TWI665604B - Computer system and method with credible verification and fault tolerant transfer of boot-up - Google Patents

Computer system and method with credible verification and fault tolerant transfer of boot-up Download PDF

Info

Publication number
TWI665604B
TWI665604B TW107106581A TW107106581A TWI665604B TW I665604 B TWI665604 B TW I665604B TW 107106581 A TW107106581 A TW 107106581A TW 107106581 A TW107106581 A TW 107106581A TW I665604 B TWI665604 B TW I665604B
Authority
TW
Taiwan
Prior art keywords
bmc
bios
firmware
programmable logic
storage device
Prior art date
Application number
TW107106581A
Other languages
Chinese (zh)
Other versions
TW201937366A (en
Inventor
陳志強
Original Assignee
其陽科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 其陽科技股份有限公司 filed Critical 其陽科技股份有限公司
Priority to TW107106581A priority Critical patent/TWI665604B/en
Priority to CN201810336500.0A priority patent/CN110197070B/en
Application granted granted Critical
Publication of TWI665604B publication Critical patent/TWI665604B/en
Publication of TW201937366A publication Critical patent/TW201937366A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1469Backup restoration techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)

Abstract

本發明揭露一種具開機之可信驗證與容錯移轉之計算機系統及方法。該方法包括:提供一包括基板管理控制器(BMC)、BMC韌體儲存裝置、BIOS韌體儲存裝置、BMC備份韌體儲存裝置、BIOS備份韌體儲存裝置與可程式邏輯閘裝置之計算機系統;當計算機系統進行開機時,由可程式邏輯閘裝置對BMC韌體資料與BIOS韌體資料執行可信驗證;以及當BMC韌體資料或BIOS韌體資料未通過可信驗證時,由可程式邏輯閘裝置將經驗證正確之BMC備份韌體資料或BIOS備份韌體資料對應覆蓋BMC韌體資料或BIOS韌體資料以達到容錯移轉。 The invention discloses a computer system and method with trusted authentication and fault-tolerant transfer for booting. The method includes: providing a computer system including a baseboard management controller (BMC), a BMC firmware storage device, a BIOS firmware storage device, a BMC backup firmware storage device, a BIOS backup firmware storage device, and a programmable logic gate device; When the computer system is powered on, the programmable logic gate device performs trusted authentication on the BMC firmware data and BIOS firmware data; and when the BMC firmware data or BIOS firmware data fails the trusted authentication, the programmable logic The gate device will overwrite the BMC firmware data or BIOS firmware data with the verified correct BMC backup firmware data or BIOS backup firmware data to achieve failover.

Description

具開機之可信驗證與容錯移轉之計算機系統及方法 Computer system and method with bootable credible verification and fault-tolerant transfer

本發明係關於一種計算機系統,特別是指一種具開機之可信驗證與容錯移轉之計算機系統及方法。 The present invention relates to a computer system, and more particularly to a computer system and method with trusted authentication and fault-tolerant transfer at boot.

在現有技術之伺服器、個人電腦(PC)、筆記型電腦(NB)、或其他手持裝置(如智慧型手機)等計算機系統中,僅伺服器之內部有TPM(Trusted Platform Module;可信平台模組)卡能單純地驗證作業系統(Operating System;OS)之儲存裝置是否可信而沒有被變更過,更遑論個人電腦(PC)、筆記型電腦(NB)、或其他手持裝置是無驗證裝置的。 In existing computer systems such as servers, personal computers (PC), notebook computers (NB), or other handheld devices (such as smart phones), only the server has a Trusted Platform Module (TPM) inside the server. (Module) card can simply verify whether the storage system of the Operating System (OS) is trusted and has not been changed, let alone personal computer (PC), notebook computer (NB), or other handheld devices without authentication Device.

以伺服器而言,伺服器之基板管理控制器(Baseboard Management Controller;BMC)與基本輸入輸出系統(Basic Input/Output System;BIOS)通常無可信驗證與容錯移轉機制,一旦伺服器開機至作業系統(OS)之前的韌體有被植入後門或被竄改過,TPM卡並無法偵測出來。 As for the server, the baseboard management controller (BMC) and basic input / output system (BIOS) of the server usually do not have a trusted authentication and fault-tolerant transfer mechanism. The firmware before the operating system (OS) was implanted in the back door or tampered with, and the TPM card could not detect it.

因此,現有技術實缺乏一種對計算機系統之開機程序 提供可信驗證與容錯移轉之保護機制。所以,如何解決上述現有技術之缺點,實已成為本領域技術人員之一大課題。 Therefore, the prior art lacks a boot process for computer systems. Provide protection mechanisms for trusted authentication and fault tolerance. Therefore, how to solve the above-mentioned shortcomings of the prior art has become a major issue for those skilled in the art.

本發明提供一種具開機之可信驗證與容錯移轉之計算機系統及方法,其能對計算機系統之開機程序提供可信驗證與容錯移轉之保護機制。 The present invention provides a computer system and method with trusted authentication and fault-tolerant transfer for booting, which can provide a trusted authentication and fault-tolerant protection mechanism for the boot process of a computer system.

本發明中具開機之可信驗證與容錯移轉之計算機系統包括:一基板管理控制器(BMC);一BMC韌體儲存裝置,其儲存有BMC韌體資料;一BIOS(基本輸入輸出系統)韌體儲存裝置,其儲存有BIOS韌體資料;一BMC備份韌體儲存裝置,其儲存有無法被修改及經驗證正確之BMC備份韌體資料;一BIOS備份韌體儲存裝置,其儲存有無法被修改及經驗證正確之BIOS備份韌體資料;以及一可程式邏輯閘裝置,其將基板管理控制器物理隔離BMC韌體儲存裝置、BIOS韌體儲存裝置、BMC備份韌體儲存裝置與BIOS備份韌體儲存裝置,其中,當計算機系統進行開機時,由可程式邏輯閘裝置對BMC韌體儲存裝置之BMC韌體資料與BIOS韌體儲存裝置之BIOS韌體資料執行可信驗證,並在BMC韌體資料或BIOS韌體資料未通過可信驗證時,由可程式邏輯閘裝置將無法被修改及經驗證正確之BMC備份韌體儲存裝置之BMC備份韌體資料或BIOS備份韌體儲存裝置之BIOS備份韌體資料對應覆蓋未通過可信驗證之BMC韌體資料或BIOS韌體資料以達到容錯移轉。 The computer system with trusted authentication and fault-tolerant booting in the present invention includes: a baseboard management controller (BMC); a BMC firmware storage device that stores BMC firmware data; and a BIOS (basic input-output system) A firmware storage device that stores BIOS firmware data; a BMC backup firmware storage device that stores BMC backup firmware data that cannot be modified and verified correctly; a BIOS backup firmware storage device that stores Modified and verified correct BIOS backup firmware data; and a programmable logic gate device that physically isolates the baseboard management controller from the BMC firmware storage device, BIOS firmware storage device, BMC backup firmware storage device, and BIOS backup A firmware storage device. When the computer system is powered on, the programmable logic device performs a trusted verification of the BMC firmware data of the BMC firmware storage device and the BIOS firmware data of the BIOS firmware storage device, and performs the BMC firmware data verification. When the firmware data or BIOS firmware data does not pass the trusted verification, the programmable logic gate device cannot be modified and the correct BMC backup of the firmware storage device is verified. The firmware data or the BIOS backup firmware data of the BIOS backup firmware storage device correspond to the BMC firmware data or the BIOS firmware data that has not passed the trusted authentication to achieve fault-tolerant migration.

本發明中具開機之可信驗證與容錯移轉之方法包括:提供一包括基板管理控制器(BMC)、BMC韌體儲存裝置、BIOS(基本輸入輸出系統)韌體儲存裝置、BMC備份韌體儲存裝置、BIOS備份韌體儲存裝置與可程式邏輯閘裝置之計算機系統,且可程式邏輯閘裝置將基板管理控制器物理隔離BMC韌體儲存裝置、BIOS韌體儲存裝置、BMC備份韌體儲存裝置與BIOS備份韌體儲存裝置;當計算機系統進行開機時,由可程式邏輯閘裝置對BMC韌體儲存裝置之BMC韌體資料與BIOS韌體儲存裝置之BIOS韌體資料執行可信驗證;以及當BMC韌體資料或BIOS韌體資料未通過可信驗證時,由可程式邏輯閘裝置將無法被修改及經驗證正確之BMC備份韌體儲存裝置之BMC備份韌體資料或BIOS備份韌體儲存裝置之BIOS備份韌體資料對應覆蓋未通過可信驗證之BMC韌體資料或BIOS韌體資料以達到容錯移轉。 The method for trusted authentication and fault-tolerant transfer with booting in the present invention includes: providing a baseboard management controller (BMC), a BMC firmware storage device, a BIOS (basic input output system) firmware storage device, and a BMC backup firmware Storage device, BIOS backup firmware storage device, and programmable logic gate device computer system, and the programmable logic gate device physically isolates the baseboard management controller from the BMC firmware storage device, the BIOS firmware storage device, and the BMC backup firmware storage device And BIOS backup firmware storage device; when the computer system is powered on, the programmable logic device performs trusted authentication on the BMC firmware data of the BMC firmware storage device and the BIOS firmware data of the BIOS firmware storage device; and when When the BMC firmware data or BIOS firmware data does not pass the trusted verification, the programmable logic gate device cannot be modified and verified correctly. BMC backup firmware data or BIOS backup firmware storage device The BIOS backup firmware data corresponds to the BMC firmware data or BIOS firmware data that has not passed the trusted authentication to achieve fault-tolerant migration.

為讓本發明之上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明。在以下描述內容中將部分闡述本發明之額外特徵及優點,且此等特徵及優點將部分自所述描述內容顯而易見,或可藉由對本發明之實踐習得。本發明之特徵及優點借助於在申請專利範圍中特別指出的元件及組合來認識到並達到。應理解,前文一般描述與以下詳細描述兩者均僅為例示性及解釋性的,且不欲約束本發明所主張之範圍。 In order to make the above features and advantages of the present invention more comprehensible, embodiments are described below in detail with reference to the accompanying drawings. Additional features and advantages of the present invention will be partially explained in the following description, and these features and advantages will be partially obvious from the description, or may be learned through practice of the present invention. The features and advantages of the invention are realized and achieved by means of elements and combinations specifically pointed out in the scope of the patent application. It should be understood that both the foregoing general description and the following detailed description are merely exemplary and explanatory and are not intended to limit the scope of the invention as claimed.

1‧‧‧計算機系統 1‧‧‧ computer system

10‧‧‧中央處理器模組 10‧‧‧ CPU module

20‧‧‧基板管理控制器 20‧‧‧ substrate management controller

30‧‧‧可程式邏輯閘裝置 30‧‧‧ Programmable logic gate device

31‧‧‧資料驗證演算法 31‧‧‧Data Verification Algorithm

40‧‧‧BMC韌體儲存裝置 40‧‧‧BMC firmware storage device

41‧‧‧BMC韌體資料 41‧‧‧BMC Firmware Information

50‧‧‧BIOS韌體儲存裝置 50‧‧‧BIOS firmware storage device

51‧‧‧BIOS韌體資料 51‧‧‧BIOS firmware information

60‧‧‧BMC備份韌體儲存裝置 60‧‧‧BMC backup firmware storage device

61‧‧‧BMC備份韌體資料 61‧‧‧BMC backup firmware data

70‧‧‧BIOS備份韌體儲存裝置 70‧‧‧BIOS backup firmware storage device

71‧‧‧BIOS備份韌體資料 71‧‧‧BIOS backup firmware data

B1‧‧‧電源鍵 B1‧‧‧Power button

B2‧‧‧重置鍵 B2‧‧‧ reset button

C1至C3‧‧‧控制匯流排 C1 to C3‧‧‧ Control bus

D1至D6‧‧‧資料匯流排 D1 to D6‧‧‧ Data Bus

S01至S17‧‧‧步驟 Steps S01 to S17

第1圖係繪示本發明中具開機之可信驗證與容錯移轉之計算機系統之方塊示意圖;以及第2圖係繪示本發明中具開機之可信驗證與容錯移轉之方法之示意流程圖。 Figure 1 is a block diagram of a computer system with trusted authentication and fault-tolerant transfer in the present invention; and Figure 2 is a schematic diagram of a method with trusted authentication and fault-tolerant transfer in the present invention. flow chart.

以下藉由特定的具體實施形態說明本發明之實施方式,熟悉此技術之人士可由本說明書所揭示之內容輕易地了解本發明之其他優點與功效,亦可藉由其他不同的具體實施形態加以施行或應用。 The following describes the embodiments of the present invention with specific specific implementation forms. Those skilled in the art can easily understand other advantages and effects of the present invention from the content disclosed in this description, and can also be implemented by other different specific implementation forms. Or apply.

第1圖係繪示本發明之具開機之可信驗證與容錯移轉之計算機系統1之方塊示意圖。如圖所示,計算機系統1包括一中央處理器模組10、一基板管理控制器(BMC)20、一可程式邏輯閘裝置30、一BMC韌體儲存裝置40、一BIOS(基本輸入輸出系統)韌體儲存裝置50、一BMC備份韌體儲存裝置60與一BIOS備份韌體儲存裝置70。 FIG. 1 is a schematic block diagram of a computer system 1 with trusted authentication and fault-tolerant booting according to the present invention. As shown in the figure, the computer system 1 includes a central processing unit module 10, a baseboard management controller (BMC) 20, a programmable logic gate device 30, a BMC firmware storage device 40, and a BIOS (basic input-output system). ) A firmware storage device 50, a BMC backup firmware storage device 60, and a BIOS backup firmware storage device 70.

計算機系統1可應用於伺服器、個人電腦、筆記型電腦、平板電腦或智慧型手機等。中央處理器模組10可包括中央處理器(CPU)與南橋晶片組(Platform Controller Hub;PCH)等。可程式邏輯閘裝置30可為場域可程式閘陣列(Field-Programmable Gate Array,FPGA)、複雜可程式邏輯閘元件(Complex Programmable Logic Device,CPLD)、可程式邏輯閘元件(Programmable Logic Device,PLD)、或通用陣列邏輯(Generic Array Logic,GAL)。但是,本發明並不以此為限。 The computer system 1 can be applied to a server, a personal computer, a notebook computer, a tablet computer, or a smartphone. The central processing unit module 10 may include a central processing unit (CPU), a south bridge chipset (Platform Controller Hub, PCH), and the like. The programmable logic gate device 30 may be a Field-Programmable Gate Array (FPGA), a Complex Programmable Logic Device (CPLD), or a Programmable Logic Device (PLD) ), Or Generic Array Logic (GAL). However, the present invention is not limited to this.

BMC韌體儲存裝置40儲存有BMC韌體資料41,BIOS韌體儲存裝置50儲存有BIOS韌體資料51,BMC備份韌體儲存裝置60儲存有無法被修改及經驗證正確之BMC備份韌體資料61,BIOS備份韌體儲存裝置70儲存有無法被修改及經驗證正確之BIOS備份韌體資料71。 The BMC firmware storage device 40 stores BMC firmware data 41, the BIOS firmware storage device 50 stores BIOS firmware data 51, and the BMC backup firmware storage device 60 stores BMC backup firmware data that cannot be modified and verified correctly 61. The BIOS backup firmware storage device 70 stores BIOS backup firmware data 71 that cannot be modified and verified to be correct.

可程式邏輯閘裝置30在計算機系統1中具有最高之主導權,並可將基板管理控制器20物理隔離BMC韌體儲存裝置40、BIOS韌體儲存裝置50、BMC備份韌體儲存裝置60與BIOS備份韌體儲存裝置70,使基板管理控制器20無法直接讀取或寫入BMC韌體儲存裝置40、BIOS韌體儲存裝置50、BMC備份韌體儲存裝置60或BIOS備份韌體儲存裝置70等之韌體資料,即BMC韌體資料41、BIOS韌體資料51、BMC備份韌體資料61或BIOS備份韌體資料71,以達到物理隔離保護該些韌體資料之效果。 The programmable logic gate device 30 has the highest dominance in the computer system 1, and can physically isolate the baseboard management controller 20 from the BMC firmware storage device 40, the BIOS firmware storage device 50, the BMC backup firmware storage device 60, and the BIOS. The backup firmware storage device 70 prevents the baseboard management controller 20 from directly reading or writing to the BMC firmware storage device 40, the BIOS firmware storage device 50, the BMC backup firmware storage device 60 or the BIOS backup firmware storage device 70, etc. The firmware data is BMC firmware data 41, BIOS firmware data 51, BMC backup firmware data 61 or BIOS backup firmware data 71, so as to achieve the effect of physically isolating and protecting the firmware data.

當計算機系統1進行開機時,由可程式邏輯閘裝置30對BMC韌體儲存裝置40之BMC韌體資料41與BIOS韌體儲存裝置50之BIOS韌體資料51執行可信驗證,並在BMC韌體資料41或BIOS韌體資料51未通過可信驗證時,由可程式邏輯閘裝置30將無法被修改及經驗證正確之BMC備份韌體儲存裝置60之BMC備份韌體資料61或BIOS備份韌體儲存裝置70之BIOS備份韌體資料71對應覆蓋未通過可信驗證之BMC韌體資料41或BIOS韌體資料51以達到容錯移轉。 When the computer system 1 is powered on, the programmable logic gate device 30 performs trusted authentication on the BMC firmware data 41 of the BMC firmware storage device 40 and the BIOS firmware data 51 of the BIOS firmware storage device 50, and performs the BMC firmware verification When the firmware data 41 or the BIOS firmware data 51 fail to pass the trusted verification, the programmable logic gate device 30 will not be able to modify and verify the correct BMC backup firmware storage device 60 of the BMC backup firmware data 61 or the BIOS backup firmware. The BIOS backup firmware data 71 of the mass storage device 70 corresponds to the BMC firmware data 41 or the BIOS firmware data 51 that fail to pass the trusted authentication to achieve fault-tolerant transfer.

詳言之,可程式邏輯閘裝置30具有一資料驗證演算法 31,以透過資料驗證演算法31對BMC韌體資料41或BIOS韌體資料51執行可信驗證,使可程式邏輯閘裝置30能安全讀取或寫入BMC韌體資料41或BIOS韌體資料51。 In detail, the programmable logic gate device 30 has a data verification algorithm 31. Use the data verification algorithm 31 to perform trusted verification on the BMC firmware data 41 or BIOS firmware data 51, so that the programmable logic gate device 30 can safely read or write the BMC firmware data 41 or BIOS firmware data 51.

可程式邏輯閘裝置30接上電源時會主動讀取BMC韌體儲存裝置40之BMC韌體資料41,並在BMC韌體資料41通過資料驗證演算法31之可信驗證時,由可程式邏輯閘裝置30控制基板管理控制器20開始運行,使基板管理控制器20藉由可程式邏輯閘裝置30讀取BMC韌體資料41。 When the programmable logic gate device 30 is connected to the power source, it will actively read the BMC firmware data 41 of the BMC firmware storage device 40, and when the BMC firmware data 41 passes the trusted verification of the data verification algorithm 31, the programmable logic The gate device 30 controls the baseboard management controller 20 to start running, so that the baseboard management controller 20 reads the BMC firmware data 41 through the programmable logic gate device 30.

中央處理器模組10係連接基板管理控制器20,且可程式邏輯閘裝置30可將中央處理器模組10與基板管理控制器20物理隔離BMC韌體儲存裝置40、BIOS韌體儲存裝置50、BMC備份韌體儲存裝置60與BIOS備份韌體儲存裝置70,使中央處理器模組10與基板管理控制器20皆無法直接讀取或寫入BMC韌體儲存裝置40、BIOS韌體儲存裝置50、BMC備份韌體儲存裝置60或BIOS備份韌體儲存裝置70等之韌體資料,以達到物理隔離保護該些韌體資料之效果。 The CPU module 10 is connected to the baseboard management controller 20, and the programmable logic gate device 30 can physically isolate the CPU module 10 and the baseboard management controller 20 from the BMC firmware storage device 40 and the BIOS firmware storage device 50 , BMC backup firmware storage device 60 and BIOS backup firmware storage device 70, so that neither the central processing unit module 10 nor the board management controller 20 can directly read or write to the BMC firmware storage device 40 or the BIOS firmware storage device 50. The BMC backs up the firmware storage device 60 or the BIOS backs up the firmware data of the firmware storage device 70 to achieve the effect of physically isolating and protecting the firmware data.

計算機系統1可包括連接可程式邏輯閘裝置30之電源鍵B1,且可程式邏輯閘裝置30會隨時監控電源鍵B1之訊號。當計算機系統1處於關機狀態時,可程式邏輯閘裝置30接收到電源鍵B1之訊號後才會讀取BIOS韌體儲存裝置50之BIOS韌體資料51,並由可程式邏輯閘裝置30之資料驗證演算法31對BIOS韌體資料51執行可信驗證。 可程式邏輯閘裝置30將BIOS韌體資料51之可信驗證之結果傳送至基板管理控制器20,並在BIOS韌體資料51之可信驗證之結果為通過或可信時,由基板管理控制器20控制中央處理器模組10開始運行,使中央處理器模組10依序透過基板管理控制器20與可程式邏輯閘裝置30讀取BIOS韌體儲存裝置50之BIOS韌體資料51以進行開機。 The computer system 1 may include a power key B1 connected to the programmable logic gate device 30, and the programmable logic gate device 30 will monitor the signal of the power key B1 at any time. When the computer system 1 is in the off state, the programmable logic gate device 30 reads the BIOS firmware data 51 of the BIOS firmware storage device 50 after receiving the signal of the power key B1, and the data of the programmable logic gate device 30 The verification algorithm 31 performs trusted verification on the BIOS firmware data 51. The programmable logic gate device 30 transmits the result of the trusted verification of the BIOS firmware data 51 to the substrate management controller 20, and is controlled by the substrate management when the result of the trusted verification of the BIOS firmware data 51 is passed or trusted. The processor 20 controls the CPU module 10 to start running, so that the CPU module 10 sequentially reads the BIOS firmware data 51 of the BIOS firmware storage device 50 through the substrate management controller 20 and the programmable logic gate device 30 to perform Power on.

計算機系統1可包括連接可程式邏輯閘裝置30之重置鍵B2,且可程式邏輯閘裝置30會隨時監控重置鍵B2之訊號。當計算機系統1處於開機狀態時,可程式邏輯閘裝置30接收到重置鍵B2之訊號後將其傳送至基板管理控制器20,並由基板管理控制器20將重置鍵B2之訊號傳送至中央處理器模組10,而中央處理器模組10在完成重置或關機後會送出通知訊號予基板管理控制器20,以供基板管理控制器20控制中央處理器模組10,使中央處理器模組10處於重置狀態而無法運作。 The computer system 1 may include a reset key B2 connected to the programmable logic gate device 30, and the programmable logic gate device 30 will monitor the signal of the reset key B2 at any time. When the computer system 1 is turned on, the programmable logic gate device 30 receives the signal of the reset button B2 and transmits it to the substrate management controller 20, and the substrate management controller 20 transmits the signal of the reset button B2 to The central processing unit module 10, and the central processing unit module 10 sends a notification signal to the baseboard management controller 20 after the reset or shutdown is completed, so that the baseboard management controller 20 controls the central processing unit 10 to make the central processing The processor module 10 is in a reset state and cannot operate.

計算機系統1可包括一控制匯流排C1,其分別連接中央處理器模組10與基板管理控制器20,以供基板管理控制器20透過控制匯流排C1控制中央處理器模組10。 The computer system 1 may include a control bus C1, which is connected to the central processing unit module 10 and the baseboard management controller 20, respectively, so that the baseboard management controller 20 controls the central processing unit module 10 through the control bus C1.

計算機系統1可包括連接基板管理控制器20與可程式邏輯閘裝置30之控制匯流排C2及控制匯流排C3,以使可程式邏輯閘裝置30透過控制匯流排C3控制基板管理控制器20,或使基板管理控制器20經由控制匯流排C2傳送重置通知信號予可程式邏輯閘裝置30。 The computer system 1 may include a control bus C2 and a control bus C3 connecting the baseboard management controller 20 and the programmable logic gate device 30, so that the programmable logic gate device 30 controls the baseboard management controller 20 through the control bus C3, or The baseboard management controller 20 is caused to send a reset notification signal to the programmable logic gate device 30 via the control bus C2.

計算機系統1可包括資料匯流排D1及資料匯流排 D2,資料匯流排D1分別連接中央處理器模組10與基板管理控制器20,而資料匯流排D2分別連接基板管理控制器20與可程式邏輯閘裝置30,以進行資料之傳送。 The computer system 1 may include a data bus D1 and a data bus D2, the data bus D1 is connected to the CPU module 10 and the baseboard management controller 20, and the data bus D2 is connected to the baseboard management controller 20 and the programmable logic gate device 30, respectively, for data transmission.

計算機系統1可包括四資料匯流排,即資料匯流排D3、資料匯流排D4、資料匯流排D5及資料匯流排D6,其分別連接可程式邏輯閘裝置30與BMC韌體儲存裝置40、可程式邏輯閘裝置30與BIOS韌體儲存裝置50、可程式邏輯閘裝置30與BMC備份韌體儲存裝置60以及可程式邏輯閘裝置30與BIOS備份韌體儲存裝置70,以供可程式邏輯閘裝置30透過資料匯流排D3、資料匯流排D4、資料匯流排D5及資料匯流排D6分別讀取或寫入BMC韌體資料41、BIOS韌體資料51、BMC備份韌體資料61與BIOS備份韌體資料71。 The computer system 1 may include four data buses, namely data bus D3, data bus D4, data bus D5, and data bus D6, which are respectively connected to the programmable logic gate device 30 and the BMC firmware storage device 40, and the programmable Logic gate device 30 and BIOS firmware storage device 50, programmable logic gate device 30 and BMC backup firmware storage device 60, and programmable logic gate device 30 and BIOS backup firmware storage device 70 for programmable logic gate device 30 Read or write BMC firmware data 41, BIOS firmware data 51, BMC backup firmware data 61 and BIOS backup firmware data through data bus D3, data bus D4, data bus D5, and data bus D6 respectively 71.

第2圖係繪示本發明之具開機之可信驗證與容錯移轉之方法之示意流程圖,並參閱第1圖加以說明。 FIG. 2 is a schematic flow chart showing the method for booting the trusted verification and fault-tolerant transfer of the present invention, and is described with reference to FIG. 1.

本發明之具開機之可信驗證與容錯移轉之方法係提供一包括基板管理控制器(BMC)20、BMC韌體儲存裝置40、BIOS(基本輸入輸出系統)韌體儲存裝置50、BMC備份韌體儲存裝置60、BIOS備份韌體儲存裝置70與可程式邏輯閘裝置30之計算機系統1,且可程式邏輯閘裝置30將基板管理控制器20物理隔離BMC韌體儲存裝置40、BIOS韌體儲存裝置50、BMC備份韌體儲存裝置60與BIOS備份韌體儲存裝置70。當計算機系統1進行開機時,由可程式邏輯閘裝置30對BMC韌體儲存裝置40之BMC韌體資 料41與BIOS韌體儲存裝置50之BIOS韌體資料51執行可信驗證。而且,當BMC韌體資料41或BIOS韌體資料51未通過可信驗證時,由可程式邏輯閘裝置30將無法被修改及經驗證正確之BMC備份韌體儲存裝置60之BMC備份韌體資料61或BIOS備份韌體儲存裝置70之BIOS備份韌體資料71對應覆蓋未通過可信驗證之BMC韌體資料41或BIOS韌體資料51以達到容錯移轉。 The method for trusted authentication and fault-tolerant transfer with booting of the present invention is to provide a baseboard management controller (BMC) 20, a BMC firmware storage device 40, a BIOS (basic input output system) firmware storage device 50, and a BMC backup. The firmware storage device 60, the BIOS backup firmware storage device 70 and the programmable logic gate device 30 of the computer system 1, and the programmable logic gate device 30 physically isolates the baseboard management controller 20 from the BMC firmware storage device 40 and the BIOS firmware The storage device 50, the BMC backup firmware storage device 60, and the BIOS backup firmware storage device 70. When the computer system 1 is powered on, the programmable logic gate device 30 registers the BMC firmware information of the BMC firmware storage device 40 The data 41 and the BIOS firmware data 51 of the BIOS firmware storage device 50 perform trusted authentication. Moreover, when the BMC firmware data 41 or BIOS firmware data 51 fails to pass the trusted verification, the programmable logic gate device 30 will not be able to modify and verify the BMC backup firmware data of the correct BMC backup firmware storage device 60 61 or the BIOS backup firmware data 71 of the BIOS backup firmware storage device 70 correspondingly overwrites the BMC firmware data 41 or BIOS firmware data 51 that have not passed the trusted authentication to achieve fault-tolerant transfer.

詳言之,在第2圖之步驟S01中,在計算機系統1接上電源並啟動計算機系統1之電源鍵B1之情況下,基板管理控制器20與可程式邏輯閘裝置30均有電且開始運作。 In detail, in step S01 of FIG. 2, when the computer system 1 is connected to the power source and the power key B1 of the computer system 1 is started, the substrate management controller 20 and the programmable logic gate device 30 are both powered and started. Operation.

在第2圖之步驟S02中,由可程式邏輯閘裝置30控制計算機系統1之控制匯流排C3,以使基板管理控制器20處於重置狀態而無法運行。接著,由可程式邏輯閘裝置30經由計算機系統1之資料匯流排D3讀取BMC韌體儲存裝置40之BMC韌體資料41,並透過可程式邏輯閘裝置30之資料驗證演算法31對BMC韌體資料41執行可信驗證。 In step S02 of FIG. 2, the programmable logic gate device 30 controls the control bus C3 of the computer system 1 so that the substrate management controller 20 is in a reset state and cannot be operated. Then, the programmable logic gate device 30 reads the BMC firmware data 41 of the BMC firmware storage device 40 through the data bus D3 of the computer system 1, and verifies the BMC firmware through the data verification algorithm 31 of the programmable logic gate device 30. The profile 41 performs trusted authentication.

在第2圖之步驟S03中,由可程式邏輯閘裝置30之資料驗證演算法31判斷BMC韌體資料41是否通過可信驗證。若否,則進入步驟S04;若是,則進入步驟S05。 In step S03 of FIG. 2, the data verification algorithm 31 of the programmable logic gate device 30 determines whether the BMC firmware data 41 has passed the trusted verification. If not, go to step S04; if yes, go to step S05.

在第2圖之步驟S04中,若BMC韌體資料41未通過資料驗證演算法31之可信驗證,則可程式邏輯閘裝置30控制計算機系統1之資料匯流排D5以讀取BMC備份韌體儲存裝置60中無法被修改及經驗證正確之BMC備份韌體 資料61,並將無法被修改及經驗證正確之BMC備份韌體資料61經由資料匯流排D3寫入覆蓋BMC韌體儲存裝置40中未通過可信驗證之BMC韌體資料41。 In step S04 of FIG. 2, if the BMC firmware data 41 fails the credible verification of the data verification algorithm 31, the programmable logic gate device 30 can control the data bus D5 of the computer system 1 to read the BMC backup firmware. BMC backup firmware in storage device 60 that cannot be modified and verified to be correct The data 61 and the BMC backup firmware data 61 that cannot be modified and verified correctly are written via the data bus D3 to cover the BMC firmware data 41 in the BMC firmware storage device 40 that has not passed the trusted verification.

在第2圖之步驟S05中,若BMC韌體資料41通過資料驗證演算法31之可信驗證,則可程式邏輯閘裝置30控制計算機系統1之控制匯流排C3以釋放基板管理控制器20而開始運行,使基板管理控制器20依序透過計算機系統1之資料匯流排D2與可程式邏輯閘裝置30讀取BIOS韌體儲存裝置50之BIOS韌體資料51以執行運作。 In step S05 of FIG. 2, if the BMC firmware data 41 passes the credible verification of the data verification algorithm 31, the programmable logic gate device 30 controls the control bus C3 of the computer system 1 to release the substrate management controller 20 and The operation starts, so that the baseboard management controller 20 reads the BIOS firmware data 51 of the BIOS firmware storage device 50 through the data bus D2 of the computer system 1 and the programmable logic gate device 30 in order to execute the operation.

在第2圖之步驟S06中,判斷計算機系統1是否處於關機狀態。若否,則進入步驟S15;若是,則進入步驟S07。 In step S06 in FIG. 2, it is determined whether the computer system 1 is in a shutdown state. If not, go to step S15; if yes, go to step S07.

在第2圖之步驟S07中,若計算機系統1處於關機狀態,則基板管理控制器20控制計算機系統1之控制匯流排C1,以使計算機系統1之中央處理器模組10處於重置狀態而無法運作。 In step S07 of FIG. 2, if the computer system 1 is in a shutdown state, the baseboard management controller 20 controls the control bus C1 of the computer system 1 so that the central processing unit module 10 of the computer system 1 is in a reset state. Does not work.

在第2圖之步驟S08中,由可程式邏輯閘裝置30持續監控計算機系統1之電源鍵B1是否被啟動而送出開機訊號。若否,則進入步驟S09;若是,則進入步驟S11。 In step S08 of FIG. 2, the programmable logic gate device 30 continuously monitors whether the power button B1 of the computer system 1 is activated and sends a start signal. If no, go to step S09; if yes, go to step S11.

在第2圖之步驟S09中,由可程式邏輯閘裝置30持續監控基板管理控制器20是否發生內部或非預期之外力重置。若否,則返回步驟S08;若是,則進入步驟S10。 In step S09 in FIG. 2, the programmable logic gate device 30 continuously monitors whether the substrate management controller 20 is reset internally or unexpectedly. If not, go back to step S08; if yes, go to step S10.

在第2圖之步驟S10中,由基板管理控制器20透過控制匯流排C2傳送重置通知信號予可程式邏輯閘裝置30,並返回步驟S02。 In step S10 of FIG. 2, the baseboard management controller 20 transmits a reset notification signal to the programmable logic gate device 30 through the control bus C2 and returns to step S02.

在第2圖之步驟S11中,若可程式邏輯閘裝置30收到電源鍵B1被啟動而送出之開機訊號,則可程式邏輯閘裝置30透過資料匯流排D4讀取BIOS韌體儲存裝置50之BIOS韌體資料51,並由可程式邏輯閘裝置30之資料驗證演算法31對BIOS韌體資料51執行可信驗證。 In step S11 of FIG. 2, if the programmable logic gate device 30 receives the boot signal sent by the power key B1 being activated, the programmable logic gate device 30 reads the BIOS firmware storage device 50 through the data bus D4. The BIOS firmware data 51 is verified by the data verification algorithm 31 of the programmable logic gate device 30 on the BIOS firmware data 51.

在第2圖之步驟S12中,由可程式邏輯閘裝置30之資料驗證演算法31判斷BIOS韌體資料51是否通過可信驗證。若否,則進入步驟S13;若是,則進入步驟S14。 In step S12 of FIG. 2, the data verification algorithm 31 of the programmable logic gate device 30 determines whether the BIOS firmware data 51 has passed the trusted verification. If no, go to step S13; if yes, go to step S14.

在第2圖之步驟S13中,若BIOS韌體資料51未通過可信驗證,則可程式邏輯閘裝置30控制計算機系統1之資料匯流排D6以讀取BIOS備份韌體儲存裝置70中無法被修改及經驗證正確之BIOS備份韌體資料71,並將無法被修改及經驗證正確之BIOS備份韌體資料71經由計算機系統1之資料匯流排D4寫入覆蓋BIOS韌體儲存裝置50中未通過可信驗證之BIOS韌體資料51。 In step S13 of FIG. 2, if the BIOS firmware data 51 fails the trusted authentication, the programmable logic device 30 controls the data bus D6 of the computer system 1 to read the BIOS backup firmware storage device 70 and cannot be read. Modify and verify the correct BIOS backup firmware data 71, and write the BIOS backup firmware data 71 that cannot be modified and verified correctly to write over the BIOS firmware storage device 50 via the data bus D4 of computer system 1 Trusted and verified BIOS firmware data 51.

在第2圖之步驟S14中,若BIOS韌體資料51通過可信驗證,則可程式邏輯閘裝置30控制計算機系統1之控制匯流排C3以通知基板管理控制器20有關BIOS韌體資料51已通過可信驗證,使基板管理控制器20控制計算機系統之控制匯流排C1以釋放計算機系統1之中央處理器模組10而開始運作。中央處理器模組10開始運作後會控制資料匯流排D1,並依序透過基板管理控制器20、資料匯流排D2、可程式邏輯閘裝置30、資料匯流排D4去讀取BIOS韌體儲存裝置50之BIOS韌體資料51以執行計算機 系統1之開機,此時計算機系統1已安全開機。 In step S14 of FIG. 2, if the BIOS firmware data 51 passes the trusted authentication, the programmable logic device 30 controls the control bus C3 of the computer system 1 to notify the baseboard management controller 20 that the BIOS firmware data 51 has been obtained. Through the credible verification, the baseboard management controller 20 controls the control bus C1 of the computer system to release the CPU module 10 of the computer system 1 and start operation. After the CPU module 10 starts to operate, it will control the data bus D1, and sequentially read the BIOS firmware storage device through the baseboard management controller 20, the data bus D2, the programmable logic gate device 30, and the data bus D4. 50 BIOS firmware data 51 to run the computer System 1 is turned on. At this time, computer system 1 is safely turned on.

在第2圖之步驟S15中,由可程式邏輯閘裝置30持續監控電源鍵B1或重置鍵B2是否被啟動而送出相應之關機訊號或重置訊號。若否,則進入步驟S16;若是,則進入步驟S17。 In step S15 of FIG. 2, the programmable logic gate device 30 continuously monitors whether the power button B1 or the reset button B2 is activated and sends a corresponding shutdown signal or reset signal. If not, go to step S16; if yes, go to step S17.

在第2圖之步驟S16中,由可程式邏輯閘裝置30持續監控基板管理控制器20是否發生內部或非預期之外力重置。若否,則返回步驟S15;若是,則進入步驟S10。 In step S16 of FIG. 2, the programmable logic gate device 30 continuously monitors whether the substrate management controller 20 is reset internally or unexpectedly. If not, go back to step S15; if yes, go to step S10.

在第2圖之步驟S17中,若可程式邏輯閘裝置30收到電源鍵B1之關機訊號或重置鍵B2之重置訊號,則可程式邏輯閘裝置30會控制該控制匯流排C3通知基板管理控制器20,使基板管理控制器20透過控制匯流排C1傳送關機訊號或重置訊號至中央處理器模組10,而中央處理器模組10會依據關機訊號或重置訊號執行相應之關機或重置動作,並經由資料匯流排D1送出重置訊號予基板管理控制器20,此時返回步驟S07。 In step S17 of FIG. 2, if the programmable logic gate device 30 receives the shutdown signal of the power key B1 or the reset signal of the reset key B2, the programmable logic gate device 30 will control the control bus C3 to notify the substrate. The management controller 20 enables the baseboard management controller 20 to transmit a shutdown signal or a reset signal to the CPU module 10 through the control bus C1, and the CPU module 10 performs a corresponding shutdown according to the shutdown signal or the reset signal Or a reset operation, and sends a reset signal to the baseboard management controller 20 via the data bus D1, and then returns to step S07.

由上可知,本發明之具開機之可信驗證與容錯移轉之計算機系統及方法中,當計算機系統進行開機時,經由可程式邏輯閘裝置對BMC韌體資料與BIOS韌體資料執行可信驗證,並在BMC韌體資料或BIOS韌體資料未通過可信驗證時,將無法被修改及經驗證正確之BMC備份韌體資料或BIOS備份韌體資料寫入覆蓋未通過可信驗證之BMC韌體資料或BIOS韌體資料,藉以達到容錯移轉,據此提供對計算機系統之開機程序具有可信驗證與容錯移轉之保 護機制。 As can be seen from the above, in the computer system and method with trusted authentication and fault-tolerant booting of the present invention, when the computer system is booted, the BMC firmware data and BIOS firmware data are trusted through the programmable logic gate device. Verification, and when the BMC firmware data or BIOS firmware data does not pass the trusted verification, the BMC backup firmware data or BIOS backup firmware data that cannot be modified and verified correctly is written to overwrite the BMC that failed the trusted verification Firmware data or BIOS firmware data to achieve fault-tolerant transfer, which provides a guarantee of trusted verification and fault-tolerant transfer of the computer system's boot process. Protection mechanism.

同時,本發明之可程式邏輯閘裝置可將基板管理控制器(或中央處理器模組)物理隔離BMC韌體儲存裝置、BIOS韌體儲存裝置、BMC備份韌體儲存裝置與BIOS備份韌體儲存裝置,使基板管理控制器(或中央處理器模組)無法直接讀取或寫入BMC韌體儲存裝置、BIOS韌體儲存裝置、BMC備份韌體儲存裝置或BIOS備份韌體儲存裝置等之韌體資料,以達到物理隔離保護該些韌體資料之效果。 At the same time, the programmable logic gate device of the present invention can physically isolate the BMC firmware storage device, BIOS firmware storage device, BMC backup firmware storage device and BIOS backup firmware storage from the baseboard management controller (or central processing unit). Device, so that the baseboard management controller (or CPU module) cannot directly read or write the firmware of the BMC firmware storage device, BIOS firmware storage device, BMC backup firmware storage device, or BIOS backup firmware storage device. Physical data to achieve physical isolation and protection of the firmware data.

再者,本發明之基板管理控制器(BMC)需透過可程式邏輯閘裝置才能讀取其開機之BMC韌體資料以達成第一層之分層保護,而中央處理器模組需透過基板管理控制器與可程式邏輯閘裝置才能讀取其開機之BIOS韌體資料以達成第二層之分層保護,藉此提供雙層之保護機制。 In addition, the baseboard management controller (BMC) of the present invention needs to read the BMC firmware data of the booting device through a programmable logic gate device to achieve the first-level hierarchical protection, and the central processing unit module needs to be managed through the baseboard. The controller and the programmable logic gate device can read the BIOS firmware data of its boot to achieve the second layer of protection, thereby providing a two-layer protection mechanism.

上述實施形態僅例示性說明本發明之原理、特點及其功效,並非用以限制本發明之可實施範疇,任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。任何運用本發明所揭示內容而完成之等效改變及修飾,均仍應為申請專利範圍所涵蓋。因此,本發明之權利保護範圍,應如申請專利範圍所列。 The above-mentioned embodiments merely exemplify the principles, features, and effects of the present invention, and are not intended to limit the implementable scope of the present invention. Anyone who is familiar with this technology can perform the above operations without departing from the spirit and scope of the present invention. Modifications and changes to the implementation form. Any equivalent changes and modifications made by using the disclosure of the present invention should still be covered by the scope of patent application. Therefore, the scope of protection of the rights of the present invention should be as listed in the scope of patent application.

Claims (20)

一種具開機之可信驗證與容錯移轉之計算機系統,包括:一基板管理控制器(BMC);一BMC韌體儲存裝置,係儲存有BMC韌體資料;一BIOS(基本輸入輸出系統)韌體儲存裝置,係儲存有BIOS韌體資料;一BMC備份韌體儲存裝置,係儲存有無法被修改及經驗證正確之BMC備份韌體資料;一BIOS備份韌體儲存裝置,係儲存有無法被修改及經驗證正確之BIOS備份韌體資料;以及一可程式邏輯閘裝置,係將該基板管理控制器物理隔離該BMC韌體儲存裝置、BIOS韌體儲存裝置、BMC備份韌體儲存裝置與BIOS備份韌體儲存裝置,其中,當該計算機系統進行開機時,由該可程式邏輯閘裝置對該BMC韌體儲存裝置之BMC韌體資料與該BIOS韌體儲存裝置之BIOS韌體資料執行可信驗證,並在該BMC韌體資料或該BIOS韌體資料未通過該可信驗證時,由該可程式邏輯閘裝置將無法被修改及經驗證正確之該BMC備份韌體儲存裝置之BMC備份韌體資料或該BIOS備份韌體儲存裝置之BIOS備份韌體資料對應覆蓋未通過該可信驗證之該BMC韌體資料或該BIOS韌體資料。A computer system with trusted authentication and fault-tolerant booting includes: a baseboard management controller (BMC); a BMC firmware storage device storing BMC firmware data; a BIOS (basic input-output system) firmware Mass storage device, which stores BIOS firmware data; a BMC backup firmware storage device, which stores BMC backup firmware data that cannot be modified and verified correctly; a BIOS backup firmware storage device, which cannot be modified Modify and verify correct BIOS backup firmware data; and a programmable logic gate device that physically isolates the baseboard management controller from the BMC firmware storage device, BIOS firmware storage device, BMC backup firmware storage device and BIOS Backing up the firmware storage device. When the computer system is powered on, the programmable logic gate device performs credible execution of the BMC firmware data of the BMC firmware storage device and the BIOS firmware data of the BIOS firmware storage device. Verification, and when the BMC firmware data or the BIOS firmware data does not pass the trusted verification, the programmable logic gate device cannot be modified and the BMC backup verified correctly The BMC backup firmware data of the firmware storage device or the BIOS backup firmware data of the BIOS backup firmware storage device correspondingly overwrites the BMC firmware data or the BIOS firmware data that failed the trusted authentication. 如申請專利範圍第1項所述之計算機系統,其中,該計算機系統係應用於伺服器、個人電腦、筆記型電腦、平板電腦或智慧型手機,該可程式邏輯閘裝置為場域可程式閘陣列(FPGA)、複雜可程式邏輯閘元件(CPLD)、可程式邏輯閘元件(PLD)、或通用陣列邏輯(GAL)。The computer system according to item 1 of the scope of patent application, wherein the computer system is applied to a server, a personal computer, a notebook computer, a tablet computer, or a smart phone, and the programmable logic gate device is a field programmable gate. Array (FPGA), complex programmable logic gate (CPLD), programmable logic gate (PLD), or general-purpose array logic (GAL). 如申請專利範圍第1項所述之計算機系統,其中,該可程式邏輯閘裝置透過資料驗證演算法對該BMC韌體資料或該BIOS韌體資料執行該可信驗證,使該可程式邏輯閘裝置安全讀取或寫入該BMC韌體資料或該BIOS韌體資料。The computer system according to item 1 of the scope of patent application, wherein the programmable logic gate device performs the trusted verification on the BMC firmware data or the BIOS firmware data through a data verification algorithm, so that the programmable logic gate The device securely reads or writes the BMC firmware data or the BIOS firmware data. 如申請專利範圍第3項所述之計算機系統,其中,該可程式邏輯閘裝置接上電源時主動讀取該BMC韌體儲存裝置之BMC韌體資料,並在該BMC韌體資料通過該資料驗證演算法之該可信驗證時,由該可程式邏輯閘裝置控制該基板管理控制器開始運行,使該基板管理控制器讀取該BMC韌體資料。The computer system according to item 3 of the scope of patent application, wherein the programmable logic gate device actively reads BMC firmware data of the BMC firmware storage device when the power is connected, and passes the data through the BMC firmware data During the credible verification of the verification algorithm, the programmable logic gate device controls the substrate management controller to start running, so that the substrate management controller reads the BMC firmware data. 如申請專利範圍第1項所述之計算機系統,更包括一連接該基板管理控制器之中央處理器模組,且該可程式邏輯閘裝置將該中央處理器模組與該基板管理控制器物理隔離該BMC韌體儲存裝置、BIOS韌體儲存裝置、BMC備份韌體儲存裝置與BIOS備份韌體儲存裝置。The computer system described in item 1 of the patent application scope further includes a central processing unit module connected to the baseboard management controller, and the programmable logic gate device physically connects the central processing unit module and the baseboard management controller. Isolate the BMC firmware storage device, BIOS firmware storage device, BMC backup firmware storage device and BIOS backup firmware storage device. 如申請專利範圍第5項所述之計算機系統,更包括一連接該可程式邏輯閘裝置之電源鍵,該可程式邏輯閘裝置隨時監控該電源鍵之訊號,當該計算機系統處於關機狀態時,該可程式邏輯閘裝置接收到該電源鍵之訊號後才讀取該BIOS韌體儲存裝置之BIOS韌體資料,並由該可程式邏輯閘裝置之資料驗證演算法對該BIOS韌體資料執行該可信驗證。For example, the computer system described in the scope of patent application No. 5 further includes a power key connected to the programmable logic gate device. The programmable logic gate device monitors the signal of the power key at any time. When the computer system is turned off, The programmable logic gate device reads the BIOS firmware data of the BIOS firmware storage device after receiving the signal of the power key, and the data verification algorithm of the programmable logic gate device executes the BIOS firmware data. Trusted verification. 如申請專利範圍第6項所述之計算機系統,其中,該可程式邏輯閘裝置將該BIOS韌體資料之可信驗證之結果傳送至該基板管理控制器,並在該BIOS韌體資料之可信驗證之結果為通過或可信時,由該基板管理控制器控制該中央處理器模組開始運行,使該中央處理器模組依序透過該基板管理控制器與該可程式邏輯閘裝置讀取該BIOS韌體儲存裝置之BIOS韌體資料以進行開機。The computer system according to item 6 of the patent application scope, wherein the programmable logic device transmits the result of the trusted verification of the BIOS firmware data to the baseboard management controller, and When the result of the letter verification is passed or credible, the baseboard management controller controls the central processing unit module to start running, so that the central processing unit module sequentially reads through the baseboard management controller and the programmable logic gate device. Get the BIOS firmware data of the BIOS firmware storage device to boot. 如申請專利範圍第5項所述之計算機系統,更包括一連接該可程式邏輯閘裝置之重置鍵,該可程式邏輯閘裝置隨時監控該重置鍵之訊號,當該計算機系統處於開機狀態時,該可程式邏輯閘裝置接收到該重置鍵之訊號後將其傳送至該基板管理控制器,並由該基板管理控制器將該重置鍵之訊號傳送至該中央處理器模組,而該中央處理器模組在完成重置或關機後送出通知訊號予該基板管理控制器,以供該基板管理控制器控制該中央處理器模組,使該中央處理器模組處於重置狀態而無法運作。The computer system described in item 5 of the scope of patent application, further includes a reset key connected to the programmable logic gate device, and the programmable logic gate device monitors the signal of the reset key at any time, when the computer system is in a booting state When the programmable logic gate device receives the signal of the reset button and transmits it to the baseboard management controller, and the baseboard management controller transmits the signal of the reset button to the CPU module, The CPU module sends a notification signal to the baseboard management controller after resetting or shutting down, for the baseboard management controller to control the CPU module, so that the CPU module is in a reset state. It doesn't work. 如申請專利範圍第1項所述之計算機系統,更包括至少一控制匯流排,係連接該基板管理控制器與該可程式邏輯閘裝置,以供該可程式邏輯閘裝置透過該控制匯流排控制該基板管理控制器。The computer system described in item 1 of the patent application scope further includes at least one control bus, which is connected to the baseboard management controller and the programmable logic gate device for the programmable logic gate device to control through the control bus The substrate management controller. 如申請專利範圍第1項所述之計算機系統,更包括四資料匯流排,係分別連接該可程式邏輯閘裝置與該BMC韌體儲存裝置、該可程式邏輯閘裝置與該BIOS韌體儲存裝置、該可程式邏輯閘裝置與該BMC備份韌體儲存裝置以及該可程式邏輯閘裝置與該BIOS備份韌體儲存裝置,以供該可程式邏輯閘裝置透過該四資料匯流排分別讀取或寫入該BMC韌體資料、BIOS韌體資料、BMC備份韌體資料與BIOS備份韌體資料。The computer system described in item 1 of the patent application scope further includes four data buses, which are respectively connected to the programmable logic gate device and the BMC firmware storage device, the programmable logic gate device and the BIOS firmware storage device. The programmable logic gate device and the BMC backup firmware storage device, and the programmable logic gate device and the BIOS backup firmware storage device, for the programmable logic gate device to read or write respectively through the four data buses Enter the BMC firmware data, BIOS firmware data, BMC backup firmware data and BIOS backup firmware data. 一種具開機之可信驗證與容錯移轉之方法,包括:提供一包括基板管理控制器(BMC)、BMC韌體儲存裝置、BIOS(基本輸入輸出系統)韌體儲存裝置、BMC備份韌體儲存裝置、BIOS備份韌體儲存裝置與可程式邏輯閘裝置之計算機系統,且該可程式邏輯閘裝置將該基板管理控制器物理隔離該BMC韌體儲存裝置、BIOS韌體儲存裝置、BMC備份韌體儲存裝置與BIOS備份韌體儲存裝置;當該計算機系統進行開機時,由該可程式邏輯閘裝置對該BMC韌體儲存裝置之BMC韌體資料與該BIOS韌體儲存裝置之BIOS韌體資料執行可信驗證;以及當該BMC韌體資料或該BIOS韌體資料未通過該可信驗證時,由該可程式邏輯閘裝置將無法被修改及經驗證正確之該BMC備份韌體儲存裝置之BMC備份韌體資料或該BIOS備份韌體儲存裝置之BIOS備份韌體資料對應覆蓋未通過該可信驗證之該BMC韌體資料或該BIOS韌體資料。A method for trusted verification and fault-tolerant transfer with booting includes: providing a baseboard management controller (BMC), a BMC firmware storage device, a BIOS (basic input output system) firmware storage device, and a BMC backup firmware storage Device, BIOS backup firmware storage device and programmable logic gate device computer system, and the programmable logic gate device physically isolates the substrate management controller from the BMC firmware storage device, BIOS firmware storage device, BMC backup firmware Storage device and BIOS backup firmware storage device; when the computer system is booted, the programmable logic gate device executes the BMC firmware data of the BMC firmware storage device and the BIOS firmware data of the BIOS firmware storage device Trusted verification; and when the BMC firmware data or the BIOS firmware data fails the trusted verification, the programmable logic gate device cannot be modified and verified correctly by the BMC backup firmware storage device BMC The backup firmware data or the BIOS backup firmware data of the BIOS backup firmware storage device correspondingly covers the BMC firmware data or the BIOS firmware data that failed the trusted authentication. 如申請專利範圍第11項所述之方法,更包括當該計算機系統接上電源且啟動該計算機系統之電源鍵時,該可程式邏輯閘裝置控制該計算機系統之一控制匯流排以使該基板管理控制器處於重置狀態而無法運行。The method according to item 11 of the scope of patent application, further comprising: when the computer system is connected to a power source and a power button of the computer system is activated, the programmable logic gate device controls one of the computer systems to control a bus to enable the substrate The management controller is in a reset state and cannot operate. 如申請專利範圍第11項所述之方法,更包括由該可程式邏輯閘裝置經由該計算機系統之一資料匯流排讀取該BMC韌體儲存裝置之BMC韌體資料,以透過該可程式邏輯閘裝置之資料驗證演算法對該BMC韌體資料執行該可信驗證。The method according to item 11 of the scope of patent application, further comprising reading the BMC firmware data of the BMC firmware storage device by the programmable logic gate device through a data bus of the computer system to pass the programmable logic The data verification algorithm of the brake device performs the trusted verification on the BMC firmware data. 如申請專利範圍第13項所述之方法,其中,若該BMC韌體資料未通過該可信驗證,該可程式邏輯閘裝置控制該計算機系統之另一資料匯流排以讀取該BMC備份韌體儲存裝置之BMC備份韌體資料,並將BMC備份韌體資料經由該資料匯流排寫入覆蓋該BMC韌體資料。The method according to item 13 of the scope of patent application, wherein if the BMC firmware data fails the trusted verification, the programmable logic gate device controls another data bus of the computer system to read the BMC backup firmware The BMC backup firmware data of the mass storage device, and write the BMC backup firmware data through the data bus to overwrite the BMC firmware data. 如申請專利範圍第13項所述之方法,其中,若該BMC韌體資料通過該可信驗證,該可程式邏輯閘裝置控制該計算機系統之控制匯流排以釋放該基板管理控制器而開始運行,使該基板管理控制器透過該計算機系統之又一資料匯流排藉由該可程式邏輯閘裝置讀取該BMC韌體儲存裝置之BMC韌體資料以執行運作。The method according to item 13 of the scope of patent application, wherein if the BMC firmware data passes the trusted verification, the programmable logic gate device controls the control bus of the computer system to release the substrate management controller and start operation. To enable the baseboard management controller to read the BMC firmware data of the BMC firmware storage device through the data bus of the computer system through the programmable logic gate device to perform the operation. 如申請專利範圍第11項所述之方法,更包括若該計算機系統處於關機狀態,該基板管理控制器控制該計算機系統之一控制匯流排,以使該計算機系統之中央處理器模組處於重置狀態而無法運作。The method according to item 11 of the scope of patent application, further comprising, if the computer system is in an off state, the baseboard management controller controls one of the computer systems to control the bus so that the central processing unit module of the computer system is in Set state and cannot work. 如申請專利範圍第11項所述之方法,更包括由該可程式邏輯閘裝置持續監控該基板管理控制器是否發生內部或非預期之外力重置。The method according to item 11 of the patent application scope further includes continuously monitoring, by the programmable logic gate device, whether the substrate management controller is reset internally or unexpectedly. 如申請專利範圍第11項所述之方法,更包括由該可程式邏輯閘裝置持續監控該計算機系統之電源鍵是否被啟動,若該可程式邏輯閘裝置收到該電源鍵被啟動而送出之開機訊號,該可程式邏輯閘裝置讀取該BIOS韌體儲存裝置之BIOS韌體資料,並由該可程式邏輯閘裝置之資料驗證演算法對該BIOS韌體資料執行該可信驗證。The method according to item 11 of the scope of patent application, further comprising the programmable logic gate device continuously monitoring whether the power key of the computer system is activated, and if the programmable logic gate device receives the power key and is activated, it sends it out. The boot signal, the programmable logic gate device reads the BIOS firmware data of the BIOS firmware storage device, and the data verification algorithm of the programmable logic gate device performs the trusted verification on the BIOS firmware data. 如申請專利範圍第18項所述之方法,更包括若該BIOS韌體資料未通過該可信驗證,該可程式邏輯閘裝置控制該計算機系統之一資料匯流排以讀取該BIOS備份韌體儲存裝置中經驗證正確之該BIOS備份韌體資料,並將該BIOS備份韌體資料經由該計算機系統之另一資料匯流排寫入覆蓋該BIOS韌體資料。The method according to item 18 of the scope of patent application, further comprising, if the BIOS firmware data fails the trusted authentication, the programmable logic gate device controls a data bus of the computer system to read the BIOS backup firmware. The BIOS backup firmware data verified in the storage device is correct, and the BIOS backup firmware data is written over another data bus of the computer system to cover the BIOS firmware data. 如申請專利範圍第18項所述之方法,其中,若該BIOS韌體資料通過該可信驗證,該可程式邏輯閘裝置控制該計算機系統之一控制匯流排以通知該基板管理控制器有關該BIOS韌體資料已通過該可信驗證,使該基板管理控制器控制該計算機系統之另一控制匯流排以釋放該計算機系統之中央處理器模組而開始運作。The method according to item 18 of the scope of patent application, wherein if the BIOS firmware data passes the trusted verification, the programmable logic gate device controls one of the computer system control buses to notify the baseboard management controller about the The BIOS firmware data has passed the trusted verification, causing the baseboard management controller to control another control bus of the computer system to release the central processing unit module of the computer system and start operation.
TW107106581A 2018-02-27 2018-02-27 Computer system and method with credible verification and fault tolerant transfer of boot-up TWI665604B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW107106581A TWI665604B (en) 2018-02-27 2018-02-27 Computer system and method with credible verification and fault tolerant transfer of boot-up
CN201810336500.0A CN110197070B (en) 2018-02-27 2018-04-12 Computer system and method with power-on trusted verification and fault-tolerant transfer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107106581A TWI665604B (en) 2018-02-27 2018-02-27 Computer system and method with credible verification and fault tolerant transfer of boot-up

Publications (2)

Publication Number Publication Date
TWI665604B true TWI665604B (en) 2019-07-11
TW201937366A TW201937366A (en) 2019-09-16

Family

ID=67751012

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107106581A TWI665604B (en) 2018-02-27 2018-02-27 Computer system and method with credible verification and fault tolerant transfer of boot-up

Country Status (2)

Country Link
CN (1) CN110197070B (en)
TW (1) TWI665604B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110795738B (en) * 2019-09-19 2022-05-13 超聚变数字技术有限公司 Computer starting method, controller, storage medium and system
CN111723376A (en) * 2020-06-10 2020-09-29 苏州浪潮智能科技有限公司 Method, circuit and device for monitoring and controlling in-board trusted platform
CN112086078A (en) * 2020-09-18 2020-12-15 Tcl华星光电技术有限公司 Data protection device and method for driving circuit
CN112114908A (en) * 2020-11-20 2020-12-22 支付宝(杭州)信息技术有限公司 Hardware platform, starting method and device thereof, and electronic equipment
CN113032788A (en) * 2021-03-24 2021-06-25 山东英信计算机技术有限公司 Firmware image switching method, device and medium in computer system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120208619A1 (en) * 2010-10-25 2012-08-16 Wms Gaming, Inc. Computer bios protection and authentication
TW201328246A (en) * 2011-12-21 2013-07-01 Inventec Corp Method and system for managing cloud server system
CN103412775A (en) * 2013-08-12 2013-11-27 浪潮电子信息产业股份有限公司 Method for refreshing BMC firmware intelligently and automatically
TW201447767A (en) * 2013-06-11 2014-12-16 Samsung Electronics Co Ltd Processor module, microserver and method of controlling processor module
TW201514714A (en) * 2013-03-21 2015-04-16 Insyde Software Corp Network controller sharing between SMM firmware and OS drivers
US20150154091A1 (en) * 2013-11-29 2015-06-04 Nventec Corporation Bios maintenance method
US20170104770A1 (en) * 2015-10-12 2017-04-13 Dell Products, L.P. System and method for performing intrusion detection in an information handling system
TW201729091A (en) * 2016-02-01 2017-08-16 廣達電腦股份有限公司 Motherboard, computer-readable storage device and firmware verification method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201401098A (en) * 2012-06-18 2014-01-01 Hon Hai Prec Ind Co Ltd System and method for verificating firmware
US9811654B2 (en) * 2014-06-11 2017-11-07 Dell Products L.P. Systems and methods for providing authentication using a managed input/output port
EP3172687B1 (en) * 2014-07-22 2018-12-19 Hewlett-Packard Development Company, L.P. Authorizing a bios policy change for storage
CN104486127A (en) * 2014-12-22 2015-04-01 浪潮集团有限公司 Redundancy trusted server management method based on trusted management unit
CN107451024A (en) * 2017-09-07 2017-12-08 大唐高鸿信安(浙江)信息科技有限公司 The credible measure of hardware realized based on BMC chip

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120208619A1 (en) * 2010-10-25 2012-08-16 Wms Gaming, Inc. Computer bios protection and authentication
TW201328246A (en) * 2011-12-21 2013-07-01 Inventec Corp Method and system for managing cloud server system
TW201514714A (en) * 2013-03-21 2015-04-16 Insyde Software Corp Network controller sharing between SMM firmware and OS drivers
TW201447767A (en) * 2013-06-11 2014-12-16 Samsung Electronics Co Ltd Processor module, microserver and method of controlling processor module
CN103412775A (en) * 2013-08-12 2013-11-27 浪潮电子信息产业股份有限公司 Method for refreshing BMC firmware intelligently and automatically
US20150154091A1 (en) * 2013-11-29 2015-06-04 Nventec Corporation Bios maintenance method
US20170104770A1 (en) * 2015-10-12 2017-04-13 Dell Products, L.P. System and method for performing intrusion detection in an information handling system
TW201729091A (en) * 2016-02-01 2017-08-16 廣達電腦股份有限公司 Motherboard, computer-readable storage device and firmware verification method

Also Published As

Publication number Publication date
TW201937366A (en) 2019-09-16
CN110197070B (en) 2023-07-21
CN110197070A (en) 2019-09-03

Similar Documents

Publication Publication Date Title
TWI665604B (en) Computer system and method with credible verification and fault tolerant transfer of boot-up
US11520894B2 (en) Verifying controller code
US10853179B2 (en) Information handling system and method for restoring firmware in one or more regions of a flash memory device
TWI530790B (en) System boot code recovery method, computing system, and controller for use in a system
US10754955B2 (en) Authenticating a boot path update
US9880908B2 (en) Recovering from compromised system boot code
EP2622533B1 (en) Demand based usb proxy for data stores in service processor complex
CN109791515B (en) System and method for secure recovery of host system code
US9329885B2 (en) System and method for providing redundancy for management controller
US9703635B2 (en) Method, computer program, and computer for restoring set of variables
JP5689429B2 (en) Authentication apparatus and authentication method
US11593487B2 (en) Custom baseboard management controller (BMC) firmware stack monitoring system and method
EP3452911B1 (en) Recovery environment for a virtual machine
CN113330436A (en) Firmware subsystem recovery based on manufacturing state
US8667336B2 (en) Flash memory-hosted local and remote out-of-service platform manageability
US11797679B2 (en) Trust verification system and method for a baseboard management controller (BMC)
US9785519B1 (en) Driver switch for device error recovery for assigned devices
US11593490B2 (en) System and method for maintaining trusted execution in an untrusted computing environment using a secure communication channel
US20240143435A1 (en) Remediation Interface for Self Heal Field Faults
US20240103837A1 (en) Seamless and secure motherboard replacement system and method
US20220222349A1 (en) Information handling system host to management controller attestation service channel