WO2022028057A1 - Tpm-based apparatus and method for multi-layer protection of server asset information - Google Patents

Tpm-based apparatus and method for multi-layer protection of server asset information Download PDF

Info

Publication number
WO2022028057A1
WO2022028057A1 PCT/CN2021/096401 CN2021096401W WO2022028057A1 WO 2022028057 A1 WO2022028057 A1 WO 2022028057A1 CN 2021096401 W CN2021096401 W CN 2021096401W WO 2022028057 A1 WO2022028057 A1 WO 2022028057A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
information
access device
verification information
tpm
Prior art date
Application number
PCT/CN2021/096401
Other languages
French (fr)
Chinese (zh)
Inventor
叶明洋
王鹏
张敏
杨德晓
付水论
Original Assignee
苏州浪潮智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 苏州浪潮智能科技有限公司 filed Critical 苏州浪潮智能科技有限公司
Publication of WO2022028057A1 publication Critical patent/WO2022028057A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/382Information transfer, e.g. on bus using universal interface adapter
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Definitions

  • the invention relates to the field of server asset information protection, in particular to a device and method for multi-layer protection of TPM server asset information.
  • TPM Trusted Platform Module
  • TPM is a trusted chip defined by the Trusted Computing Group (Trusted Computing Group), which uses asymmetric encryption algorithms internally to provide basic security-related functions of computer devices or server devices.
  • TPM includes TPM1.2 and TPM2.0.
  • TPM1.2 uses I2C (Inter-Integrated Circuit) protocol, which is generally connected to BMC (Baseboard Management Controller) on the server.
  • TPM2.0 uses SPI (Serial Perripheral Interface, Serial Peripheral Interface) protocol, which generally interacts with the BIOS (Basic Input/Output System). The two can be used alone or complement each other. Through the configuration of the firmware, various security protections can be achieved for the system.
  • TPM only verifies the access of the device to confirm whether the connected device is abnormally lost, and does not further distinguish the device.
  • the TPM1.2 chip is connected to the BMC to verify the access status of the access device; the TPM2.0 is connected to the BIOS to confirm whether the device is abnormally lost or maliciously damaged during the boot process, and protect the integrity of the current system sex.
  • the disadvantage of the prior art is that, on the one hand, the current access device model cannot be identified, and the problem of replacing devices of the same model cannot be avoided;
  • the realization of multi-level protection of access equipment is not conducive to the three-dimensional and comprehensive protection of server asset information.
  • the present invention innovatively proposes a device and method for multi-layer protection of TPM server asset information, which effectively solves the problem that the server asset information cannot be protected in multiple layers due to the prior art, and effectively improves the It improves the reliability of server asset information protection.
  • a first aspect of the present invention provides a device for multi-layer protection based on TPM server asset information, including: BMC, CPU (Central Processing Unit, central processing unit), PCH (Platform Controller Hub, platform controller hub), BIOS, interface access device, the first TPM, and the second TPM, the data reading end of the BMC is connected to the PCH, and is used to obtain the first verification information of the access device through the PCH and the CPU, and the data communication end of the BMC is connected to the first TPM.
  • BMC Central Processing Unit, central processing unit
  • PCH Plate Controller Hub, platform controller hub
  • BIOS interface access device
  • the data reading end of the BMC is connected to the PCH, and is used to obtain the first verification information of the access device through the PCH and the CPU
  • the data communication end of the BMC is connected to the first TPM.
  • the verification communication terminal of the BIOS is connected, and the first TPM is used to verify the first verification information of the access device; the data reading terminal of the BIOS is connected to the PCH to obtain the second verification information and the third verification information of the access device, The data communication terminal of the BIOS is connected to the verification communication terminal of the second TPM, and the second TPM is used to verify the second verification information and the third verification information of the access device in turn; the first enable control terminal of the PCH It is connected with the enabling terminal of the BIOS, and the second enabling control terminal is connected with the enabling terminal of the second TPM; wherein, the verification of the second verification information is performed after the verification of the first verification information is passed, and the verification of the second verification information is performed after the verification of the second verification information is passed. 3. Verification of verification information.
  • the access device includes a memory and/or a PCIE (Peripheral Component Interface Express, bus and interface standard) device.
  • PCIE Peripheral Component Interface Express, bus and interface standard
  • the first verification information is presence information and spec (specification) information of the access device
  • the second verification information is the SN of the access device
  • the third verification information is driver information of the access device.
  • the data reading end of the BIOS and the data communication end share a port, that is, the BIOS and the second TPM share one SPI (Serial Peripheral Interface, serial peripheral interface) line, and the communication of the BIOS is selected by changing the frequency of the SPI line. object.
  • SPI Serial Peripheral Interface, serial peripheral interface
  • a second aspect of the present invention provides a method for multi-layer protection based on TPM server asset information, which is implemented on the basis of the device for multi-layer protection based on TPM server asset information described in the first aspect of the present invention, and specifically includes:
  • the BMC obtains the first verification information of the access device, and invokes the first TPM to verify the first verification information of the access device. If the verification passes, the server system starts normally, and if the verification fails, the server system cannot start normally;
  • the BIOS obtains the second verification information and the third verification information of the access device, calls the second TPM to verify the second verification information of the access device, and if the verification passes, calls the second TPM to verify the third verification information of the access device, if If the verification fails, verify the first verification information of the access device;
  • the second TPM verifies the third verification information of the access device. If the verification passes, the server system is powered on normally. If the verification fails, the first verification information of the access device is verified.
  • the first verification information is presence information and spec information of the access device
  • the second verification information is the SN of the access device
  • the third verification information is driver information of the access device.
  • the verification of the first verification information is specifically: the first TPM obtains the presence information of the access device, and if the access device is in place, it continues to verify whether the spec information of the access device is consistent with the pre-stored spec information, if If they are consistent, the verification of the first verification information passes, and if they are inconsistent, the verification of the first verification information fails.
  • the verification of the second verification information is specifically: the second TPM compares the acquired second verification information of the access device with the pre-stored second verification information to see if they are consistent, and if they are consistent, the second verification information is verified to pass, If not, the verification of the second verification information fails.
  • the verification of the third verification information is specifically: the second TPM compares the acquired version number of the driver of the access device with the pre-stored version number of the driver of the access device, and if they are consistent, continues to verify the access device. Whether the driver of the input device can be executed, if it can be executed, the third verification information verification is passed, and if it cannot be executed or the comparison is inconsistent, the third verification information verification fails.
  • the key needs to be entered when entering the system again.
  • the present invention effectively solves the problem that server asset information cannot be protected at multiple levels due to the prior art, and can screen the current access device model, avoid the problem of replacing devices of the same type, and ensure that the current access device will not be changed or destroyed. , so as to more effectively protect the integrity, security and reliability of the current server.
  • the BIOS and the second TPM share one SPI line, and by changing the frequency of the SPI line to select the communication object of the BIOS, the data reading end and the data communication end of the BIOS can share one port.
  • the first verification information, the second verification information, and the third verification information are verified in sequence, and when any verification fails, the verification needs to be performed again, which ensures the multi-level protection of the server asset information.
  • Fig. 1 is the structural schematic diagram of the device of Example 1 in the scheme of the present invention.
  • Fig. 2 is the schematic flow chart of the method of embodiment 2 in the scheme of the present invention.
  • step S11 in the method of Embodiment 2 in the solution of the present invention
  • step S15 is a schematic flowchart of step S15 in the method of Embodiment 2 in the solution of the present invention
  • FIG. 5 is a schematic flowchart of step S17 in the method of Embodiment 2 in the solution of the present invention.
  • FIG. 6 is a schematic flowchart of the method of Example 3 in the solution of the present invention.
  • the present invention provides a device for multi-layer protection of asset information of a TPM server, including: BMC1, CPU2, PCH3, BIOS4, access device 5, first TPM6, second TPM7, and data reading of BMC1
  • the fetching terminal is connected with PCH3, and is used to obtain the first verification information of the access device 5 through PCH3 and CPU2,
  • the data communication terminal of BMC1 is connected with the verification communication terminal of the first TPM6, and the first TPM6 is used to verify the first verification information of the access device 5.
  • a verification information the data reading end of BIOS4 is connected to PCH3 to obtain the second verification information and third verification information of the access device 5, the data communication terminal of BIOS4 is connected to the verification communication terminal of the second TPM7, and the second TPM7 is used for Verify the second verification information and the third verification information of the access device 5 in turn;
  • the first enable control end of PCH3 (send FLASH_CS signal) is connected with the enable end of BIOS4, and the second enable control end (send TPM_CS signal) and The enabling end of the second TPM7 is connected; wherein, the verification of the second verification information is performed after the first verification information is verified, and the verification of the third verification information is performed after the second verification information is verified.
  • the access device 5 includes several memories 51 and/or several PCIE devices 52 .
  • the quantity of the memory 51 or the PCIE device 52 can be selected and adjusted according to the actual situation, which is not limited in the present invention.
  • the first verification information is the presence information and spec information of the access device 5
  • the second verification information is the SN of the access device 5
  • the third verification information is the drive information of the access device 5 .
  • the first TPM6 is a TPM1.2 chip
  • the second TPM7 is a TPM2.0 chip.
  • BIOS4 and the data communication end share one port, that is, BIOS4 and the second TPM7 share one SPI line, and the communication object of BIOS4 is selected by changing the frequency of the SPI line. Specifically, when the frequency of the SPI line is the first frequency, the BIOS4 communicates with the PCH3 through the SPI line to obtain the information of the access device; if the frequency of the SPI line is the second frequency, the BIOS4 communicates with the second TPM7 through the SPI line, and calls The second TPM 7 performs verification of the second verification information and the third verification information.
  • the BMC1 can capture the current status of the access device 5, obtain the access location and access status of each access device 5, and then use the I2C link to call the RSA algorithm in the first TPM6 (a kind of A widely used public key algorithm) to verify the obtained access status of the access device 5.
  • TPM6 a kind of A widely used public key algorithm
  • the BMC1 will use the IPMI (Intelligent Platform Management Interface) instruction to transmit the verification result of the first verification information to the BIOS4. If the first TPM6 verifies the first verification information of the current access device is correct, it can be powered on normally. If the verification fails, you need to enter the key when entering the system later, and give a change prompt message at the same time.
  • IPMI Intelligent Platform Management Interface
  • BIOS4 can interact with the device in turn to obtain the SN (Serial Number, product serial number) and other information (ie the second verification information) of the current device during the device initialization process, and submit it to the first device after reading this information.
  • the second TPM7 chip is verified, and the BIOS4 verifies whether the current SN has been changed by calling the SM3 algorithm (domestic hash algorithm) in the second TPM7.
  • the BIOS 4 will call the second TPM 7 to verify the driver (driver) loaded by the current access device 5 to ensure that the current access device 5 has not been maliciously damaged. Finally, all access devices are confirmed to be correct and then enter the system. If the verification fails, the key needs to be entered when entering the system, and a change prompt message is given at the same time.
  • BIOS4 actually refers to BIOS FLASH (flash memory).
  • the invention effectively solves the problem that the server asset information cannot be protected in multiple layers due to the prior art, and can screen the current access device model, avoid the problem of replacing the same type of device, and ensure that the current access device will not be changed and destroyed, thereby More effectively protect the integrity, security and reliability of the current server.
  • the BIOS and the second TPM share one SPI line, and by changing the frequency of the SPI line to select the communication object of the BIOS, the data reading end and the data communication end of the BIOS can share one port.
  • the technical solution of the present invention should provide a method for multi-layer protection of asset information based on a TPM server, which is implemented on the basis of Embodiment 1 of the present invention, and specifically includes:
  • the BMC obtains the first verification information of the access device, and invokes the first TPM to verify the first verification information of the access device;
  • step S12 judging whether the first verification information is passed, if the judgment result is yes, then step S13 is executed, if the judgment result is no, then step S14 is executed;
  • the BIOS obtains the second verification information and the third verification information of the access device, and invokes the second TPM to verify the second verification information of the access device;
  • step S18 determine whether the third verification information is passed, if the determination result is yes, then go to step S19, if the determination result is no, then go to step S11;
  • the first verification information is the presence information and spec information of the access device
  • the second verification information is the SN of the access device
  • the third verification information is the drive information of the access device.
  • step S11 as shown in Figure 3, it specifically includes:
  • the first TPM obtains the presence information of the access device
  • the spec information includes manufacturer information and the like.
  • the BMC can capture the current access device status, obtain the access location and access status of each access device, and then use the I2C link to call the first TPM
  • the RSA algorithm (a widely used public key algorithm) verifies the obtained access status of the access device.
  • the BMC will pass the verification result of the first verification information to the BIOS using the IPMI command. If the first TPM verifies the first verification information of the current access device is correct, it can be powered on normally. Enter the key, and give the change prompt information at the same time.
  • step S15 as shown in Figure 4, it specifically includes:
  • step S151 the second TPM compares the acquired second verification information of the access device with the pre-stored second verification information to see if they are consistent; if the judgment result is yes, then step S152 is executed, and if the judgment result is no, step S153 is executed;
  • the BIOS can interact with the device in turn to obtain information such as the SN (Serial Number, product serial number) of the current device (ie, the second verification information) in the process of device initialization. After receiving this information, submit it to the second TPM chip for verification. The BIOS verifies whether the current SN has been changed by calling the SM3 algorithm (domestic hash algorithm) in the second TPM. .
  • SN Serial Number, product serial number
  • the BIOS verifies whether the current SN has been changed by calling the SM3 algorithm (domestic hash algorithm) in the second TPM.
  • step S17 as shown in Figure 5, it specifically includes:
  • the second TPM compares the obtained version number of the driver of the access device with the pre-stored version number of the driver of the access device; if the judgment result is yes, then step S172 is executed; if the judgment result is no, execute Step S173;
  • step S172 whether the driver program of the access device can be executed, if the judgment result is yes, then step S174 is executed, if the judgment result is no, then step S173 is executed;
  • steps S18-S19 after the SN code verification of each access device is completed, the BIOS will call the second TPM to verify the driver (driver) loaded by the current access device to ensure that the current access device has not been maliciously attacked. destroy. Finally, all access devices are confirmed to be correct and then enter the system. If the verification fails, the key needs to be entered when entering the system, and a change prompt message is given at the same time.
  • each step in the embodiment of the present invention may be implemented by programming in a programming language, or may be implemented by other means, which is not limited in the present invention.
  • the invention effectively solves the problem that the server asset information cannot be protected in multiple layers due to the prior art, and can screen the current access device model, avoid the problem of replacing the same type of device, and ensure that the current access device will not be changed and destroyed, thereby More effectively protect the integrity, security and reliability of the current server.
  • the BIOS and the second TPM share one SPI line, and by changing the frequency of the SPI line to select the communication object of the BIOS, the data reading end and the data communication end of the BIOS can share one port.
  • the first verification information, the second verification information and the third verification information are verified in sequence, and when any verification fails, the verification needs to be performed again, which ensures the multi-level protection of the server asset information.
  • the technical solution of the present invention should provide a method for multi-layer protection of asset information based on a TPM server, which is implemented on the basis of Embodiment 1 of the present invention, and specifically includes:
  • the BMC acquires the first verification information of the access device, and invokes the first TPM to verify the first verification information of the access device,
  • step S12 judging whether the first verification information is passed, if the judgment result is yes, then step S13 is executed, if the judgment result is no, then step S14 is executed;
  • the BIOS obtains the second verification information and the third verification information of the access device, and invokes the second TPM to verify the second verification information of the access device;
  • step S16 judge whether the second verification information passes, if the judgment result is yes, then execute step S17, if the judgment result is no, then execute step S11;
  • step S18 determine whether the third verification information is passed, if the determination result is yes, then go to step S19, if the determination result is no, then go to step S11;
  • each step in the embodiment of the present invention may be implemented by programming in a programming language, or may be implemented by other means, which is not limited in the present invention.

Abstract

Provided in the present invention is a TPM-based apparatus for multi-layer protection of server asset information, the apparatus comprising a BMC, a CPU, a PCH, a BIOS, an access device, a first TPM and a second TPM. The BMC acquires first verification information of the access device by means of the PCH and the CPU, and the first TPM is used for verifying the first verification information of the access device; and the BIOS acquires second verification information and third verification information of the access device, and the second TPM is used for sequentially verifying the second verification information and the third verification information of the access device, wherein the verification of the second verification information is executed after the verification of the first verification information is passed, and the verification of the third verification information is executed after the verification of the second verification information is passed. Also provided in the present invention is a TPM-based method for multi-layer protection of server asset information. By means of the method, the model of the current access device can be examined and distinguished, such that the integrity, security and reliability of the current server are effectively protected.

Description

一种基于TPM服务器资产信息多层保护的装置及方法A device and method for multi-layer protection of asset information based on TPM server
本申请要求于2020年08月07日提交中国国家知识产权局,申请号为202010790430.3,发明名称为“一种基于TPM服务器资产信息多层保护的装置及方法”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on August 7, 2020 with the State Intellectual Property Office of China, the application number is 202010790430.3, and the invention title is "A device and method for multi-layer protection of asset information based on a TPM server", which The entire contents of this application are incorporated by reference.
技术领域technical field
本发明涉及服务器资产信息保护领域,尤其是涉及一种基于TPM服务器资产信息多层保护的装置及方法。The invention relates to the field of server asset information protection, in particular to a device and method for multi-layer protection of TPM server asset information.
背景技术Background technique
随着信息技术的不断发展,目前大多数的服务器都已支持TPM(Trusted Platform Module,可信赖平台模块),旨在对系统安全性进行保护。TPM为一种独立产生密钥以进行资料的加密解密的装置或元件,可有效地避免计算机装置或服务器装置的资料被非法用户存取。With the continuous development of information technology, most servers currently support TPM (Trusted Platform Module), which aims to protect system security. The TPM is a device or element that independently generates a key to encrypt and decrypt data, which can effectively prevent the data of the computer device or server device from being accessed by illegal users.
TPM是由可信计算组织(Trusted Computing Group)定义的可信芯片,其内部使用非对称加密算法,用以提供计算机装置或服务器装置的基本安全性相关功能。TPM包含TPM1.2和TPM2.0,TPM1.2使用I2C(Inter-Integrated Circuit,互连集成电路)协议,在服务器上一般与BMC(基板管理控制器)相连,TPM2.0使用SPI(Serial Perripheral Interface,串行外围设备接口)协议,一般与BIOS(基本输入/输出系统)进行交互。二者既可单独使用,也可相辅相成,通过固件的配置,可对系统实现多方面的安全保护。TPM is a trusted chip defined by the Trusted Computing Group (Trusted Computing Group), which uses asymmetric encryption algorithms internally to provide basic security-related functions of computer devices or server devices. TPM includes TPM1.2 and TPM2.0. TPM1.2 uses I2C (Inter-Integrated Circuit) protocol, which is generally connected to BMC (Baseboard Management Controller) on the server. TPM2.0 uses SPI (Serial Perripheral Interface, Serial Peripheral Interface) protocol, which generally interacts with the BIOS (Basic Input/Output System). The two can be used alone or complement each other. Through the configuration of the firmware, various security protections can be achieved for the system.
一般情况下,对于服务器硬件设备来说,TPM只会对设备的接入情况进行验证,确认已接入的设备是否异常丢失,并不会更进一步对设备进行区分,在目前设计中,一般是TPM1.2芯片与BMC连接,从而对接入设备的接入状态进行验证;TPM2.0与BIOS连接,从而确认开机过程中是否存在设备异常丢失或遭到恶意破坏的现象,保护当前系统的完整性。Under normal circumstances, for server hardware devices, TPM only verifies the access of the device to confirm whether the connected device is abnormally lost, and does not further distinguish the device. In the current design, it is generally The TPM1.2 chip is connected to the BMC to verify the access status of the access device; the TPM2.0 is connected to the BIOS to confirm whether the device is abnormally lost or maliciously damaged during the boot process, and protect the integrity of the current system sex.
但是现有技术的缺点一方面是无法对当前接入的设备型号进行甄别,也无法避免同型号设备替换的问题;另一方面,现有技术中主要是针对接入设备进行单一验证,并不能实现接入设备的多层次保护,不利于服务器资产信息的立体化、全方面的保护。However, the disadvantage of the prior art is that, on the one hand, the current access device model cannot be identified, and the problem of replacing devices of the same model cannot be avoided; The realization of multi-level protection of access equipment is not conducive to the three-dimensional and comprehensive protection of server asset information.
发明内容SUMMARY OF THE INVENTION
本发明为了解决现有技术中存在的问题,创新提出了一种基于TPM服务器资产信息多层保护的装置及方法,有效解决由于现有技术造成服务器资产信息不能多层次保护的问题,有效地提高了服务器资产信息保护的可靠性。In order to solve the problems existing in the prior art, the present invention innovatively proposes a device and method for multi-layer protection of TPM server asset information, which effectively solves the problem that the server asset information cannot be protected in multiple layers due to the prior art, and effectively improves the It improves the reliability of server asset information protection.
本发明第一方面提供了一种基于TPM服务器资产信息多层保护的装置,包括:BMC、CPU(Central Processing Unit,中央处理器)、PCH(Platform Controller Hub,平台控制器中枢)、BIOS、接入设备、第一TPM、第二TPM,所述BMC的数据读取端与PCH连接,用于通过PCH、CPU获取接入设备的第一验证信息,所述BMC的数据通信端与第一TPM的验证通信端连接,所述第一TPM用于验证接入设备的第一验证信息;所述BIOS的数据读取端与PCH连接,获取接 入设备的第二验证信息以及第三验证信息,所述BIOS的数据通信端与第二TPM的验证通信端连接,所述第二TPM用于依次验证接入设备的第二验证信息以及第三验证信息;所述PCH的第一使能控制端与BIOS的使能端连接,第二使能控制端与第二TPM的使能端连接;其中,第一验证信息验证通过后执行第二验证信息的验证,第二验证信息验证通过后执行第三验证信息的验证。A first aspect of the present invention provides a device for multi-layer protection based on TPM server asset information, including: BMC, CPU (Central Processing Unit, central processing unit), PCH (Platform Controller Hub, platform controller hub), BIOS, interface access device, the first TPM, and the second TPM, the data reading end of the BMC is connected to the PCH, and is used to obtain the first verification information of the access device through the PCH and the CPU, and the data communication end of the BMC is connected to the first TPM. The verification communication terminal of the BIOS is connected, and the first TPM is used to verify the first verification information of the access device; the data reading terminal of the BIOS is connected to the PCH to obtain the second verification information and the third verification information of the access device, The data communication terminal of the BIOS is connected to the verification communication terminal of the second TPM, and the second TPM is used to verify the second verification information and the third verification information of the access device in turn; the first enable control terminal of the PCH It is connected with the enabling terminal of the BIOS, and the second enabling control terminal is connected with the enabling terminal of the second TPM; wherein, the verification of the second verification information is performed after the verification of the first verification information is passed, and the verification of the second verification information is performed after the verification of the second verification information is passed. 3. Verification of verification information.
可选地,所述接入设备包括内存和/或PCIE(Peripheral Component Interface Express,总线和接口标准)设备。Optionally, the access device includes a memory and/or a PCIE (Peripheral Component Interface Express, bus and interface standard) device.
可选地,第一验证信息为接入设备的在位信息以及spec(规格)信息,第二验证信息为接入设备的SN,第三验证信息为接入设备的驱动信息。Optionally, the first verification information is presence information and spec (specification) information of the access device, the second verification information is the SN of the access device, and the third verification information is driver information of the access device.
可选地,BIOS的数据读取端与数据通信端共用一个端口,即BIOS与第二TPM共用一路SPI(Serial Peripheral Interface,串行外设接口)线路,通过改变SPI线路的频率选择BIOS的通信对象。Optionally, the data reading end of the BIOS and the data communication end share a port, that is, the BIOS and the second TPM share one SPI (Serial Peripheral Interface, serial peripheral interface) line, and the communication of the BIOS is selected by changing the frequency of the SPI line. object.
本发明第二方面提供了一种基于TPM服务器资产信息多层保护的方法,基于本发明第一方面所述的基于TPM服务器资产信息多层保护的装置的基础上实现的,具体包括:A second aspect of the present invention provides a method for multi-layer protection based on TPM server asset information, which is implemented on the basis of the device for multi-layer protection based on TPM server asset information described in the first aspect of the present invention, and specifically includes:
BMC获取接入设备的第一验证信息,调用第一TPM验证接入设备的第一验证信息,如果验证通过,服务器系统正常开机,如果验证不通过,服务器系统不能正常开机;The BMC obtains the first verification information of the access device, and invokes the first TPM to verify the first verification information of the access device. If the verification passes, the server system starts normally, and if the verification fails, the server system cannot start normally;
BIOS获取接入设备的第二验证信息以及第三验证信息,调用第二TPM验证接入设备的第二验证信息,如果验证通过,则调用第二 TPM验证接入设备的第三验证信息,如果验证不通过,则进行接入设备的第一验证信息的验证;The BIOS obtains the second verification information and the third verification information of the access device, calls the second TPM to verify the second verification information of the access device, and if the verification passes, calls the second TPM to verify the third verification information of the access device, if If the verification fails, verify the first verification information of the access device;
第二TPM验证接入设备的第三验证信息,如果验证通过,则服务器系统正常开机,如果验证不通过,则进行接入设备的第一验证信息的验证。The second TPM verifies the third verification information of the access device. If the verification passes, the server system is powered on normally. If the verification fails, the first verification information of the access device is verified.
可选地,第一验证信息为接入设备的在位信息以及spec信息,第二验证信息为接入设备的SN,第三验证信息为接入设备的驱动信息。Optionally, the first verification information is presence information and spec information of the access device, the second verification information is the SN of the access device, and the third verification information is driver information of the access device.
进一步地,第一验证信息的验证具体是:第一TPM获取接入设备的在位信息,如果接入设备在位,继续验证接入设备的spec信息与预先存储的spec信息对比是否一致,如果一致,则第一验证信息验证通过,如果不一致,则第一验证信息验证失败。Further, the verification of the first verification information is specifically: the first TPM obtains the presence information of the access device, and if the access device is in place, it continues to verify whether the spec information of the access device is consistent with the pre-stored spec information, if If they are consistent, the verification of the first verification information passes, and if they are inconsistent, the verification of the first verification information fails.
可选地,第二验证信息的验证具体是:第二TPM将获取的接入设备的第二验证信息与预先存储的第二验证信息对比是否一致,如果一致,则第二验证信息验证通过,如果不一致,则第二验证信息验证失败。Optionally, the verification of the second verification information is specifically: the second TPM compares the acquired second verification information of the access device with the pre-stored second verification information to see if they are consistent, and if they are consistent, the second verification information is verified to pass, If not, the verification of the second verification information fails.
可选地,第三验证信息的验证具体是:第二TPM将获取的接入设备的驱动的版本号与预先存储的接入设备的驱动的版本号对比是否一致,如果一致,则继续验证接入设备的驱动程序是否能够执行,如果能够执行,则第三验证信息验证通过,如果不能执行或对比不一致,则第三验证信息验证失败。Optionally, the verification of the third verification information is specifically: the second TPM compares the acquired version number of the driver of the access device with the pre-stored version number of the driver of the access device, and if they are consistent, continues to verify the access device. Whether the driver of the input device can be executed, if it can be executed, the third verification information verification is passed, and if it cannot be executed or the comparison is inconsistent, the third verification information verification fails.
可选地,当验证信息失败时,再次进入系统时需要输入密钥。Optionally, when the verification information fails, the key needs to be entered when entering the system again.
本发明采用的技术方案包括以下技术效果:The technical scheme adopted in the present invention includes the following technical effects:
1、本发明有效解决由于现有技术造成服务器资产信息不能多层次保护的问题,可以对当前接入的设备型号进行甄别,避免同型号设备替换的问题,确保当前接入设备不会变更和破坏,从而更有效地保护当前服务器的完整性、安全性以及可靠性。1. The present invention effectively solves the problem that server asset information cannot be protected at multiple levels due to the prior art, and can screen the current access device model, avoid the problem of replacing devices of the same type, and ensure that the current access device will not be changed or destroyed. , so as to more effectively protect the integrity, security and reliability of the current server.
2、本发明中BIOS与第二TPM共用一路SPI线路,通过改变SPI线路的频率选择BIOS的通信对象,可以实现BIOS的数据读取端与数据通信端共用一个端口。2. In the present invention, the BIOS and the second TPM share one SPI line, and by changing the frequency of the SPI line to select the communication object of the BIOS, the data reading end and the data communication end of the BIOS can share one port.
3、本发明第一验证信息、第二验证信息、第三验证信息依次验证,并且任一验证失败时,需要重新进行验证,保证了服务器资产信息的多层次保护。3. In the present invention, the first verification information, the second verification information, and the third verification information are verified in sequence, and when any verification fails, the verification needs to be performed again, which ensures the multi-level protection of the server asset information.
4、本发明技术方案中当验证信息失败时,再次进入系统时需要输入密钥,进一步地提高了服务器资产信息保护的可靠性。4. In the technical solution of the present invention, when the verification information fails, the key needs to be input when entering the system again, which further improves the reliability of server asset information protection.
应当理解的是以上的一般描述以及后文的细节描述仅是示例性和解释性的,并不能限制本发明。It is to be understood that the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention.
附图说明Description of drawings
为了更清楚说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单介绍,显而易见的,对于本领域普通技术人员而言,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, for those of ordinary skill in the art, On the premise of no creative work, other drawings can also be obtained from these drawings.
图1为本发明方案中实施例一装置的结构示意图;Fig. 1 is the structural schematic diagram of the device of Example 1 in the scheme of the present invention;
图2为本发明方案中实施例二方法的流程示意图;Fig. 2 is the schematic flow chart of the method of embodiment 2 in the scheme of the present invention;
图3为本发明方案中实施例二方法中步骤S11的流程示意图;3 is a schematic flowchart of step S11 in the method of Embodiment 2 in the solution of the present invention;
图4为本发明方案中实施例二方法中步骤S15的流程示意图;4 is a schematic flowchart of step S15 in the method of Embodiment 2 in the solution of the present invention;
图5为本发明方案中实施例二方法中步骤S17的流程示意图;FIG. 5 is a schematic flowchart of step S17 in the method of Embodiment 2 in the solution of the present invention;
图6为本发明方案中实施例三方法的流程示意图。FIG. 6 is a schematic flowchart of the method of Example 3 in the solution of the present invention.
具体实施方式detailed description
为能清楚说明本方案的技术特点,下面通过具体实施方式,并结合其附图,对本发明进行详细阐述。下文的公开提供了许多不同的实施例或例子用来实现本发明的不同结构。为了简化本发明的公开,下文中对特定例子的部件和设置进行描述。此外,本发明可以在不同例子中重复参考数字和/或字母。这种重复是为了简化和清楚的目的,其本身不指示所讨论各种实施例和/或设置之间的关系。应当注意,在附图中所图示的部件不一定按比例绘制。本发明省略了对公知组件和处理技术及工艺的描述以避免不必要地限制本发明。In order to clearly illustrate the technical features of the solution, the present invention will be described in detail below through specific embodiments and in conjunction with the accompanying drawings. The following disclosure provides many different embodiments or examples for implementing different structures of the invention. In order to simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in different instances. This repetition is for the purpose of simplicity and clarity and does not in itself indicate a relationship between the various embodiments and/or arrangements discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted from the present invention to avoid unnecessarily limiting the present invention.
实施例一Example 1
如图1所示,本发明提供了一种基于TPM服务器资产信息多层保护的装置,包括:BMC1、CPU2、PCH3、BIOS4、接入设备5、第一TPM6、第二TPM7,BMC1的数据读取端与PCH3连接,用于通过PCH3、CPU2获取接入设备5的第一验证信息,BMC1的数据通信端与第一TPM6的验证通信端连接,第一TPM6用于验证接入设备5的第一验证信息;BIOS4的数据读取端与PCH3连接,获取接入设备5的第二验证信息以及第三验证信息,BIOS4的数据通信端与第二TPM7的验证通信端连接,第二TPM7用于依次验证接入设备5的第 二验证信息以及第三验证信息;PCH3的第一使能控制端(发送FLASH_CS信号)与BIOS4的使能端连接,第二使能控制端(发送TPM_CS信号)与第二TPM7的使能端连接;其中,第一验证信息验证通过后执行第二验证信息的验证,第二验证信息验证通过后执行第三验证信息的验证。As shown in FIG. 1 , the present invention provides a device for multi-layer protection of asset information of a TPM server, including: BMC1, CPU2, PCH3, BIOS4, access device 5, first TPM6, second TPM7, and data reading of BMC1 The fetching terminal is connected with PCH3, and is used to obtain the first verification information of the access device 5 through PCH3 and CPU2, the data communication terminal of BMC1 is connected with the verification communication terminal of the first TPM6, and the first TPM6 is used to verify the first verification information of the access device 5. A verification information; the data reading end of BIOS4 is connected to PCH3 to obtain the second verification information and third verification information of the access device 5, the data communication terminal of BIOS4 is connected to the verification communication terminal of the second TPM7, and the second TPM7 is used for Verify the second verification information and the third verification information of the access device 5 in turn; the first enable control end of PCH3 (send FLASH_CS signal) is connected with the enable end of BIOS4, and the second enable control end (send TPM_CS signal) and The enabling end of the second TPM7 is connected; wherein, the verification of the second verification information is performed after the first verification information is verified, and the verification of the third verification information is performed after the second verification information is verified.
接入设备5包括若干内存51和/或若干PCIE设备52。内存51或PCIE设备52的数量可以根据实际情况进行选择调整,本发明在此不做限制。The access device 5 includes several memories 51 and/or several PCIE devices 52 . The quantity of the memory 51 or the PCIE device 52 can be selected and adjusted according to the actual situation, which is not limited in the present invention.
第一验证信息为接入设备5的在位信息以及spec信息,第二验证信息为接入设备5的SN,第三验证信息为接入设备5的驱动信息。The first verification information is the presence information and spec information of the access device 5 , the second verification information is the SN of the access device 5 , and the third verification information is the drive information of the access device 5 .
第一TPM6为TPM1.2芯片,第二TPM7为TPM2.0芯片。The first TPM6 is a TPM1.2 chip, and the second TPM7 is a TPM2.0 chip.
BIOS4的数据读取端与数据通信端共用一个端口,即BIOS4与第二TPM7共用一路SPI线路,通过改变SPI线路的频率选择BIOS4的通信对象。具体地,SPI线路的频率为第一频率时,BIOS4通过SPI线路与PCH3通信,获取接入设备的信息;如果SPI线路的频率为第二频率时,BIOS4通过SPI线路与第二TPM7通信,调用第二TPM7进行第二验证信息以及第三验证信息的验证。The data reading end of BIOS4 and the data communication end share one port, that is, BIOS4 and the second TPM7 share one SPI line, and the communication object of BIOS4 is selected by changing the frequency of the SPI line. Specifically, when the frequency of the SPI line is the first frequency, the BIOS4 communicates with the PCH3 through the SPI line to obtain the information of the access device; if the frequency of the SPI line is the second frequency, the BIOS4 communicates with the second TPM7 through the SPI line, and calls The second TPM 7 performs verification of the second verification information and the third verification information.
当系统上电时,BMC1可抓取当前接入设备5的情况,获取每个接入设备5的接入位置和接入情况,再利用I2C链路调用第一TPM6中的RSA算法(一种广泛应用的公钥算法),对获取到的接入设备5的接入情况进行验证。When the system is powered on, the BMC1 can capture the current status of the access device 5, obtain the access location and access status of each access device 5, and then use the I2C link to call the RSA algorithm in the first TPM6 (a kind of A widely used public key algorithm) to verify the obtained access status of the access device 5.
BMC1会将第一验证信息的验证结果利用IPMI(Intelligent  Platform Management Interface,智能平台管理接口)指令传递给BIOS4,若第一TPM6对当前接入设备的第一验证信息验证无误时,可正常开机,若验证不通过,后续在进入系统时需输入密钥,同时给出变更提示信息。The BMC1 will use the IPMI (Intelligent Platform Management Interface) instruction to transmit the verification result of the first verification information to the BIOS4. If the first TPM6 verifies the first verification information of the current access device is correct, it can be powered on normally. If the verification fails, you need to enter the key when entering the system later, and give a change prompt message at the same time.
开机过程中,BIOS4可依次在设备初始化的过程中与设备交互获取到当前设备的SN(Serial Number,产品序列号)等信息(即第二验证信息),在读取到此信息后提交给第二TPM7芯片进行验证,BIOS4通过调用第二TPM7中的SM3算法(国产哈希算法),验证当前SN是否有被更改,确认无误后进行其他接入设备的读取验证。During the boot process, BIOS4 can interact with the device in turn to obtain the SN (Serial Number, product serial number) and other information (ie the second verification information) of the current device during the device initialization process, and submit it to the first device after reading this information. The second TPM7 chip is verified, and the BIOS4 verifies whether the current SN has been changed by calling the SM3 algorithm (domestic hash algorithm) in the second TPM7.
在每个接入设备的SN码校验完成后,BIOS4会调用第二TPM7对当前接入设备5加载的driver(驱动)进行验证,确保当前接入设备5未被遭到恶意破坏。最终所有接入设备都确认无误后进入系统,若验证失败,进入系统时需要输入密钥,同时给出变更提示信息。After the SN code verification of each access device is completed, the BIOS 4 will call the second TPM 7 to verify the driver (driver) loaded by the current access device 5 to ensure that the current access device 5 has not been maliciously damaged. Finally, all access devices are confirmed to be correct and then enter the system. If the verification fails, the key needs to be entered when entering the system, and a change prompt message is given at the same time.
需要说明的是,本发明实施例中BIOS4实际指的是BIOS FLASH(闪存)。It should be noted that, in the embodiment of the present invention, BIOS4 actually refers to BIOS FLASH (flash memory).
本发明有效解决由于现有技术造成服务器资产信息不能多层次保护的问题,可以对当前接入的设备型号进行甄别,避免同型号设备替换的问题,确保当前接入设备不会变更和破坏,从而更有效地保护当前服务器的完整性、安全性以及可靠性。The invention effectively solves the problem that the server asset information cannot be protected in multiple layers due to the prior art, and can screen the current access device model, avoid the problem of replacing the same type of device, and ensure that the current access device will not be changed and destroyed, thereby More effectively protect the integrity, security and reliability of the current server.
本发明中BIOS与第二TPM共用一路SPI线路,通过改变SPI线路的频率选择BIOS的通信对象,可以实现BIOS的数据读取端与数据通信端共用一个端口。In the present invention, the BIOS and the second TPM share one SPI line, and by changing the frequency of the SPI line to select the communication object of the BIOS, the data reading end and the data communication end of the BIOS can share one port.
实施例二Embodiment 2
如图2所示,本发明技术方案该提供了一种基于TPM服务器资产信息多层保护的方法,基于本发明实施例一的基础上实现的,具体包括:As shown in FIG. 2 , the technical solution of the present invention should provide a method for multi-layer protection of asset information based on a TPM server, which is implemented on the basis of Embodiment 1 of the present invention, and specifically includes:
S11,BMC获取接入设备的第一验证信息,调用第一TPM验证接入设备的第一验证信息;S11, the BMC obtains the first verification information of the access device, and invokes the first TPM to verify the first verification information of the access device;
S12,判断第一验证信息是否通过,如果判断结果为是,则执行步骤S13,如果判断结果为否,则执行步骤S14;S12, judging whether the first verification information is passed, if the judgment result is yes, then step S13 is executed, if the judgment result is no, then step S14 is executed;
S13,服务器系统正常开机;S13, the server system is powered on normally;
S14,服务器系统不能正常开机;S14, the server system cannot be powered on normally;
S15,BIOS获取接入设备的第二验证信息以及第三验证信息,调用第二TPM验证接入设备的第二验证信息;S15, the BIOS obtains the second verification information and the third verification information of the access device, and invokes the second TPM to verify the second verification information of the access device;
S16,判断第二验证信息是否通过,如果判断结果为是,则执行步骤S17,如果判断结果为否,则执行步骤S11;S16, judging whether the second verification information is passed, if the judgment result is yes, then execute step S17, if the judgment result is no, execute step S11;
S17,调用第二TPM验证接入设备的第三验证信息;S17, calling the second TPM to verify the third verification information of the access device;
S18,判断第三验证信息是否通过,如果判断结果为是,则执行步骤S19,如果判断结果为否,则执行步骤S11;S18, determine whether the third verification information is passed, if the determination result is yes, then go to step S19, if the determination result is no, then go to step S11;
S19,则进入服务器系统。S19, enter the server system.
其中,第一验证信息为接入设备的在位信息以及spec信息,第二验证信息为接入设备的SN,第三验证信息为接入设备的驱动信息。The first verification information is the presence information and spec information of the access device, the second verification information is the SN of the access device, and the third verification information is the drive information of the access device.
步骤S11中,如图3所示,具体包括:In step S11, as shown in Figure 3, it specifically includes:
S111,第一TPM获取接入设备的在位信息;S111, the first TPM obtains the presence information of the access device;
S112,判断接入设备是否在位,如果判断结果为是,则执行步骤S113,如果判断结果为否,执行步骤S114;S112, judging whether the access device is in place, if the judgment result is yes, execute step S113, if the judgment result is no, execute step S114;
S113,验证接入设备的spec信息与预先存储的spec信息对比是否一致,如果判断结果为是,则执行步骤S115,如果判断结果为否,则执行步骤S114;S113, verify whether the spec information of the access device is consistent with the pre-stored spec information, if the judgment result is yes, execute step S115, if the judgment result is no, execute step S114;
S114,则第一验证信息验证失败;S114, the first verification information verification fails;
S115,则第一验证信息验证通过。S115, the verification of the first verification information is passed.
在步骤S113中,spec信息包括厂商信息等。In step S113, the spec information includes manufacturer information and the like.
在步骤S11-S14中,当系统上电时,BMC可抓取当前接入设备的情况,获取每个接入设备的接入位置和接入情况,再利用I2C链路调用第一TPM中的RSA算法(一种广泛应用的公钥算法),对获取到的接入设备的接入情况进行验证。In steps S11-S14, when the system is powered on, the BMC can capture the current access device status, obtain the access location and access status of each access device, and then use the I2C link to call the first TPM The RSA algorithm (a widely used public key algorithm) verifies the obtained access status of the access device.
BMC会将第一验证信息的验证结果利用IPMI指令传递给BIOS,若第一TPM对当前接入设备的第一验证信息验证无误时,可正常开机,若验证不通过,后续在进入系统时需输入密钥,同时给出变更提示信息。The BMC will pass the verification result of the first verification information to the BIOS using the IPMI command. If the first TPM verifies the first verification information of the current access device is correct, it can be powered on normally. Enter the key, and give the change prompt information at the same time.
步骤S15中,如图4所示,具体包括:In step S15, as shown in Figure 4, it specifically includes:
S151,第二TPM将获取的接入设备的第二验证信息与预先存储的第二验证信息对比是否一致;如果判断结果为是,则执行步骤S152,如果判断结果为否,执行步骤S153;S151, the second TPM compares the acquired second verification information of the access device with the pre-stored second verification information to see if they are consistent; if the judgment result is yes, then step S152 is executed, and if the judgment result is no, step S153 is executed;
S152,则第二验证信息验证通过;S152, the second verification information is verified and passed;
S153,则第二验证信息验证失败。S153, the verification of the second verification information fails.
在步骤S15-S16中,开机过程中,BIOS可依次在设备初始化的过程中与设备交互获取到当前设备的SN(Serial Number,产品序列号)等信息(即第二验证信息),在读取到此信息后提交给第二TPM芯片进行验证,BIOS通过调用第二TPM中的SM3算法(国产哈希算法),验证当前SN是否有被更改,确认无误后进行其他接入设备的读取验证。In steps S15-S16, during the booting process, the BIOS can interact with the device in turn to obtain information such as the SN (Serial Number, product serial number) of the current device (ie, the second verification information) in the process of device initialization. After receiving this information, submit it to the second TPM chip for verification. The BIOS verifies whether the current SN has been changed by calling the SM3 algorithm (domestic hash algorithm) in the second TPM. .
步骤S17中,如图5所示,具体包括:In step S17, as shown in Figure 5, it specifically includes:
S171,第二TPM将获取的接入设备的驱动的版本号与预先存储的接入设备的驱动的版本号对比是否一致;如果判断结果为是,则执行步骤S172,如果判断结果为否,执行步骤S173;S171, the second TPM compares the obtained version number of the driver of the access device with the pre-stored version number of the driver of the access device; if the judgment result is yes, then step S172 is executed; if the judgment result is no, execute Step S173;
S172,接入设备的驱动程序是否能够执行,如果判断结果为是,则执行步骤S174,如果判断结果为否,则执行步骤S173;S172, whether the driver program of the access device can be executed, if the judgment result is yes, then step S174 is executed, if the judgment result is no, then step S173 is executed;
S173,则第三验证信息验证失败;S173, the third verification information verification fails;
S174,则第三验证信息验证通过。S174, the verification of the third verification information is passed.
步骤S18-S19中,在每个接入设备的SN码校验完成后,BIOS会调用第二TPM对当前接入设备加载的driver(驱动)进行验证,确保当前接入设备未被遭到恶意破坏。最终所有接入设备都确认无误后进入系统,若验证失败,进入系统时需要输入密钥,同时给出变更提示信息。In steps S18-S19, after the SN code verification of each access device is completed, the BIOS will call the second TPM to verify the driver (driver) loaded by the current access device to ensure that the current access device has not been maliciously attacked. destroy. Finally, all access devices are confirmed to be correct and then enter the system. If the verification fails, the key needs to be entered when entering the system, and a change prompt message is given at the same time.
需要说明的是,本发明实施例中各个步骤可以通过程序语言编程实现,也可以通过其他方式实现,本发明在此不做限制。It should be noted that, each step in the embodiment of the present invention may be implemented by programming in a programming language, or may be implemented by other means, which is not limited in the present invention.
本发明有效解决由于现有技术造成服务器资产信息不能多层次 保护的问题,可以对当前接入的设备型号进行甄别,避免同型号设备替换的问题,确保当前接入设备不会变更和破坏,从而更有效地保护当前服务器的完整性、安全性以及可靠性。The invention effectively solves the problem that the server asset information cannot be protected in multiple layers due to the prior art, and can screen the current access device model, avoid the problem of replacing the same type of device, and ensure that the current access device will not be changed and destroyed, thereby More effectively protect the integrity, security and reliability of the current server.
本发明中BIOS与第二TPM共用一路SPI线路,通过改变SPI线路的频率选择BIOS的通信对象,可以实现BIOS的数据读取端与数据通信端共用一个端口。In the present invention, the BIOS and the second TPM share one SPI line, and by changing the frequency of the SPI line to select the communication object of the BIOS, the data reading end and the data communication end of the BIOS can share one port.
本发明第一验证信息、第二验证信息、第三验证信息依次验证,并且任一验证失败时,需要重新进行验证,保证了服务器资产信息的多层次保护。In the present invention, the first verification information, the second verification information and the third verification information are verified in sequence, and when any verification fails, the verification needs to be performed again, which ensures the multi-level protection of the server asset information.
实施例三Embodiment 3
如图6所示,本发明技术方案该提供了一种基于TPM服务器资产信息多层保护的方法,基于本发明实施例一的基础上实现的,具体包括:As shown in FIG. 6 , the technical solution of the present invention should provide a method for multi-layer protection of asset information based on a TPM server, which is implemented on the basis of Embodiment 1 of the present invention, and specifically includes:
S11,BMC获取接入设备的第一验证信息,调用第一TPM验证接入设备的第一验证信息,S11, the BMC acquires the first verification information of the access device, and invokes the first TPM to verify the first verification information of the access device,
S12,判断第一验证信息是否通过,如果判断结果为是,则执行步骤S13,如果判断结果为否,则执行步骤S14;S12, judging whether the first verification information is passed, if the judgment result is yes, then step S13 is executed, if the judgment result is no, then step S14 is executed;
S13,服务器系统正常开机;S13, the server system is powered on normally;
S14,服务器系统不能正常开机;S14, the server system cannot be powered on normally;
S15,BIOS获取接入设备的第二验证信息以及第三验证信息,调用第二TPM验证接入设备的第二验证信息;S15, the BIOS obtains the second verification information and the third verification information of the access device, and invokes the second TPM to verify the second verification information of the access device;
S16,判断第二验证信息是否通过,如果判断结果为是,则执行 步骤S17,如果判断结果为否,则执行步骤S11;S16, judge whether the second verification information passes, if the judgment result is yes, then execute step S17, if the judgment result is no, then execute step S11;
S17,调用第二TPM验证接入设备的第三验证信息;S17, calling the second TPM to verify the third verification information of the access device;
S18,判断第三验证信息是否通过,如果判断结果为是,则执行步骤S19,如果判断结果为否,则执行步骤S11;S18, determine whether the third verification information is passed, if the determination result is yes, then go to step S19, if the determination result is no, then go to step S11;
S19,则进入服务器系统。S19, enter the server system.
S20,当验证信息失败时,再次进入系统时需要输入密钥。S20, when the verification information fails, the key needs to be input when entering the system again.
需要说明的是,本发明实施例中各个步骤可以通过程序语言编程实现,也可以通过其他方式实现,本发明在此不做限制。It should be noted that, each step in the embodiment of the present invention may be implemented by programming in a programming language, or may be implemented by other means, which is not limited in the present invention.
本发明技术方案中当验证信息失败时,再次进入系统时需要输入密钥,进一步地提高了服务器资产信息保护的可靠性。In the technical solution of the present invention, when the verification information fails, the key needs to be input when entering the system again, which further improves the reliability of server asset information protection.
上述虽然结合附图对本发明的具体实施方式进行了描述,但并非对本发明保护范围的限制,所属领域技术人员应该明白,在本发明的技术方案的基础上,本领域技术人员不需要付出创造性劳动即可做出的各种修改或变形仍在本发明的保护范围以内。Although the specific embodiments of the present invention have been described above in conjunction with the accompanying drawings, they do not limit the scope of protection of the present invention. Those skilled in the art should understand that on the basis of the technical solutions of the present invention, those skilled in the art do not need to pay creative work. Various modifications or deformations that can be made are still within the protection scope of the present invention.

Claims (10)

  1. 一种基于TPM服务器资产信息多层保护的装置,其特征是,包括:BMC、CPU、PCH、BIOS、接入设备、第一TPM、第二TPM,所述BMC的数据读取端与PCH连接,用于通过PCH、CPU获取接入设备的第一验证信息,所述BMC的数据通信端与第一TPM的验证通信端连接,所述第一TPM用于验证接入设备的第一验证信息;所述BIOS的数据读取端与PCH连接,获取接入设备的第二验证信息以及第三验证信息,所述BIOS的数据通信端与第二TPM的验证通信端连接,所述第二TPM用于依次验证接入设备的第二验证信息以及第三验证信息;所述PCH的第一使能控制端与BIOS的使能端连接,第二使能控制端与第二TPM的使能端连接;其中,第一验证信息验证通过后执行第二验证信息的验证,第二验证信息验证通过后执行第三验证信息的验证。A device for multi-layer protection of asset information based on a TPM server, characterized in that it includes: BMC, CPU, PCH, BIOS, access equipment, a first TPM, and a second TPM, and a data reading end of the BMC is connected to the PCH , used to obtain the first verification information of the access device through the PCH and the CPU, the data communication terminal of the BMC is connected to the verification communication terminal of the first TPM, and the first TPM is used to verify the first verification information of the access device. The data reading end of the BIOS is connected with the PCH, obtains the second verification information and the third verification information of the access device, the data communication end of the BIOS is connected with the verification communication end of the second TPM, and the second TPM Used to verify the second verification information and the third verification information of the access device in turn; the first enabling control terminal of the PCH is connected to the enabling terminal of the BIOS, and the second enabling control terminal is connected to the enabling terminal of the second TPM. connection; wherein, the verification of the second verification information is performed after the first verification information is verified, and the verification of the third verification information is performed after the second verification information is verified.
  2. 根据权利要求1所述的基于TPM服务器资产信息多层保护的装置,其特征是,所述接入设备包括内存和/或PCIE设备。The apparatus for multi-layer protection of TPM server asset information according to claim 1, wherein the access device includes a memory and/or a PCIE device.
  3. 根据权利要求1所述的基于TPM服务器资产信息多层保护的装置,其特征是,第一验证信息为接入设备的在位信息以及spec信息,第二验证信息为接入设备的SN,第三验证信息为接入设备的驱动信息。The device for multi-layer protection based on TPM server asset information according to claim 1, wherein the first verification information is the presence information and spec information of the access device, the second verification information is the SN of the access device, and the first verification information is the SN of the access device. The third verification information is the driver information of the access device.
  4. 根据权利要求1所述的基于TPM服务器资产信息多层保护的装置,其特征是,BIOS的数据读取端与数据通信端共用一个端口,即BIOS与第二TPM共用一路SPI线路,通过改变SPI线路的频率 选择BIOS的通信对象。The device for multi-layer protection based on TPM server asset information according to claim 1, wherein the data reading end of the BIOS and the data communication end share a port, that is, the BIOS and the second TPM share an SPI line, and by changing the SPI The frequency of the line selects the communication object of the BIOS.
  5. 一种基于TPM服务器资产信息多层保护的方法,其特征是,基于权利要求1-4任一所述的基于TPM服务器资产信息多层保护的装置的基础上实现的,具体包括:A method for multi-layer protection based on TPM server asset information, characterized in that it is implemented on the basis of any one of claims 1-4 based on the device for multi-layer protection of TPM server asset information, and specifically includes:
    BMC获取接入设备的第一验证信息,调用第一TPM验证接入设备的第一验证信息,如果验证通过,服务器系统正常开机,如果验证不通过,服务器系统不能正常开机;The BMC obtains the first verification information of the access device, and invokes the first TPM to verify the first verification information of the access device. If the verification passes, the server system starts normally, and if the verification fails, the server system cannot start normally;
    BIOS获取接入设备的第二验证信息以及第三验证信息,调用第二TPM验证接入设备的第二验证信息,如果验证通过,则调用第二TPM验证接入设备的第三验证信息,如果验证不通过,则进行接入设备的第一验证信息的验证;The BIOS obtains the second verification information and the third verification information of the access device, calls the second TPM to verify the second verification information of the access device, and if the verification passes, calls the second TPM to verify the third verification information of the access device, if If the verification fails, verify the first verification information of the access device;
    第二TPM验证接入设备的第三验证信息,如果验证通过,则服务器系统正常开机,如果验证不通过,则进行接入设备的第一验证信息的验证。The second TPM verifies the third verification information of the access device. If the verification passes, the server system is powered on normally. If the verification fails, the first verification information of the access device is verified.
  6. 根据权利要求5所述的基于TPM服务器资产信息多层保护的方法,其特征是,第一验证信息为接入设备的在位信息以及spec信息,第二验证信息为接入设备的SN,第三验证信息为接入设备的驱动信息。The method for multi-layer protection based on TPM server asset information according to claim 5, wherein the first verification information is the presence information and spec information of the access device, the second verification information is the SN of the access device, and the first verification information is the SN of the access device. The third verification information is the driver information of the access device.
  7. 根据权利要求6所述的基于TPM服务器资产信息多层保护的方法,其特征是,第一验证信息的验证具体是:第一TPM获取接入设备的在位信息,如果接入设备在位,继续验证接入设备的spec信息与预先存储的spec信息对比是否一致,如果一致,则第一验证信 息验证通过,如果不一致,则第一验证信息验证失败。The method for multi-layer protection based on TPM server asset information according to claim 6, wherein the verification of the first verification information is specifically: the first TPM obtains the presence information of the access device, if the access device is in place, Continue to verify whether the spec information of the access device is consistent with the pre-stored spec information. If the spec information is consistent, the first verification information verification passes, and if they are inconsistent, the first verification information verification fails.
  8. 根据权利要求5所述的基于TPM服务器资产信息多层保护的方法,其特征是,第二验证信息的验证具体是:第二TPM将获取的接入设备的第二验证信息与预先存储的第二验证信息对比是否一致,如果一致,则第二验证信息验证通过,如果不一致,则第二验证信息验证失败。The method for multi-layer protection based on TPM server asset information according to claim 5, wherein the verification of the second verification information is specifically: the second TPM compares the acquired second verification information of the access device with the pre-stored first verification information. The two verification information are compared to see if they are consistent. If they are consistent, the second verification information is verified to pass. If they are inconsistent, the second verification information fails to be verified.
  9. 根据权利要求6所述的基于TPM服务器资产信息多层保护的方法,其特征是,第三验证信息的验证具体是:第二TPM将获取的接入设备的驱动的版本号与预先存储的接入设备的驱动的版本号对比是否一致,如果一致,则继续验证接入设备的驱动程序是否能够执行,如果能够执行,则第三验证信息验证通过,如果不能执行或对比不一致,则第三验证信息验证失败。The method for multi-layer protection based on TPM server asset information according to claim 6, wherein the verification of the third verification information is specifically: the second TPM compares the acquired version number of the driver of the access device with the pre-stored interface number. Check whether the version numbers of the driver of the input device are consistent. If they are consistent, continue to verify whether the driver of the access device can be executed. If it can be executed, the third verification information verification is passed. If it cannot be executed or the comparison is inconsistent, the third verification Information verification failed.
  10. 根据权利要求5-9任一所述的基于TPM服务器资产信息多层保护的方法,其特征是,当验证信息失败时,再次进入系统时需要输入密钥。The method for multi-layer protection of asset information based on a TPM server according to any one of claims 5-9, wherein when the verification information fails, a key needs to be input when entering the system again.
PCT/CN2021/096401 2020-08-07 2021-05-27 Tpm-based apparatus and method for multi-layer protection of server asset information WO2022028057A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010790430.3A CN112016092A (en) 2020-08-07 2020-08-07 TPM (trusted platform Module) -server-based asset information multilayer protection device and method
CN202010790430.3 2020-08-07

Publications (1)

Publication Number Publication Date
WO2022028057A1 true WO2022028057A1 (en) 2022-02-10

Family

ID=73500235

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/096401 WO2022028057A1 (en) 2020-08-07 2021-05-27 Tpm-based apparatus and method for multi-layer protection of server asset information

Country Status (2)

Country Link
CN (1) CN112016092A (en)
WO (1) WO2022028057A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210111892A1 (en) * 2020-12-22 2021-04-15 Anjo Lucas Vahldiek-Oberwagner Scalabe attestation for trusted execution environments
WO2024027889A1 (en) 2022-08-01 2024-02-08 Telefonaktiebolaget Lm Ericsson (Publ) Methods and apparatus of managing communication resources of a wireless communication network for radar use

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112016092A (en) * 2020-08-07 2020-12-01 苏州浪潮智能科技有限公司 TPM (trusted platform Module) -server-based asset information multilayer protection device and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190034620A1 (en) * 2017-07-31 2019-01-31 Dell Products, L.P. System shipment lock
CN109902491A (en) * 2019-02-28 2019-06-18 苏州浪潮智能科技有限公司 A kind of safe operation management framework and server of server
CN110377346A (en) * 2019-06-29 2019-10-25 苏州浪潮智能科技有限公司 A kind of compatibility mainboard and system electrification starting-up method for supporting TPM and TPCM
CN111399919A (en) * 2020-03-06 2020-07-10 苏州浪潮智能科技有限公司 Starting method and system of server, electronic equipment and storage medium
CN112016092A (en) * 2020-08-07 2020-12-01 苏州浪潮智能科技有限公司 TPM (trusted platform Module) -server-based asset information multilayer protection device and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190034620A1 (en) * 2017-07-31 2019-01-31 Dell Products, L.P. System shipment lock
CN109902491A (en) * 2019-02-28 2019-06-18 苏州浪潮智能科技有限公司 A kind of safe operation management framework and server of server
CN110377346A (en) * 2019-06-29 2019-10-25 苏州浪潮智能科技有限公司 A kind of compatibility mainboard and system electrification starting-up method for supporting TPM and TPCM
CN111399919A (en) * 2020-03-06 2020-07-10 苏州浪潮智能科技有限公司 Starting method and system of server, electronic equipment and storage medium
CN112016092A (en) * 2020-08-07 2020-12-01 苏州浪潮智能科技有限公司 TPM (trusted platform Module) -server-based asset information multilayer protection device and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210111892A1 (en) * 2020-12-22 2021-04-15 Anjo Lucas Vahldiek-Oberwagner Scalabe attestation for trusted execution environments
WO2024027889A1 (en) 2022-08-01 2024-02-08 Telefonaktiebolaget Lm Ericsson (Publ) Methods and apparatus of managing communication resources of a wireless communication network for radar use

Also Published As

Publication number Publication date
CN112016092A (en) 2020-12-01

Similar Documents

Publication Publication Date Title
WO2022028057A1 (en) Tpm-based apparatus and method for multi-layer protection of server asset information
US9742568B2 (en) Trusted support processor authentication of host BIOS/UEFI
US20190073478A1 (en) Hardware-enforced firmware security
US10754955B2 (en) Authenticating a boot path update
US11843705B2 (en) Dynamic certificate management as part of a distributed authentication system
JP6026462B2 (en) Executing secure environment initialization instructions on point-to-point interconnect systems
US11256797B2 (en) Remote attestation for multi-core processor
JP5607546B2 (en) Method and apparatus for controlling system access during a protected mode of operation
CN105205401B (en) Trusted computer system and its trusted bootstrap method based on security password chip
CN111158767B (en) BMC-based server safe starting method and device
US11829478B2 (en) Full server recovery architecture for cloud bare metal instances
TW200414051A (en) Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem
US20220067165A1 (en) Security measurement method and security measurement device for startup of server system, and server
EP4116851A1 (en) Trusted measurement method and related apparatus
CN110659498A (en) Trusted computing measurement method, system thereof and computer readable storage medium
CN112148314A (en) Mirror image verification method, device, equipment and storage medium of embedded system
CN111651769A (en) Method and device for obtaining measurement of secure boot
US20230009470A1 (en) Workspace-based fixed pass-through monitoring system and method for hardware devices using a baseboard management controller (bmc)
US11809876B2 (en) Trusted platform module protection for non-volatile memory express (NVMe) recovery
US11734457B2 (en) Technology for controlling access to processor debug features
CN110781517B (en) Method for realizing data interaction by BIOS and BMC communication
CN114510751A (en) Hardware replacement prevention device and method based on processor security kernel
WO2021037344A1 (en) Trusted device and computing system
JP2019212293A (en) Secure access to peripheral device via bus
US20230010283A1 (en) System and method for device authentication using a baseboard management controller (bmc)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21852281

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21852281

Country of ref document: EP

Kind code of ref document: A1