TWI822531B - Firmware protection system and method - Google Patents

Firmware protection system and method Download PDF

Info

Publication number
TWI822531B
TWI822531B TW111149601A TW111149601A TWI822531B TW I822531 B TWI822531 B TW I822531B TW 111149601 A TW111149601 A TW 111149601A TW 111149601 A TW111149601 A TW 111149601A TW I822531 B TWI822531 B TW I822531B
Authority
TW
Taiwan
Prior art keywords
hash value
firmware
management controller
baseboard management
update file
Prior art date
Application number
TW111149601A
Other languages
Chinese (zh)
Other versions
TW202427180A (en
Inventor
謝宜璁
黃山益
陳佳佑
黃添壽
Original Assignee
技鋼科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 技鋼科技股份有限公司 filed Critical 技鋼科技股份有限公司
Priority to TW111149601A priority Critical patent/TWI822531B/en
Application granted granted Critical
Publication of TWI822531B publication Critical patent/TWI822531B/en
Publication of TW202427180A publication Critical patent/TW202427180A/en

Links

Images

Landscapes

  • Emergency Protection Circuit Devices (AREA)
  • Circuits Of Receivers In General (AREA)
  • Storage Device Security (AREA)

Abstract

A firmware protection method includes: receiving a firmware update file by a baseboard management controller (BMC), generating a first hash according to the firmware update file and retrieving a digital signature from the firmware update file by the BMC, transmitting the first has and the digital signature to a security processor by the BMC, decoding the digital signature to obtain a second hash based on a pre-stored key by the security processor, determining whether the first hash is the same as the second hash by the security processor, outputting an update notification to the BMC by the security processor when the first hash is the same as the second hash, and outputting the firmware update file to a flash memory according to the update notification by the BMC.

Description

韌體保護系統及方法Firmware protection system and method

本發明係關於一種韌體保護系統及方法。The invention relates to a firmware protection system and method.

伺服器包括基板管理控制器(BMC),基板管理控制器會從儲存裝置讀取韌體檔案來執行。一般而言,基板管理控制器的儲存裝置的數量為兩個,一個用來儲存平時執行的韌體檔案,另一個則儲存出廠時的韌體檔案。The server includes a baseboard management controller (BMC), which reads firmware files from the storage device for execution. Generally speaking, the number of storage devices of the baseboard management controller is two, one is used to store the firmware files that are usually executed, and the other is used to store the factory firmware files.

當韌體檔案被更新時且經更新後的韌體檔案有問題時,雖然系統可以利用所述出廠時的韌體檔案復原有問題的韌體檔案,但這往往會需要花費數十分鐘的時間,使系統在這段時間內需暫停運作。When the firmware file is updated and there is a problem with the updated firmware file, although the system can use the factory firmware file to restore the problematic firmware file, this often takes tens of minutes. , causing the system to suspend operation during this period.

鑒於上述,本發明提供一種以滿足上述需求的。In view of the above, the present invention provides a device that meets the above needs.

依據本發明一實施例的韌體保護方法,包含:以基板管理控制器接收韌體更新檔;以基板管理控制器根據韌體更新檔產生第一雜湊值並從韌體更新檔擷取數位簽章;以基板管理控制器傳送第一雜湊值及數位簽章至安全處理器;以安全處理器基於預存金鑰解密數位簽章以取得第二雜湊值;以安全處理器判斷第一雜湊值與第二雜湊值是否相同;當第一雜湊值與第二雜湊值相同時,以安全處理器輸出更新通知至基板管理控制器;以及以基板管理控制器根據更新通知將韌體更新檔輸出至快閃記憶體。A firmware protection method according to an embodiment of the present invention includes: using a baseboard management controller to receive a firmware update file; using the baseboard management controller to generate a first hash value based on the firmware update file and retrieving a digital signature from the firmware update file. The baseboard management controller transmits the first hash value and the digital signature to the security processor; the security processor decrypts the digital signature based on the pre-stored key to obtain the second hash value; the security processor determines the difference between the first hash value and the digital signature. Whether the second hash value is the same; when the first hash value and the second hash value are the same, the security processor outputs an update notification to the baseboard management controller; and the baseboard management controller outputs the firmware update file to the baseboard management controller according to the update notification. Flash memory.

依據本發明一實施例的韌體保護系統,包含:快閃記憶體、基板管理控制器以及安全處理器。基板管理控制器連接於快閃記憶體,基板管理控制器用於接收韌體更新檔,根據韌體更新檔產生第一雜湊值並從韌體更新檔擷取數位簽章,及根據更新通知將韌體更新檔輸出至快閃記憶體。安全處理器連接於基板管理控制器,用於從基板管理控制器接收第一雜湊值及數位簽章,基於預存金鑰解密數位簽章以取得第二雜湊值,及於第一雜湊值與第二雜湊值相同時,輸出更新通知至基板管理控制器。A firmware protection system according to an embodiment of the present invention includes: a flash memory, a baseboard management controller and a security processor. The baseboard management controller is connected to the flash memory. The baseboard management controller is used to receive a firmware update file, generate a first hash value based on the firmware update file and retrieve a digital signature from the firmware update file, and transfer the firmware to the firmware update file according to the update notification. Output the body update file to flash memory. The security processor is connected to the baseboard management controller, and is configured to receive the first hash value and the digital signature from the baseboard management controller, decrypt the digital signature based on the pre-stored key to obtain the second hash value, and combine the first hash value with the third digital signature. When the two hash values are the same, an update notification is output to the baseboard management controller.

透過以上在將韌體更新檔存入快閃記憶體前,先由安全處理器對韌體更新檔進行驗證的架構,可以避免有誤的韌體更新檔被存入快閃記憶體,進而避免系統及使用者需耗費長時間等待韌體檔還原的問題。Through the above structure of verifying the firmware update file by the security processor before storing it in the flash memory, it is possible to prevent incorrect firmware update files from being stored in the flash memory, thereby preventing The system and users have to wait for a long time to restore the firmware file.

以上之關於本揭露內容之說明及以下之實施方式之說明係用以示範與解釋本發明之精神與原理,並且提供本發明之專利申請範圍更進一步之解釋。The above description of the present disclosure and the following description of the embodiments are used to demonstrate and explain the spirit and principles of the present invention, and to provide further explanation of the patent application scope of the present invention.

以下在實施方式中詳細敘述本發明之詳細特徵以及優點,其內容足以使任何熟習相關技藝者了解本發明之技術內容並據以實施,且根據本說明書所揭露之內容、申請專利範圍及圖式,任何熟習相關技藝者可輕易地理解本發明相關之目的及優點。以下之實施例係進一步詳細說明本發明之觀點,但非以任何觀點限制本發明之範疇。The detailed features and advantages of the present invention are described in detail below in the implementation mode. The content is sufficient to enable anyone skilled in the relevant art to understand the technical content of the present invention and implement it according to the content disclosed in this specification, the patent scope and the drawings. , anyone familiar with the relevant art can easily understand the relevant objectives and advantages of the present invention. The following examples further illustrate the aspects of the present invention in detail, but do not limit the scope of the present invention in any way.

請參考圖1,圖1係依據本發明一實施例所繪示的韌體保護系統的方塊圖。韌體保護系統1包括快閃記憶體11、基板管理控制器12以及安全處理器13。基板管理控制器12以有線或無線的方式連接於快閃記憶體11及安全處理器13,其中基板管理控制器12例如是以積體電路之間(inter-integrated circuit,I 2C)介面連接於快閃記憶體11。另外,安全處理器13可進一步以有線或無線的方式連接於快閃記憶體11,安全處理器13可對已儲存於快閃記憶體11中的韌體檔進行驗證。 Please refer to FIG. 1 , which is a block diagram of a firmware protection system according to an embodiment of the present invention. The firmware protection system 1 includes a flash memory 11 , a baseboard management controller 12 and a security processor 13 . The baseboard management controller 12 is connected to the flash memory 11 and the security processor 13 in a wired or wireless manner, where the baseboard management controller 12 is connected through an inter-integrated circuit (I 2 C) interface, for example. in flash memory 11. In addition, the security processor 13 can be further connected to the flash memory 11 in a wired or wireless manner, and the security processor 13 can verify the firmware file stored in the flash memory 11 .

快閃記憶體11用於儲存韌體檔。舉例而言,快閃記憶體11可以是主動式快閃記憶體(active flash)。基板管理控制器12用於接收韌體更新檔,及在韌體更新檔的驗證通過後將韌體更新檔存入快閃記憶體11。安全處理器13例如為安全晶片(security IC),用於對韌體更新檔進行驗證,及根據驗證結果發送通知至基板管理控制器12。The flash memory 11 is used to store firmware files. For example, the flash memory 11 may be an active flash memory (active flash). The baseboard management controller 12 is configured to receive the firmware update file and store the firmware update file in the flash memory 11 after the firmware update file passes the verification. The security processor 13 is, for example, a security chip (security IC), which is used to verify the firmware update file and send a notification to the baseboard management controller 12 according to the verification result.

為了更詳細說明以上內容,請一併參考圖1及圖2,其中圖2係依據本發明一實施例所繪示的韌體保護方法的流程圖。圖2所示的流程適用於圖1的韌體保護系統1。如圖2所示,韌體保護方法包括:步驟S101:以基板管理控制器接收第一韌體更新檔;步驟S103:以基板管理控制器根據第一韌體更新檔產生第一雜湊值並從第一韌體更新檔擷取第一數位簽章;步驟S105:以基板管理控制器傳送第一雜湊值及第一數位簽章至安全處理器;步驟S107:以安全處理器基於第一預存金鑰解密第一數位簽章以取得第二雜湊值;步驟S109:以安全處理器判斷第一雜湊值與第二雜湊值是否相同;若步驟S109的判斷結果為「是」,執行步驟S111:以安全處理器輸出第一更新通知至基板管理控制器;步驟S113:以基板管理控制器根據第一更新通知將第一韌體更新檔輸出至快閃記憶體;以及若步驟S109的判斷結果為「否」,執行步驟S115:以安全處理器通知基板管理控制器暫停更新。In order to explain the above content in more detail, please refer to FIG. 1 and FIG. 2 together. FIG. 2 is a flow chart of a firmware protection method according to an embodiment of the present invention. The process shown in Figure 2 is applicable to the firmware protection system 1 of Figure 1 . As shown in Figure 2, the firmware protection method includes: step S101: using the baseboard management controller to receive the first firmware update file; step S103: using the baseboard management controller to generate a first hash value according to the first firmware update file and from The first firmware update file acquires the first digital signature; Step S105: Use the baseboard management controller to transmit the first hash value and the first digital signature to the security processor; Step S107: Use the security processor based on the first deposit Use the key to decrypt the first digital signature to obtain the second hash value; Step S109: Use the security processor to determine whether the first hash value and the second hash value are the same; if the determination result in step S109 is "Yes", execute step S111: The security processor outputs the first update notification to the baseboard management controller; Step S113: The baseboard management controller outputs the first firmware update file to the flash memory according to the first update notification; and if the determination result in step S109 is " No", execute step S115: use the security processor to notify the baseboard management controller to suspend the update.

於步驟S101,基板管理控制器12可以是透過無線網路接收使用者端上傳的第一韌體更新檔,但本發明不對基板管理控制器12接收第一韌體更新檔的方式予以限制。另外,基板管理控制器12在收到第一韌體更新檔時,可先將第一韌體更新檔存入基板管理控制器12的隨機存取記憶體(read-only memory,ROM)。In step S101, the baseboard management controller 12 may receive the first firmware update file uploaded by the user through the wireless network, but the present invention does not limit the manner in which the baseboard management controller 12 receives the first firmware update file. In addition, when receiving the first firmware update file, the baseboard management controller 12 may first store the first firmware update file in a random access memory (read-only memory, ROM) of the baseboard management controller 12 .

於步驟S103,基板管理控制器12產生對應第一韌體更新檔的第一雜湊值,以及從第一韌體更新檔擷取第一數位簽章。進一步而言,基板管理控制器12可以是對第一韌體更新檔執行雜湊運算而產生第一雜湊值。第一數位簽章可以是透過使用加密金鑰對初始雜湊值加密而產生,所述第一初始雜湊值對應於第一韌體更新檔的保護區塊,其中初始雜湊值可為對第一韌體更新檔的保護區塊執行雜湊運算而產生。舉例而言,第一數位簽章為在基板管理控制器12接收第一韌體更新檔前,由使用者的終端裝置對初始雜湊值加密而產生。In step S103, the baseboard management controller 12 generates a first hash value corresponding to the first firmware update file, and retrieves a first digital signature from the first firmware update file. Furthermore, the baseboard management controller 12 may perform a hash operation on the first firmware update file to generate the first hash value. The first digital signature may be generated by using an encryption key to encrypt an initial hash value corresponding to a protection block of the first firmware update file, wherein the initial hash value may be an encryption key to the first firmware update file. It is generated by performing a hash operation on the protection block of the body update file. For example, the first digital signature is generated by encrypting an initial hash value by the user's terminal device before the baseboard management controller 12 receives the first firmware update file.

於步驟S105,基板管理控制器12傳送第一雜湊值及第一數位簽章至安全處理器13,其中基板管理控制器12可以是透過積體電路之間介面傳送第一雜湊值及第一數位簽章至安全處理器13。In step S105, the baseboard management controller 12 transmits the first hash value and the first digital signature to the security processor 13, wherein the baseboard management controller 12 may transmit the first hash value and the first digital signature through an interface between integrated circuits. Sign to secure processor 13.

於步驟S107,安全處理器13基於第一預存金鑰解密來自基板管理控制器12的第一數位簽章以取得第二雜湊值。前述用於產生第一數位簽章的加密金鑰可對應於第一預存金鑰。進一步而言,用於產生第一數位簽章的加密金鑰可為公鑰,第一預存金鑰可為私鑰。In step S107, the security processor 13 decrypts the first digital signature from the baseboard management controller 12 based on the first pre-stored key to obtain a second hash value. The aforementioned encryption key used to generate the first digital signature may correspond to the first pre-stored key. Furthermore, the encryption key used to generate the first digital signature may be a public key, and the first pre-stored key may be a private key.

於步驟S109,安全處理器13判斷第一雜湊值與第二雜湊值是否相同,以判斷基板管理控制器12產生的第一雜湊值及第一數位簽章中的第二雜湊值是否指示同一韌體更新檔。In step S109, the security processor 13 determines whether the first hash value and the second hash value are the same to determine whether the first hash value generated by the baseboard management controller 12 and the second hash value in the first digital signature indicate the same firmware. body update file.

若安全處理器13判斷第一雜湊值與第二雜湊值相同,於步驟S111,安全處理器13輸出第一更新通知至基板管理控制器12,且安全處理器13可以是透過積體電路之間介面輸出第一更新通知至基板管理控制器12,其中第一更新通知指示第一韌體更新檔為合法的。於步驟S113,基板管理控制器12在收到第一更新通知後,根據第一更新通知將第一韌體更新檔從隨機存取記憶體輸出至快閃記憶體11。據此,當第一韌體更新檔專屬於基板管理控制器12時,基板管理控制器12可從快閃記憶體11讀取並執行第一韌體更新檔。If the security processor 13 determines that the first hash value and the second hash value are the same, in step S111, the security processor 13 outputs a first update notification to the baseboard management controller 12, and the security processor 13 may communicate through the integrated circuit. The interface outputs a first update notification to the baseboard management controller 12, wherein the first update notification indicates that the first firmware update file is legal. In step S113, after receiving the first update notification, the baseboard management controller 12 outputs the first firmware update file from the random access memory to the flash memory 11 according to the first update notification. Accordingly, when the first firmware update file is dedicated to the BMC 12 , the BMC 12 can read and execute the first firmware update file from the flash memory 11 .

反之,若安全處理器13判斷第一雜湊值與第二雜湊值不同,表示第一韌體更新檔為不合法的。因此,於步驟S115,安全處理器13可通知基板管理控制器12暫停更新,以避免基板管理控制器12執行錯誤的韌體檔。On the contrary, if the security processor 13 determines that the first hash value and the second hash value are different, it indicates that the first firmware update file is illegal. Therefore, in step S115, the security processor 13 may notify the baseboard management controller 12 to suspend the update to prevent the baseboard management controller 12 from executing an incorrect firmware file.

透過以上在將韌體更新檔存入快閃記憶體前,先由安全處理器對韌體更新檔進行驗證的方式,可以避免有誤的韌體更新檔被存入快閃記憶體,進而避免系統及使用者需耗費長時間等待韌體檔還原的問題。Through the above method of verifying the firmware update file by the security processor before storing it in the flash memory, it is possible to prevent incorrect firmware update files from being stored in the flash memory, thereby preventing The system and users have to wait for a long time to restore the firmware file.

請接著一併參考圖1及圖3,其中圖3係依據本發明一實施例所繪示的韌體保護方法中產生第一雜湊值的流程圖。圖3可視為圖2之步驟S103中根據第一韌體更新檔產生第一雜湊值的一實施例的細部流程圖。如圖3所示,產生第一雜湊值的方法包括:步驟201:判斷第一韌體更新檔的保護區塊;以及步驟S203:根據保護區塊計算第一雜湊值。Please refer to FIG. 1 and FIG. 3 together. FIG. 3 is a flow chart of generating a first hash value in a firmware protection method according to an embodiment of the present invention. FIG. 3 can be viewed as a detailed flow chart of an embodiment of generating the first hash value according to the first firmware update file in step S103 of FIG. 2 . As shown in Figure 3, the method of generating the first hash value includes: step 201: determining the protection block of the first firmware update file; and step S203: calculating the first hash value based on the protection block.

於步驟S201,基板管理控制器12判斷第一韌體更新檔中的保護區塊,其中保護區塊存有第一韌體更新檔中的更新內容的至少一部分。於步驟S203,基板管理控制器12對保護區塊中的更新內容執行雜湊運算,以產生第一雜湊值。In step S201, the baseboard management controller 12 determines the protection block in the first firmware update file, where the protection block stores at least part of the update content in the first firmware update file. In step S203, the baseboard management controller 12 performs a hash operation on the updated content in the protection block to generate a first hash value.

請接著參考圖4,圖4係依據本發明另一實施例所繪示的韌體保護系統的方塊圖。韌體保護系統2包括第一快閃記憶體21、基板管理控制器22、安全處理器23及第二快閃記憶體24。第一快閃記憶體21、基板管理控制器22及安全處理器23的實現方式及連接方式可分別與圖1所示的快閃記憶體11、基板管理控制器12及安全處理器13相同,故不再於此贅述。在圖4的實施例中,韌體保護系統2更包括第二快閃記憶體24,第二快閃記憶體24以有線或無線的方式接於基板管理控制器22、安全處理器23以及中央處理器CPU,其中中央處理器CPU可用於執行基本輸入輸出系統(basic input/output system,BIOS)。Please refer to FIG. 4 , which is a block diagram of a firmware protection system according to another embodiment of the present invention. The firmware protection system 2 includes a first flash memory 21 , a baseboard management controller 22 , a security processor 23 and a second flash memory 24 . The implementation and connection methods of the first flash memory 21, the baseboard management controller 22 and the security processor 23 can be the same as the flash memory 11, the baseboard management controller 12 and the security processor 13 shown in Figure 1, respectively. Therefore, no further details will be given here. In the embodiment of FIG. 4 , the firmware protection system 2 further includes a second flash memory 24 . The second flash memory 24 is connected to the baseboard management controller 22 , the security processor 23 and the central processing unit in a wired or wireless manner. Processor CPU, where the central processing unit CPU can be used to execute a basic input/output system (BIOS).

在此實施例中,第一快閃記憶體21可以是用於儲存屬於基板管理控制器22的韌體檔,第二快閃記憶體24可以是用於儲存屬於基本輸入輸出系統的韌體檔。安全處理器23同樣可對已儲存於第二快閃記憶體24中的韌體檔進行驗證。此外,安全處理器23更可以有線或無線的方式接於中央處理器CPU,讓中央處理器CPU可主動通知安全處理器23需對基本輸入輸出系統的韌體更新檔進行驗證。In this embodiment, the first flash memory 21 may be used to store firmware files belonging to the baseboard management controller 22 , and the second flash memory 24 may be used to store firmware files belonging to the basic input and output system. . The security processor 23 can also verify the firmware file stored in the second flash memory 24 . In addition, the security processor 23 can be connected to the central processing unit CPU in a wired or wireless manner, so that the central processing unit CPU can proactively notify the security processor 23 that the firmware update file of the basic input and output system needs to be verified.

請接著一併參考圖4及圖5,其中圖5係依據本發明另一實施例所繪示的韌體保護方法的流程圖。如圖5所示,韌體保護方法更包括:步驟S301:以基板管理控制器接收第二韌體更新檔;步驟S303:以基板管理控制器根據第二韌體更新檔產生第三雜湊值並從第二韌體更新檔擷取第二數位簽章;步驟S305:以基板管理控制器傳送第三雜湊值及第二數位簽章至安全處理器;步驟S307:以安全處理器基於第二預存金鑰解密第二數位簽章以取得第四雜湊值;步驟S309:以安全處理器判斷第三雜湊值與第四雜湊值是否相同;若步驟S309的判斷結果為「是」,執行步驟S311:以安全處理器輸出第二更新通知至基板管理控制器;步驟S313:以基板管理控制器根據第二更新通知將第二韌體更新檔輸出至快閃記憶體;以及若步驟S309的判斷結果為「否」,執行步驟S315:以安全處理器通知基板管理控制器暫停更新。Please refer to FIG. 4 and FIG. 5 together. FIG. 5 is a flow chart of a firmware protection method according to another embodiment of the present invention. As shown in Figure 5, the firmware protection method further includes: step S301: using the baseboard management controller to receive the second firmware update file; step S303: using the baseboard management controller to generate a third hash value according to the second firmware update file and Acquire the second digital signature from the second firmware update file; Step S305: Use the baseboard management controller to transmit the third hash value and the second digital signature to the security processor; Step S307: Use the security processor based on the second pre-stored The key decrypts the second digital signature to obtain the fourth hash value; Step S309: Use the security processor to determine whether the third hash value and the fourth hash value are the same; if the determination result in step S309 is "yes", perform step S311: Use the security processor to output a second update notification to the baseboard management controller; Step S313: Use the baseboard management controller to output the second firmware update file to the flash memory according to the second update notification; and if the determination result in step S309 is "No", perform step S315: use the security processor to notify the baseboard management controller to suspend the update.

圖5所示的步驟S301到步驟S315分別與圖2所示的步驟S101到步驟S105相似。此外,基板管理控制器22可對第二韌體更新檔執行圖3的步驟以產生第三雜湊值。產生第二數位簽章的方式同樣可以是透過使用加密金鑰對初始雜湊值加密而產生,初始雜湊值對應於第二韌體更新檔的保護區塊,且加密金鑰對應於第二預存金鑰,其中第二預存金鑰可與第一預存金鑰相同或相異。Steps S301 to S315 shown in FIG. 5 are respectively similar to steps S101 to S105 shown in FIG. 2 . In addition, the baseboard management controller 22 may perform the steps of FIG. 3 on the second firmware update file to generate a third hash value. The method of generating the second digital signature can also be generated by using an encryption key to encrypt the initial hash value. The initial hash value corresponds to the protection block of the second firmware update file, and the encryption key corresponds to the second deposit. key, where the second pre-stored key may be the same as or different from the first pre-stored key.

在圖5的實施例中,第二韌體更新檔是指屬於中央處理器CPU執行的基本輸入輸出系統的韌體檔。若步驟S309的判斷結果為是,安全處理器23於步驟S311輸出的第二更新通知指示第二韌體更新檔為合法的。於步驟S313,基板管理控制器22在收到第二更新通知後,根據第二更新通知將第二韌體更新檔從隨機存取記憶體輸出至連接於中央處理器CPU的第二快閃記憶體24。據此,執行基本輸入輸出系統的中央處理器CPU可從第二快閃記憶體24讀取並執行第二韌體更新檔。In the embodiment of FIG. 5 , the second firmware update file refers to a firmware file belonging to the basic input and output system executed by the central processing unit CPU. If the determination result in step S309 is yes, the second update notification output by the security processor 23 in step S311 indicates that the second firmware update file is legal. In step S313, after receiving the second update notification, the baseboard management controller 22 outputs the second firmware update file from the random access memory to the second flash memory connected to the central processing unit CPU according to the second update notification. Body 24. Accordingly, the central processing unit CPU executing the basic input and output system can read and execute the second firmware update file from the second flash memory 24 .

上述的第一韌體更新檔及第二韌體更新檔可分別為但不限於基板管理控制器的韌體檔及基本輸入輸出系統的韌體檔。The above-mentioned first firmware update file and the second firmware update file may be, but are not limited to, the firmware file of the baseboard management controller and the firmware file of the basic input and output system respectively.

透過以上在將韌體更新檔存入快閃記憶體前,先由安全處理器對韌體更新檔進行驗證的架構,可以避免有誤的韌體更新檔被存入快閃記憶體,進而避免系統及使用者需耗費長時間等待韌體檔還原的問題。因此,可以預防韌體執行單元(例如基板管理控制器、中央處理器等)執行錯誤的韌體檔,確保後續韌體執行單元執行的韌體檔的正確性。Through the above structure of verifying the firmware update file by the security processor before storing it in the flash memory, it is possible to prevent incorrect firmware update files from being stored in the flash memory, thereby preventing The system and users have to wait for a long time to restore the firmware file. Therefore, it is possible to prevent the firmware execution unit (such as the baseboard management controller, central processing unit, etc.) from executing wrong firmware files and ensure the correctness of the firmware files subsequently executed by the firmware execution units.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明。在不脫離本發明之精神和範圍內,所為之更動與潤飾,均屬本發明之專利保護範圍。關於本發明所界定之保護範圍請參考所附之申請專利範圍。Although the present invention is disclosed in the foregoing embodiments, they are not intended to limit the present invention. All changes and modifications made without departing from the spirit and scope of the present invention shall fall within the scope of patent protection of the present invention. Regarding the protection scope defined by the present invention, please refer to the attached patent application scope.

1,2:韌體保護系統 11,21,24:快閃記憶體 12,22:基板管理控制器 13,23:安全處理器 CPU:中央處理器 S101,S103,S105,S107,S109,S111,S113,S115,S201,S203, S301,S303,S305,S307,S309,S311,S313,S315:步驟 1,2: Firmware protection system 11,21,24: Flash memory 12,22:Baseboard management controller 13,23: Security processor CPU: central processing unit S101, S103, S105, S107, S109, S111, S113, S115, S201, S203, S301, S303, S305, S307, S309, S311, S313, S315: Steps

圖1係依據本發明一實施例所繪示的韌體保護系統的方塊圖。 圖2係依據本發明一實施例所繪示的韌體保護方法的流程圖。 圖3係依據本發明一實施例所繪示的韌體保護方法中產生第一雜湊值的流程圖。 圖4係依據本發明另一實施例所繪示的韌體保護系統的方塊圖。 圖5係依據本發明另一實施例所繪示的韌體保護方法的流程圖。 FIG. 1 is a block diagram of a firmware protection system according to an embodiment of the present invention. FIG. 2 is a flow chart of a firmware protection method according to an embodiment of the present invention. FIG. 3 is a flow chart of generating a first hash value in a firmware protection method according to an embodiment of the present invention. FIG. 4 is a block diagram of a firmware protection system according to another embodiment of the present invention. FIG. 5 is a flow chart of a firmware protection method according to another embodiment of the present invention.

S101,S103,S105,S107,S109,S111,S113,S115:步驟 S101, S103, S105, S107, S109, S111, S113, S115: Steps

Claims (10)

一種韌體保護方法,包含: 以一基板管理控制器接收一韌體更新檔;以該基板管理控制器根據該韌體更新檔產生一第一雜湊值並從該韌體更新檔擷取一數位簽章;以該基板管理控制器傳送該第一雜湊值及該數位簽章至一安全處理器;以該安全處理器基於一預存金鑰解密該數位簽章以取得一第二雜湊值;以該安全處理器判斷該第一雜湊值與該第二雜湊值是否相同;當該第一雜湊值與該第二雜湊值相同時,以該安全處理器輸出一更新通知至該基板管理控制器;以及以該基板管理控制器根據該更新通知將該韌體更新檔輸出至一快閃記憶體。 A firmware protection method including: Using a baseboard management controller to receive a firmware update file; using the baseboard management controller to generate a first hash value based on the firmware update file and retrieving a digital signature from the firmware update file; using the baseboard management controller to control The device transmits the first hash value and the digital signature to a security processor; the security processor decrypts the digital signature based on a pre-stored key to obtain a second hash value; and the security processor determines the first hash value. Whether the hash value is the same as the second hash value; when the first hash value is the same as the second hash value, the security processor outputs an update notification to the baseboard management controller; and the baseboard management controller is configured according to The update notification outputs the firmware update file to a flash memory. 如請求項1所述的韌體保護方法,其中根據該韌體更新檔產生該第一雜湊值包含: 判斷該韌體更新檔的一保護區塊;以及根據該保護區塊計算該第一雜湊值。 The firmware protection method as described in claim 1, wherein generating the first hash value based on the firmware update file includes: Determine a protection block of the firmware update file; and calculate the first hash value based on the protection block. 如請求項1所述的韌體保護方法,更包含: 當該第一雜湊值與該第二雜湊值不同時,以該安全處理器通知該基板管理控制器暫停更新。 The firmware protection method described in claim 1 further includes: When the first hash value is different from the second hash value, the security processor notifies the baseboard management controller to suspend updating. 如請求項1所述的韌體保護方法,其中該數位簽章係透過使用一加密金鑰對一初始雜湊值加密而產生,該初始雜湊值對應於該韌體更新檔的一保護區塊,且該加密金鑰對應於該預存金鑰。The firmware protection method of claim 1, wherein the digital signature is generated by encrypting an initial hash value using an encryption key, and the initial hash value corresponds to a protection block of the firmware update file, And the encryption key corresponds to the pre-stored key. 如請求項1所述的韌體保護方法,其中該韌體更新檔係一第一韌體更新檔,該快閃記憶體係一第一快閃記憶體,該數位簽章係一第一數位簽章,該預存金鑰係依一第一預存金鑰,該方法更包含: 以該基板管理控制器接收一第二韌體更新檔;以該基板管理控制器根據該第二韌體更新檔產生一第三雜湊值並從該第二韌體更新檔擷取一第二數位簽章;以該基板管理控制器傳送該第三雜湊值及該第二數位簽章至該安全處理器;以該安全處理器基於一第二預存金鑰解密該第二數位簽章以取得一第四雜湊值;以該安全處理器判斷該第三雜湊值與該第四雜湊值是否相同;當該第三雜湊值與該第四雜湊值相同時,以該安全處理器輸出另一更新通知至該基板管理控制器;以及以該基板管理控制器根據該另一更新通知將該第二韌體更新檔輸出至一第二快閃記憶體。 The firmware protection method as described in claim 1, wherein the firmware update file is a first firmware update file, the flash memory system is a first flash memory, and the digital signature is a first digital signature. Chapter 1, the pre-stored key is based on a first pre-stored key, and the method further includes: The baseboard management controller receives a second firmware update file; the baseboard management controller generates a third hash value according to the second firmware update file and retrieves a second number from the second firmware update file. Sign; use the baseboard management controller to send the third hash value and the second digital signature to the security processor; use the security processor to decrypt the second digital signature based on a second pre-stored key to obtain a The fourth hash value; use the security processor to determine whether the third hash value and the fourth hash value are the same; when the third hash value is the same as the fourth hash value, use the security processor to output another update notification to the baseboard management controller; and using the baseboard management controller to output the second firmware update file to a second flash memory according to the another update notification. 一種韌體保護系統,包含: 一快閃記憶體;一基板管理控制器,連接於該快閃記憶體,該基板管理控制器用於接收一韌體更新檔,根據該韌體更新檔產生一第一雜湊值並從該韌體更新檔擷取一數位簽章,及根據一更新通知將該韌體更新檔輸出至該快閃記憶體;以及一安全處理器,連接於該基板管理控制器,用於從該基板管理控制器接收該第一雜湊值及該數位簽章,基於一預存金鑰解密該數位簽章以取得一第二雜湊值,及於該第一雜湊值與該第二雜湊值相同時,輸出該更新通知至該基板管理控制器。 A firmware protection system that includes: A flash memory; a baseboard management controller connected to the flash memory, the baseboard management controller is used to receive a firmware update file, generate a first hash value according to the firmware update file and obtain it from the firmware The update file obtains a digital signature and outputs the firmware update file to the flash memory according to an update notification; and a security processor is connected to the baseboard management controller for obtaining the data from the baseboard management controller. Receive the first hash value and the digital signature, decrypt the digital signature based on a pre-stored key to obtain a second hash value, and when the first hash value is the same as the second hash value, output the update notification to the baseboard management controller. 如請求項6所述的韌體保護系統,其中該基板管理控制器執行根據該韌體更新檔產生該第一雜湊值包含: 判斷該韌體更新檔的一保護區塊;以及根據該保護區塊計算該第一雜湊值。 The firmware protection system of claim 6, wherein the baseboard management controller generates the first hash value based on the firmware update file including: Determine a protection block of the firmware update file; and calculate the first hash value based on the protection block. 如請求項6所述的韌體保護系統,其中該安全處理器更用於在該第一雜湊值與該第二雜湊值不同時,通知該基板管理控制器暫停更新。The firmware protection system of claim 6, wherein the security processor is further configured to notify the baseboard management controller to suspend updating when the first hash value is different from the second hash value. 如請求項6所述的韌體保護系統,其中該數位簽章係透過使用一加密金鑰對一初始雜湊值加密而產生,該初始雜湊值對應於該韌體更新檔的一保護區塊,且該加密金鑰對應於該預存金鑰。The firmware protection system of claim 6, wherein the digital signature is generated by encrypting an initial hash value using an encryption key, and the initial hash value corresponds to a protection block of the firmware update file, And the encryption key corresponds to the pre-stored key. 如請求項6所述的韌體保護系統,其中該數位簽章係一第一數位簽章,該預存金鑰係依一第一預存金鑰,該快閃記憶體係一第一快閃記憶體,該韌體保護系統更包含連接於該基板管理控制器的一第二快閃記憶體, 該基板管理控制器更用於接收一第二韌體更新檔,根據該第二韌體更新檔產生一第三雜湊值並從該第二韌體更新檔擷取一第二數位簽章,及根據另一更新通知將該第二韌體更新檔輸出至該第二快閃記憶體,該安全處理器更用於從該基板管理控制器接收該第三雜湊值及該第二數位簽章,基於一第二預存金鑰解密該第二數位簽章以取得一第四雜湊值,及於該第三雜湊值與該第四雜湊值相同時,輸出該另一更新通知至該基板管理控制器。 The firmware protection system of claim 6, wherein the digital signature is a first digital signature, the pre-stored key is based on a first pre-stored key, and the flash memory system is a first flash memory , the firmware protection system further includes a second flash memory connected to the baseboard management controller, The baseboard management controller is further configured to receive a second firmware update file, generate a third hash value based on the second firmware update file, and retrieve a second digital signature from the second firmware update file, and The second firmware update file is output to the second flash memory according to another update notification, and the security processor is further configured to receive the third hash value and the second digital signature from the baseboard management controller, Decrypt the second digital signature based on a second pre-stored key to obtain a fourth hash value, and when the third hash value is the same as the fourth hash value, output the another update notification to the baseboard management controller .
TW111149601A 2022-12-23 2022-12-23 Firmware protection system and method TWI822531B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW111149601A TWI822531B (en) 2022-12-23 2022-12-23 Firmware protection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111149601A TWI822531B (en) 2022-12-23 2022-12-23 Firmware protection system and method

Publications (2)

Publication Number Publication Date
TWI822531B true TWI822531B (en) 2023-11-11
TW202427180A TW202427180A (en) 2024-07-01

Family

ID=89722496

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111149601A TWI822531B (en) 2022-12-23 2022-12-23 Firmware protection system and method

Country Status (1)

Country Link
TW (1) TWI822531B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201702929A (en) * 2015-07-01 2017-01-16 廣達電腦股份有限公司 System, method and computer readable storage medium for updating computer firmware
TW201717000A (en) * 2015-11-05 2017-05-16 廣達電腦股份有限公司 Method and computing device for ensuring management controller firmware security
CN109144552A (en) * 2018-09-10 2019-01-04 郑州云海信息技术有限公司 A kind of boot firmware method for refreshing and device
CN110231950A (en) * 2019-06-11 2019-09-13 苏州浪潮智能科技有限公司 A kind of upgrade method of BIOS, system and relevant apparatus
CN114647870A (en) * 2020-12-18 2022-06-21 技嘉科技股份有限公司 Electronic device and data integrity checking method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201702929A (en) * 2015-07-01 2017-01-16 廣達電腦股份有限公司 System, method and computer readable storage medium for updating computer firmware
TW201717000A (en) * 2015-11-05 2017-05-16 廣達電腦股份有限公司 Method and computing device for ensuring management controller firmware security
CN109144552A (en) * 2018-09-10 2019-01-04 郑州云海信息技术有限公司 A kind of boot firmware method for refreshing and device
CN110231950A (en) * 2019-06-11 2019-09-13 苏州浪潮智能科技有限公司 A kind of upgrade method of BIOS, system and relevant apparatus
CN114647870A (en) * 2020-12-18 2022-06-21 技嘉科技股份有限公司 Electronic device and data integrity checking method

Also Published As

Publication number Publication date
TW202427180A (en) 2024-07-01

Similar Documents

Publication Publication Date Title
TWI588749B (en) Method and computing device for ensuring management controller firmware security
US10771264B2 (en) Securing firmware
CN107085675B (en) Controlled security code authentication
TWI567579B (en) Method and apparatus for key provisioning of hardware devices
CN109313690B (en) Self-contained encrypted boot policy verification
TWI436280B (en) Authentication method for accessing profile of basic input/output system
CN101657792B (en) Trusted component update system and method
US8555049B2 (en) Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit
TWI667586B (en) System and method for verifying changes to uefi authenticated variables
US8479000B2 (en) Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit
TWI330769B (en) Apparatus method and system for feature activation
US10853472B2 (en) System, apparatus and method for independently recovering a credential
TW201935234A (en) Bios flashing method and bios image file processing method
JP7450713B2 (en) Software integrity protection method and apparatus, and software integrity verification method and apparatus
JP2013069250A (en) Storage device and writing device
CN115033294A (en) System, method, and apparatus for secure non-volatile memory
US11604880B2 (en) Systems and methods to cryptographically verify information handling system configuration
WO2016048300A1 (en) Operating system agnostic validation of firmware images
US20230273977A1 (en) Managing ownership of an electronic device
TW202226018A (en) Customer–specific activation of functionality in a semiconductor device
TWI822531B (en) Firmware protection system and method
JP2018194879A (en) Semiconductor device, boot method, and boot program
US20230224169A1 (en) Verifying secure software images using digital certificates
CN118246004A (en) Firmware protection system and method
TW202125297A (en) Electronic device and method of updating software