CN118627076A - BIOS firmware security verification method and server - Google Patents
BIOS firmware security verification method and server Download PDFInfo
- Publication number
- CN118627076A CN118627076A CN202410397044.6A CN202410397044A CN118627076A CN 118627076 A CN118627076 A CN 118627076A CN 202410397044 A CN202410397044 A CN 202410397044A CN 118627076 A CN118627076 A CN 118627076A
- Authority
- CN
- China
- Prior art keywords
- memory
- bios
- bmc
- bios firmware
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 155
- 238000000034 method Methods 0.000 title claims abstract description 94
- 230000015654 memory Effects 0.000 claims abstract description 411
- 230000006870 function Effects 0.000 claims abstract description 65
- 238000001514 detection method Methods 0.000 claims abstract description 11
- 230000004044 response Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 description 28
- 238000007726 management method Methods 0.000 description 17
- 238000012546 transfer Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 108010028984 3-isopropylmalate dehydratase Proteins 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000000007 visual effect Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Stored Programmes (AREA)
Abstract
The application provides a BIOS firmware security verification method and a server. The method is applied to a baseboard management controller BMC. When the BIOS firmware verification is required, the BMC isolates the memory from the in-band processor by transferring access rights of the memory storing the BIOS firmware from the in-band processor to the detection device. During the verification of the BIOS firmware, the in-band processor can normally run the operating system and realize other functions, and the detection device can carry out safety verification on the BIOS firmware in the memory by accessing the memory, so that the detection of the BIOS firmware is realized during the running of the operating system by the in-band processor. The method and the device not only realize the safety verification of the BISO firmware, but also do not influence the normal operation of the server and the in-band processor, and improve the operation safety of the server.
Description
Technical Field
The present application relates to the field of server technologies, and in particular, to a method for verifying security of BIOS firmware and a server.
Background
With the rapid development of networks and data centers, servers are facing various security risks, either internal or external, as core devices for data centers. The BIOS firmware serves as the underlying foundation for the start-up and operation of the server, and its security and integrity are critical to the stability and security of the server operating system. If the BIOS firmware is tampered or damaged maliciously, the server may not be started normally, and malicious code is even injected, so that the safety of the whole operating system is threatened.
Therefore, it is necessary to provide a method for verifying the security of the BIOS firmware, so as to provide a guarantee for the secure operation of the server and the operating system.
Disclosure of Invention
In view of this, the embodiment of the application provides a method and a server for verifying the security of BIOS firmware.
In a first aspect, the present application provides a method for verifying security of BIOS firmware, where the method includes:
The BMC receives a BIOS check command, wherein the BIOS check command is used for indicating to check BIOS firmware;
The BMC switches an accessible object of a memory from an in-band processor to the BMC, the memory is used for storing BIOS firmware, and the in-band processor is used for accessing the memory to realize BIOS business functions;
And the BMC performs security verification on BIOS firmware in the memory by accessing the memory.
The embodiment of the application provides a safety verification method of BIOS firmware, when BIOS firmware verification is needed, BMC transfers the access authority of a memory storing the BIOS firmware from an in-band processor to detection equipment, and isolates the memory from the in-band processor. During the verification of the BIOS firmware, the in-band processor can normally run the operating system and realize other functions, and the detection device can carry out safety verification on the BIOS firmware in the memory by accessing the memory, so that the detection of the BIOS firmware is realized during the running of the operating system by the in-band processor. The method and the device not only realize the safety verification of the BISO firmware, but also do not influence the normal operation of the server and the in-band processor, and improve the operation safety of the server.
In one possible implementation, the BMC switches an accessible object of a memory from an in-band processor to the BMC, including:
And the BMC switches the accessible object of the memory into the BMC through controlling a general input/output pin of the memory.
In the embodiment of the application, the BMC can directly control the accessible object of the memory through the general input/output pin without modifying through accessing the in-band processor, thereby reducing the interaction between hardware devices and improving the security of the system.
In one possible implementation, the BMC performs security verification on BIOS firmware in the memory by accessing the memory, including:
The BMC accesses the memory and utilizes a one-time programmable OTP memory area to carry out security check on the BIOS firmware.
In the embodiment of the application, the OTP storage area is used for carrying out safety verification on the BIOS firmware, so that the one-time writing of verification data can be ensured, malicious tampering or unauthorized access is prevented, and the safety of the system is improved.
In one possible implementation, the BMC performs security verification on the BIOS firmware using the OTP memory area, including:
The BMC reads a root public key in the OTP storage area;
the BMC verifies the secondary key certificate of the BIOS firmware by using the root public key;
And after the verification of the secondary key certificate is passed, the BMC acquires a public key from the secondary key certificate and utilizes the public key to carry out security verification on the BIOS firmware.
In the embodiment of the application, in this way, the BMC establishes a trust chain by using the root public key in the OTP storage area, verifies the secondary key certificate of the BIOS firmware, and performs security verification on the BIOS firmware by using the extracted public key, thereby ensuring the security and the integrity of the BIOS firmware.
In one possible implementation, before the BMC performs security verification on the BIOS firmware in the memory by accessing the memory, the method further includes:
the BMC sends a first control instruction to the in-band processor, wherein the first control instruction is used for indicating the in-band processor to stop executing service functions needing to access the memory or the BIOS firmware;
the method further comprises the steps of:
And the BMC responds to the BIOS firmware passing verification and sends a second control instruction to the in-band processor, wherein the second control instruction is used for indicating the in-band processor to resume the service function which needs to access the memory or the BIOS firmware.
In the embodiment of the application, the BMC sends the first control instruction to the in-band processor to stop executing the service function which needs to access the memory or the BIOS firmware, and pauses other service functions which possibly collide with the verification operation when the BIOS firmware is verified. And after the BIOS firmware passes the verification, the BMC sends a second control instruction to the in-band processor, so that the in-band processor resumes executing the service function which needs to access the memory or the BIOS firmware, and the system can normally continue executing other service functions after the security verification is completed. In this way, when the BMC executes the BIOS firmware security check, the coordination of the check operation and other service functions is ensured, so that the security and stability of the system are improved.
In one possible implementation manner, the memory includes a first memory and a second memory, where the first memory and the second memory respectively store the BIOS firmware, and the BIOS verification command is used to instruct to perform security verification on the BIOS firmware in the first memory;
the BMC receives the BIOS check command and switches the accessible object of the memory to the BMC, and the BMC comprises:
The BMC switches the accessible object of the first memory to the BMC and switches the accessible object of the second memory to the in-band processor;
The BMC performs security verification on BIOS firmware in the memory by accessing the memory, and the method comprises the following steps:
and the BMC accesses the first memory to carry out security check on BIOS firmware in the first memory.
In the embodiment of the application, the BMC switches the accessible object of the first memory to the BMC so as to carry out security check on BIOS firmware in the first memory. Meanwhile, the BMC switches the accessible object of the second memory to an in-band processor to ensure normal access of other system functions. By switching the first memory access object to the BMC, it is ensured that BIOS firmware in the first memory is not disturbed by other system functions while continuing to check for security.
In one possible implementation manner, the memory includes a first memory and a second memory, where the first memory and the second memory store the BIOS firmware respectively, and the BIOS check command is used to instruct to perform security check on the BIOS firmware in the first memory first and then perform security check on the BIOS firmware in the second memory;
the BMC receives the BIOS check command and switches the accessible object of the memory to the BMC, and the BMC comprises:
The BMC switches the accessible object of the first memory to the BMC and switches the accessible object of the second memory to the in-band processor;
After the BIOS firmware in the first memory passes the verification, switching the accessible object of the second memory into the BMC, and switching the accessible object of the first memory into the in-band processor;
The BMC performs security verification on BIOS firmware in the memory by accessing the memory, and the method comprises the following steps:
the BMC accesses the first memory to carry out security check on BIOS firmware in the first memory;
And after the BMC switches the accessible object of the second memory into the BMC, accessing the second memory to carry out security check on BIOS firmware in the second memory.
In the embodiment of the application, the BMC can carry out security check on BIOS firmware in the two memories in stages, and switch accessible objects of the memories after the check is passed, so as to ensure the smooth operation of the check and ensure the security and stability of the system.
In one possible implementation, the BMC includes a security core and a service core; the BMC receives the BIOS check command and switches the accessible object of the memory to the BMC, and the BMC comprises:
the service core receives the BIOS check command and sends the BIOS check command to the security core;
the security core switches the accessible object of the memory into the security core according to the BIOS check command;
The BMC performs security verification on BIOS firmware in the memory by accessing the memory, and the method comprises the following steps:
the security kernel performs security verification on BIOS firmware in the memory by accessing the memory.
In the embodiment of the application, the service core and the security core respectively take different roles: the business core is responsible for receiving and transmitting commands, the safety core is responsible for practical BIOS firmware safety verification, and the BIOS firmware verification is isolated from other businesses, so that the safety and the effectiveness of the verification operation are ensured.
In one possible implementation, the method further includes:
The secure kernel switches an accessible object of the memory to the in-band processor in response to a BIOS check result characterizing that BIOS firmware in the memory passes the security check.
In the embodiment of the application, the security kernel can transfer the access authority of the memory which is just checked by the BIOS firmware to the in-band processor, so that the in-band processor accesses the memory with higher security to realize related services, and the stability of the system is improved.
In a second aspect, the present application provides a security verification apparatus for BIOS firmware, the apparatus comprising:
The receiving module is used for receiving a BIOS checking command, wherein the BIOS checking command is used for indicating to check BIOS firmware;
The switching module is used for switching an accessible object of a memory from an in-band processor to the BMC, the memory is used for storing BIOS firmware, and the in-band processor is used for accessing the memory to realize BIOS business functions;
and the verification module is used for carrying out safety verification on the BIOS firmware in the memory by accessing the memory.
In one possible implementation, the switching module is specifically configured to switch the accessible object of the memory to the BMC by controlling a general purpose input output pin of the memory.
In one possible implementation, the verification module is specifically configured to access the memory and perform security verification on the BIOS firmware using a one-time programmable OTP memory area.
In a possible implementation manner, the verification module is specifically configured to read a root public key in the OTP memory area; verifying a secondary key certificate of the BIOS firmware by using the root public key; and after the verification of the secondary key certificate is passed, acquiring a public key from the secondary key certificate, and carrying out security verification on the BIOS firmware by utilizing the public key.
In a possible implementation manner, the apparatus further includes a start-stop module, where the start-stop module is configured to send, to the in-band processor, a first control instruction before performing security check on the BIOS firmware in the memory by accessing the memory, where the first control instruction is configured to instruct the in-band processor to stop performing a service function that needs to access the memory or the BIOS firmware; and the second control instruction is used for indicating the in-band processor to resume the service function which needs to access the memory or the BIOS firmware.
In one possible implementation manner, the memory includes a first memory and a second memory, where the first memory and the second memory respectively store the BIOS firmware, and the BIOS verification command is used to instruct to perform security verification on the BIOS firmware in the first memory;
The switching module is specifically configured to switch the accessible object of the first memory to the BMC and switch the accessible object of the second memory to the in-band processor;
the verification module is specifically configured to perform security verification on BIOS firmware in the first memory by accessing the first memory by the BMC.
In one possible implementation manner, the memory includes a first memory and a second memory, where the first memory and the second memory respectively store the BIOS firmware, and the BIOS verification command is used to instruct to perform security verification on the BIOS firmware in the first memory;
the switching module is specifically configured to switch the accessible object of the first memory to the BMC and switch the accessible object of the second memory to the in-band processor; after the BIOS firmware in the first memory passes the verification, switching the accessible object of the second memory into the BMC, and switching the accessible object of the first memory into the in-band processor;
The verification module is specifically configured to access the first memory to perform security verification on the BIOS firmware in the first memory; and after the BMC switches the accessible object of the second memory into the BMC, accessing the second memory to carry out security check on BIOS firmware in the second memory.
In one possible implementation manner, the BMC includes a security core and a service core, and the switching module is specifically configured to receive the BIOS check command, and send the BIOS check command to the security core through the service core; switching the accessible object of the memory into the security core according to the BIOS check command through the security core;
The verification module is specifically configured to access the memory through the security kernel to perform security verification on the BIOS firmware in the memory.
In one possible implementation, the switching module is further configured to switch, by the secure kernel, an accessible object of the memory to the in-band processor in response to a BIOS check result that characterizes that the BIOS firmware in the memory passes a security check.
In a third aspect, an embodiment of the present application provides a server, including a processor, and a memory communicatively connected to the processor;
the memory is used for storing computer execution instructions;
the processor is configured to execute the computer-executable instructions stored in the memory, so as to implement the method for verifying the security of the BIOS firmware according to any one of the embodiments of the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer storage medium, where code is stored, and when the code is executed, a device that executes the code implements a method for verifying the security of BIOS firmware according to any one of the first aspect.
Drawings
In order to more clearly illustrate this embodiment or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for verifying BIOS firmware;
FIG. 2 is a flowchart illustrating a method for verifying BIOS firmware according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a process for performing security verification on BIOS firmware using an OTP memory area according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating another method for verifying the security of BIOS firmware according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating a method for verifying the security of BIOS firmware according to an embodiment of the present application;
FIG. 6 is a flowchart illustrating a method for verifying the security of BIOS firmware according to an embodiment of the present application;
Fig. 7 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
It should be noted that the described embodiments of the present application are only some embodiments of the present application, and not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order to make the following embodiments clear, technical terms related to the present application will be described first.
A Basic Input/Output System (BIOS) is an initialization program that needs to be run when a computer (such as a server) is started, and is responsible for initializing and configuring computer hardware, and starting an operating System. The BIOS firmware refers to an initialization program (including a program of basic input and output) solidified into a memory chip of a computer main board, and the computer realizes the initialization and configuration of computer hardware by running the BIOS firmware and loads an operating system of the computer. The BIOS firmware is a firmware program actually existing on the motherboard, and the BIOS is an abstract concept of the firmware program. The BIOS may be considered as an interface for input and output in a computer system, and BIOS firmware is software that actually performs this interface function. In a general sense, verifying the BIOS is verifying the BIOS firmware.
Flash Memory is a Non-Volatile Memory (Non-Volatile Memory) widely used in computers and other electronic devices. Flash storage is known for fast access speed, low power consumption and higher data density. Flash storage has many advantages. First, flash storage is non-volatile, meaning that data in Flash storage can be maintained even if power is turned off. Secondly, flash storage has higher read-write speed and low power consumption, so that the Flash storage is widely applied to mobile equipment and embedded systems. In addition, flash storage has a high data density, and can store a large amount of data in a relatively small space. In the embodiment of the application, BIOS firmware can be stored in a Flash storage.
The baseboard management controller (Baseboard Manager Controller, BMC) is a small operating system independent of the server system, and can perform firmware upgrade on the electronic device (such as a server) and check operations on the electronic device when the electronic device is not powered on. A BMC is typically a separate chip or module, which may be referred to as a BMC chip, and a BMC chip is a chip integrated on a motherboard or connected to the motherboard through various forms such as a high-speed serial computer expansion bus standard (PERIPHERAL COMPONENT INTERCONNECT EXPRESS, PCIE). The BMC chip is provided with an independent IP address and an independent Internet access, is mainly used for out-of-band management of the server, and can remotely access and manage the server through a network.
In-band management generally refers to performing an operation and maintenance management action by a main operating system of a server (e.g., an operating system run by a server processor). This approach depends on the normal running of the server and the availability of the operating system. In-band management may be limited or unusable if the server fails or the operating system fails to boot.
Out-of-band management is a management approach independent of the server host operating system. Taking BMC as an example, BMC is a small operating system integrated on a motherboard, and can perform operations such as remote management, monitoring, installation, restarting and the like on a server before the server is started or when the operating system cannot normally run. The management mode does not depend on the state of the main operating system of the server, so that even if the server has problems, the fault can be checked and repaired through out-of-band management.
The following describes a scenario in which an embodiment of the present application is applied, with reference to the accompanying drawings.
As shown in fig. 1, in one possible implementation, most servers can utilize a BMC chip to perform security verification on BIOS firmware before BIOS is started, and after the verification is successful, the BIOS is started normally, and the server can complete initialization and configuration of hardware and load an operating system. However, if the instruction for checking the BIOS is triggered during the running process of the server (i.e., during the running process of the in-band processor of the server), the server needs to restart, and the running of the operating system in the in-band processor is interrupted, so as to implement the security check on the BIOS firmware. That is, during the running process of the in-band operating system of the server, the security check of the BIOS firmware cannot be implemented.
In this regard, the embodiment of the application provides a security verification method and a server for BIOS firmware. The execution body of the method can be called as a detection device, specifically a BMC chip, and of course, the execution body can also be other chips or devices capable of realizing out-of-band management.
Before the server is started, the BMC chip can directly carry out security check on BIOS firmware. After the server is started (i.e. during the running process of the in-band processor of the server), the BMC chip responds to the BIOS firmware verification instruction, first closes the related service function accessed by the in-band processor to the memory storing the BIOS firmware (the memory storing the BIOS firmware, hereinafter referred to as the memory for short), and switches the object accessible to the memory from the in-band processor to the BMC chip. The BMC chip then performs a security check on the BIOS firmware in the memory by accessing the memory. After the verification is passed, the BMC chip opens the related service function of the in-band processor for accessing the memory, and switches the object which can access the memory from the BMC chip to the in-band processor. By the method, the BMC chip can isolate the influence of BIOS firmware safety check on the in-band processor during the verification of the BIOS firmware by controlling the service functions of the in-band processor and the objects with access to the memory, the in-band processor can normally operate an operating system and realize other service functions, the continuity of other in-band service functions cannot be influenced, and the safety check of the BIOS firmware in the operation process of the server is realized.
The following describes a method for verifying the security of the BIOS firmware according to an embodiment of the present application with reference to the accompanying drawings.
Fig. 2 is a flow chart of a method for verifying the security of BIOS firmware according to an embodiment of the present application. The flow shown in fig. 2 only includes an implementation flow for verifying the BIOS firmware during the running process of the server, and the embodiment of the present application is not limited to the verification flow for the BIOS firmware before the server is started. The BMC chip and the in-band processor shown in fig. 2 may be integrated or mounted on a motherboard of the same server, and the BMC chip and the in-band processor may communicate through a line integrated in the motherboard, or may communicate through other wireless communication methods. The embodiment of the present application is not particularly limited as to the type of the in-band processor, and may be a central processing unit (Central Processing Unit, CPU) in the server.
S201: the BMC chip receives the BIOS check command.
In one possible implementation, a BIOS check command is used to indicate that BIOS firmware in memory is to be checked for security. Verification of BIOS firmware typically occurs in several cases: in addition to requiring verification of the BIOS firmware at the time of server startup, verification of the BIOS firmware is also required during server operation. For example: after the BIOS firmware is updated or upgraded, the BIOS firmware needs to be checked to ensure that the new BIOS firmware is installed correctly without damage. Or when the server maintains the operating system, the BIOS firmware needs to be checked to find out whether the BIOS firmware has a problem.
The BIOS check command may be automatically generated by other devices in the server (e.g., in-band processor) and sent to the BMC chip, for example: the setting server performs periodic verification of BIOS firmware, and the in-band processor generates a BIOS verification command and sends the BIOS verification command to the BMC chip every time preset time passes. The BIOS check command may also be passively generated by other devices in the server (such as an in-band processor) and sent to the BMC chip, for example: the in-band processor responds to the administrator or technician to trigger the BIOS firmware verification operation, generates a BIOS verification command, and sends the BIOS verification command to the BMC chip.
In one possible implementation, the BIOS check command is generated by the BMC chip, in which case the BMC chip need not receive the BIOS check command. For example: the BMC chip generates a BIOS check command in response to certain conditions that trigger BIOS firmware check (e.g., BIOS periodic check or an administrator triggers BIOS firmware check operation).
In another possible implementation, the BMC chip may also directly perform step S202 in response to some conditions triggering the BIOS firmware verification, i.e., the BMC chip does not need to perform step S201 and does not generate the BIOS verification command.
S202: the BMC chip sends a first control instruction to the in-band processor.
The first control instruction is used for instructing the in-band processor to stop performing a service function (hereinafter referred to as a BIOS service function) that needs to access the memory or access the BIOS firmware in the memory. The BMC chip pauses the BIOS business function of the in-band controller before checking the BIOS firmware by controlling the BIOS business function of the in-band processor, so that the problem that the BIOS business function cannot be realized or the accuracy of checking the BIOS firmware is affected because the in-band controller accesses the BIOS firmware by performing the BIOS business function in the process of checking the BIOS firmware by the BMC chip is avoided.
In one possible implementation, the BIOS business function variables are set in a controller driver of the memory. The controller is driven in the in-band processor, and the BIOS business function variable is used for identifying whether the in-band processor can perform the BIOS business function. The BMC chip sends a first control instruction to the in-band controller so as to set the BIOS service function variable of the in-band processor, thereby realizing the control of the in-band memory. As one example, the first control instruction may be an intelligent platform management interface (INTELLIGENT PLATFORM MANAGEMENT INTERFACE, IPMI) command.
IPMI commands are a set of commands and tools for remote management and monitoring of server hardware. Through the IPMI command, a user can remotely monitor, diagnose and manage the server without being limited by the operating system. In the embodiment of the application, the BMC chip can control whether the in-band processor performs the BIOS service function through the IPMI command.
S203: the BMC chip switches the object accessible to the memory to the BMC chip.
The memory is used for storing BIOS firmware, and in the embodiment of the application, the memory can be Flash storage. The Flash storage is utilized to store the BIOS firmware, so that unauthorized write operation can be prevented, the BIOS firmware is not easy to be tampered maliciously, and the safety of the BIOS firmware is improved.
An object accessible to a memory refers to a hardware device that can access the memory (hereinafter simply referred to as an accessible object), and may also be understood as a hardware device having access rights to the memory. The BMC chip can switch the access object from the in-band processor to the BMC chip, and transfer the access right of the memory from the in-band processor to the BMC chip, so that interaction between the in-band processor and the memory is cut off, and normal operation of the in-band processor is prevented from being influenced by the BMC chip on BIOS firmware verification.
In one possible implementation, the BMC chip may implement control of the accessible objects of the memory by controlling a General Purpose Input Output (GPIO) pin of the memory. When the accessible object needs to be switched, the BMC chip changes the access path of the memory by controlling the GPIO pin of the memory, so that the access authority of the memory is switched from the in-band processor to the BMC chip.
The BMC chip can dynamically adjust the access authority of the memory according to the requirement for checking the BIOS firmware so as to ensure that the in-band processor can normally operate. And moreover, the BMC chip can autonomously switch the accessible object of the memory through the GPIO pin so as to realize verification of BIOS firmware, an in-band processor of a server is not required to be accessed, and the manageability and the safety of the system are improved.
S204: the BMC chip accesses the memory and performs security verification on the BIOS firmware.
After the accessible object of the memory is successfully switched to the BMC chip, the BMC chip can access the memory and further check the BIOS firmware.
In one possible implementation, the BMC chip may utilize a one-time programmable (One Time Programmable, OTP) memory area to implement security checks on BIOS firmware.
The OTP memory area is different from a general memory, which can restore a factory state by an erase command and then can rewrite data. The biggest characteristic of the OTP memory is that the data is one-time programmable, once the data is written, the factory state cannot be restored through an erasing command, namely, for each bit, the data can only be rewritten from "1" to "0" and not rewritten from "0" to "1", namely, the data in the OTP memory cannot be modified. The OTP memory is therefore well suited for storing critical, not easily modifiable data such as device identification, keys, encryption parameters, etc.
The flow of the BMC chip performing security check on BIOS firmware by using the OTP memory area is shown in FIG. 3.
S2041: the BMC chip reads the root public key of the OTP storage area.
The root public key refers to the top-most public key in a set of public keys, typically the top-most public key in a digital certificate hierarchy. The root public key is used as a root of the whole trust chain for verifying the authenticity and credibility of other digital certificates. The BMC chip takes the root public key as a feasible root, and constructs a trust chain system through extending downwards to a lower certificate authority. The trust chain is used for verifying the validity of the digital certificate, and ensuring the safety and the reliability between the two communication parties.
In the embodiment of the application, the security of the root public key is ensured by storing the root public key in the OTP storage area and utilizing the characteristic that the OTP storage area cannot be modified.
S2042: the BMC chip verifies the secondary key certificate of the BIOS firmware.
The BMC chip obtains a secondary key certificate in the BIOS firmware. The secondary key certificate for BIOS firmware is typically generated during the manufacturing process. The secondary key certificate includes the public key and other relevant information. In the context of verifying BIOS firmware, this public key is typically used to verify the integrity and authenticity of the firmware to ensure that the firmware is signed by a legitimate manufacturer. Thus, the public key in the secondary key certificate is a public key corresponding to the private key, and is used for digital signature verification and the like. The BMC chip verifies the authenticity of the secondary key certificate by using the root public key, and can be considered as a trusted certificate when the secondary key certificate can trace back to the trusted root public key.
The BMC chip extracts the signature from the secondary key certificate. And the BMC chip decrypts the signature by using the root public key to obtain a first abstract. And the BMC chip calculates a second digest of the secondary key certificate and compares whether the first digest obtained by decryption is consistent with the calculated second digest so as to determine whether the signature of the secondary key certificate is valid. If the secondary key certificate is authenticated, i.e. the first digest is identical to the second digest, it is indicated that the secondary key certificate is issued by a trusted entity, i.e. the secondary key certificate is authenticated.
S2043: the BMC chip obtains the public key from the secondary key certificate.
The BMC chip will extract the public key from the secondary key certificate. In a subsequent BIOS firmware security verification process, the public key will be used to verify the digital signature of the firmware or other security operations. The BMC chip can acquire the public key by analyzing the secondary key certificate.
S2044: the BMC chip uses the public key to carry out security check on the BIOS firmware.
The BMC chip uses the extracted public key to carry out signature verification on the BIOS firmware, such as digital signature verification on the BIOS firmware and hash value comparison peer-to-peer operation. If the verification passes, it indicates that the BIOS firmware is complete and has not been tampered with.
In this way, the BMC chip uses the root public key information stored in the OTP area as a trusted root, verifies the secondary key certificate of the BIOS, and uses the public key in the certificate to carry out security verification on the BIOS firmware, thereby ensuring the security of the BIOS firmware. The BIOS firmware is prevented from being tampered or replaced maliciously, and the safety and stability of the server are improved.
S205: the BMC chip switches the memory-accessible object to an in-band processor.
After the BIOS firmware passes verification, the BMC chip switches the accessible object of the memory from the BMC chip to the in-band processor, and the access right of the memory is handed over to the in-band processor by the BMC chip. The specific switching method may refer to step S203.
S206: the BMC chip sends a second control instruction to the in-band processor.
The second control instruction is used for indicating the in-band processor to continue to perform the service function of the BIOS firmware which needs to be accessed to the memory or in the memory, namely, restoring the BIOS service function of the in-band processor. After the BMC chip finishes checking the BIOS firmware and hands over the access authority of the memory to the in-band processor, the in-band processor can continuously access the BIOS firmware in the memory, so that the corresponding BIOS service function is realized.
S207: the BMC chip feeds back the BIOS verification result.
The BIOS verification results may include verification results of the BIOS firmware digital signature (e.g., whether the signature is valid, whether it matches a public key in the second key certificate), verification results of the second key certificate validity period (e.g., whether the second key certificate expires or the second key certificate is valid), and verification results of other security information (e.g., whether the extension information in the second key certificate complies with expectations, whether the second key certificate complies with a particular security policy).
The BMC chip can provide comprehensive information about the security of the BIOS firmware to an administrator or a technician by feeding back the BIOS verification result, so that the administrator or the technician can know the security state of the BIOS firmware and take necessary measures.
In the above-mentioned steps S201 to S207, the execution order of the steps S202 and S203 is not limited, and the step S203 may be executed first and then the step S202 may be executed. The execution order of S205 and S206 is not limited, and step S206 may be executed first and step S205 may be executed second. In addition, step S202 and step S206 are optional steps, and when the BMC chip switches the accessible object to the BMC chip, the in-band processor may automatically suspend the BIOS service function; when the BMC chip switches the accessible object to an in-band processor, the in-band processor can automatically start the BIOS service function.
According to the method for safely verifying the BIOS firmware, which is provided by the embodiment of the application, in the running process of the server, the BMC chip switches the accessible object of the memory into the BMC chip in the verification process of the BIOS firmware, so that the access of the in-band processor to the BIOS firmware is isolated, and the safety verification of the BIOS firmware in the running process of the server is realized. The process not only can realize the safety verification of the BIOS firmware, but also can not influence the normal operation of the server and the in-band processor.
In one possible implementation, the embodiment of the application provides a BMC chip, wherein the BMC chip comprises a service core and a security core.
The service core is responsible for performing various management tasks such as hardware status monitoring, fault detection, system configuration, etc. The service core interacts with other hardware and software components to realize the overall management of the server. In the embodiment of the application, the service core is further used for receiving and transmitting a BIOS check command and sending a control instruction to the in-band processor.
The security core can execute encryption and decryption operations to protect sensitive data from being illegally accessed; an access control function can be provided to limit the management and operation of the BMC chip and the server to only authorized users. Thus, the security kernel can greatly improve the security and reliability of the server. In the embodiment of the application, the security kernel also controls the access authority of the memory by the user, switches the accessible object of the memory, and performs security check on the BIOS firmware by using the OTP storage area.
Fig. 4 is a flowchart of another method for verifying the security of the BIOS firmware according to an embodiment of the present application. The method comprises the following steps:
S401: the service core receives the BIOS check command.
In one possible implementation, a BIOS check command is used to indicate that BIOS firmware in memory is to be checked for security.
In the BMC chip, the service core is used for receiving the BIOS checking command and issuing other commands or instructions according to the BIOS checking command.
S402: the service core sends a first control instruction to the in-band processor.
The first control instruction is used to instruct the in-band processor to stop performing the BIOS service function in step S202. After the service core receives the BIOS checking command, the in-band processor is controlled to suspend processing BIOS service functions by sending a first control instruction to the in-band processor. The problem that the BIOS service function cannot be realized in the BIOS firmware verification process or the verification accuracy of the BIOS firmware is affected due to the fact that the in-band processor accesses the BIOS firmware is avoided.
S403: the service core sends a BIOS check command to the security core.
The service core sends the BIOS checking command to the safety core, and the safety core performs safety checking on the BIOS firmware in the memory according to the BIOS checking command.
S404: the secure kernel switches objects that can access memory to the secure kernel.
After the secure core receives the BIOS check command, the accessible object of the memory is switched from the in-band processor to the secure core, i.e. the access right of the memory is handed over to the secure core from the in-band processor. In the embodiment of the application, only the security core can control the accessible object of the memory, and the security core can switch the accessible object of the memory by modifying the GPIO pin of the memory.
By switching the accessible objects of the memory, the access of the in-band processor to the memory and the BIOS firmware can be suspended during the verification of the BIOS firmware by the security check, and the in-band processor can normally operate and realize other service functions, thereby realizing the security check of the BIOS firmware in the operation process of the in-band processor.
S405: the security kernel accesses the memory and verifies the BIOS firmware.
After the accessible object of the memory is successfully switched to the security core, the security core can access the memory and further check the BIOS firmware. In the embodiment of the present application, the security kernel may utilize the OTP memory to perform security verification on the BIOS firmware, and the specific implementation process may refer to step S204 and steps S2041-S2044.
S406: the security kernel switches the memory-accessible object to an in-band processor.
After the BIOS firmware passes the verification, the security core switches the accessible object of the memory from the security core to the in-band processor, and the access right of the memory is handed over to the in-band processor by the security core. The specific switching method may refer to step S404.
S407: the security core sends the BIOS check result to the service core.
After the BIOS firmware is checked by the security check to obtain a BIOS check result, the BIOS check result can be sent to the service core, and the service core performs subsequent processing according to the BIOS check result.
S408: the service core sends a second control instruction to the in-band processor.
The second control instruction is used for indicating the in-band processor to continue to perform the service function of the BIOS firmware which needs to be accessed to the memory or in the memory, namely, restoring the BIOS service function of the in-band processor. The service core receives the BIOS verification result sent by the security core, namely, the security core finishes verifying the BIOS firmware, and at the moment, the service core restores the BIOS service function of the in-band processor by sending a second control instruction to the in-band processor.
S409: the service core feeds back the BIOS verification result.
The service core can display the BIOS verification result to the administrator in a visual mode, so that the administrator can intuitively know the current state of the BIOS firmware. As an example, if the BIOS verification result indicates that the BIOS firmware verification is not passed, the service core may also perform a BIOS firmware exception alarm.
In the above steps S401 to S409, the execution order of S402 and S403 is not limited, and step S403 may be executed first and then step S402 may be executed. The execution order of S406 and S407 is not limited, and step S407 may be executed first and step S406 may be executed later. In addition, step S402 and step S408 are optional steps, and after the security kernel switches the accessible object to the security kernel, the in-band processor may automatically suspend the BIOS service function; when the security kernel switches the accessible object to an in-band processor, the in-band processor can automatically restore the BIOS service function.
According to the method, the BMC chip comprising the service core and the security core is used for realizing the BIOS security verification process and the message interaction process (such as receiving the BIOS verification command and sending the control command to the in-band processor) respectively by using the two cores (the service core and the security core), so that isolation of different processes is realized, and the mutual influence of the two processes performed by a single core at the same time is avoided. And the modification of the memory access authority is isolated from other service implementations, namely, the security core can change the memory accessible object, the service core can realize information interaction, the security of BIOS security check and BIOS firmware can be improved, and the outside attack service core is prevented from directly maliciously modifying the memory access authority and maliciously accessing the memory and the BIOS firmware.
In one possible implementation manner, the embodiment of the application can set two memories (the first memory and the second memory) to respectively store the BIOS firmware, so as to increase the redundancy reliability of the BIOS firmware. The BIOS firmware in the first memory is the same as the BIOS firmware in the second memory, which can be understood that the BIOS firmware in the first memory and the BIOS firmware in the second memory are backup. Of course, the number of memories is not limited in the embodiment of the present application, and only two memories are set for illustration, and the method is also applicable to application scenarios with more memories.
Fig. 5 is a flowchart of a method for verifying the security of BIOS firmware according to another embodiment of the present application. The method comprises the following steps:
s501: the service core receives the BIOS check command.
In one possible implementation, a BIOS check command is used to indicate that BIOS firmware in the first memory is to be checked. The BIOS check command may be used to indicate that only BIOS firmware in a certain memory is checked, such as only BIOS firmware in the first memory is checked; or only to verify the BIOS firmware in the second memory.
S502: the service core sends a BIOS check command to the security core.
S503: the secure core switches the object accessible to the first memory to the secure core and the object accessible to the second memory to the in-band processor.
After receiving the BIOS check command, the security core switches the accessible object of the memory indicated by the BIOS check command to the security core, and switches the accessible object of the other memory to the in-band processor. In the embodiment of the application, the BIOS verification command is used for indicating to carry out security verification on the BIOS firmware in the first memory, so that the access right of the first memory is handed over to the security kernel, and the access right of the second memory is handed over to the in-band processor. As an example, if the in-band processor has the access right of the second memory, the secure kernel does not need to adjust the access right of the second memory, but only needs to ensure that the in-band processor cannot access the first memory, and the secure kernel has the access right of the first memory, so that the secure kernel can correctly access the first memory to verify the BIOS firmware.
In an application scenario in which multiple memories are used to store BIOS firmware at the same time, if no BIOS firmware verification is performed, the in-band memory may have access rights of multiple memories at the same time, or may only have access rights of any one memory.
S504: the security kernel accesses the first memory and verifies the BIOS firmware.
After the accessible object of the first memory is successfully switched to the secure kernel, the secure kernel can access the first memory and further check the BIOS firmware in the first memory. In the embodiment of the present application, the security kernel may utilize the OTP memory to perform security verification on the BIOS firmware, and the specific implementation process may refer to step S204 and steps S2041-S2044.
S505: the security kernel will send the BIOS check result to the service kernel.
The BIOS verification result is a result obtained by verifying the BIOS firmware in the first memory. After the BIOS firmware in the first memory is checked by the security check to obtain a BIOS check result, the BIOS check result can be sent to the service core, and the service core performs subsequent processing according to the BIOS check result.
S506: the service core feeds back the BIOS verification result.
The service core can display the BIOS verification result to the administrator in a visual mode, so that the administrator can intuitively know the current state of the BIOS firmware.
In the embodiment of the application, at least two memories are arranged to store BIOS firmware, when the BIOS firmware in a certain memory is checked, the in-band processor can access the BIOS firmware in other memories to realize the BIOS service function, namely, during the checking of the BIOS firmware by the BMC chip, the BMC chip does not need to pause the BIOS service function of the in-band processor, the in-band processor can still realize the BIOS service function, and further, the safety check of the BIOS firmware in the running process of the server and the in-band processor is realized.
In one possible implementation manner, after the verification of the BIOS firmware in the first memory is passed by the security check, the security check may transfer the access right of the first memory to the in-band processor, and temporarily remove the access right of the in-band processor to the second memory, so that the in-band memory realizes the BIOS service function by using the BIOS firmware that just passed the security check, thereby further improving the security of the operating system.
In another possible implementation, the BMC chip may perform security check on the BIOS firmware in the plurality of memories sequentially. Taking the verification of the BIOS firmware in the first memory and the second memory by the BMC chip sequentially as an example, as shown in fig. 6, fig. 6 is a flow chart of a further method for verifying the BIOS firmware according to an embodiment of the present application. The method comprises the following steps:
s601: the service core receives the BIOS check command.
In one possible implementation, the BIOS check command is used to instruct to check the BIOS firmware in the first memory before checking the BIOS firmware in the second memory.
S602: the service core sends a BIOS check command to the security core.
S603: the secure core switches the object accessible to the first memory to the secure core and the object accessible to the second memory to the in-band processor.
The security core firstly checks the BIOS firmware in the first memory according to the instruction of the BIOS check command, and switches the accessible object of the first memory into the security core, namely, the access authority of the first memory is transferred to the security core. And switching the accessible object of the second memory to an in-band processor to ensure that the in-band processor can access the BIOS firmware in the second memory to realize corresponding BIOS service functions in the process of checking the BIOS firmware in the first memory by the security check.
S604: the security kernel accesses the first memory and verifies the BIOS firmware.
After the accessible object of the first memory is successfully switched to the secure kernel, the secure kernel can access the first memory and further check the BIOS firmware in the first memory. In the embodiment of the present application, the security kernel may utilize the OTP memory to perform security verification on the BIOS firmware, and the specific implementation process may refer to step S204 and steps S2041-S2044.
S605: the security kernel will send the first BIOS check result to the service kernel.
The first BIOS check result is a result obtained by checking the BIOS firmware in the first memory. After the BIOS firmware in the first memory is checked by the security check to obtain a first BIOS check result, the first BIOS check result can be sent to the service core.
S606: the secure core switches the object accessible to the second memory to the secure core and the object accessible to the first memory to the in-band processor.
After the verification of the BIOS firmware in the first memory is completed, if the first BIOS verification result indicates that the BIOS firmware in the first memory passes the verification, the security kernel continues to verify the BIOS firmware in the second memory. The security kernel switches the accessible object of the first memory to the in-band processor, i.e. the access authority of the first memory is handed over to the in-band processor, so that the in-band processor accesses the BIOS firmware in the first memory passing the security check to realize the BIOS service function. And the security core switches the accessible object of the second memory to the security core, namely, the access authority of the second memory is handed over to the security core, so that the security core accesses the BIOS firmware in the second memory for security verification.
In another possible implementation manner, if the first BIOS check result indicates that the BIOS firmware in the first memory fails to pass the check, the security kernel only switches the accessible object in the second memory to the security kernel, and the service kernel sends a first control instruction to the in-band processor according to the first BIOS check result, stops the BIOS service function of the in-band processor, and simultaneously, the service kernel performs the BIOS firmware exception alarm. And after the BIOS firmware in the second memory passes the verification, and the security core transfers the access authority of the second memory to the in-band processor, the service core sends a second control instruction to the in-band processor to recover the BIOS service function of the in-band processor.
S607: the secure kernel accesses the second memory and verifies the BIOS firmware.
After the accessible object of the second memory is successfully switched to the secure kernel, the secure kernel can access the second memory and further check the BIOS firmware in the second memory. In the embodiment of the present application, the security kernel may utilize the OTP memory to perform security verification on the BIOS firmware, and the specific implementation process may refer to step S204 and steps S2041-S2044.
S608: the security kernel will send the second BIOS check result to the service kernel.
The second BIOS check result is a result obtained by checking the BIOS firmware in the second memory. After the second BIOS verification result is obtained by verifying the BIOS firmware in the second memory, the second BIOS verification result can be sent to the service core.
S609: the service core feeds back a first BIOS check result and a second BIOS check result.
After receiving the first BIOS check result and the second BIOS check result, the service core can display the first BIOS check result and the second BIOS check result to an administrator in a visual mode, so that the administrator can intuitively know the current state of BIOS firmware in each memory.
Through the steps S601-S609, the BMC chip can check the BIOS firmware in the memories sequentially, and in the BIOS checking process, the in-band processor can access the BIOS firmware in other memories to realize the BIOS service function, so that the safety checking of the BIOS firmware in the running process of the server and the in-band processor is realized, and the running stability of the operating system is improved.
In another possible implementation, the security kernel may transfer access rights of at least one memory to the in-band processor if the first BIOS check result indicates that the BIOS firmware in the first memory is verified and the second BIOS check result indicates that the BIOS firmware in the second memory is verified. If only the BIOS firmware in the first memory passes the verification or only the BIOS firmware in the second memory passes the verification, the security kernel hands over the access authority of the memory verified by the BIOS firmware to the in-band processor, and ensures that the in-band processor cannot access the memory which is not verified by the BIOS firmware. If the BIOS firmware in the first memory and the second memory are not checked, the service core needs to send a first control instruction to the in-band processor, the BIOS service function of the in-band processor is stopped, and the security core needs to ensure that the in-band processor cannot access the first memory and the second memory.
Through the process, the BMC chip can control the in-band processor to access the memory checked by the BIOS firmware to realize the BIOS service function, and pause the BIOS service function of the in-band processor when the BIOS firmware in the memory fails to be checked, so that the condition that the in-band processor is abnormal in operation due to the fact that the in-band processor accesses the memory which fails to be checked by the BIOS firmware is avoided, and the stability of the running operation system of the in-band processor is further improved.
Based on the same inventive concept, the embodiment of the application also provides a device for verifying the safety of the BIOS firmware. The implementation scheme of the device for solving the problems is similar to the implementation scheme recorded in the method, and the technical effects achieved are the same, and are not repeated here. The device comprises:
The receiving module is used for receiving a BIOS checking command, wherein the BIOS checking command is used for indicating to check BIOS firmware;
The switching module is used for switching an accessible object of a memory from an in-band processor to the BMC, the memory is used for storing BIOS firmware, and the in-band processor is used for accessing the memory to realize BIOS business functions;
and the verification module is used for carrying out safety verification on the BIOS firmware in the memory by accessing the memory.
In one possible implementation, the switching module is specifically configured to switch the accessible object of the memory to the BMC by controlling a general purpose input output pin of the memory.
In one possible implementation, the verification module is specifically configured to access the memory and perform security verification on the BIOS firmware using a one-time programmable OTP memory area.
In a possible implementation manner, the verification module is specifically configured to read a root public key in the OTP memory area; verifying a secondary key certificate of the BIOS firmware by using the root public key; and after the verification of the secondary key certificate is passed, acquiring a public key from the secondary key certificate, and carrying out security verification on the BIOS firmware by utilizing the public key.
In a possible implementation manner, the apparatus further includes a start-stop module, where the start-stop module is configured to send, to the in-band processor, a first control instruction before performing security check on the BIOS firmware in the memory by accessing the memory, where the first control instruction is configured to instruct the in-band processor to stop performing a service function that needs to access the memory or the BIOS firmware; and the second control instruction is used for indicating the in-band processor to resume the service function which needs to access the memory or the BIOS firmware.
In one possible implementation manner, the memory includes a first memory and a second memory, where the first memory and the second memory respectively store the BIOS firmware, and the BIOS verification command is used to instruct to perform security verification on the BIOS firmware in the first memory;
The switching module is specifically configured to switch the accessible object of the first memory to the BMC and switch the accessible object of the second memory to the in-band processor;
the verification module is specifically configured to perform security verification on BIOS firmware in the first memory by accessing the first memory by the BMC.
In one possible implementation manner, the memory includes a first memory and a second memory, where the first memory and the second memory respectively store the BIOS firmware, and the BIOS verification command is used to instruct to perform security verification on the BIOS firmware in the first memory;
the switching module is specifically configured to switch the accessible object of the first memory to the BMC and switch the accessible object of the second memory to the in-band processor; after the BIOS firmware in the first memory passes the verification, switching the accessible object of the second memory into the BMC, and switching the accessible object of the first memory into the in-band processor;
The verification module is specifically configured to access the first memory to perform security verification on the BIOS firmware in the first memory; and after the BMC switches the accessible object of the second memory into the BMC, accessing the second memory to carry out security check on BIOS firmware in the second memory.
In one possible implementation manner, the BMC includes a security core and a service core, and the switching module is specifically configured to receive the BIOS check command, and send the BIOS check command to the security core through the service core; switching the accessible object of the memory into the security core according to the BIOS check command through the security core;
The verification module is specifically configured to access the memory through the security kernel to perform security verification on the BIOS firmware in the memory.
In one possible implementation, the switching module is further configured to switch, by the secure kernel, an accessible object of the memory to the in-band processor in response to a BIOS check result that characterizes that the BIOS firmware in the memory passes a security check.
The embodiment of the present application further provides a corresponding server, as shown in fig. 7, where the server 700 includes: a detection device 701 and a memory 702;
The detection device 701 is used for the method for verifying the BIOS firmware according to any embodiment of the present application, and the memory 702 is used for storing the BIOS firmware.
The embodiment of the application also provides corresponding equipment and a computer storage medium, which are used for realizing the scheme provided by the embodiment of the application.
The device comprises a memory and a processor, wherein the memory is used for storing instructions or codes, and the processor is used for executing the instructions or codes so that the device can execute the safety verification method of the BIOS firmware according to any embodiment of the application.
The computer storage medium stores codes, and when the codes are executed, the equipment for executing the codes realizes the safety verification method of the BIOS firmware according to any embodiment of the application.
The "first" and "second" in the names of "first", "second" (where present) and the like in the embodiments of the present application are used for name identification only, and do not represent the first and second in sequence.
From the above description of embodiments, it will be apparent to those skilled in the art that all or part of the steps of the above described example methods may be implemented in software plus general hardware platforms. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a read-only memory (ROM)/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network communication device such as a router) to perform the method according to the embodiments or some parts of the embodiments of the present application.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The foregoing description of the exemplary embodiments of the application is merely illustrative of the application and is not intended to limit the scope of the application.
Claims (10)
1. A method for verifying the security of BIOS firmware, comprising:
The BMC receives a BIOS check command, wherein the BIOS check command is used for indicating to check BIOS firmware;
The BMC switches an accessible object of a memory from an in-band processor to the BMC, the memory is used for storing BIOS firmware, and the in-band processor is used for accessing the memory to realize BIOS business functions;
And the BMC performs security verification on BIOS firmware in the memory by accessing the memory.
2. The method of claim 1, wherein the BMC switching the accessible object of memory from the in-band processor to the BMC comprises:
And the BMC switches the accessible object of the memory into the BMC through controlling a general input/output pin of the memory.
3. The method of claim 1, wherein the BMC security verifies BIOS firmware in the memory by accessing the memory, comprising:
The BMC accesses the memory and utilizes a one-time programmable OTP memory area to carry out security check on the BIOS firmware.
4. The method of claim 3, wherein the BMC utilizing the OTP memory area to secure the BIOS firmware comprises:
The BMC reads a root public key in the OTP storage area;
the BMC verifies the secondary key certificate of the BIOS firmware by using the root public key;
And after the verification of the secondary key certificate is passed, the BMC acquires a public key from the secondary key certificate and utilizes the public key to carry out security verification on the BIOS firmware.
5. The method of claim 1, wherein before the BMC performs security verification on the BIOS firmware in the memory by accessing the memory, the method further comprises:
the BMC sends a first control instruction to the in-band processor, wherein the first control instruction is used for indicating the in-band processor to stop executing service functions needing to access the memory or the BIOS firmware;
the method further comprises the steps of:
And the BMC responds to the BIOS firmware passing verification and sends a second control instruction to the in-band processor, wherein the second control instruction is used for indicating the in-band processor to resume the service function which needs to access the memory or the BIOS firmware.
6. The method of claim 1, wherein the memory comprises a first memory and a second memory, the first memory and the second memory each storing the BIOS firmware, the BIOS check command being for indicating to perform a security check on the BIOS firmware in the first memory;
the BMC receives the BIOS check command and switches the accessible object of the memory to the BMC, and the BMC comprises:
The BMC switches the accessible object of the first memory to the BMC and switches the accessible object of the second memory to the in-band processor;
The BMC performs security verification on BIOS firmware in the memory by accessing the memory, and the method comprises the following steps:
and the BMC accesses the first memory to carry out security check on BIOS firmware in the first memory.
7. The method of claim 1, wherein the memory comprises a first memory and a second memory, the first memory and the second memory respectively store the BIOS firmware, and the BIOS check command is used to instruct to perform security check on the BIOS firmware in the first memory first and then perform security check on the BIOS firmware in the second memory;
the BMC receives the BIOS check command and switches the accessible object of the memory to the BMC, and the BMC comprises:
The BMC switches the accessible object of the first memory to the BMC and switches the accessible object of the second memory to the in-band processor;
After the BIOS firmware in the first memory passes the verification, switching the accessible object of the second memory into the BMC, and switching the accessible object of the first memory into the in-band processor;
The BMC performs security verification on BIOS firmware in the memory by accessing the memory, and the method comprises the following steps:
the BMC accesses the first memory to carry out security check on BIOS firmware in the first memory;
And after the BMC switches the accessible object of the second memory into the BMC, accessing the second memory to carry out security check on BIOS firmware in the second memory.
8. The method of claim 1, wherein the BMC comprises a security core and a traffic core; the BMC receives the BIOS check command and switches the accessible object of the memory to the BMC, and the BMC comprises:
the service core receives the BIOS check command and sends the BIOS check command to the security core;
the security core switches the accessible object of the memory into the security core according to the BIOS check command;
The BMC performs security verification on BIOS firmware in the memory by accessing the memory, and the method comprises the following steps:
the security kernel performs security verification on BIOS firmware in the memory by accessing the memory.
9. The method of claim 8, wherein the method further comprises:
The secure kernel switches an accessible object of the memory to the in-band processor in response to a BIOS check result characterizing that BIOS firmware in the memory passes the security check.
10. A server, characterized in that the server comprises a detection device for implementing a method for security verification of BIOS firmware according to any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410397044.6A CN118627076A (en) | 2024-04-02 | 2024-04-02 | BIOS firmware security verification method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410397044.6A CN118627076A (en) | 2024-04-02 | 2024-04-02 | BIOS firmware security verification method and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118627076A true CN118627076A (en) | 2024-09-10 |
Family
ID=92610968
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410397044.6A Pending CN118627076A (en) | 2024-04-02 | 2024-04-02 | BIOS firmware security verification method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118627076A (en) |
-
2024
- 2024-04-02 CN CN202410397044.6A patent/CN118627076A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11995182B2 (en) | Baseboard management controller to perform security action based on digital signature comparison in response to trigger | |
| US9652755B2 (en) | Method and system for securely updating field upgradeable units | |
| CN109446815B (en) | Management method and device for basic input/output system firmware and server | |
| US10754955B2 (en) | Authenticating a boot path update | |
| US10956575B2 (en) | Determine malware using firmware | |
| CN102063591B (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
| US11030347B2 (en) | Protect computing device using hash based on power event | |
| EP3522059A1 (en) | Perform security action based on inventory comparison | |
| CN111698283B (en) | Management and control method, device, equipment and storage medium of distributed cluster host | |
| CN113168474A (en) | Secure verification of firmware | |
| CN101578609A (en) | Secure booting a computing device | |
| US20100313011A1 (en) | Identity Data Management in a High Availability Network | |
| US11436324B2 (en) | Monitoring parameters of controllers for unauthorized modification | |
| CN114428963B (en) | Server starting method, device, equipment and storage medium | |
| CN111414612A (en) | Security protection method and device for operating system mirror image and electronic equipment | |
| CN112925653B (en) | Virtualization cluster expansion method, related equipment and computer readable storage medium | |
| CN111353150B (en) | Trusted boot method, trusted boot device, electronic equipment and readable storage medium | |
| CN115618366B (en) | Authentication method and device for server | |
| CN111506897B (en) | Data processing method and device | |
| CN113626792B (en) | PCIe Switch firmware secure execution method, device, terminal and storage medium | |
| CN118627076A (en) | BIOS firmware security verification method and server | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| CN111258805B (en) | Hard disk state monitoring method and device for server and computer device | |
| US20230129942A1 (en) | Method for locking a rewritable non-volatile memory and electronic device implementing said method | |
| US20240037216A1 (en) | Systems And Methods For Creating Trustworthy Orchestration Instructions Within A Containerized Computing Environment For Validation Within An Alternate Computing Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication |