WO2023098569A1 - Procédé et appareil de traitement de correctif, et dispositif informatique - Google Patents

Procédé et appareil de traitement de correctif, et dispositif informatique Download PDF

Info

Publication number
WO2023098569A1
WO2023098569A1 PCT/CN2022/134180 CN2022134180W WO2023098569A1 WO 2023098569 A1 WO2023098569 A1 WO 2023098569A1 CN 2022134180 W CN2022134180 W CN 2022134180W WO 2023098569 A1 WO2023098569 A1 WO 2023098569A1
Authority
WO
WIPO (PCT)
Prior art keywords
firmware
program
patch
storage space
processor
Prior art date
Application number
PCT/CN2022/134180
Other languages
English (en)
Chinese (zh)
Inventor
宋东匡
李佩聪
樊文跃
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023098569A1 publication Critical patent/WO2023098569A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/658Incremental updates; Differential updates

Definitions

  • the present application relates to the field of computer technology, in particular to a patch processing method, device and computer equipment.
  • BIOS Basic Input Output System
  • OS operating system
  • BIOS is a bridge between the operating system (OS) and computer hardware, and is responsible for the hardware configuration when the computer is turned on. Detection, device initialization, operating system boot and providing service interface to the operating system.
  • the BIOS After the computer equipment is powered on, the BIOS first completes the hardware initialization process of the computer equipment, and then starts the OS to execute user services.
  • the BIOS may need to be modified during the operation of the computer device. For example, when a computer device fails, the failure can be resolved by modifying the BIOS.
  • the BIOS when the BIOS needs to be updated/upgraded, the BIOS also needs to be modified.
  • the following method is adopted: modifying the BIOS, storing the updated BIOS in the computer device, and restarting the computer device, so that the computer device executes the updated BIOS after restarting.
  • the present application provides a patch processing method, device, and computer equipment, which can solve computer equipment failures or implement firmware updates/upgrades by executing firmware patches without restarting the computer equipment, thereby avoiding business interruption.
  • the present application provides a patch processing method, and the execution subject of the method may be a computer device.
  • the computer device stores a first program and a firmware program of the computer device, the firmware program includes a firmware startup program and a firmware running program, and the method includes: the firmware running program obtains a firmware patch, and the firmware patch comes from the first program; the firmware running program executes Firmware patch, the firmware patch takes effect.
  • the firmware patch refers to a section of program written to solve computer equipment failures or to implement firmware updates/upgrades.
  • the above-mentioned computer equipment faults may be hardware firmware, firmware program faults, etc.
  • Firmware updates/upgrades may include, but are not limited to: improving existing firmware functions, patching vulnerabilities of existing firmware functions, adding new firmware functions, enhancing firmware stability, etc.
  • the first program may be other programs except the firmware program executed by the computer device during the running phase.
  • the first program may be an operating system.
  • the first program may be a baseboard management controller (Baseboard Management Controller, BMC) program.
  • BMC Baseboard Management Controller
  • the firmware patch from the first program is acquired through the firmware running program, and the firmware patch is executed to make the patch take effect, thereby solving the failure of the computer equipment or implementing firmware update/upgrade. Since the above-mentioned process does not update the firmware program of the computer equipment, the above-mentioned process does not need to restart the computer equipment, therefore, it will not affect the business of the computer equipment.
  • the firmware running program may obtain the firmware patch in the following manner: the firmware running program obtains patch location information from the first storage space, and the patch location information is used to indicate that the firmware patch is in the second storage space storage location; the firmware running program obtains the firmware patch from the second storage space according to the patch location information.
  • the firmware running program before the firmware running program obtains the patch location information from the first storage space, it also includes: the first program stores the firmware patch in the second storage space; the first program stores the patch location information in the second storage space; a storage space.
  • the first program transfers the firmware patch to the firmware running program through the first storage space and the second storage space.
  • Both the first storage space and the second storage space are storage spaces that can be accessed jointly by the first program and the firmware running program.
  • the first storage space may be a shared memory between the first program and the firmware running program.
  • the second storage space may be a register, a mailbox, a shared memory, and the like that are jointly accessible by the first program and the second firmware running program.
  • the first program before the first program stores the firmware patch in the second storage space, it also includes: the first program obtains the firmware calling method; the first program determines the first storage space and the second storage space according to the firmware calling method. space.
  • the firmware invoking method refers to a method in which the operating system notifies/calls the firmware running program, so that the firmware running program executes the firmware patch.
  • the firmware calling method can be divided into internal calling method and external calling method.
  • the internal calling method refers to calling within the same processor, and the external calling method refers to calling across processors.
  • the first program may acquire the firmware calling method in the following manner: the first program receives the firmware calling method sent by the firmware program.
  • the firmware startup program in the startup stage of the computer device, when the firmware startup program starts and loads the operating system, the firmware startup program sends the firmware calling method to the operating system.
  • the firmware running program sends the firmware calling method to the operating system.
  • the computer device includes at least one processor; the first program determines the first storage space and the second storage space according to a firmware calling method, including:
  • the first program determines the first storage space and the second storage space in the storage space of the first processor; the first processor runs the processor of the first program.
  • the firmware calling method is an internal calling method, it means that the firmware running program and the operating system run on the same processor, that is, both run on the first processor. Therefore, the operating system can determine the first storage space and the second storage space in the storage space of the first processor. Since the firmware running program is also executed by the first processor, the first storage space and the second storage space can also be accessed by the firmware running program.
  • the second storage space may be the memory space of the first processor.
  • the first storage space may be a preset register of the first processor.
  • the computer device includes at least one processor; the first program determines the first storage space and the second storage space according to a firmware calling method, including:
  • the first program determines the first storage space and the second storage space in the storage space accessible by the first processor and the second processor; wherein, the first processor is to run the second A processor with a program, the second processor is a processor that does not run the first program.
  • the firmware calling method is an external calling method, it means that the firmware running program and the operating system run on different processors. Therefore, the operating system can determine the first storage space and the second storage space in the storage spaces commonly accessible by the first processor and the second processor. In this way, it is ensured that the first storage space and the second storage space can also be accessed by the firmware running program.
  • the second storage space may be a shared memory space of the first processor and the second processor.
  • the first storage space may be a preset mailbox.
  • the first program and the firmware running program run on the same processor, and the firmware calling method is an internal calling method; the first program and the firmware running program run on different processors, and the firmware calling method For external calls.
  • processors refer to two physically different processors, and the two processors may be of the same type or of different types. These two processors can be packaged in a system-on-chip (SoC).
  • SoC system-on-chip
  • the firmware calling method is an internal calling method; before the firmware running program obtains the patch location information from the first storage space, it also includes: the first program executes a preset instruction, so that the processor where the first program is located Execute the firmware runner.
  • the preset instruction refers to an instruction for adjusting the execution authority of the processor.
  • the firmware calling method is an internal calling method
  • the firmware running program and the first program run in the same processor, and the execution rights of the processor to execute the firmware running program and the first program are usually different. Therefore, by executing the preset instruction through the first program, the execution authority of the processor can be switched to the execution authority corresponding to the firmware execution program, so that the processor executes the firmware execution program.
  • the firmware running program executes the firmware patch, it further includes: the firmware running program executes a preset instruction, so as to switch the execution authority of the processor to the execution authority corresponding to the first program, so that the processor continues to Execute the first program.
  • the method further includes: the firmware running program acquires the firmware patch function identifier from the first storage space; the firmware running program obtains the firmware patch function identifier from the patch location information according to the Obtaining the firmware patch in the second storage space includes: the firmware running program determines the firmware service interface corresponding to the firmware patch function identifier according to the firmware patch function identifier; through the firmware service interface according to the patch location information, and acquire the firmware patch from the second storage space.
  • firmware service interface is a software interface.
  • it may be an API interface.
  • the firmware running program may acquire the firmware patch in the following manner: the firmware running program receives a first message from the first program, where the first message includes the firmware patch.
  • the first program can deliver the firmware patch to the firmware running program through the message interaction interface.
  • the firmware running program may execute the firmware patch in the following manner: obtain signature information from the firmware patch; verify the integrity and/or legality of the firmware patch according to the signature information , to obtain a verification result; if the verification result is verified, execute the firmware patch.
  • the integrity and/or legality of the firmware patch is verified, and the firmware patch is executed only when the verification is passed, so as to ensure safe operation of the computer device.
  • the firmware running program can execute the firmware patch in the following manner: determine the file format type of the firmware patch, the file format type is binary type or bytecode type; if the file format type is byte code type, then parse and execute the firmware patch to make the firmware patch take effect; if the file format type is binary type, execute the firmware patch to make the firmware patch take effect.
  • the firmware running program adopts different execution methods for different file format types by judging the file format type of the firmware patch, so that the application scheme is not only applicable to the firmware patch in the binary format, but also applicable to the bytecode format
  • the firmware patch makes the application scenarios more extensive.
  • the present application provides a patch processing device, including: a first processing module and a second processing module; wherein the second processing module is used to obtain a firmware patch, the firmware patch comes from the first processing module, The second processing module is also used to execute the firmware patch, and the firmware patch takes effect.
  • the second processing module is specifically configured to: acquire patch location information from the first storage space, where the patch location information is used to indicate the storage location of the firmware patch in the second storage space; The patch location information is used to obtain the firmware patch from the second storage space.
  • the first processing module is configured to: store the firmware patch in the second storage space, and store the patch location information in the first storage space.
  • the first processing module is further configured to: acquire a firmware calling method; and determine the first storage space and the second storage space according to the firmware calling method.
  • the first processing module is specifically configured to: receive the firmware calling manner sent by the second processing module.
  • the patch processing apparatus is applied to computer equipment, and the computer equipment includes at least one processor; the first processing module is specifically configured to: if the firmware calling method is an internal calling method, then determining said first memory space and said second memory space in a memory space of a first processor; or,
  • the calling method of the firmware is an external calling method, then determining the first storage space and the second storage space in a storage space commonly accessible by the first processor and the second processor;
  • the first processor runs the first processing module, and the second processor does not run the first processing module.
  • the first processing module and the second processing module run in the same processor, and the firmware calling method is the internal calling method; the first processing module and the second processing module The two processing modules run in different processors, and the firmware calling method is the external calling method.
  • the firmware calling method is the internal calling method; the first processing module is further configured to: execute a preset instruction, so that the processor where the first processing module is located executes the Second processing module.
  • the second processing module is further configured to: obtain the firmware patch function identifier from the first storage space; determine the corresponding A firmware service interface; acquiring the firmware patch from the second storage space through the firmware service interface according to the patch location information.
  • the second processing module is specifically configured to: receive a first message from the first processing module, where the first message includes the firmware patch.
  • the first processing module is an operating system OS; or, the first processing module is a baseboard management controller (BMC) program.
  • OS operating system
  • BMC baseboard management controller
  • the present application provides a computer device, including:
  • the memory stores a computer program; the one or more processors run the computer program to implement the method described in the first aspect or any possible implementation manner of the first aspect.
  • the present application provides a chip, including:
  • the memory stores a computer program; the one or more processors run the computer program to implement the method described in the first aspect or any possible implementation manner of the first aspect.
  • the present application provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed, any possible Implement the method described in the manner.
  • the present application provides a computer program product, where the computer program product includes a computer program, and when the computer program is run, it implements the first aspect or any possible implementation of the first aspect. method.
  • the present application provides a patch processing method, device, and computer equipment.
  • the computer equipment stores a first program and a firmware program of the computer equipment.
  • the firmware program includes a firmware startup program and a firmware running program.
  • the method includes: the firmware running program acquires a firmware patch, The firmware patch comes from the first program; the firmware running program executes the firmware patch, and the firmware patch takes effect, so as to solve computer equipment failure or implement firmware update/upgrade. Since the above-mentioned process does not update the firmware program of the computer equipment, the above-mentioned process does not need to restart the computer equipment, therefore, it will not affect the business of the computer equipment.
  • FIG. 1 is a schematic diagram of a hardware structure of a computer device provided by an embodiment of the present application
  • FIG. 2 is a schematic diagram of a layered architecture of a computer device provided by an embodiment of the present application
  • FIG. 3 is a schematic diagram of the running sequence of the computer equipment provided by the embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a patch processing method provided in an embodiment of the present application.
  • FIG. 5 is a schematic diagram of a manner in which a firmware running program provided by an embodiment of the present application obtains a firmware patch
  • FIG. 6 is a schematic diagram of another way for the firmware running program to obtain the firmware patch provided by the embodiment of the present application.
  • FIG. 7 is a schematic diagram of the running state of a computer device provided by the embodiment of the present application.
  • FIG. 8 is a schematic diagram of another computer device operating state provided by the embodiment of the present application.
  • FIG. 9 is a schematic flow chart of another patch processing method provided by the embodiment of the present application.
  • FIG. 10 is a schematic flowchart of another patch processing method provided by the embodiment of the present application.
  • FIG. 11 is a schematic diagram of an interaction process between an operating system and a firmware program provided by an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram of a patch processing device provided by an embodiment of the present application.
  • Computer equipment refers to a machine that can perform number crunching.
  • Computer equipment includes but is not limited to: mobile phone (cellphone), smart phone (smartphone), computer (computer), tablet computer (tablet computer), wearable device (wearable device), personal digital assistant (personal digital assistant, PDA), Mobile Internet device (mobile internet device, MID), IoT device, e-book reader (e-book reader), server, etc.
  • FIG. 1 is a schematic diagram of a hardware structure of a computer device provided by an embodiment of the present application.
  • a computer device 100 includes: a processor 101 and a memory 102 .
  • a processor 101, a memory 102, and a communication interface 103 are communicatively connected to each other.
  • the processor 101, the memory 102, and the communication interface 103 may be connected by a network to realize a communication connection.
  • the above computer device 100 may further include a bus 104 .
  • the processor 101 , the memory 102 , and the communication interface 103 are connected to each other through the bus 104 .
  • the number of processors 101 may be one or more. Each processor 101 may include one or more processing cores.
  • the processor 101 may also be called a processing unit, a processing subsystem, and the like.
  • the processor 101 may include at least one of the following: a central processing unit (central processing unit, CPU), an application specific integrated circuit (application specific integrated circuit, ASIC), an application processor (application processor, AP), a modem processing processor, graphics processing unit (graphics processing unit, GPU), image signal processor (image signal processor, ISP), controller, video codec, digital signal processor (digital signal processor, DSP), baseband processor, neural Network processor (neural-network processing unit, NPU), etc.
  • the memory 102 may include: a non-volatile memory (non-volatile memory, NVM) and a random access memory (random access memory, RAM).
  • NVM non-volatile memory
  • RAM random access memory
  • the non-volatile memory can be read-only memory (read-only memory, ROM), such as programmable read-only memory (programmable read-only memory, PROM), erasable programmable read-only memory (erasable programmable read-only memory) only memory, EPROM), electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), etc.
  • the non-volatile memory may also be a flash memory, a magnetic memory, such as a magnetic tape, a floppy disk, a hard disk, and the like.
  • the non-volatile memory can also be an optical disk. When the computer equipment is powered off, the data stored in the non-volatile memory will not be lost.
  • Random access memory also called main memory, is an internal memory that directly exchanges data with the processor 101 . It can be read and written at any time, and the speed is very fast, and it is usually used as a temporary data storage medium for operating systems or other running programs. When RAM is working, information can be written (stored) or read (taken out) from any specified address at any time. The biggest difference between it and ROM is the volatility of data, that is, the stored data will be lost once the power is turned off. RAM is used in computers and digital systems to temporarily store programs, data, and intermediate results.
  • the communication interface 103 uses a transceiver module such as but not limited to a transceiver to implement communication between the computer device 100 and other devices or communication networks.
  • a transceiver module such as but not limited to a transceiver to implement communication between the computer device 100 and other devices or communication networks.
  • the computer device can acquire the firmware patch through the communication interface 103 .
  • the bus 104 may be an industry standard architecture (industry standard architecture, ISA) bus, a peripheral component interconnect (peripheral component, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, etc.
  • the bus can be divided into address bus, data bus, control bus and so on.
  • the buses in the drawings of the present application are not limited to only one bus or one type of bus.
  • the structure illustrated in the embodiment of the present application does not constitute a specific limitation on the electronic device 100 .
  • the electronic device 100 may include more or fewer components than shown in the figure, or combine certain components, or separate certain components, or adopt different component arrangements.
  • the memory 102 may be used to store firmware programs, operating systems (operating system, OS), application programs, and the like.
  • firmware programs operating systems (operating system, OS), application programs, and the like.
  • the above-mentioned firmware program, operating system, application program, etc. may be stored in a non-volatile memory.
  • the processor 101 can execute firmware programs, operating systems, application programs, etc. stored in the memory 102 to make the computer device perform certain functions.
  • the memory 102 may also store data, intermediate results, etc. created during the operation of the computer device.
  • data and intermediate results created during the operation of the above-mentioned computer device may be stored in a random access memory.
  • the firmware program may include a basic input output system (basic input output system, BIOS) and other firmware programs.
  • BIOS basic input output system
  • the BIOS stores the most important basic input and output programs of computer equipment, self-test programs after power-on, and system self-start programs. It can read and write specific information about system settings from complementary metal oxide semiconductors (CMOS).
  • CMOS complementary metal oxide semiconductors
  • the main function of BIOS is to provide the lowest-level and most direct hardware setting and control for computer equipment.
  • BIOS also provides some system parameters to the operating system.
  • FIG. 2 is a schematic diagram of a layered architecture of a computer device provided by an embodiment of the present application. As shown in FIG. 2 , the bottom layer is the hardware layer of the computer equipment, the firmware program layer is above the hardware layer, and the operating system layer is above the firmware program layer.
  • the firmware program includes a firmware startup program (ie, boot-time firmware) and a firmware running program (ie, run-time firmware).
  • the firmware startup program is used to provide functions such as hardware detection, hardware configuration, hardware initialization, and operating system booting during the startup process of the computer device.
  • the firmware running program is used to provide runtime services, system parameters, etc. to the operating system during the running of the operating system.
  • FIG. 3 is a schematic diagram of the running sequence of the computer device provided by the embodiment of the present application.
  • the running process of the computer device can be divided into a startup phase and a running phase.
  • the computer device executes the firmware startup program to detect and initialize the hardware, and guide the operating system to start. After the operating system is started, the firmware startup program ends.
  • the computer device executes the operating system and firmware running programs.
  • the firmware running program provides the operating system with the service of executing firmware patches.
  • the operating system can call this service to make the firmware running program execute Firmware patch, the firmware patch takes effect, so as to solve the fault or implement firmware update/upgrade. There is no need to restart the computer equipment during this process, and the business of the computer equipment will not be affected.
  • FIG. 4 is a schematic flowchart of a patch processing method provided by an embodiment of the present application.
  • the method in this embodiment can be executed by a computer device.
  • the computer device stores the first program and the firmware program of the computer device.
  • the firmware program includes a firmware running program and a firmware starting program.
  • the patch processing method described in the embodiment of the present application may also be called a firmware patch processing method, or a firmware update method, or a firmware upgrade method.
  • the method of this embodiment includes:
  • a firmware running program acquires a firmware patch, where the firmware patch comes from the first program.
  • the first program may be other programs except the firmware program executed by the computer device during the running phase.
  • the first program may be an operating system.
  • the first program may be a baseboard management controller (Baseboard Management Controller, BMC) program.
  • BMC Baseboard Management Controller
  • the operating system can be any one of the following: Windows, MacOS, Linux, Chrome OS, iOS, Android, Hongmeng OS, KaiOS, Ipad OS, Fuchsia OS. This embodiment does not limit it.
  • BMC is used to monitor and control the system hardware of computer equipment, for example, monitor the temperature, voltage, fan, power supply, etc. of the system hardware, and make corresponding adjustments to ensure that the system hardware is in a healthy operating state.
  • the BMC program can be regarded as an independent system, which does not depend on other hardware (such as processor, memory, etc.) on the computer device, nor does it depend on BIOS, operating system, etc. Messages can be exchanged between the BMC and the BIOS.
  • a firmware patch refers to a program written to solve computer equipment failures or to implement firmware updates/upgrades.
  • the above-mentioned computer equipment faults may be hardware firmware, firmware program faults, etc.
  • Firmware updates/upgrades may include, but are not limited to: improving existing firmware functions, patching vulnerabilities of existing firmware functions, adding new firmware functions, enhancing firmware stability, etc.
  • a firmware patch includes independent and complete code for realizing a certain function, without relying on other programs other than the firmware patch.
  • Firmware patches can be in binary or bytecode file format.
  • the control bit is a register.
  • the operating system or the BMC program has low execution authority and has no right to access the register.
  • the register can only be modified by a firmware program with higher execution authority. In this case, the following firmware patch can be written to modify the above registers:
  • the firmware running program may acquire the firmware patch from the first program in the following possible ways.
  • FIG. 5 is a schematic diagram of a manner in which a firmware running program obtains a firmware patch provided by an embodiment of the present application.
  • the first program stores the firmware patch in the second storage space, and stores the patch location information in the first storage space.
  • the patch location information is used to indicate the storage location of the firmware patch in the second storage space.
  • the firmware running program obtains the patch location information from the first storage space, and obtains the firmware patch from the second storage space according to the patch location information.
  • the patch location information may include a start address and an end address of the firmware patch in the second storage space.
  • the patch location information may include a starting location of the firmware patch in the second storage space and a length of the firmware patch.
  • the first program transfers the firmware patch to the firmware running program through the first storage space and the second storage space.
  • Both the first storage space and the second storage space are storage spaces that can be accessed jointly by the first program and the firmware running program.
  • the first storage space may be a shared memory between the first program and the firmware running program.
  • the second storage space may be a register, a mailbox (Mailbox), a shared memory, and the like that are jointly accessible by the first program and the second firmware running program.
  • FIG. 6 is a schematic diagram of another manner in which a firmware running program obtains a firmware patch provided by an embodiment of the present application.
  • the first program sends a first message to the firmware running program, and the first message includes a firmware patch.
  • the firmware running program receives the first message from the first program, and obtains the firmware patch from the first message.
  • the first program can deliver the firmware patch to the firmware running program through the message interaction interface.
  • the firmware running program acquires the firmware patch, it executes the firmware patch to make the firmware patch take effect, so as to solve the failure of the computer equipment or implement firmware update/upgrade.
  • executing the firmware patch may be: executing the code in the firmware patch; performing corresponding processing according to the code logic of the firmware patch to realize the function/logic implemented by the firmware patch.
  • Another form of expression for the firmware patch to take effect may be: the computer device implements the function/logic implemented by the firmware patch; the computer device continues to run according to the function/logic implemented by the firmware patch.
  • the computer equipment failure scenario as an example, after the firmware running program executes the firmware patch, the failure of the computer equipment is resolved, so that the computer equipment resumes normal operation.
  • the firmware update/upgrade scenario as an example, when the firmware running program executes the firmware patch, the computer equipment runs according to the updated/upgraded firmware, and achieves the operation effect after the firmware update/upgrade, for example, the function of the original firmware is improved. , Repair the loopholes of the original firmware function, increase the new firmware function, improve the stability of the firmware, etc.
  • the firmware server pushes the firmware patch to the computer device, or the developer uploads the firmware patch to the computer device, so that the first program of the computer device obtains Firmware patches.
  • the first program may use the above-mentioned method 1 or the above-mentioned method 2 to transfer the firmware patch to the firmware running program, so that the firmware running program obtains the firmware patch.
  • the firmware running program executes the firmware patch, so that the firmware patch takes effect, solves the failure of the computer equipment or implements firmware update/upgrade.
  • the firmware patch from the first program is acquired through the firmware running program, and the firmware patch is executed to make the firmware patch take effect, thereby solving the problem of the computer equipment or realizing Firmware update/upgrade. Since the above-mentioned process does not update the firmware program of the computer equipment, the above-mentioned process does not need to restart the computer equipment, therefore, it will not affect the business of the computer equipment.
  • computer equipment may include one or more processors.
  • the firmware running program and the operating system run simultaneously. In this way, the operation of the firmware running program and the operating system can be divided into the following two situations.
  • Case 1 The firmware runner and the operating system run on the same processor.
  • Case 2 The firmware runner and the operating system run on different processors.
  • the different processors refer to two physically different processors, and the two processors may be of the same type or of different types, which is not limited in this embodiment. These two processors can be packaged in a system-on-chip (SoC).
  • SoC system-on-chip
  • the computer device includes a processor. Both the operating system and firmware runners are executed by the processor.
  • FIG. 7 is a schematic diagram of the running state of a computer device provided by the embodiment of the present application. As shown in FIG. 7 , both the operating system and the firmware running program are executed by the processor.
  • the processor executes the operating system and the firmware running program in a time-sharing manner, that is, only one of the operating system and the firmware running program can be executed at the same time.
  • the firmware running program is in a suspended state (or called a sleep state). When the processor needs to execute the firmware running program, it can suspend the execution of the operating system and wake up the firmware running program.
  • the processor wakes up the operating system so that the operating system can continue to execute.
  • the operating system is run by the CPU of the processor, and the firmware running program can be run by a supporting chip of the processor, such as a bridge chip.
  • the computer device includes multiple processors.
  • the operating system can be executed by one of the processors, and the firmware running program can be distributed and executed by different processors.
  • FIG. 8 is a schematic diagram of another operating state of a computer device provided by an embodiment of the present application. As shown in FIG. 8 , it is illustrated by taking a computer device including a processor A and a processor B as an example.
  • the processor A executes an operating system and a firmware running program
  • the processor B executes the firmware running program.
  • the firmware running programs executed by the processor A and the processor B may be completely the same or different.
  • processor A executes part of the functions of the firmware running program
  • processor B executes part of the functions of the firmware running program.
  • some functions of the firmware running program executed by the processor A may overlap with some functions of the firmware running program executed by the processor B.
  • the firmware running program and the operating system run on the same processor, which belongs to the above case 1.
  • the operating system is run by the CPU of processor A
  • the firmware running program can be run by a supporting chip of processor A, such as a bridge chip.
  • firmware running program in processor B the firmware running program and the operating system run on different processors, which belongs to the above-mentioned case 2.
  • FIG. 8 uses two processors as an example for illustration, and when the computer device includes more processors, the principle is similar, and details are not repeated here.
  • FIG. 9 is a schematic flowchart of another patch processing method provided by the embodiment of the present application.
  • the method in this embodiment may be executed when the operating system determines that a firmware patch needs to be applied during the execution of the computer device.
  • the method of this embodiment includes:
  • S901 The operating system determines a firmware calling method.
  • the method of invoking the firmware refers to a method in which the operating system notifies/calls the firmware running program, so that the firmware running program executes the firmware patch.
  • Firmware calling methods can be divided into internal calling methods and external calling methods.
  • the internal calling method refers to calling within the same processor, and the external calling method refers to calling across processors.
  • the operating system and the firmware running program run on the same processor, and the calling method of the firmware is an internal calling method.
  • the operating system and the firmware running program run on different processors, and the firmware calling method is an external calling method.
  • the operating system determines the first storage space and the second storage space in the storage space of the first processor, where the first processor is a processor running the operating system.
  • the operating system stores the firmware patch in the second storage space, and stores patch location information in the first storage space, where the patch location information is used to indicate a storage location of the firmware patch in the second storage space.
  • the firmware calling method is an internal calling method, it means that the firmware running program and the operating system run on the same processor, that is, both run on the first processor, which corresponds to the above case 1. Therefore, the operating system can determine the first storage space and the second storage space in the storage space of the first processor. Since the firmware running program is also executed by the first processor, the first storage space and the second storage space can also be accessed by the firmware running program.
  • the second storage space may be the memory space of the first processor.
  • the first storage space may be a preset register of the first processor.
  • the first processor executes the operating system Execute permissions when executing the firmware are usually different from the execution permissions when executing the firmware runtime program.
  • the execution authority corresponding to the firmware running program may be higher than the execution authority corresponding to the operating system. Therefore, in some possible implementation manners, after performing S903, the operating system may further perform the following S904.
  • S904 The operating system executes a preset instruction, so that the first processor executes a firmware running program.
  • the preset instruction refers to an instruction for adjusting the execution permission of the first processor.
  • the preset instructions to be executed by the operating system are usually different.
  • the operating system executes a preset instruction to switch the execution authority of the first processor to the execution authority corresponding to the firmware running program, so that the first processor executes the firmware running program.
  • Example 1 if the first processor is an ARM architecture processor, the execution rights of the first processor can be divided into four levels: EL3, EL2, EL1, and EL0 from high to low.
  • the execution permission corresponding to the operating system is usually EL2 or EL1.
  • the execution authority corresponding to the BIOS running program is usually EL3.
  • the operating system may switch the execution authority of the first processor from EL2/EL1 to EL3 by executing the SMC instruction, so that the first processor executes the BIOS running program.
  • Example 2 if the first processor is a RISC-V architecture processor, the execution rights of the first processor can be divided into three levels: M-mode, S-mode, and U-mode from high to low.
  • the execution permission corresponding to the operating system is usually S-mode.
  • the execution permission corresponding to the BIOS running program is usually M-mode.
  • the operating system may switch the execution authority of the first processor from S-mode to M-mode by executing the ECLL instruction, so that the first processor executes the BIOS running program.
  • Example 3 if the first processor is a processor of X86 architecture.
  • the execution permission corresponding to the operating system is non-SMM mode, and the execution permission corresponding to the BIOS running program is SMM mode.
  • the operating system can switch the execution authority of the first processor from non-SMM mode to SMM mode by executing an operation instruction that generates an SMI interrupt, so that the first processor executes the BIOS running program.
  • the operating system determines the first storage space and the second storage space in the storage space accessible by the first processor and the second processor, and the first processor runs the operating system processor, and the second processor is a processor that does not run an operating system.
  • the operating system stores the firmware patch in the second storage space, and stores patch location information in the first storage space, where the patch location information is used to indicate a storage location of the firmware patch in the second storage space.
  • the firmware calling method is an external calling method, it means that the firmware running program and the operating system implementing the embodiment of the present application run on different processors, which corresponds to the above case 2.
  • the firmware execution program implementing the embodiment of the present application is executed by processor B, and the operating system is executed by processor A. Therefore, the operating system can determine the first storage space and the second storage space in the storage spaces accessible by both processor A and processor B. In this way, it is ensured that the first storage space and the second storage space can also be accessed by the firmware running program.
  • the second storage space may be a shared memory space of the first processor and the second processor.
  • the first storage space may be a preset mailbox.
  • the firmware running program acquires patch location information from the first storage space, and acquires a firmware patch from the second storage space according to the patch location information.
  • the firmware running program executes preset instructions to switch the execution authority of the processor to the execution authority corresponding to the operating system, so that the first processor continues to execute the operating system.
  • the above embodiment shown in FIG. 9 mainly describes how the operating system transfers the firmware patch to the firmware running program in the case 1 and the case 2.
  • the specific implementation process of the firmware patch after the firmware running program acquires the firmware patch is described below in conjunction with a specific embodiment.
  • FIG. 10 is a schematic flowchart of another patch processing method provided by the embodiment of the present application. As shown in Figure 10, the method of this embodiment includes:
  • the firmware running program obtains the patch location information and the firmware patch function identifier from the first storage space, and the patch location is used to indicate the storage location of the firmware patch in the second storage space.
  • the firmware running program determines the firmware service interface corresponding to the firmware patch function identifier according to the firmware patch function identifier.
  • the firmware running program can provide various calling functions to the operating system.
  • the firmware patch function is one of them.
  • Each calling function corresponds to a service interface.
  • the service interface corresponding to the firmware patch function is the firmware service interface.
  • firmware service interface is a software interface.
  • it may be an application programming interface (Application Programming Interface, API) or the like.
  • the operating system When the operating system stores the patch location information in the first storage space, it may also store the firmware patch function identifier in the first storage space.
  • the firmware patch function identifier is used to inform the firmware that the running program needs to call the firmware patch function.
  • the firmware running program can determine that the firmware service interface needs to be executed according to the firmware patch function identifier.
  • the following firmware patch execution process from S1003 to S1007 is completed by calling the firmware service interface.
  • the firmware patch may include a file header, a code area and a signature area.
  • S1004 Obtain signature information from the firmware patch through the firmware service interface, and verify the integrity and/or legality of the firmware patch according to the signature information, and obtain a verification result.
  • the signature information can be obtained from the signature area of the firmware patch.
  • the integrity and/or legality of the firmware patch is verified by using the signature information, and a verification result is obtained.
  • the integrity and/or legality of the firmware patch is verified, and the firmware patch is executed only when the verification is passed, so as to ensure safe operation of the computer equipment.
  • the computer device cannot directly recognize the firmware patch of the bytecode type, and needs to be parsed first, converted into a form that the computer device can recognize, and then executed.
  • the firmware patch of the binary type the computer device can directly execute it. As described in S1006 and S1007 below.
  • the firmware running program adopts different execution methods for different file format types by judging the file format type of the firmware patch, so that the solution of this application is not only applicable to the firmware patch in the binary format, but also applicable to the bytecode format
  • the firmware patch makes the application scenarios more extensive.
  • a firmware program may specify a firmware calling method, and notify the operating system of the firmware calling method.
  • FIG. 11 is a schematic diagram of an interaction process between an operating system and a firmware program provided by an embodiment of the present application.
  • the firmware program can send the firmware calling method to the operating system, and correspondingly, the operating system receives the firmware calling method from the firmware program, so that the operating system can learn the firmware calling method.
  • the firmware startup program when the firmware startup program starts and loads the operating system, the firmware startup program sends the firmware calling method to the operating system.
  • the firmware running program sends the firmware calling method to the operating system.
  • the BIOS program sends the function information table to the operating system.
  • the function information table includes calling functions supported by the BIOS running program, and a BIOS calling method corresponding to each calling function.
  • the function information table includes header information (Header) and a function list (Call ID[n]).
  • the function list adopts the form of an array, and the subscript of the array element is the identification of the calling function supported by the BIOS running program, and the value of Call ID[n] indicates the BIOS calling method corresponding to the calling function identification n.
  • the identifier of each calling function may be agreed in advance.
  • the identifier of the firmware patch function is 0, the corresponding identifier of another calling function is 1, and so on.
  • the meaning of the value of Call ID[n] is as follows:
  • BIOS call mode is a special instruction call (that is, the internal call mode in the above-mentioned embodiment);
  • BIOS call method is a mailbox call (that is, the external call method in the above-mentioned embodiment);
  • the operating system can determine the firmware call method corresponding to the firmware patch function according to the value of Call ID[0].
  • the function information table may also include mailbox information (Mailbox).
  • the mailbox information includes address information of at least one mailbox.
  • the firmware call method corresponding to the firmware patch function is mailbox call (that is, the external call method in the above-mentioned embodiment)
  • the mailbox specified in the mailbox information may be used to transmit the patch location information of the firmware patch.
  • the function information table is sent to the operating system through the BIOS, so that the operating system can know whether the BIOS running program supports the firmware patch function, and which firmware calling method is adopted. In this way, when the operating system needs to apply a firmware patch, it can call the BIOS running program to execute the firmware patch based on the firmware calling method.
  • FIG. 12 is a schematic structural diagram of a patch processing device provided by an embodiment of the present application.
  • the patch processing apparatus 1200 provided in this embodiment includes: a first processing module 1201 and a second processing module 1202 .
  • the second processing module 1202 is used to obtain a firmware patch
  • the firmware patch is from the first processing module 1201
  • the second processing module 1202 is also used to execute the firmware patch
  • the firmware patch takes effect.
  • the second processing module 1202 is specifically configured to: acquire patch location information from the first storage space, where the patch location information is used to indicate the storage location of the firmware patch in the second storage space; The patch location information is to obtain the firmware patch from the second storage space.
  • the first processing module 1201 is configured to: store the firmware patch in the second storage space, and store the patch location information in the first storage space.
  • the first processing module 1201 is further configured to: obtain a firmware calling method; and determine the first storage space and the second storage space according to the firmware calling method.
  • the first processing module 1201 is specifically configured to: receive the firmware calling manner sent by the second processing module.
  • the patch processing apparatus provided in this embodiment is applied to computer equipment, and the computer equipment includes at least one processor; the first processing module 1201 is specifically configured to: if the firmware calling method is internal calling mode, then determine the first storage space and the second storage space in the storage space of the first processor; or,
  • the calling method of the firmware is an external calling method, then determining the first storage space and the second storage space in a storage space commonly accessible by the first processor and the second processor;
  • the first processor runs the first processing module, and the second processor does not run the first processing module.
  • the first processing module 1201 and the second processing module 1202 run on the same processor, and the firmware calling method is the internal calling method; the first processing module 1201 and the The second processing module 1202 runs in a different processor, and the firmware calling method is the external calling method.
  • the firmware calling method is the internal calling method; the first processing module 1201 is further configured to: execute a preset instruction, so that the processor where the first processing module 1201 is located executes The second processing module 1202 .
  • the second processing module 1202 is further configured to: acquire the firmware patch function identifier from the first storage space; determine the firmware patch function identifier according to the firmware patch function identifier A corresponding firmware service interface: acquiring the firmware patch from the second storage space through the firmware service interface according to the patch location information.
  • the second processing module 1202 is specifically configured to: receive a first message from the first processing module 1201, where the first message includes the firmware patch.
  • the first processing module 1201 is an operating system OS; or, the first processing module 1201 is a baseboard management controller (BMC) program.
  • OS operating system
  • BMC baseboard management controller
  • the patch processing device provided in this embodiment can be used to execute the patch processing method provided in any of the above method embodiments, and its implementation principle and technical effect are similar, and details are not described here.
  • An embodiment of the present application further provides a computer device, the structure of which may be shown in FIG. 1 , and the computer device includes one or more processors, and a memory.
  • the memory stores computer programs.
  • the computer program may include the first program and a firmware program of the computer device, and the firmware program includes a firmware running program.
  • the one or more processors run the computer program to implement the patch processing method provided by the above method embodiment, the implementation principle and technical effect are similar, and will not be repeated here.
  • An embodiment of the present application further provides a chip, and the chip includes: one or more processors, and a memory.
  • the memory stores computer programs.
  • the computer program may include the first program and a firmware program of the chip, and the firmware program includes a firmware running program.
  • the one or more processors run the computer program to implement the patch processing method provided by the above method embodiment, the implementation principle and technical effect are similar, and will not be repeated here.
  • An embodiment of the present application also provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium.
  • the computer program includes a first program and/or a firmware program.
  • the firmware program includes a firmware running program.
  • An embodiment of the present application further provides a computer program product, where the computer program product includes a computer program.
  • the computer program includes a first program and/or a firmware program
  • the firmware program includes a firmware running program.
  • the disclosed devices and methods may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the modules is only a logical function division. In actual implementation, there may be other division methods, for example, multiple modules can be combined or integrated. to another system, or some features may be ignored, or not implemented.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or modules may be in electrical, mechanical or other forms.
  • modules described as separate components may or may not be physically separated, and the components shown as modules may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional module in each embodiment of the present application may be integrated into one processing unit, each module may exist separately physically, or two or more modules may be integrated into one unit.
  • the units formed by the above modules can be implemented in the form of hardware, or in the form of hardware plus software functional units.
  • the above-mentioned integrated modules implemented in the form of software function modules can be stored in a computer-readable storage medium.
  • the above-mentioned software functional modules are stored in a storage medium, and include several instructions to enable a computer device (which may be a personal computer, server, or network device, etc.) or a processor (English: processor) to execute the functions described in various embodiments of the present application. part of the method.
  • the above-mentioned storage medium can be realized by any type of volatile or non-volatile storage device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable In addition to programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk.
  • SRAM static random access memory
  • EEPROM electrically erasable programmable read-only memory
  • EPROM programmable read-only memory
  • ROM read-only memory
  • magnetic memory magnetic memory
  • flash memory magnetic disk or optical disk.
  • a storage media may be any available media that can be accessed by a general purpose or special purpose computer.
  • An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium.
  • the storage medium may also be a component of the processor.
  • the processor and the storage medium may be located in Application Specific Integrated Circuits (ASIC for short).
  • ASIC Application Specific Integrated Circuits
  • the processor and the storage medium can also exist in the electronic device or the main control device as discrete components.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

La présente demande concerne un procédé et un appareil de traitement de correctif, ainsi qu'un dispositif informatique. Le dispositif informatique stocke un premier programme et un programme micrologiciel du dispositif informatique, le programme micrologiciel comprenant un programme de démarrage de micrologiciel et un programme d'exécution de micrologiciel. Le procédé comprend les étapes suivantes : le programme d'exécution de micrologiciel acquiert un correctif de micrologiciel, le correctif de micrologiciel étant issu du premier programme ; et le programme d'exécution de micrologiciel exécute le correctif de micrologiciel, et le correctif de micrologiciel prend effet. Par conséquent, un défaut d'un dispositif informatique est géré, ou une mise à jour/mise à niveau de micrologiciel est réalisée. Étant donné qu'un programme micrologiciel du dispositif informatique n'est pas mis à jour pendant le processus, il n'est pas nécessaire de redémarrer le dispositif informatique, et ainsi un service du dispositif informatique n'est pas affecté.
PCT/CN2022/134180 2021-12-01 2022-11-24 Procédé et appareil de traitement de correctif, et dispositif informatique WO2023098569A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111455778.8 2021-12-01
CN202111455778.8A CN116204216A (zh) 2021-12-01 2021-12-01 补丁处理方法、装置及计算机设备

Publications (1)

Publication Number Publication Date
WO2023098569A1 true WO2023098569A1 (fr) 2023-06-08

Family

ID=86508221

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/134180 WO2023098569A1 (fr) 2021-12-01 2022-11-24 Procédé et appareil de traitement de correctif, et dispositif informatique

Country Status (2)

Country Link
CN (1) CN116204216A (fr)
WO (1) WO2023098569A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180307479A1 (en) * 2017-04-24 2018-10-25 American Megatrends, Inc. System and method for performing firmware update by patching
CN110928570A (zh) * 2019-11-27 2020-03-27 北京知道创宇信息技术股份有限公司 一种固件升级的方法及装置、可读存储介质
CN111125709A (zh) * 2019-11-29 2020-05-08 苏州浪潮智能科技有限公司 一种服务器安全漏洞修复方法与装置
CN113031999A (zh) * 2021-03-25 2021-06-25 山东英信计算机技术有限公司 服务器部件固件升级的控制方法、装置、设备及存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180307479A1 (en) * 2017-04-24 2018-10-25 American Megatrends, Inc. System and method for performing firmware update by patching
CN110928570A (zh) * 2019-11-27 2020-03-27 北京知道创宇信息技术股份有限公司 一种固件升级的方法及装置、可读存储介质
CN111125709A (zh) * 2019-11-29 2020-05-08 苏州浪潮智能科技有限公司 一种服务器安全漏洞修复方法与装置
CN113031999A (zh) * 2021-03-25 2021-06-25 山东英信计算机技术有限公司 服务器部件固件升级的控制方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN116204216A (zh) 2023-06-02

Similar Documents

Publication Publication Date Title
US9189631B2 (en) Firmware authentication
CN106030525B (zh) 用于硬件平台的固件的系统内供应的方法及其硬件平台
US10452404B2 (en) Optimized UEFI reboot process
KR100855803B1 (ko) 협동적 임베디드 에이전트
US11194588B2 (en) Information handling systems and method to provide secure shared memory access at OS runtime
EP2831722B1 (fr) Procédé et système de vérification du bon fonctionnement d'un dispositif informatique après une modification du système
US11468170B2 (en) Techniques for processor boot-up
CN107567629B (zh) 在可信执行环境容器中的动态固件模块加载器
US10572434B2 (en) Intelligent certificate discovery in physical and virtualized networks
US10303487B2 (en) System and method for booting an information handling system
WO2016062146A1 (fr) Procédé, dispositif et terminal de mise à jour d'informations de numéro de série
US20210357202A1 (en) Firmware updating
CN114969713A (zh) 设备验证方法、设备及系统
US20230229481A1 (en) Provisioning dpu management operating systems
US20230198775A1 (en) Memory device with secure boot updates and self-recovery
US20190325139A1 (en) Secure updating of computing system firmware
US20200264893A1 (en) System and method of initiating multiple adaptors in parallel
WO2023098569A1 (fr) Procédé et appareil de traitement de correctif, et dispositif informatique
US11960337B2 (en) Customized thermal and power policies in computers
US20240192743A1 (en) Customized thermal and power policies in computers
US11995452B2 (en) Firmware memory map namespace for concurrent containers
US11977753B2 (en) BIOS NVRAM storage extension system and method for secure and seamless access for various boot architectures
US11068276B2 (en) Controlled customization of silicon initialization
US11966748B2 (en) Dynamic boot configuration
CN117369841A (zh) 固件激活方法、装置、相关设备及计算机可读存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22900374

Country of ref document: EP

Kind code of ref document: A1