmable logic device through the I3C/I2C, and then connects to the various server components by the complex programmable logic device, where the server components include, but are not limited to, a central processing unit, memory, hard disk, network card, graphics card, and the like. The complex programmable logic device is used as a trusted main control device to realize anti-counterfeiting detection of each component, and as the complex programmable logic device is a device formed by hardware logic, the stability of the complex programmable logic device is far beyond that of a baseboard management controller/a central processing unit, and meanwhile, the flash memory is not required to be additionally provided with firmware outside, so that the problem of illegal replacement or flash memory burning is avoided. In addition, the invention can increase the security check measure to the baseboard management controller or the baseboard management controller firmware. Specifically, firstly, a baseboard management controller generates a unique encryption code according to an encryption algorithm through a board serial number, and writes the unique encryption code into a complex programmable logic device. And then the complex programmable logic device performs handshake communication with the baseboard management controller according to the content of the encryption code after the next power-on or at regular time, if the baseboard management controller cannot respond according to the correct encryption code format, the baseboard management controller is considered to be tampered, and the power-on work of the server is not allowed, so that the one-to-one correspondence between the board card and the baseboard management controller and the information security are ensured.
Compared with a baseboard management controller or a central processing unit, the complex programmable logic device generates a logic gate circuit through a hardware description language instead of a pure software code, so that the stability and the safety are greatly improved; compared with the prior scheme that the baseboard management controller can directly execute anti-counterfeiting detection, the read-write signals of the baseboard management controller to the component can be executed only after the security check is completed through the complex programmable logic device, so that the possibility of remote tampering of the component information is avoided.
In view of the specific implementation of the anti-counterfeiting detection, in the previous scheme, the anti-counterfeiting scheme of the baseboard management controller/the central processing unit is realized through detecting the corresponding parts of the product model and the code of the component. As long as an illegal user uses a tamper-changed part with the same model, the detection of the baseboard management controller/the central processing unit can be bypassed, illegal invasion is realized, and serious loss is caused to the user. In the anti-fake scheme, a professional remotely operates a baseboard management controller before leaving a factory, writes a section of encryption code into a field replaceable unit of each component according to the type and the model of the component, synchronously stores the encryption code into a complex programmable logic device, and then performs the task of detection through the complex programmable logic device, so that the firmware of the baseboard management controller cannot bypass the anti-fake function of the component even if the firmware is tampered with.
The proposal also increases the detection of the corresponding relation between the baseboard management controller and the server mainboard. Before the board card leaves the factory, a professional operates the baseboard management controller to generate a section of unique encryption code according to an encryption algorithm based on the serial numbers of the board cards in the field replaceable units, all the serial numbers of the board cards are unique, so that the generated encryption code is also unique, and then the encryption code is written into the complex programmable logic device. After the next power-on or timing, the complex programmable logic device performs handshake communication with the baseboard management controller, the complex programmable logic device initiates communication according to the encryption code first, and if the baseboard management controller can also respond correctly according to the format of the encryption code, the baseboard management controller is considered to be normal in working state and not tampered. Otherwise, the baseboard management controller is considered to be tampered, and the complex programmable logic device controls the server to be powered down, so that the safety of the server is ensured.
Referring to fig. 5, fig. 5 is a flowchart of an anti-counterfeit code generation process according to an embodiment of the present invention. In the anti-counterfeiting code generation flow, firstly, a baseboard management controller generates a unique encryption code according to a board serial number in a field replaceable unit, and writes the encryption code into a complex programmable logic device; then the baseboard management controller scans the component list in the server to check the components in the server under the current configuration; and finally, writing a section of encryption code into a specific field of the field replaceable unit of the component by the baseboard management controller according to the type and the model of the component, so as to realize the anti-counterfeiting of the component.
Referring to fig. 6, fig. 6 is a flowchart of an anti-counterfeit detection process according to an embodiment of the present invention. In the anti-counterfeiting detection flow, after the complex programmable logic device is powered on, handshake information is initiated to the baseboard management controller according to the format of the encryption code; and then detecting whether the response content of the baseboard management controller accords with the content format of the encryption code, if not, considering that the firmware of the baseboard management controller is tampered, and controlling the server to be powered down by the complex programmable logic device. If the requirements are met, the next step is carried out; then the complex programmable logic device reads the field replaceable unit information of each component, and detects whether the data of the specific field is consistent with the encryption codes stored in the complex programmable logic device; if the detection result is inconsistent, the server continues to work, the anti-counterfeiting detection of the round is ended, if the detection result is inconsistent, the complex programmable logic device powers down the part with failure in anti-counterfeiting detection, and other parts of the server continue to work normally. After the complex programmable logic device is powered on to finish anti-counterfeiting detection, the function of timing anti-counterfeiting detection is synchronously added, and the risk of replacing hot plug of the component is prevented.
The security detection device, the server, and the computer-readable storage medium of the server component provided in the embodiments of the present invention are described below, and the security detection device, the server, and the computer-readable storage medium described below and the security detection method of the server component described above may be referred to correspondingly.
Referring to fig. 7, fig. 7 is a block diagram of a security detection device for a server component according to an embodiment of the present invention, where the device is applied to a complex programmable logic device in a server, and may include:
a first verification module 701, configured to send first encryption information corresponding to a baseboard management controller to the baseboard management controller when a security detection operation is triggered, and verify whether the baseboard management controller is replaced according to whether the baseboard management controller correctly responds to the first encryption information;
a server power down module 702 for controlling a server power down when it is determined that the baseboard management controller has been replaced;
a second verification module 703, configured to obtain second encryption information from each of the server components when it is determined that the baseboard management controller is not replaced, and verify whether a replaced server component exists in each of the server components by using the second encryption information;
a server component power down module 704 for controlling the replaced server component to power down when it is determined that the replaced server component exists.
Optionally, the first verification module 701 may include:
a first judging sub-module, configured to judge whether the baseboard management controller returns response information corresponding to the first encryption information; if not, judging that the baseboard management controller is replaced; if the second judgment sub-module is returned, calling a second judgment sub-module;
The second judging submodule is used for judging whether the response information accords with a preset format or not; if yes, judging that the baseboard management controller is not replaced; if not, it is determined that the baseboard management controller has been replaced.
Optionally, the apparatus may further include:
the first initialization module is used for receiving and storing the first encryption information sent by the baseboard management controller in an initialization stage; and the first encryption information is obtained by encrypting the serial number of the main board.
Optionally, the second verification module 703 may include:
a third judging sub-module, configured to obtain the second encryption information from a designated register in a field replaceable unit inside each server component, and judge whether the second encryption information is the same as the stored identification information corresponding to each server component; if the server components are the same, judging that the corresponding server components are not replaced; if the server components are different, the corresponding server components are judged to be replaced.
Optionally, the baseboard management controller is in bus communication with each of the server components through the complex programmable logic device;
the apparatus may further include:
A bus signal verification module for intercepting, in a normal operation phase, a bus signal of the baseboard management controller accessing the field replaceable unit inside each of the server parts in a bus, and judging whether the bus signal accesses the designated register; if yes, shielding the bus signal.
Optionally, the bus signal verification module may be further configured to: if the bus signal is determined not to access the specified register, verifying the register address accessed by the bus signal and/or the operation type executed by the bus signal; shielding the bus signal when it is determined that the bus signal is not verified; when it is determined that the bus signal has passed the authentication, the bus signal is sent to the corresponding server component.
Optionally, the apparatus may further include:
a second initialization module, configured to monitor, in an initialization phase, a write signal sent by the baseboard management controller to a designated register in a field replaceable unit inside each server component, obtain the second encryption information from the write signal, and store the second encryption information as the identification information; the second identification information is encrypted using the original field replaceable unit information of the server component.
Optionally, the server component power down module 704 may also be configured to:
when the second encrypted information cannot be acquired, it is determined that the corresponding server component has been replaced.
The embodiment of the invention also provides a server provided with a complex programmable logic device for executing the security detection method of the server component.
Since the embodiments of the server portion correspond to the embodiments of the security detection method portion for the server component, the embodiments of the server portion are referred to the description of the embodiments of the security detection method portion for the server component, and are not repeated herein.
The embodiment of the invention also provides a computer readable storage medium, and a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of the security detection method based on the server component in any embodiment are realized.
Since the embodiments of the computer readable storage medium portion and the embodiments of the security detection method portion for the server component correspond to each other, the embodiments of the computer readable storage medium portion are referred to for a description of the embodiments of the security detection method portion for the server component, and are not repeated herein.
In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The method, the device, the server and the medium for detecting the security of the server component provided by the invention are described in detail above. The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to facilitate an understanding of the method of the present invention and its core ideas. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the invention can be made without departing from the principles of the invention and these modifications and adaptations are intended to be within the scope of the invention as defined in the following claims.

Claims (10)

1. A method of security inspection of a server component, for application to a complex programmable logic device in a server, the method comprising:
when triggering a security detection operation, sending first encryption information corresponding to a baseboard management controller to the baseboard management controller, and verifying whether the baseboard management controller is replaced according to whether the baseboard management controller responds to the first encryption information correctly or not;
when the baseboard management controller is determined to be replaced, the control server is powered down;
when the baseboard management controller is not replaced, acquiring second encryption information from each server component, and verifying whether replaced server components exist in each server component by using the second encryption information;
And controlling the replaced server component to be powered down when the replaced server component is determined to exist.
2. The security inspection method of claim 1, wherein verifying whether the baseboard management controller is replaced based on whether the baseboard management controller is correctly responding to the first encryption information comprises:
judging whether the baseboard management controller returns response information corresponding to the first encryption information or not;
if not, judging that the baseboard management controller is replaced;
if the response information is returned, judging whether the response information accords with a preset format;
if yes, judging that the baseboard management controller is not replaced;
if not, it is determined that the baseboard management controller has been replaced.
3. The security detection method according to claim 2, further comprising:
in the initialization stage, the first encryption information sent by the baseboard management controller is received and stored; and the first encryption information is obtained by encrypting the serial number of the main board.
4. The security detection method according to claim 1, wherein the acquiring second encryption information from each of the server components and verifying whether there is a replaced server component in each of the server components using the second encryption information includes:
Acquiring the second encryption information from a designated register in a field replaceable unit inside each server component, and judging whether the second encryption information is identical to the stored identification information corresponding to each server component;
if the server components are the same, judging that the corresponding server components are not replaced;
if the server components are different, the corresponding server components are judged to be replaced.
5. The security inspection method of claim 4, wherein said baseboard management controller is in bus communication with each of said server components through said complex programmable logic device;
the method further comprises the steps of:
in a normal working stage, intercepting bus signals of the baseboard management controller accessing the field replaceable units inside the server components in a bus, and judging whether the bus signals access the designated registers;
if yes, shielding the bus signal.
6. The security detection method of claim 5, further comprising:
in an initialization stage, monitoring a write signal sent by the baseboard management controller to a designated register in a field replaceable unit inside each server component in the bus, acquiring the second encryption information from the write signal, and storing the second encryption information as the identification information; the second identification information is encrypted using the original field replaceable unit information of the server component.
7. The security detection method according to claim 1, further comprising, after acquiring the second encrypted information from each of the server components:
when the second encrypted information cannot be acquired, it is determined that the corresponding server component has been replaced.
8. A security inspection device for a server component, for use with a complex programmable logic device in a server, the device comprising:
the first verification module is used for sending first encryption information corresponding to the baseboard management controller when the security detection operation is triggered, and verifying whether the baseboard management controller is replaced according to whether the baseboard management controller responds to the first encryption information correctly or not;
the server power-down module is used for controlling the server to power down when the baseboard management controller is determined to be replaced;
a second verification module configured to acquire second encryption information from each of the server components when it is determined that the baseboard management controller is not replaced, and verify whether a replaced server component exists in each of the server components using the second encryption information;
and the server component power-down module is used for controlling the replaced server component to power down when the presence of the replaced server component is determined.
9. A server, characterized in that the server is provided with a complex programmable logic device for performing the security detection method of the server component according to any of claims 1 to 7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein computer executable instructions which, when loaded and executed by a processor, implement a method of security detection of a server component according to any of claims 1 to 7.
CN202410044568.7A 2024-01-11 2024-01-11 Security detection method and device for server component, server and medium Pending CN117873800A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410044568.7A CN117873800A (en) 2024-01-11 2024-01-11 Security detection method and device for server component, server and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410044568.7A CN117873800A (en) 2024-01-11 2024-01-11 Security detection method and device for server component, server and medium

Publications (1)

Publication Number Publication Date
CN117873800A true CN117873800A (en) 2024-04-12

Family

ID=90589851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410044568.7A Pending CN117873800A (en) 2024-01-11 2024-01-11 Security detection method and device for server component, server and medium

Country Status (1)

Country Link
CN (1) CN117873800A (en)

Similar Documents

Publication Publication Date Title
US7730545B2 (en) Test access control for secure integrated circuits
CN109670319B (en) Server flash safety management method and system thereof
US9116840B2 (en) Semiconductor device and data processing method
US10509568B2 (en) Efficient secure boot carried out in information processing apparatus
JP5975629B2 (en) Memory protection unit and storage element access control method
US20060005000A1 (en) Enhancing trusted platform module performance
CN111552434B (en) Method for protecting memory device of computing system, computing system and storage medium
CN102063591A (en) Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform
CN107066871B (en) Function device and control apparatus
US20220171855A1 (en) Electronic control device and security verification method for electronic control device
US5561767A (en) Safety critical processor and processing method for a data processing system
JP2020095470A (en) Information processor and control method thereof
CN117873800A (en) Security detection method and device for server component, server and medium
CN103795905A (en) Trusted starting method of web camera
CN113626792B (en) PCIe Switch firmware secure execution method, device, terminal and storage medium
TWI833653B (en) System-on-chip, a method for the same, and a computing device
US10691586B2 (en) Apparatus and method for software self-test
CN117785756B (en) Memory control system, method, chip and computer readable storage medium
CN111797442A (en) Security device and method
US11928210B2 (en) Module and method for monitoring systems of a host device for security exploitations
CN114385379B (en) Method, system, terminal and storage medium for detecting on-board information refreshing
US20230385071A1 (en) Semiconductor device
WO2020183562A1 (en) Validity authentication activation management system
CN116052755A (en) RPMB function test method, device, computer equipment and storage medium
CN117494232A (en) Method, device, system, storage medium and electronic equipment for executing firmware

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination