CN117932588A - Method and terminal for carrying out double authentication on BIOS based on BMC - Google Patents
Method and terminal for carrying out double authentication on BIOS based on BMC Download PDFInfo
- Publication number
- CN117932588A CN117932588A CN202311701738.6A CN202311701738A CN117932588A CN 117932588 A CN117932588 A CN 117932588A CN 202311701738 A CN202311701738 A CN 202311701738A CN 117932588 A CN117932588 A CN 117932588A
- Authority
- CN
- China
- Prior art keywords
- bmc
- check data
- check
- bios firmware
- bios
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000004364 calculation method Methods 0.000 claims abstract description 8
- 230000003993 interaction Effects 0.000 claims abstract description 5
- 238000004891 communication Methods 0.000 claims description 23
- 230000009977 dual effect Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 15
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 238000004422 calculation algorithm Methods 0.000 claims description 9
- 238000011161 development Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 claims description 3
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 7
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 238000012827 research and development Methods 0.000 abstract description 2
- 238000012795 verification Methods 0.000 description 9
- 238000007726 management method Methods 0.000 description 4
- 230000007547 defect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 108010028984 3-isopropylmalate dehydratase Proteins 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 230000032258 transport Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a method for carrying out double authentication on BIOS based on BMC, which utilizes first check data of active primary authentication of third party checking calculation, obtains second check data of passive secondary authentication by actively reading a firmware code area of the checking calculation BIOS through BMC, completes multiple data interaction and checking calculation between BMC and BIOS, and carries out double authentication; the invention improves the basic security performance of the computer system, solves the basic security dilemma generated when the computer system has no trusted chip, reduces the design difficulty and the research and development cost of software and hardware, and can effectively prevent the situation that the computer system cannot recognize external attack due to hijacking in the middle of data transmission.
Description
Technical Field
The application relates to the technical field of communication, in particular to a method and a terminal for performing double authentication on BIOS based on BMC.
Background
In the existing field of trafficking, the prior art generally adopts a mode of adding an additional TPM module, a TCM module and the like on a hardware design, and generates a trusted root for providing security through a secure and trusted chip of a third party, and after each flow started by a verification system is participated from bottom to top, under the condition that each measurement is passed, normal guidance is allowed to enter a normal use scene such as an operating system and the like.
The above scheme has the following defects:
(1) The design difficulty of the whole project is increased, and on the hardware level, the hardware circuit needs to be optimally designed to support the long-time operation of the additional trusted chip module; the software layer needs to reconstruct the boot starting process so as to support the introduction of a trusted root in the initial stage of boot starting, and needs to introduce measurement checking calculation of the next stage before ending different stages;
(2) The design period is long, a long-time adaptation process is required, and the labor cost is uncontrollable;
(3) The current trusted chips on the market have high price and are difficult to be suitable for low-cost projects or mass production projects.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides a method for performing double authentication on BIOS based on BMC, which is used for solving the problem of high implantation cost of a third party trusted chip in the prior art and ensuring that the whole computer system is not completely in a 'run nakedly' state without fortification.
In order to achieve the technical purpose, the following technical scheme is adopted:
In a first aspect, the present invention provides a method for dual authentication of a BIOS based on a BMC, including the following steps:
S1, powering on the BMC and the BIOS firmware, judging whether the BMC receives a communication request sent by the BIOS firmware within a preset time range after the BMC monitors the powering-on state of the CPU, executing step S2 if the BMC receives the communication request, otherwise, controlling the power supply to be turned off, stopping the loading process of the BIOS firmware by the CPU end, and recording the starting result;
S2, the BMC receives the first check data sent by the BIOS firmware, sends a reply corresponding to the first check data to the BIOS firmware, judges whether the reply content meets the agreed configuration flag bit requirement or not, and if yes, executes the step S3; otherwise, the BIOS firmware judges that the BMC is not trusted, records abnormal starting of the BMC and calls a shutdown flow;
S3, the BMC reads the content of the BIOS firmware code area, calculates and generates second check data, compares and authenticates the first check data and the second check data with check metadata stored by the BMC respectively to obtain two authentication results, judges whether the two authentication results pass or not, and if so, executes the step S4; otherwise, executing the step S5;
S4, configuring the OEM command double authentication conclusion corresponding to the communication interface as success, sending a double authentication passing flag bit to the BIOS firmware, judging whether the double authentication passing flag bit is received within a preset time range by the BIOS firmware, and entering a starting flow if the double authentication passing flag bit is received; otherwise, the BIOS firmware judges that the BMC is not trusted, records abnormal starting of the BMC and calls a shutdown flow;
S5, the BMC compares the first check data with the second check data, judges whether the two check data are matched, if so, confirms to an administrator whether the check metadata need to be updated, records a result log of the starting, and resets the CPU by controlling a power supply; otherwise, recording the starting result, controlling the power supply to stop and block the working state of the CPU end.
Further, before step S1, the method further includes:
In the BIOS firmware generation stage, the operating system of the development terminal is used for carrying out preliminary checking on the code area used by the guide when the firmware is executed, generating first check data and storing the first check data into a check code area specially opened by the BIOS firmware.
Further, the step S1 specifically includes:
S101, judging whether the BMC is started before the CPU, if so, executing the step S102 after the BMC monitors the power-on state of the CPU; if the CPU enters a ready state before the BMC is started, the BMC immediately resets the CPU after the BMC is started, and the step S2 is forcedly executed;
S102, judging whether the BMC receives a communication request sent by the BIOS firmware within a preset time range, if so, executing the step S2, otherwise, controlling the power supply to be turned off, stopping the loading process of the BIOS firmware by the CPU end, and recording the starting result.
Further, the step S2 specifically includes:
s201, the BIOS firmware reads the first check data written in the check code area in the generation stage, and sends the first check data to the BMC through a communication interface after packaging;
s202, the BMC receives first check data sent by the BIOS firmware and sends a communication completion flag bit corresponding to the first check data to the BIOS firmware;
S203, the BIOS firmware performs preliminary checking on the communication completion zone bit, judges whether the reply content accords with the agreed configuration zone bit requirement, and if so, executes the step S3; otherwise, the BIOS firmware judges that the BMC is not trusted, records the abnormal starting of the BMC and invokes a shutdown flow.
Further, the step S3 specifically includes:
S301, the BMC compares the received first check data with check metadata stored in the BMC to obtain an initiative primary authentication result;
S302, the BMC takes BIOS firmware as mounting equipment, starts an SPI read-write program to start reading the content of a BIOS firmware code area, performs preliminary checking calculation through self resources of the BMC to obtain second checking data, and performs data bit comparison on the second checking data and check metadata to obtain a result of passive secondary authentication;
S303, the BMC judges whether the two authentication results pass or not, and if so, the step S4 is executed; if not, step S5 is performed.
Further, the step S5 specifically includes:
Comparing the first check data with the second check data, if the first check data is matched with the second check data, indicating that the BMC does not store the check metadata before or the check metadata needs to be updated at the moment, informing an administrator to confirm whether the check metadata needs to be updated or not, recording a result log of the starting, controlling the power supply to be turned off and resetting the working state of the CPU end;
if the first check data and the second check data are not matched, the BIOS data are considered to be tampered, the starting result is recorded, and the power supply is controlled to be closed and the working state of the CPU end is blocked.
Furthermore, the check metadata is empty when the BMC is started for the first time, no special configuration is needed at this time, a double authentication process is normally carried out, after the judgment of whether the double authentication is passed or not is verified, the automatic flow can be carried out to judge whether the data bits of the first check data and the second check data are matched or not, if the data bits are matched, the data can be filled and stored in a mode of prompting an administrator to update the check metadata, and the CPU is restarted to carry out double authentication again.
Further, the preliminary checking algorithm is any one of AES, RSA, PKCS, a hash algorithm and a national cryptographic algorithm.
Further, the interaction mode between the BMC and the BIOS firmware is LPC or I2C protocol.
In a second aspect, the present invention provides a terminal, including one or more processors and a memory storing one or more computer programs, wherein the steps of a method for implementing dual authentication of a BIOS based on a BMC as described above are implemented when the processor invokes the computer program.
The embodiment provided by the invention has the beneficial effects that:
The invention does not introduce a trusted chip, and the system is started up only through the BMC and the BIOS to complete multiple data interaction and checking calculation, thereby improving the basic security performance of the computer system, solving the basic security dilemma generated when the computer system has no trusted chip, and reducing the design difficulty and research and development cost of software and hardware; according to the invention, the first verification data of the active primary authentication is checked and calculated by a third party, the second verification data of the passive secondary authentication is obtained by actively reading the firmware code region of the checked and calculated BIOS through the BMC, and double authentication is carried out, so that the reliability of the system is improved; the invention communicates through a plurality of protocols, and effectively prevents the situation that the computer system cannot identify external attacks because the data is hijacked in the middle of transmission.
Drawings
FIG. 1 is a flow chart of dual authentication of BIOS based on BMC according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a BISO firmware structure according to an embodiment of the present invention;
fig. 3 is a flowchart of a BMC power-on state provided in an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. Based on the embodiments of the present application, all other embodiments obtained by a person of ordinary skill in the art without making any inventive effort are within the scope of the present application.
In order to better understand the aspects of the present application, the present application will be described in further detail with reference to the accompanying drawings and detailed description.
BMC represents a baseboard management controller, namely Baseboard Management Controller, which is generally built on a main board and supports IPMI specifications of industry standards; the functions provided by the BMC include: local and remote diagnostics, console support, configuration management, hardware management, and troubleshooting. BIOS refers to Basic Input Output System, basic input/output system, and is mainly used for initializing and detecting various hardware devices in the starting process of a computer.
At present, in order to enhance the security and the credibility of a system, a secure and credible chip provided by a third party additionally added in a hardware design is generally adopted to generate a secure and credible root, such as an international standard TPM module ( Trusted Platform Module and a credible platform module) or a domestic standard TCM module (Trusted Cryptography Module and a credible password module), and a verification process from a bottom layer to a top layer is carried out through the secure and credible chip, so that each step of system starting is ensured to be verified, and after all verification processes are passed, the system is allowed to enter normal use scenes such as an operating system and the like, and the secure and credible chip provided by the third party is introduced, so that the workload of software and hardware design is greatly improved, and the production budget is also greatly improved; however, in the prior art, the whole computer system is in an undeniated 'run nakedly' state without using a safe and reliable chip provided by a third party, and the system in the 'run nakedly' state is easily subjected to security threats such as malicious software, network attack, data leakage and the like. In the embodiment, the BMC performs code region dual authentication on the BIOS firmware, and the most basic safe and reliable function is realized on the premise that a circuit does not need to additionally increase a reliable chip.
Example 1
As shown in fig. 1, the present embodiment provides a method for dual authentication of a BIOS based on a BMC, including the following steps:
S1, powering on the BMC and the BIOS firmware, after the BMC monitors the powering-on state of the CPU, judging whether the BMC receives a communication request sent by the BIOS firmware in the countdown 120S, if the BMC receives the communication request, executing a step S2, otherwise, controlling the power supply to be turned off, stopping the loading process of the BIOS firmware by the CPU end, and recording the starting result;
S2, the BMC receives the first check data sent by the BIOS firmware, sends a reply corresponding to the first check data to the BIOS firmware, judges whether the reply content meets the agreed configuration flag bit requirement or not, and if yes, executes the step S3; otherwise, the BIOS firmware judges that the BMC is not trusted, records abnormal starting of the BMC and calls a shutdown flow;
S3, the BMC reads the content of the BIOS firmware code area, calculates and generates second check data, compares and authenticates the first check data and the second check data with check metadata stored by the BMC respectively to obtain two authentication results, judges whether the two authentication results pass or not, and if so, executes the step S4; otherwise, executing the step S5;
S4, the BMC configures the dual authentication conclusion of the OEM command corresponding to the communication interface to be successful, and sends a dual authentication passing flag bit to the BIOS firmware, the BIOS firmware judges whether the dual authentication passing flag bit is received in the countdown 120S, and if so, the starting process is started; otherwise, the BIOS firmware judges that the BMC is not trusted, records abnormal starting of the BMC and calls a shutdown flow;
S5, the BMC compares the first check data with the second check data, judges whether the two check data are matched, if so, confirms to an administrator whether the check metadata need to be updated, records a result log of the starting, and resets the CPU by controlling a power supply; otherwise, recording the starting result, controlling the power supply to stop and block the working state of the CPU end.
In some embodiments, as shown in fig. 2, before step S1, further includes:
in the generation stage of BIOS firmware, a developer reconstructs the packing flow of the BIOS firmware, MD5 verification is introduced from the operating system of the development terminal, the code area used by the development terminal in the guide during the execution of the firmware is subjected to preliminary verification by the operating system of the development terminal, and first verification data are generated and stored in a verification code area specially opened up by the BIOS firmware.
In the embodiment, when the code area of the BIOS firmware is subjected to preliminary checking, the operating system of the development terminal is used for performing third-party checking, and the computer system is independent of the computer system of the actual application, so that the relative independence and objectivity of the characteristic value are maintained.
In some embodiments, as shown in fig. 3, step S1 is specifically:
S101, judging whether the BMC is started before the CPU, if so, executing the step S102 after the BMC monitors the power-on state of the CPU; if the CPU enters a ready state before the BMC is started, after the BMC is started, the BIOS firmware is started and completed, and the BIOS firmware cannot communicate with the BMC at the moment, so that the BMC cannot receive a communication request sent by the BIOS firmware within 120S of countdown, and immediately resets the CPU after the countdown is finished, and the step S2 is forced to be executed;
S102, judging whether the BMC receives a communication request sent by the BIOS firmware or not in the countdown 120S, if so, executing the step S2, otherwise, controlling the power supply to be turned off, stopping the loading process of the BIOS firmware by the CPU end, and recording the starting result.
In some embodiments, step S2 is specifically:
s201, the BIOS firmware reads the first check data written in the check code area in the generation stage, and sends the first check data to the BMC through a communication interface after packaging;
s202, the BMC receives first check data sent by the BIOS firmware and sends a communication completion flag bit corresponding to the first check data to the BIOS firmware;
S203, the BIOS firmware performs preliminary checking on the communication completion zone bit, judges whether the reply content accords with the agreed configuration zone bit requirement, and if so, executes the step S3; otherwise, the BIOS firmware judges that the BMC is not trusted, records abnormal starting of the BMC and calls a shutdown flow;
in some embodiments, step S3 is specifically:
S301, the BMC compares the received first check data with check metadata stored in the BMC to obtain an initiative primary authentication result;
S302, the BMC takes BIOS firmware as mounting equipment, starts an SPI read-write program to start reading the content of a BIOS firmware code area, performs preliminary checking calculation through self resources of the BMC to obtain second checking data, and performs data bit comparison on the second checking data and check metadata to obtain a result of passive secondary authentication;
S303, the BMC judges whether the two authentication results pass or not, and if so, the step S4 is executed; if not, step S5 is performed.
In some embodiments, step S5 is specifically:
Comparing the first check data with the second check data, if the first check data is matched with the second check data, indicating that the BMC does not store the check metadata before or the check metadata needs to be updated at the moment, informing an administrator to confirm whether the check metadata needs to be updated or not, recording a result log of the starting, controlling the power supply to be turned off and resetting the working state of the CPU end;
if the first check data and the second check data are not matched, the BIOS data are considered to be tampered, the starting result is recorded, and the power supply is controlled to be closed and the working state of the CPU end is blocked.
In some embodiments, the check metadata is empty when the BMC is started for the first time, no special configuration is needed at this time, the dual authentication process is performed normally, after the determination of whether the dual authentication is passed or not, the automatic flow can be switched to determine whether the data bits of the first check data and the second check data match, if so, the manager can be prompted to update the check metadata, the data can be filled and stored, and the CPU is restarted to perform the dual authentication again.
In some embodiments, the preliminary checking algorithm is any one of AES, RSA, PKCS, a hash algorithm, and a national cryptographic algorithm.
In some embodiments, the interaction between the BMC and the BIOS firmware is the LPC or I2C protocol.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. The method for double authentication of the BIOS based on the BMC is characterized by comprising the following steps:
S1, powering on the BMC and the BIOS firmware, judging whether the BMC receives a communication request sent by the BIOS firmware within a preset time range after the BMC monitors the powering-on state of the CPU, executing step S2 if the BMC receives the communication request, otherwise, controlling the power supply to be turned off, stopping the loading process of the BIOS firmware by the CPU end, and recording the starting result;
S2, the BMC receives the first check data sent by the BIOS firmware, sends a reply corresponding to the first check data to the BIOS firmware, judges whether the reply content meets the agreed configuration flag bit requirement or not, and if yes, executes the step S3; otherwise, the BIOS firmware judges that the BMC is not trusted, records abnormal starting of the BMC and calls a shutdown flow;
S3, the BMC reads the content of the BIOS firmware code area, calculates and generates second check data, compares and authenticates the first check data and the second check data with check metadata stored by the BMC respectively to obtain two authentication results, judges whether the two authentication results pass or not, and if so, executes the step S4; otherwise, executing the step S5;
S4, configuring the OEM command double authentication conclusion corresponding to the communication interface as success, sending a double authentication passing flag bit to the BIOS firmware, judging whether the double authentication passing flag bit is received within a preset time range by the BIOS firmware, and entering a starting flow if the double authentication passing flag bit is received; otherwise, the BIOS firmware judges that the BMC is not trusted, records abnormal starting of the BMC and calls a shutdown flow;
S5, the BMC compares the first check data with the second check data, judges whether the two check data are matched, if so, confirms to an administrator whether the check metadata need to be updated, records a result log of the starting, and resets the CPU by controlling a power supply; otherwise, recording the starting result, controlling the power supply to stop and block the working state of the CPU end.
2. The method according to claim 1, wherein prior to step S1, further comprising:
In the BIOS firmware generation stage, the operating system of the development terminal is used for carrying out preliminary checking on the code area used by the guide when the firmware is executed, generating first check data and storing the first check data into a check code area specially opened by the BIOS firmware.
3. The method according to claim 1, wherein the step S1 is specifically:
S101, judging whether the BMC is started before the CPU, if so, executing the step S102 after the BMC monitors the power-on state of the CPU; if the CPU enters a ready state before the BMC is started, the BMC immediately resets the CPU after the BMC is started, and the step S2 is forcedly executed;
S102, judging whether the BMC receives a communication request sent by the BIOS firmware within a preset time range, if so, executing the step S2, otherwise, controlling the power supply to be turned off, stopping the loading process of the BIOS firmware by the CPU end, and recording the starting result.
4. The method according to claim 2, wherein the step S2 is specifically:
s201, the BIOS firmware reads the first check data written in the check code area in the generation stage, and sends the first check data to the BMC through a communication interface after packaging;
s202, the BMC receives first check data sent by the BIOS firmware and sends a communication completion flag bit corresponding to the first check data to the BIOS firmware;
S203, the BIOS firmware performs preliminary checking on the communication completion zone bit, judges whether the reply content accords with the agreed configuration zone bit requirement, and if so, executes the step S3; otherwise, the BIOS firmware judges that the BMC is not trusted, records the abnormal starting of the BMC and invokes a shutdown flow.
5. The method according to claim 1, wherein the step S3 is specifically:
S301, the BMC compares the received first check data with check metadata stored in the BMC to obtain an initiative primary authentication result;
S302, the BMC takes BIOS firmware as mounting equipment, starts an SPI read-write program to start reading the content of a BIOS firmware code area, performs preliminary checking calculation through self resources of the BMC to obtain second checking data, and performs data bit comparison on the second checking data and check metadata to obtain a result of passive secondary authentication;
S303, the BMC judges whether the two authentication results pass or not, and if so, the step S4 is executed; if not, step S5 is performed.
6. The method according to claim 1, wherein the step S5 is specifically:
Comparing the first check data with the second check data, if the first check data is matched with the second check data, indicating that the BMC does not store the check metadata before or the check metadata needs to be updated at the moment, informing an administrator to confirm whether the check metadata needs to be updated or not, recording a result log of the starting, controlling the power supply to be turned off and resetting the working state of the CPU end;
if the first check data and the second check data are not matched, the BIOS data are considered to be tampered, the starting result is recorded, and the power supply is controlled to be closed and the working state of the CPU end is blocked.
7. The method according to claim 1, wherein the check metadata is empty when the BMC is started for the first time, no special configuration is needed at this time, the dual authentication process is performed normally, and after the determination of whether the dual authentication is passed, the automatic flow goes to the determination of whether the data bits of the first check data and the second check data match, and if so, the manager is prompted to update the check metadata, the data is filled and saved, and the CPU is restarted to perform the dual authentication again.
8. The method of claim 1,2 or 5, wherein the preliminary checking algorithm is any one of AES, RSA, PKCS, a hash algorithm, and a cryptographic algorithm.
9. The method of claim 1, 3, 4 or 5, wherein the interaction between the BMC and the BIOS firmware is an LPC or I2C protocol.
10. A terminal comprising one or more processors and a memory storing one or more computer programs, wherein the steps of a method for dual authentication of a BIOS based on a BMC according to any of claims 1-9 are implemented when the processor invokes the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311701738.6A CN117932588A (en) | 2023-12-12 | 2023-12-12 | Method and terminal for carrying out double authentication on BIOS based on BMC |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311701738.6A CN117932588A (en) | 2023-12-12 | 2023-12-12 | Method and terminal for carrying out double authentication on BIOS based on BMC |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117932588A true CN117932588A (en) | 2024-04-26 |
Family
ID=90769334
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311701738.6A Pending CN117932588A (en) | 2023-12-12 | 2023-12-12 | Method and terminal for carrying out double authentication on BIOS based on BMC |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117932588A (en) |
-
2023
- 2023-12-12 CN CN202311701738.6A patent/CN117932588A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7424611B2 (en) | Authentication system and method | |
| US8341393B2 (en) | Security to extend trust | |
| CN101980235B (en) | Safe computing platform | |
| CN111523112B (en) | Method, device, equipment and medium for safely starting server | |
| US20110083005A1 (en) | Enabling a heterogeneous blade environment | |
| KR20160130790A (en) | Credible kernel starting method and device | |
| CN104200165A (en) | Initiative trusted measurement method based on CPU made in China | |
| US20220224546A1 (en) | Software integrity protection method and apparatus, and software integrity verification method and apparatus | |
| CN114428963B (en) | Server starting method, device, equipment and storage medium | |
| US11347858B2 (en) | System and method to inhibit firmware downgrade | |
| WO2022028057A1 (en) | Tpm-based apparatus and method for multi-layer protection of server asset information | |
| CN114329496A (en) | Trusted starting method of operating system and electronic equipment | |
| CN115329321A (en) | Firmware starting method, chip and computing device | |
| CN117806777B (en) | Virtual environment starting integrity verification method, device, system, equipment and medium | |
| CN112148314A (en) | Mirror image verification method, device, equipment and storage medium of embedded system | |
| US11537757B2 (en) | Securely writing data to a secure data storage device during runtime | |
| US20200244461A1 (en) | Data Processing Method and Apparatus | |
| JP7522876B2 (en) | System and method for computing system security - Patents.com | |
| CN117932588A (en) | Method and terminal for carrying out double authentication on BIOS based on BMC | |
| CN109697351B (en) | Trusted measurement system and method | |
| CN116541891A (en) | UEFI image file integrity protection method, device, equipment and medium | |
| CN110781517B (en) | Method for realizing data interaction by BIOS and BMC communication | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| KR102387685B1 (en) | Secure Boot Verification Method and Secure Element for the Same | |
| KR20110066824A (en) | Apparatus and method for trusted secure booting of iptv settop box |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |