WO2023193351A1 - Server starting method and apparatus, device, and storage medium - Google Patents

Server starting method and apparatus, device, and storage medium Download PDF

Info

Publication number
WO2023193351A1
WO2023193351A1 PCT/CN2022/101148 CN2022101148W WO2023193351A1 WO 2023193351 A1 WO2023193351 A1 WO 2023193351A1 CN 2022101148 W CN2022101148 W CN 2022101148W WO 2023193351 A1 WO2023193351 A1 WO 2023193351A1
Authority
WO
WIPO (PCT)
Prior art keywords
firmware
verification
bmc
bios
server
Prior art date
Application number
PCT/CN2022/101148
Other languages
French (fr)
Chinese (zh)
Inventor
张旭
李瑞东
Original Assignee
浪潮(山东)计算机科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 浪潮(山东)计算机科技有限公司 filed Critical 浪潮(山东)计算机科技有限公司
Publication of WO2023193351A1 publication Critical patent/WO2023193351A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Definitions

  • the present application relates to the field of communication technology, and in particular to a server startup method, device, equipment and storage medium.
  • BMC Baseboard Management Controller
  • BIOS Basic Mobile Communications
  • the first aspect of this application provides a server starting method, including:
  • the BMC firmware is used to perform a first verification on the BIOS firmware and the BIOS firmware is used to perform a first verification on the BMC firmware. Second verification;
  • server startup method also includes:
  • firmware verification information includes BIOS firmware verification information and BMC firmware verification information.
  • the firmware verification information includes any one or more of firmware self-test results, core process running status, firmware startup status, firmware size, firmware version number and preset encryption check code.
  • server startup method also includes:
  • the BMC firmware and the BIOS firmware are running, the BMC firmware and the BIOS firmware are respectively controlled to perform self-tests on themselves.
  • the method further includes:
  • using the BMC firmware to perform a first verification on the BIOS firmware and using the BIOS firmware to perform a second verification on the BMC firmware includes:
  • the BIOS firmware is used to obtain the BMC firmware verification information from the BMC firmware through an IPMI command, so that the BIOS firmware uses the BMC firmware verification information to perform a second verification on the BMC firmware.
  • powering off the target server includes:
  • the BMC board equipped with the BMC firmware is powered off through the programmable logic device CPLD and stops powering on the processor of the target server.
  • the method also includes:
  • the target server is started.
  • the second aspect of this application provides a server starting device, including:
  • the process encapsulation and triggering module is used to encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running;
  • An interactive verification module configured to perform first verification on the BIOS firmware using the BMC firmware and using the BIOS firmware through data interaction between the BMC firmware and the BIOS firmware during the firmware verification process. Perform a second verification of the BMC firmware;
  • a judgment module configured to judge whether both the first verification and the second verification pass, and in response to the failure of both the first verification and the second verification, perform power-off processing on the target server.
  • a third aspect of the present application provides an electronic device, including a memory and one or more processors.
  • Computer-readable instructions are stored in the memory, and the computer-readable instructions are executed by the one or more processors.
  • the one or more processors are caused to execute the steps of the foregoing server startup method.
  • a fourth aspect of the application provides one or more non-volatile computer-readable storage media storing computer-readable instructions that, when executed by one or more processors, cause the one or more Multiple processors execute the steps of the foregoing server startup method.
  • Figure 1 is a flow chart of a server startup method provided by one or more embodiments of the present application.
  • Figure 2 is a schematic diagram of a specific server startup method provided by one or more embodiments of the present application.
  • Figure 3 is a schematic structural diagram of a server startup device provided by one or more embodiments of the present application.
  • Figure 4 is a structural diagram of a server-starting electronic device provided by one or more embodiments of the present application.
  • this application provides a server startup solution that verifies the BMC firmware and BIOS firmware without adding peripheral trusted verification devices, thereby improving the credibility of the server firmware to ensure safe startup of the server.
  • FIG. 1 is a flow chart of a server startup method provided by an embodiment of the present application. As shown in Figure 1, the server startup method includes:
  • S11 Encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running.
  • the target process is first encapsulated in the BMC firmware and BIOS firmware of the target server, so that the target process is triggered to perform firmware verification when the BMC firmware and the BIOS firmware are running.
  • the target process is also a piece of code, and the BMC firmware and the BIOS firmware are essentially program codes.
  • the target process can be encapsulated in the BMC firmware and BIOS firmware.
  • the BMC firmware is used to perform the first verification on the BIOS firmware and the BIOS firmware is used to perform the first verification.
  • the BMC firmware performs a second verification.
  • peripheral circuits such as trusted cryptographic modules, firmware verification modules, etc.
  • the cost of peripheral hardware circuits is relatively high.
  • the above-mentioned peripheral circuits are embedded in the server. It is difficult to add hardware trusted peripherals to the server that has been shipped to the customer's site.
  • This embodiment uses a software method to perform server firmware verification, that is, based on the target process encapsulated in the BMC firmware and the BIOS firmware, as well as the data interaction mode and existing between the BMC firmware and the BIOS firmware.
  • the channel performs server firmware verification, which not only reduces the cost of firmware trustworthy verification by adding peripheral circuits, but also realizes firmware verification of client room equipment.
  • the BMC firmware is used to perform the first verification on the BIOS firmware through data exchange between the BMC firmware and the BIOS firmware; on the other hand, through the BMC firmware and the BIOS firmware The data exchange between them uses the BIOS firmware to perform a second verification on the BMC firmware.
  • S13 Determine whether the first verification and the second verification pass, and if not, perform power-off processing on the target server.
  • the target server is Power outage processing.
  • the target server is started. That is, if not, the target server is powered off.
  • both the first verification and the second verification pass it means that the BMC firmware and the BIOS firmware of the target server have passed the trusted verification, and both the BMC firmware and the BIOS firmware are in Safe state, at which point the target server can be safely started.
  • any one of the BMC firmware and the BIOS firmware fails the trusted verification, that is, any one of the first verification and the second verification fails, then Power off the target server.
  • this embodiment performs power-off processing on the BMC board equipped with the BMC firmware and stops powering on the processor of the target server.
  • the programmable logic device CPLD is used to power off the BMC board equipped with the BMC firmware. Perform power-off processing and stop powering on the processor of the target server. That is to say, if the BMC firmware fails to verify the BIOS firmware information, the programmable logic device CPLD is notified to power off the BMC module and no longer powers the CPU. If the BIOS firmware verifies the BMC firmware If the information does not pass, the programmable logic device CPLD is notified to power off the BMC module and no longer power on the CPU, thereby achieving the purpose of interlocking verification of the BMC firmware and the BIOS firmware.
  • the programmable logic device CPLD is essentially a control unit, which needs to be determined according to the specific configuration of the server. Other devices that can achieve the same effect can be used, and this embodiment is not limited to this.
  • the embodiment of the present application first encapsulates the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running; and then perform the firmware verification.
  • the BMC firmware is used to perform a first verification on the BIOS firmware and the BIOS firmware is used to perform a second verification on the BMC firmware; Finally, it is determined whether the first verification and the second verification pass, and if not, the target server is powered off.
  • firmware verification is performed through the target process encapsulated in the firmware, that is, based on the data interaction between the BMC firmware and BIOS firmware in the server, the BMC firmware and BIOS firmware are implemented Interlock verification.
  • the beneficial effect of this embodiment is to verify the BMC firmware and BIOS firmware without adding a peripheral trusted verification device, thereby improving the credibility of the server firmware to ensure safe startup of the server.
  • FIG. 2 is a flow chart of a specific server startup method provided by an embodiment of the present application. As shown in Figure 2, the server startup method includes:
  • S22 Control the BMC firmware and the BIOS firmware to interact with the firmware verification information according to the structure defined in the custom protocol; wherein the firmware verification information includes BIOS firmware verification information and BMC firmware verification information.
  • a custom protocol is created in advance.
  • the custom protocol is mainly an agreement on the underlying transmission protocol between the BMC firmware and the BIOS firmware, that is, an agreement on the interactive data between the BMC firmware and the BIOS firmware.
  • the BMC firmware and the BIOS firmware are controlled to interact with the firmware verification information according to the structure defined in the custom protocol. It is easy to understand that the custom protocol can be a part of the code in the target process, or can be separately packaged in the BMC firmware and the BIOS firmware, which is not limited in this embodiment.
  • the BMC firmware and the BIOS firmware are respectively controlled to perform self-tests on themselves. Control the BMC firmware and the BIOS firmware respectively to save their own firmware self-test results.
  • the firmware verification information contains the firmware self-test results, control the BMC firmware and the BIOS firmware to save the firmware self-test results.
  • the firmware verification information includes any one or more of firmware self-test results, core process running status, firmware startup status, firmware size, firmware version number, and preset encryption check code.
  • the firmware verification information includes BIOS firmware verification information and BMC firmware verification information.
  • the BIOS firmware verification information is the firmware self-test results of the BIOS firmware, core process running status, firmware startup status, firmware size, and firmware version. Any one or more of the number and preset encryption check code.
  • the BMC firmware verification information is the firmware self-test result of the BMC firmware, core process operation status, firmware startup status, firmware size, firmware version number and Any one or more of the preset encryption check codes. Therefore, this embodiment adopts a custom protocol method for firmware verification.
  • the protocol format that is, the protocol structure is defined as:
  • SelfTest in the above-mentioned custom structure represents the self-test result of the BMC firmware or the BIOS firmware.
  • the BMC firmware or the BIOS firmware When the BMC firmware or the BIOS firmware is running, it needs to self-test its own operating status and will perform the self-test. The result is saved;
  • CoreProcessStatus indicates the running status of the core process of the BMC firmware or the BIOS firmware;
  • InitCompletely indicates whether the BMC firmware or the BIOS firmware is fully started to prevent a certain firmware core process from not starting to power on the server, causing the server to Abnormal;
  • FirmwareSize represents the firmware size, the BMC firmware is generally 64M in size, and the BIOS firmware is generally 32M in size.
  • Version[4] represents the firmware version number, the BMC firmware or all The BIOS firmware will verify the version number of the other party
  • CheckCode represents the check code of the BMC firmware or the BIOS firmware.
  • the check code is a string of encrypted characters to prevent the BMC firmware or BIOS of the server from The firmware has been tampered with or tampered with.
  • S23 Use the BMC firmware to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands, so that the BMC firmware uses the BIOS firmware verification information to perform the first verification on the BIOS firmware.
  • S24 Use the BIOS firmware to obtain the BMC firmware verification information from the BMC firmware through IPMI commands, so that the BIOS firmware uses the BMC firmware verification information to perform a second verification on the BMC firmware.
  • S25 Determine whether the first verification and the second verification pass. If not, perform power-off processing on the target server.
  • the BMC firmware and the BIOS firmware generally interact through IPMI (Intelligent Platform Management Interface, Intelligent Platform Management Interface) commands.
  • IPMI Intelligent Platform Management Interface
  • IPMI is an open standard hardware management interface specification. After the target server motherboard is powered on, the BMC firmware and the BIOS firmware run respectively. The BMC firmware and the BIOS firmware first perform self-tests, and then interactively transmit the information in the above structure through IPMI commands.
  • the BMC firmware is used to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands, so that the BMC firmware uses the BIOS firmware verification information to perform a first verification on the BIOS firmware;
  • the BIOS firmware is used to obtain the BMC firmware verification information from the BMC firmware through IPMI commands, so that the BIOS firmware uses the BMC firmware verification information to perform a second verification on the BMC firmware.
  • the BIOS firmware fails to verify the BIOS firmware information, that is, the first verification fails, the programmable logic device CPLD will power off the BMC module and no longer power on the CPU; the BIOS firmware will verify If the BMC firmware information fails to pass the verification, that is, the second verification fails, the CPLD is notified to power off the BMC module and no longer power on the CPU to achieve the purpose of interlock verification of the BMC and BIOS.
  • the embodiment of the present application controls the BMC firmware and the BIOS firmware to interact with the firmware verification information according to the structure defined in the custom protocol on the basis of pre-creating a custom protocol. Then the BMC firmware is used to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands to perform the first verification of the BIOS firmware, and at the same time, the BIOS firmware is used to obtain the verification information from the BMC through IPMI commands. The BMC firmware verification information is obtained in the firmware to perform a second verification on the BMC firmware.
  • the beneficial effect of this embodiment is that the server firmware is verified using software and protocols. After the interlocking verification of the BMC firmware and the BIOS firmware is completed, the target server is turned on again, which can ensure the integrity of the server firmware and prevent the firmware from being Malicious strings to further protect server firmware security.
  • a server starting device which includes:
  • the process encapsulation and triggering module 11 is used to encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running;
  • the interactive verification module 12 is configured to perform first verification on the BIOS firmware using the BMC firmware and using the BIOS firmware through data interaction between the BMC firmware and the BIOS firmware during the firmware verification process.
  • the firmware performs a second verification on the BMC firmware;
  • the judgment module 13 is used to judge whether the first verification and the second verification pass, and if not, power off the target server.
  • the embodiment of the present application first encapsulates the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running; and then perform the firmware verification.
  • the BMC firmware is used to perform a first verification on the BIOS firmware and the BIOS firmware is used to perform a second verification on the BMC firmware; Finally, it is determined whether the first verification and the second verification pass, and if not, the target server is powered off.
  • firmware verification is performed through the target process encapsulated in the firmware, that is, based on the data interaction between the BMC firmware and BIOS firmware in the server, the BMC firmware and BIOS firmware are implemented
  • the interlocking verification verifies the BMC firmware and BIOS firmware without adding peripheral trusted verification equipment, improving the credibility of the server firmware to ensure safe startup of the server.
  • the server startup device further includes:
  • Protocol creation module for pre-creating custom protocols
  • a control module configured to control the BMC firmware and the BIOS firmware to interact with firmware verification information according to the structure defined in the custom protocol; wherein the firmware verification information includes BIOS firmware verification information and BMC firmware verification information. ;
  • a self-test module configured to control the BMC firmware and the BIOS firmware respectively to perform self-tests on themselves when the BMC firmware and the BIOS firmware are running;
  • a storage module configured to respectively control the BMC firmware and the BIOS firmware to save their own firmware self-test results.
  • the firmware verification information contains the firmware self-test results
  • control the BMC firmware and the BIOS firmware to store the firmware self-test results. Interact with firmware self-test results.
  • the interactive verification module 12 specifically includes:
  • the first verification unit is configured to use the BMC firmware to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands, so that the BMC firmware uses the BIOS firmware verification information to perform verification on the BIOS firmware.
  • the second verification unit is configured to use the BIOS firmware to obtain the BMC firmware verification information from the BMC firmware through IPMI commands, so that the BIOS firmware uses the BMC firmware verification information to perform verification on the BMC firmware. Second verification.
  • the judgment module 13 is specifically configured to power off the BMC board equipped with the BMC firmware through the programmable logic device CPLD and stop powering on the processor of the target server.
  • FIG. 4 is a structural diagram of the electronic device 20 according to an exemplary embodiment. The content in the figure cannot be considered as any limitation on the scope of the present application.
  • FIG. 4 is a schematic structural diagram of an electronic device 20 provided by an embodiment of the present application.
  • the electronic device 20 may specifically include: one or more processors 21, at least one memory 22, a power supply 23, a communication interface 24, an input-output interface 25 and a communication bus 26.
  • the memory 22 is used to store computer-readable instructions, which are loaded and executed by the processor 21 to implement relevant steps in the server startup method disclosed in any of the foregoing embodiments.
  • the power supply 23 is used to provide working voltage for each hardware device on the electronic device 20;
  • the communication interface 24 can create a data transmission channel between the electronic device 20 and external devices, and the communication protocol it follows can be applicable Any communication protocol of the technical solution of this application is not specifically limited here;
  • the input and output interface 25 is used to obtain external input data or output data to the external world, and its specific interface type can be selected according to specific application needs. Here Not specifically limited.
  • the memory 22 as a carrier for resource storage, can be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc.
  • the resources stored thereon can include an operating system 221, computer readable instructions 222, data 223, etc., and the storage method can be Short-term storage or permanent storage.
  • the operating system 221 is used to manage and control each hardware device and computer readable instructions 222 on the electronic device 20 to realize the calculation and processing of the massive data 223 in the memory 22 by the processor 21. It can be Windows Server, Netware, Unix, Linux, etc.
  • the computer-readable instructions 222 may further include computer-readable instructions that can be used to complete other specific tasks.
  • Data 223 may include interaction data collected by electronic device 20 .
  • embodiments of the present application also disclose one or more non-volatile computer-readable storage media storing computer-readable instructions.
  • the computer-readable instructions are executed by one or more processors, one or more The processor executes the steps of the server startup method disclosed in any of the foregoing embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The present application relates to the technical field of communications, and discloses a server starting method and apparatus, a device, and a storage medium. The method comprises: respectively packaging a target process in BMC firmware and BIOS firmware of a target server to trigger, when the BMC firmware and the BIOS firmware are running, the target process to perform firmware verification; in the firmware verification process, by means of data interaction between the BMC firmware and the BIOS firmware, respectively performing first verification on the BIOS firmware by using the BMC firmware and second verification on the BMC firmware by using the BIOS firmware; and determining whether the first verification and the second verification are passed, and if not, powering off the target server. According to the present application, the BMC firmware and the BIOS firmware are verified when no peripheral trusted verification device needs to be added, such that the credibility of the firmware of the server is improved to ensure secure starting of the server.

Description

一种服务器启动方法、装置、设备及存储介质A server startup method, device, equipment and storage medium
相关申请的交叉引用Cross-references to related applications
本申请要求于2022年04月06日提交中国专利局,申请号为202210352874.8,申请名称为“一种服务器启动方法、装置、设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requests the priority of the Chinese patent application submitted to the China Patent Office on April 6, 2022, with the application number 202210352874.8, and the application name is "A server startup method, device, equipment and storage medium", the entire content of which is incorporated by reference incorporated in this application.
技术领域Technical field
本申请涉及通信技术领域,特别涉及一种服务器启动方法、装置、设备及存储介质。The present application relates to the field of communication technology, and in particular to a server startup method, device, equipment and storage medium.
背景技术Background technique
BMC(Baseboard Management Controller)为基板管理控制器,可以实现服务器的相关控制、信息监督等功能,是直观呈现服务器信息的平台。服务器客户端可以通过web、ipmitool、snmp工具等访问服务器BMC以获取服务器的信息。BMC本质上是一个嵌入式系统,在使用过程中会面临程序完整性被破坏、操作系统被攻击、Web应用被植入恶意代码等安全风险。此外,目前国内的服务器普遍采用国外的BMC芯片(如ASPEED系列的AST2400、AST2500等型号),安全性未知,核心技术受制于人。BIOS固件亦是如此。BMC (Baseboard Management Controller) is a baseboard management controller, which can realize server-related control, information supervision and other functions. It is a platform for intuitively presenting server information. The server client can access the server BMC through web, ipmitool, snmp tools, etc. to obtain server information. BMC is essentially an embedded system. During use, it will face security risks such as program integrity being destroyed, operating system being attacked, and web applications being implanted with malicious code. In addition, domestic servers currently generally use foreign BMC chips (such as ASPEED series AST2400, AST2500 and other models), the security of which is unknown, and the core technology is controlled by others. The same is true for BIOS firmware.
传统的安全手段一般只能防护网络层面或操作系统层面的问题,针对服务器BIOS固件的攻击以及针对服务器BMC固件的攻击,传统的“围堵查杀”手段显得更加捉襟见肘,不能保证固件安全便无法对服务器进行安全启动,对BMC固件和BIOS固件进行可信验证是必经之路。目前均需要新增外围电路(如可信密码模块或固件校验模块等),这种方式极大程度上增加了服务器成本,且对于已经出厂到客户现场的服务器则不能再添加外围设备。Traditional security methods can generally only protect against problems at the network level or operating system level. For attacks on server BIOS firmware and attacks on server BMC firmware, traditional "containment and killing" methods are even more limited and cannot guarantee firmware security. Secure boot of the server and trusted verification of BMC firmware and BIOS firmware are the only way to go. Currently, it is necessary to add peripheral circuits (such as trusted cryptographic modules or firmware verification modules, etc.). This method greatly increases the cost of the server, and no peripheral devices can be added to the server that has been shipped to the customer's site.
因此,如何提高服务器固件的可信度以保障服务器安全启动是本领域技术人员亟待解决的技术问题。Therefore, how to improve the reliability of the server firmware to ensure safe startup of the server is an urgent technical problem to be solved by those skilled in the art.
发明内容Contents of the invention
本申请的第一方面提供了一种服务器启动方法,包括:The first aspect of this application provides a server starting method, including:
分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验;Encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running;
在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证;和During the firmware verification process, through data interaction between the BMC firmware and the BIOS firmware, the BMC firmware is used to perform a first verification on the BIOS firmware and the BIOS firmware is used to perform a first verification on the BMC firmware. Second verification; and
判断所述第一验证和所述第二验证是否均通过,响应于所述第一验证和所述第二验证均未通过,对所述目标服务器进行断电处理。Determine whether the first verification and the second verification pass, and in response to the failure of the first verification and the second verification, perform power-off processing on the target server.
可选的,所述服务器启动方法,还包括:Optionally, the server startup method also includes:
预先创建自定义协议;和Pre-create custom protocols; and
控制所述BMC固件和所述BIOS固件按照所述自定义协议中定义的结构体对固件验证信息进行交互;其中,所述固件验证信息包括BIOS固件验证信息和BMC固件验证信息。Control the BMC firmware and the BIOS firmware to interact with the firmware verification information according to the structure defined in the custom protocol; wherein the firmware verification information includes BIOS firmware verification information and BMC firmware verification information.
可选的,所述固件验证信息包括固件自检结果、核心进程运行情况、固件启动状态、固件大小、固件版本号及预设加密校验码中的任意一种或多种。Optionally, the firmware verification information includes any one or more of firmware self-test results, core process running status, firmware startup status, firmware size, firmware version number and preset encryption check code.
可选的,所述服务器启动方法,还包括:Optionally, the server startup method also includes:
在所述BMC固件和所述BIOS固件运行时,分别控制所述BMC固件和所述BIOS固件对自身进行自检。When the BMC firmware and the BIOS firmware are running, the BMC firmware and the BIOS firmware are respectively controlled to perform self-tests on themselves.
可选的,所述分别控制所述BMC固件和所述BIOS固件对自身进行自检之后,还包括:Optionally, after controlling the BMC firmware and the BIOS firmware respectively to perform self-tests, the method further includes:
分别控制所述BMC固件和所述BIOS固件对自身的固件自检结果进行保存,当所述固件验证信息包含固件自检结果时,控制所述BMC固件和所述BIOS固件对固件自检结果进行交互。Control the BMC firmware and the BIOS firmware respectively to save their own firmware self-test results. When the firmware verification information contains the firmware self-test results, control the BMC firmware and the BIOS firmware to save the firmware self-test results. Interaction.
可选的,所述分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证,包括:Optionally, using the BMC firmware to perform a first verification on the BIOS firmware and using the BIOS firmware to perform a second verification on the BMC firmware includes:
利用所述BMC固件通过IPMI命令的方式从所述BIOS固件中获取所述BIOS固件验证信息,以便所述BMC固件利用所述BIOS固件校验信息对所述BIOS固件进行第一验证;和Utilize the BMC firmware to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands, so that the BMC firmware uses the BIOS firmware verification information to perform the first verification on the BIOS firmware; and
利用所述BIOS固件通过IPMI命令的方式从所述BMC固件中获取所述BMC固件验证信息,以便所述BIOS固件利用所述BMC固件校验信息对所述BMC固件进行第二验证。The BIOS firmware is used to obtain the BMC firmware verification information from the BMC firmware through an IPMI command, so that the BIOS firmware uses the BMC firmware verification information to perform a second verification on the BMC firmware.
可选的,所述对所述目标服务器进行断电处理,包括:Optionally, powering off the target server includes:
通过可编程逻辑器件CPLD对搭载所述BMC固件的BMC板卡进行断电处理并停止为所述目标服务器的处理器上电。The BMC board equipped with the BMC firmware is powered off through the programmable logic device CPLD and stops powering on the processor of the target server.
可选的,所述方法还包括:Optionally, the method also includes:
响应于所述第一验证和所述第二验证均通过,启动所述目标服务器。In response to both the first verification and the second verification passing, the target server is started.
本申请的第二方面提供了一种服务器启动装置,包括:The second aspect of this application provides a server starting device, including:
进程封装及触发模块,用于分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验;The process encapsulation and triggering module is used to encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running;
交互验证模块,用于在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证;和An interactive verification module, configured to perform first verification on the BIOS firmware using the BMC firmware and using the BIOS firmware through data interaction between the BMC firmware and the BIOS firmware during the firmware verification process. Perform a second verification of the BMC firmware; and
判断模块,用于判断所述第一验证和所述第二验证是否均通过,响应于所述第一验证和所述第二验证均未通过,对所述目标服务器进行断电处理。A judgment module, configured to judge whether both the first verification and the second verification pass, and in response to the failure of both the first verification and the second verification, perform power-off processing on the target server.
本申请的第三方面提供了一种电子设备,包括存储器及一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述一个或多个处理器执行时,使得所述一个或多个处理器执行前述服务器启动方法的步骤。A third aspect of the present application provides an electronic device, including a memory and one or more processors. Computer-readable instructions are stored in the memory, and the computer-readable instructions are executed by the one or more processors. When, the one or more processors are caused to execute the steps of the foregoing server startup method.
本申请的第四方面提供了一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行前述服务器启动方法的步骤。A fourth aspect of the application provides one or more non-volatile computer-readable storage media storing computer-readable instructions that, when executed by one or more processors, cause the one or more Multiple processors execute the steps of the foregoing server startup method.
附图说明Description of the drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to explain the embodiments of the present application or the technical solutions in the prior art more clearly, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only This is an embodiment of the present application. For those of ordinary skill in the art, other drawings can be obtained based on the provided drawings without exerting creative efforts.
图1为本申请一个或多个实施例提供的一种服务器启动方法流程图;Figure 1 is a flow chart of a server startup method provided by one or more embodiments of the present application;
图2为本申请一个或多个实施例提供的一种具体的服务器启动方法示意图;Figure 2 is a schematic diagram of a specific server startup method provided by one or more embodiments of the present application;
图3为本申请一个或多个实施例提供的一种服务器启动装置结构示意图;Figure 3 is a schematic structural diagram of a server startup device provided by one or more embodiments of the present application;
图4为本申请一个或多个实施例提供的一种服务器启动电子设备结构图。Figure 4 is a structural diagram of a server-starting electronic device provided by one or more embodiments of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例, 都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, rather than all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of this application.
现有技术中,一方面,针对服务器BIOS固件的攻击以及针对服务器BMC固件的攻击,传统的“围堵查杀”手段显得更加捉襟见肘,不能保证固件安全便无法对服务器进行安全启动,对BMC固件和BIOS固件进行可信验证是必经之路。另一方面,目前均需要新增外围电路,这种方式极大程度上增加了服务器成本,且对于已经出厂到客户现场的服务器则不能再添加外围设备。针对上述技术缺陷,本申请提供一种服务器启动方案,在无需增加外围可信校验设备的同时对BMC固件和BIOS固件进行校验,提高服务器固件的可信度以保障服务器安全启动。In the existing technology, on the one hand, the traditional "containment and killing" means are more limited for attacks on server BIOS firmware and attacks on server BMC firmware. If the security of the firmware cannot be guaranteed, the server cannot be safely started, and the BMC firmware cannot be safely started. Trusted verification with BIOS firmware is the only way to go. On the other hand, it is currently necessary to add new peripheral circuits. This method greatly increases the cost of the server, and peripheral devices cannot be added to the server that has been shipped to the customer's site. In response to the above technical shortcomings, this application provides a server startup solution that verifies the BMC firmware and BIOS firmware without adding peripheral trusted verification devices, thereby improving the credibility of the server firmware to ensure safe startup of the server.
图1为本申请实施例提供的一种服务器启动方法流程图。参见图1所示,该服务器启动方法包括:Figure 1 is a flow chart of a server startup method provided by an embodiment of the present application. As shown in Figure 1, the server startup method includes:
S11:分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验。S11: Encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running.
本实施例中,先分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验。所述目标进程也即一段代码,所述BMC固件和所述BIOS固件本质也为程序代码,所述目标进程可封装于所述BMC固件和BIOS固件之中,当所述目标服务器主板上电后,所述BMC固件和所述BIOS固件相继开始运行,当所述BMC固件和所述BIOS固件均开始运行时,所述BMC固件和所述BIOS固件中封装的所述目标进程开始运行,以在所述BMC固件和所述BIOS固件之间执行互锁校验。In this embodiment, the target process is first encapsulated in the BMC firmware and BIOS firmware of the target server, so that the target process is triggered to perform firmware verification when the BMC firmware and the BIOS firmware are running. The target process is also a piece of code, and the BMC firmware and the BIOS firmware are essentially program codes. The target process can be encapsulated in the BMC firmware and BIOS firmware. When the target server motherboard is powered on , the BMC firmware and the BIOS firmware start to run one after another. When both the BMC firmware and the BIOS firmware start to run, the target process encapsulated in the BMC firmware and the BIOS firmware starts to run. Interlock verification is performed between the BMC firmware and the BIOS firmware.
S12:在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证。S12: During the firmware verification process, through data interaction between the BMC firmware and the BIOS firmware, use the BMC firmware to perform a first verification on the BIOS firmware and use the BIOS firmware to verify the BMC The firmware performs a second verification.
本实施例中,在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证。当前对所述BMC固件或所述BIOS固件的校验均需要借助外围电路,例如可信密码模块、固件校验模块等,外围硬件电路成本较高。上述外围电路内嵌于服务器当中,对于已经出厂到客户现场的服务器增加硬件可信外围设备难度较大。In this embodiment, during the firmware verification process, through data interaction between the BMC firmware and the BIOS firmware, the BMC firmware is used to perform the first verification on the BIOS firmware and the BIOS firmware is used to perform the first verification. The BMC firmware performs a second verification. Currently, the verification of the BMC firmware or the BIOS firmware requires the use of peripheral circuits, such as trusted cryptographic modules, firmware verification modules, etc., and the cost of peripheral hardware circuits is relatively high. The above-mentioned peripheral circuits are embedded in the server. It is difficult to add hardware trusted peripherals to the server that has been shipped to the customer's site.
本实施例使用软件方式进行服务器固件校验,也即基于所述BMC固件和所述BIOS固件中封装的所述目标进程以及所述BMC固件与所述BIOS固件之间本身存在的数据交互方式和通道进行服务器固件校验,既没有增加外围电路以降低固件可信校验的成本,又实现了 客户机房设备的固件校验。具体的,一方面,通过所述BMC固件和所述BIOS固件之间的数据交互利用所述BMC固件对所述BIOS固件进行第一验证,另一方面,通过所述BMC固件和所述BIOS固件之间的数据交互利用所述BIOS固件对所述BMC固件进行第二验证。This embodiment uses a software method to perform server firmware verification, that is, based on the target process encapsulated in the BMC firmware and the BIOS firmware, as well as the data interaction mode and existing between the BMC firmware and the BIOS firmware. The channel performs server firmware verification, which not only reduces the cost of firmware trustworthy verification by adding peripheral circuits, but also realizes firmware verification of client room equipment. Specifically, on the one hand, the BMC firmware is used to perform the first verification on the BIOS firmware through data exchange between the BMC firmware and the BIOS firmware; on the other hand, through the BMC firmware and the BIOS firmware The data exchange between them uses the BIOS firmware to perform a second verification on the BMC firmware.
S13:判断所述第一验证和所述第二验证是否均通过,如果否,则对所述目标服务器进行断电处理。S13: Determine whether the first verification and the second verification pass, and if not, perform power-off processing on the target server.
本实施例中,在校验之后,综合判断所述第一验证和所述第二验证是否均通过,响应于所述第一验证和所述第二验证均未通过,对所述目标服务器进行断电处理。响应于所述第一验证和所述第二验证均通过,启动所述目标服务器。即,如果否,则对所述目标服务器进行断电处理。如果所述第一验证和所述第二验证均通过,则说明所述目标服务器的所述BMC固件和所述BIOS固件均通过了可信校验,所述BMC固件与所述BIOS固件均处于安全状态,此时可以安全启动所述目标服务器。同样的,如前文所述,如果所述BMC固件和所述BIOS固件中任何一个未通过可信校验,也即所述第一验证和所述第二验证中任何一个校验未通过,则对所述目标服务器进行断电处理。In this embodiment, after the verification, it is comprehensively determined whether the first verification and the second verification pass, and in response to the failure of the first verification and the second verification, the target server is Power outage processing. In response to both the first verification and the second verification passing, the target server is started. That is, if not, the target server is powered off. If both the first verification and the second verification pass, it means that the BMC firmware and the BIOS firmware of the target server have passed the trusted verification, and both the BMC firmware and the BIOS firmware are in Safe state, at which point the target server can be safely started. Similarly, as mentioned above, if any one of the BMC firmware and the BIOS firmware fails the trusted verification, that is, any one of the first verification and the second verification fails, then Power off the target server.
特别的,本实施例对搭载所述BMC固件的BMC板卡进行断电处理并停止为所述目标服务器的处理器上电,具体通过可编程逻辑器件CPLD对搭载所述BMC固件的BMC板卡进行断电处理并停止为所述目标服务器的处理器上电。也即所述如果BMC固件校验所述BIOS固件信息不通过,则通知所述可编程逻辑器件CPLD将BMC模块断电并不再给CPU上电,如果所述BIOS固件校验所述BMC固件信息不通过,则通知所述可编程逻辑器件CPLD将BMC模块断电并不再给CPU上电,达到所述BMC固件和所述BIOS固件互锁验证的目的。当然,所述可编程逻辑器件CPLD本质为控制单元,需要根据服务器的具体配置决定,其他能达到相同效果的器件均可,本实施例对此不进行限定。In particular, this embodiment performs power-off processing on the BMC board equipped with the BMC firmware and stops powering on the processor of the target server. Specifically, the programmable logic device CPLD is used to power off the BMC board equipped with the BMC firmware. Perform power-off processing and stop powering on the processor of the target server. That is to say, if the BMC firmware fails to verify the BIOS firmware information, the programmable logic device CPLD is notified to power off the BMC module and no longer powers the CPU. If the BIOS firmware verifies the BMC firmware If the information does not pass, the programmable logic device CPLD is notified to power off the BMC module and no longer power on the CPU, thereby achieving the purpose of interlocking verification of the BMC firmware and the BIOS firmware. Of course, the programmable logic device CPLD is essentially a control unit, which needs to be determined according to the specific configuration of the server. Other devices that can achieve the same effect can be used, and this embodiment is not limited to this.
可见,本申请实施例先分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验;然后在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证;最后判断所述第一验证和所述第二验证是否均通过,如果否,则对所述目标服务器进行断电处理。本申请实施例在服务器中的BMC固件和BIOS固件运行时,通过固件内封装的目标进程进行固件校验,也即基于服务器中BMC固件和BIOS固件之间的数据交互,实现BMC固件和BIOS固件的互锁验证。本实施例的有益效果在于,在无需增加外围可信校验 设备的同时对BMC固件和BIOS固件进行校验,提高服务器固件的可信度以保障服务器安全启动。It can be seen that the embodiment of the present application first encapsulates the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running; and then perform the firmware verification. During the process, through data interaction between the BMC firmware and the BIOS firmware, the BMC firmware is used to perform a first verification on the BIOS firmware and the BIOS firmware is used to perform a second verification on the BMC firmware; Finally, it is determined whether the first verification and the second verification pass, and if not, the target server is powered off. In the embodiment of this application, when the BMC firmware and BIOS firmware in the server are running, firmware verification is performed through the target process encapsulated in the firmware, that is, based on the data interaction between the BMC firmware and BIOS firmware in the server, the BMC firmware and BIOS firmware are implemented Interlock verification. The beneficial effect of this embodiment is to verify the BMC firmware and BIOS firmware without adding a peripheral trusted verification device, thereby improving the credibility of the server firmware to ensure safe startup of the server.
图2为本申请实施例提供的一种具体的服务器启动方法流程图。参见图2所示,该服务器启动方法包括:Figure 2 is a flow chart of a specific server startup method provided by an embodiment of the present application. As shown in Figure 2, the server startup method includes:
S21:预先创建自定义协议。S21: Create custom protocols in advance.
S22:控制所述BMC固件和所述BIOS固件按照所述自定义协议中定义的结构体对固件验证信息进行交互;其中,所述固件验证信息包括BIOS固件验证信息和BMC固件验证信息。S22: Control the BMC firmware and the BIOS firmware to interact with the firmware verification information according to the structure defined in the custom protocol; wherein the firmware verification information includes BIOS firmware verification information and BMC firmware verification information.
本实施例中,进一步的,预先创建自定义协议。所述自定义协议主要是针对所述BMC固件和所述BIOS固件之间的底层传输协议做的约定,也即对所述BMC固件和所述BIOS固件之间的交互数据做的约定。在此基础上,控制所述BMC固件和所述BIOS固件按照所述自定义协议中定义的结构体对固件验证信息进行交互。不难理解,所述自定义协议可以是所述目标进程中的一部分代码,也可以单独封装于所述BMC固件和所述BIOS固件当中,本实施例对此不进行限定。In this embodiment, further, a custom protocol is created in advance. The custom protocol is mainly an agreement on the underlying transmission protocol between the BMC firmware and the BIOS firmware, that is, an agreement on the interactive data between the BMC firmware and the BIOS firmware. On this basis, the BMC firmware and the BIOS firmware are controlled to interact with the firmware verification information according to the structure defined in the custom protocol. It is easy to understand that the custom protocol can be a part of the code in the target process, or can be separately packaged in the BMC firmware and the BIOS firmware, which is not limited in this embodiment.
本实施例中,为了使得校验结果更加准确,在所述BMC固件和所述BIOS固件运行时,分别控制所述BMC固件和所述BIOS固件对自身进行自检。分别控制所述BMC固件和所述BIOS固件对自身的固件自检结果进行保存,当所述固件验证信息包含固件自检结果时,控制所述BMC固件和所述BIOS固件对固件自检结果进行交互。In this embodiment, in order to make the verification results more accurate, when the BMC firmware and the BIOS firmware are running, the BMC firmware and the BIOS firmware are respectively controlled to perform self-tests on themselves. Control the BMC firmware and the BIOS firmware respectively to save their own firmware self-test results. When the firmware verification information contains the firmware self-test results, control the BMC firmware and the BIOS firmware to save the firmware self-test results. Interaction.
本实施例中,所述固件验证信息包括固件自检结果、核心进程运行情况、固件启动状态、固件大小、固件版本号及预设加密校验码中的任意一种或多种。可以理解,所述固件验证信息包括BIOS固件验证信息和BMC固件验证信息,所述BIOS固件验证信息为所述BIOS固件的固件自检结果、核心进程运行情况、固件启动状态、固件大小、固件版本号及预设加密校验码中的任意一种或多种,所述BMC固件验证信息为所述BMC固件的固件自检结果、核心进程运行情况、固件启动状态、固件大小、固件版本号及预设加密校验码中的任意一种或多种。因此,本实施例采用自定义协议方式进行固件验证,协议格式也即协议结构体定义为:In this embodiment, the firmware verification information includes any one or more of firmware self-test results, core process running status, firmware startup status, firmware size, firmware version number, and preset encryption check code. It can be understood that the firmware verification information includes BIOS firmware verification information and BMC firmware verification information. The BIOS firmware verification information is the firmware self-test results of the BIOS firmware, core process running status, firmware startup status, firmware size, and firmware version. Any one or more of the number and preset encryption check code. The BMC firmware verification information is the firmware self-test result of the BMC firmware, core process operation status, firmware startup status, firmware size, firmware version number and Any one or more of the preset encryption check codes. Therefore, this embodiment adopts a custom protocol method for firmware verification. The protocol format, that is, the protocol structure is defined as:
Figure PCTCN2022101148-appb-000001
Figure PCTCN2022101148-appb-000001
Figure PCTCN2022101148-appb-000002
Figure PCTCN2022101148-appb-000002
需要说明的是,上述自定义结构中的SelfTest表示所述BMC固件或所述BIOS固件的自检结果,所述BMC固件或所述BIOS固件运行时需要对自身运行状态进行自检并将自检结果保存;CoreProcessStatus表示所述BMC固件或所述BIOS固件的核心进程运行情况;InitCompletely表示所述BMC固件或所述BIOS固件是否完全启动,防止某一固件核心进程没启动给服务器上电,导致服务器异常;FirmwareSize表示固件大小,所述BMC固件一般为64M大小,所述BIOS固件一般为32M大小,当数据不正确时表示固件有损坏;Version[4]表示固件版本号,所述BMC固件或所述BIOS固件会对对方的版本号进行校验;CheckCode表示所述BMC固件或所述BIOS固件的校验码,该校验码是一串加密字符,防止服务器的所述BMC固件或所述BIOS固件被篡改或篡刷。上述信息类型可以根据不同应用场景进行自定义设置,本实施例对此不进行限定。It should be noted that SelfTest in the above-mentioned custom structure represents the self-test result of the BMC firmware or the BIOS firmware. When the BMC firmware or the BIOS firmware is running, it needs to self-test its own operating status and will perform the self-test. The result is saved; CoreProcessStatus indicates the running status of the core process of the BMC firmware or the BIOS firmware; InitCompletely indicates whether the BMC firmware or the BIOS firmware is fully started to prevent a certain firmware core process from not starting to power on the server, causing the server to Abnormal; FirmwareSize represents the firmware size, the BMC firmware is generally 64M in size, and the BIOS firmware is generally 32M in size. When the data is incorrect, it means the firmware is damaged; Version[4] represents the firmware version number, the BMC firmware or all The BIOS firmware will verify the version number of the other party; CheckCode represents the check code of the BMC firmware or the BIOS firmware. The check code is a string of encrypted characters to prevent the BMC firmware or BIOS of the server from The firmware has been tampered with or tampered with. The above information types can be customized according to different application scenarios, which is not limited in this embodiment.
S23:利用所述BMC固件通过IPMI命令的方式从所述BIOS固件中获取所述BIOS固件验证信息,以便所述BMC固件利用所述BIOS固件校验信息对所述BIOS固件进行第一验证。S23: Use the BMC firmware to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands, so that the BMC firmware uses the BIOS firmware verification information to perform the first verification on the BIOS firmware.
S24:利用所述BIOS固件通过IPMI命令的方式从所述BMC固件中获取所述BMC固件验证信息,以便所述BIOS固件利用所述BMC固件校验信息对所述BMC固件进行第二验证。S24: Use the BIOS firmware to obtain the BMC firmware verification information from the BMC firmware through IPMI commands, so that the BIOS firmware uses the BMC firmware verification information to perform a second verification on the BMC firmware.
S25:判断所述第一验证和所述第二验证是否均通过,如果否,则对所述目标服务器进行断电处理。S25: Determine whether the first verification and the second verification pass. If not, perform power-off processing on the target server.
本实施例中,所述BMC固件和所述BIOS固件之间一般通过IPMI(智能平台管理接口,Intelligent Platform Management Interface)命令进行交互,IPMI是一种开放标准的硬件管理接口规格。所述目标服务器主板上电后,所述BMC固件和所述BIOS固件分别运行。所述BMC固件和所述BIOS固件首先进行自检,后通过IPMI命令交互传输上述结构体中的信息。一方面,利用所述BMC固件通过IPMI命令的方式从所述BIOS固件中获取所述BIOS固件验证信息,以便所述BMC固件利用所述BIOS固件校验信息对所述BIOS固件进行第一验证;另一方面,利用所述BIOS固件通过IPMI命令的方式从所述BMC固件中获取 所述BMC固件验证信息,以便所述BIOS固件利用所述BMC固件校验信息对所述BMC固件进行第二验证。同样的,所述BMC固件校验所述BIOS固件信息不通过也即第一验证不通过,则所述可编程逻辑器件CPLD将BMC模块断电并不再给CPU上电;所述BIOS固件校验所述BMC固件信息不通过也即第二验证不通过,则通知CPLD将BMC模块断电并不再给CPU上电,达到BMC和BIOS互锁验证的目的。In this embodiment, the BMC firmware and the BIOS firmware generally interact through IPMI (Intelligent Platform Management Interface, Intelligent Platform Management Interface) commands. IPMI is an open standard hardware management interface specification. After the target server motherboard is powered on, the BMC firmware and the BIOS firmware run respectively. The BMC firmware and the BIOS firmware first perform self-tests, and then interactively transmit the information in the above structure through IPMI commands. On the one hand, the BMC firmware is used to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands, so that the BMC firmware uses the BIOS firmware verification information to perform a first verification on the BIOS firmware; On the other hand, the BIOS firmware is used to obtain the BMC firmware verification information from the BMC firmware through IPMI commands, so that the BIOS firmware uses the BMC firmware verification information to perform a second verification on the BMC firmware. . Similarly, if the BMC firmware fails to verify the BIOS firmware information, that is, the first verification fails, the programmable logic device CPLD will power off the BMC module and no longer power on the CPU; the BIOS firmware will verify If the BMC firmware information fails to pass the verification, that is, the second verification fails, the CPLD is notified to power off the BMC module and no longer power on the CPU to achieve the purpose of interlock verification of the BMC and BIOS.
可见,本申请实施例在预先创建自定义协议的基础上控制所述BMC固件和所述BIOS固件按照所述自定义协议中定义的结构体对固件验证信息进行交互。然后利用所述BMC固件通过IPMI命令的方式从所述BIOS固件中获取所述BIOS固件验证信息以对所述BIOS固件进行第一验证,同时利用所述BIOS固件通过IPMI命令的方式从所述BMC固件中获取所述BMC固件验证信息以对所述BMC固件进行第二验证。本实施例的有益效果在于,使用软件和协议方式进行服务器固件验证,所述BMC固件和所述BIOS固件互锁校验完成后所述目标服务器再开机,能够保障服务器固件完整性、防止固件被恶意串以进一步保障服务器固件安全。It can be seen that the embodiment of the present application controls the BMC firmware and the BIOS firmware to interact with the firmware verification information according to the structure defined in the custom protocol on the basis of pre-creating a custom protocol. Then the BMC firmware is used to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands to perform the first verification of the BIOS firmware, and at the same time, the BIOS firmware is used to obtain the verification information from the BMC through IPMI commands. The BMC firmware verification information is obtained in the firmware to perform a second verification on the BMC firmware. The beneficial effect of this embodiment is that the server firmware is verified using software and protocols. After the interlocking verification of the BMC firmware and the BIOS firmware is completed, the target server is turned on again, which can ensure the integrity of the server firmware and prevent the firmware from being Malicious strings to further protect server firmware security.
参见图3所示,本申请实施例还相应公开了一种服务器启动装置,包括:Referring to Figure 3, the embodiment of the present application also discloses a server starting device, which includes:
进程封装及触发模块11,用于分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验;The process encapsulation and triggering module 11 is used to encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running;
交互验证模块12,用于在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证;The interactive verification module 12 is configured to perform first verification on the BIOS firmware using the BMC firmware and using the BIOS firmware through data interaction between the BMC firmware and the BIOS firmware during the firmware verification process. The firmware performs a second verification on the BMC firmware;
判断模块13,用于判断所述第一验证和所述第二验证是否均通过,如果否,则对所述目标服务器进行断电处理。The judgment module 13 is used to judge whether the first verification and the second verification pass, and if not, power off the target server.
可见,本申请实施例先分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验;然后在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证;最后判断所述第一验证和所述第二验证是否均通过,如果否,则对所述目标服务器进行断电处理。本申请实施例在服务器中的BMC固件和BIOS固件运行时,通过固件内封装的目标进程进行固件校验,也即基于服务器中BMC固件和BIOS固件之间的数据交互,实现BMC固件和BIOS固件的互锁验证,在无需增加外围可信校验设备的同时对BMC固件和BIOS固件进行校验,提高服务器固件的可信度以保障服务器安全启动。It can be seen that the embodiment of the present application first encapsulates the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running; and then perform the firmware verification. During the process, through data interaction between the BMC firmware and the BIOS firmware, the BMC firmware is used to perform a first verification on the BIOS firmware and the BIOS firmware is used to perform a second verification on the BMC firmware; Finally, it is determined whether the first verification and the second verification pass, and if not, the target server is powered off. In the embodiment of this application, when the BMC firmware and BIOS firmware in the server are running, firmware verification is performed through the target process encapsulated in the firmware, that is, based on the data interaction between the BMC firmware and BIOS firmware in the server, the BMC firmware and BIOS firmware are implemented The interlocking verification verifies the BMC firmware and BIOS firmware without adding peripheral trusted verification equipment, improving the credibility of the server firmware to ensure safe startup of the server.
在一些具体实施例中,所述服务器启动装置还包括:In some specific embodiments, the server startup device further includes:
协议创建模块,用于预先创建自定义协议;Protocol creation module for pre-creating custom protocols;
控制模块,用于控制所述BMC固件和所述BIOS固件按照所述自定义协议中定义的结构体对固件验证信息进行交互;其中,所述固件验证信息包括BIOS固件验证信息和BMC固件验证信息;A control module configured to control the BMC firmware and the BIOS firmware to interact with firmware verification information according to the structure defined in the custom protocol; wherein the firmware verification information includes BIOS firmware verification information and BMC firmware verification information. ;
自检模块,用于在所述BMC固件和所述BIOS固件运行时,分别控制所述BMC固件和所述BIOS固件对自身进行自检;A self-test module, configured to control the BMC firmware and the BIOS firmware respectively to perform self-tests on themselves when the BMC firmware and the BIOS firmware are running;
存储模块,用于分别控制所述BMC固件和所述BIOS固件对自身的固件自检结果进行保存,当所述固件验证信息包含固件自检结果时,控制所述BMC固件和所述BIOS固件对固件自检结果进行交互。A storage module, configured to respectively control the BMC firmware and the BIOS firmware to save their own firmware self-test results. When the firmware verification information contains the firmware self-test results, control the BMC firmware and the BIOS firmware to store the firmware self-test results. Interact with firmware self-test results.
在一些具体实施例中,所述交互验证模块12,具体包括:In some specific embodiments, the interactive verification module 12 specifically includes:
第一验证单元,用于利用所述BMC固件通过IPMI命令的方式从所述BIOS固件中获取所述BIOS固件验证信息,以便所述BMC固件利用所述BIOS固件校验信息对所述BIOS固件进行第一验证;The first verification unit is configured to use the BMC firmware to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands, so that the BMC firmware uses the BIOS firmware verification information to perform verification on the BIOS firmware. First verification;
第二验证单元,用于利用所述BIOS固件通过IPMI命令的方式从所述BMC固件中获取所述BMC固件验证信息,以便所述BIOS固件利用所述BMC固件校验信息对所述BMC固件进行第二验证。The second verification unit is configured to use the BIOS firmware to obtain the BMC firmware verification information from the BMC firmware through IPMI commands, so that the BIOS firmware uses the BMC firmware verification information to perform verification on the BMC firmware. Second verification.
在一些具体实施例中,所述判断模块13,具体用于通过可编程逻辑器件CPLD对搭载所述BMC固件的BMC板卡进行断电处理并停止为所述目标服务器的处理器上电。In some specific embodiments, the judgment module 13 is specifically configured to power off the BMC board equipped with the BMC firmware through the programmable logic device CPLD and stop powering on the processor of the target server.
进一步的,本申请实施例还提供了一种电子设备。图4是根据一示例性实施例示出的电子设备20结构图,图中的内容不能认为是对本申请的使用范围的任何限制。Further, the embodiment of the present application also provides an electronic device. FIG. 4 is a structural diagram of the electronic device 20 according to an exemplary embodiment. The content in the figure cannot be considered as any limitation on the scope of the present application.
图4为本申请实施例提供的一种电子设备20的结构示意图。该电子设备20,具体可以包括:一个或多个处理器21、至少一个存储器22、电源23、通信接口24、输入输出接口25和通信总线26。其中,所述存储器22用于存储计算机可读指令,所述计算机可读指令由所述处理器21加载并执行,以实现前述任一实施例公开的服务器启动方法中的相关步骤。FIG. 4 is a schematic structural diagram of an electronic device 20 provided by an embodiment of the present application. The electronic device 20 may specifically include: one or more processors 21, at least one memory 22, a power supply 23, a communication interface 24, an input-output interface 25 and a communication bus 26. The memory 22 is used to store computer-readable instructions, which are loaded and executed by the processor 21 to implement relevant steps in the server startup method disclosed in any of the foregoing embodiments.
本实施例中,电源23用于为电子设备20上的各硬件设备提供工作电压;通信接口24能够为电子设备20创建与外界设备之间的数据传输通道,其所遵循的通信协议是能够适用于本申请技术方案的任意通信协议,在此不对其进行具体限定;输入输出接口25,用于获取外界输入数据或向外界输出数据,其具体的接口类型可以根据具体应用需要进行选取,在此不进行具体限定。In this embodiment, the power supply 23 is used to provide working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and external devices, and the communication protocol it follows can be applicable Any communication protocol of the technical solution of this application is not specifically limited here; the input and output interface 25 is used to obtain external input data or output data to the external world, and its specific interface type can be selected according to specific application needs. Here Not specifically limited.
另外,存储器22作为资源存储的载体,可以是只读存储器、随机存储器、磁盘或者光盘等,其上所存储的资源可以包括操作系统221、计算机可读指令222及数据223等,存储方式可以是短暂存储或者永久存储。In addition, the memory 22, as a carrier for resource storage, can be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc. The resources stored thereon can include an operating system 221, computer readable instructions 222, data 223, etc., and the storage method can be Short-term storage or permanent storage.
其中,操作系统221用于管理与控制电子设备20上的各硬件设备以及计算机可读指令222,以实现处理器21对存储器22中海量数据223的运算与处理,其可以是Windows Server、Netware、Unix、Linux等。计算机可读指令222除了包括能够用于完成前述任一实施例公开的由电子设备20执行的服务器启动方法的计算机可读指令之外,还可以进一步包括能够用于完成其他特定工作的计算机可读指令。数据223可以包括电子设备20收集到的交互数据。Among them, the operating system 221 is used to manage and control each hardware device and computer readable instructions 222 on the electronic device 20 to realize the calculation and processing of the massive data 223 in the memory 22 by the processor 21. It can be Windows Server, Netware, Unix, Linux, etc. In addition to computer-readable instructions that can be used to complete the server startup method executed by the electronic device 20 disclosed in any of the foregoing embodiments, the computer-readable instructions 222 may further include computer-readable instructions that can be used to complete other specific tasks. instruction. Data 223 may include interaction data collected by electronic device 20 .
进一步的,本申请实施例还公开了一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行前述任一实施例公开的服务器启动方法步骤。Further, embodiments of the present application also disclose one or more non-volatile computer-readable storage media storing computer-readable instructions. When the computer-readable instructions are executed by one or more processors, one or more The processor executes the steps of the server startup method disclosed in any of the foregoing embodiments.
本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in this specification is described in a progressive manner. Each embodiment focuses on its differences from other embodiments. The same or similar parts between the various embodiments can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple. For relevant details, please refer to the description in the method section.
最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个…”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。Finally, it should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that these entities or any such actual relationship or sequence between operations. Furthermore, the terms "comprises," "comprises," or any other variations thereof are intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus that includes a list of elements includes not only those elements, but also those not expressly listed other elements, or elements inherent to the process, method, article or equipment. Without further limitation, an element defined by the statement "comprises a..." does not exclude the presence of additional identical elements in a process, method, article, or apparatus that includes the stated element.
以上对本申请所提供的服务器启动方法、装置、设备及存储介质进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。The server startup method, device, equipment and storage medium provided by this application have been introduced in detail above. This article uses specific examples to illustrate the principles and implementation methods of this application. The description of the above embodiments is only used to help understand this application. The application method and its core idea; at the same time, for those of ordinary skill in the field, there will be changes in the specific implementation and application scope based on the ideas of this application. In summary, the contents of this specification should not be understood as a limitation on this application.

Claims (11)

  1. 一种服务器启动方法,其特征在于,包括:A server startup method, characterized by including:
    分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验;Encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running;
    在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证;和During the firmware verification process, through data interaction between the BMC firmware and the BIOS firmware, the BMC firmware is used to perform a first verification on the BIOS firmware and the BIOS firmware is used to perform a first verification on the BMC firmware. Second verification; and
    判断所述第一验证和所述第二验证是否均通过,响应于所述第一验证和所述第二验证均未通过,对所述目标服务器进行断电处理。Determine whether the first verification and the second verification pass, and in response to the failure of the first verification and the second verification, perform power-off processing on the target server.
  2. 根据权利要求1所述的服务器启动方法,其特征在于,还包括:The server startup method according to claim 1, further comprising:
    预先创建自定义协议;和Pre-create custom protocols; and
    控制所述BMC固件和所述BIOS固件按照所述自定义协议中定义的结构体对固件验证信息进行交互;其中,所述固件验证信息包括BIOS固件验证信息和BMC固件验证信息。Control the BMC firmware and the BIOS firmware to interact with the firmware verification information according to the structure defined in the custom protocol; wherein the firmware verification information includes BIOS firmware verification information and BMC firmware verification information.
  3. 根据权利要求2所述的服务器启动方法,其特征在于,所述固件验证信息包括固件自检结果、核心进程运行情况、固件启动状态、固件大小、固件版本号及预设加密校验码中的任意一种或多种。The server startup method according to claim 2, wherein the firmware verification information includes firmware self-test results, core process operation status, firmware startup status, firmware size, firmware version number and preset encryption check code. any one or more.
  4. 根据权利要求1-3任一项所述的服务器启动方法,其特征在于,还包括:The server startup method according to any one of claims 1-3, further comprising:
    在所述BMC固件和所述BIOS固件运行时,分别控制所述BMC固件和所述BIOS固件对自身进行自检。When the BMC firmware and the BIOS firmware are running, the BMC firmware and the BIOS firmware are respectively controlled to perform self-tests on themselves.
  5. 根据权利要求4所述的服务器启动方法,其特征在于,所述分别控制所述BMC固件和所述BIOS固件对自身进行自检之后,还包括:The server startup method according to claim 4, characterized in that after controlling the BMC firmware and the BIOS firmware respectively to perform self-tests, the method further includes:
    分别控制所述BMC固件和所述BIOS固件对自身的固件自检结果进行保存,当所述固件验证信息包含固件自检结果时,控制所述BMC固件和所述BIOS固件对固件自检结果进行交互。Control the BMC firmware and the BIOS firmware respectively to save their own firmware self-test results. When the firmware verification information contains the firmware self-test results, control the BMC firmware and the BIOS firmware to save the firmware self-test results. Interaction.
  6. 根据权利要求2至5任一项所述的服务器启动方法,其特征在于,所述分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证,包括:The server startup method according to any one of claims 2 to 5, wherein the BMC firmware is used to perform a first verification on the BIOS firmware and the BIOS firmware is used to perform a third verification on the BMC firmware. Second verification, including:
    利用所述BMC固件通过IPMI命令的方式从所述BIOS固件中获取所述BIOS固件验证信息,以便所述BMC固件利用所述BIOS固件校验信息对所述BIOS固件进行第一验证;和Utilize the BMC firmware to obtain the BIOS firmware verification information from the BIOS firmware through IPMI commands, so that the BMC firmware uses the BIOS firmware verification information to perform the first verification on the BIOS firmware; and
    利用所述BIOS固件通过IPMI命令的方式从所述BMC固件中获取所述BMC固件验证信息,以便所述BIOS固件利用所述BMC固件校验信息对所述BMC固件进行第二验证。The BIOS firmware is used to obtain the BMC firmware verification information from the BMC firmware through an IPMI command, so that the BIOS firmware uses the BMC firmware verification information to perform a second verification on the BMC firmware.
  7. 根据权利要求1-6中任一项所述的服务器启动方法,其特征在于,所述对所述目标服务器进行断电处理,包括:The server startup method according to any one of claims 1 to 6, characterized in that said powering off the target server includes:
    通过可编程逻辑器件CPLD对搭载所述BMC固件的BMC板卡进行断电处理并停止为所述目标服务器的处理器上电。The BMC board equipped with the BMC firmware is powered off through the programmable logic device CPLD and stops powering on the processor of the target server.
  8. 根据权利要求1-7中任一项所述的服务器启动方法,其特征在于,所述方法还包括:The server startup method according to any one of claims 1-7, characterized in that the method further includes:
    响应于所述第一验证和所述第二验证均通过,启动所述目标服务器。In response to both the first verification and the second verification passing, the target server is started.
  9. 一种服务器启动装置,其特征在于,包括:A server startup device, characterized by including:
    进程封装及触发模块,用于分别在目标服务器的BMC固件和BIOS固件内封装目标进程,以在所述BMC固件和所述BIOS固件运行时触发所述目标进程进行固件校验;The process encapsulation and triggering module is used to encapsulate the target process in the BMC firmware and BIOS firmware of the target server respectively, so as to trigger the target process to perform firmware verification when the BMC firmware and the BIOS firmware are running;
    交互验证模块,用于在固件校验过程中,通过所述BMC固件和所述BIOS固件之间的数据交互,分别利用所述BMC固件对所述BIOS固件进行第一验证并利用所述BIOS固件对所述BMC固件进行第二验证;和An interactive verification module, configured to perform first verification on the BIOS firmware using the BMC firmware and using the BIOS firmware through data interaction between the BMC firmware and the BIOS firmware during the firmware verification process. Perform a second verification of the BMC firmware; and
    判断模块,用于判断所述第一验证和所述第二验证是否均通过,响应于所述第一验证和所述第二验证均未通过,对所述目标服务器进行断电处理。A judgment module, configured to judge whether both the first verification and the second verification pass, and in response to the failure of both the first verification and the second verification, perform power-off processing on the target server.
  10. 一种电子设备,其特征在于,包括存储器及一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述一个或多个处理器执行时,使得所述一个或多个处理器执行如权利要求1-8任意一项所述的方法的步骤。An electronic device, characterized in that it includes a memory and one or more processors. Computer-readable instructions are stored in the memory. When the computer-readable instructions are executed by the one or more processors, the computer-readable instructions cause the The one or more processors perform the steps of the method according to any one of claims 1-8.
  11. 一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,其特征在于,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如权利要求1-8任意一项所述的方法的步骤。One or more non-volatile computer-readable storage media storing computer-readable instructions, characterized in that, when executed by one or more processors, the computer-readable instructions cause the one or more processors to Carry out the steps of the method according to any one of claims 1-8.
PCT/CN2022/101148 2022-04-06 2022-06-24 Server starting method and apparatus, device, and storage medium WO2023193351A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210352874.8A CN114428963B (en) 2022-04-06 2022-04-06 Server starting method, device, equipment and storage medium
CN202210352874.8 2022-04-06

Publications (1)

Publication Number Publication Date
WO2023193351A1 true WO2023193351A1 (en) 2023-10-12

Family

ID=81314470

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/101148 WO2023193351A1 (en) 2022-04-06 2022-06-24 Server starting method and apparatus, device, and storage medium

Country Status (2)

Country Link
CN (1) CN114428963B (en)
WO (1) WO2023193351A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117436090A (en) * 2023-12-18 2024-01-23 苏州元脑智能科技有限公司 Start verification system, method, electronic equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114428963B (en) * 2022-04-06 2022-07-08 浪潮(山东)计算机科技有限公司 Server starting method, device, equipment and storage medium
CN115237429B (en) * 2022-07-18 2024-05-28 江苏卓易信息科技股份有限公司 Cloud server test verification method based on firmware dynamic parameter adjustment
CN115729647B (en) * 2023-01-09 2023-04-25 苏州浪潮智能科技有限公司 Server starting management system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103514399A (en) * 2012-06-19 2014-01-15 鸿富锦精密工业(深圳)有限公司 Firmware verification method and system
JP2014096032A (en) * 2012-11-09 2014-05-22 Nec Corp Firmware verification system, firmware verification method, and firmware verification program
CN111399919A (en) * 2020-03-06 2020-07-10 苏州浪潮智能科技有限公司 Starting method and system of server, electronic equipment and storage medium
CN112463222A (en) * 2020-11-11 2021-03-09 苏州浪潮智能科技有限公司 Data interaction method, device and equipment between server BIOS and BMC
CN114428963A (en) * 2022-04-06 2022-05-03 浪潮(山东)计算机科技有限公司 Server starting method, device, equipment and storage medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201401098A (en) * 2012-06-18 2014-01-01 Hon Hai Prec Ind Co Ltd System and method for verificating firmware
CN103488498B (en) * 2013-09-03 2017-02-22 华为技术有限公司 Computer booting method and computer
CN103593211A (en) * 2013-11-01 2014-02-19 浪潮电子信息产业股份有限公司 Method for refreshing and writing firmware programs through out-of-band isolation
CN109542518B (en) * 2018-10-09 2020-12-22 华为技术有限公司 Chip and method for starting chip
US20200250313A1 (en) * 2019-01-31 2020-08-06 Quanta Computer Inc. Bios recovery and update
CN111651769B (en) * 2019-03-04 2023-05-09 阿里巴巴集团控股有限公司 Method and device for acquiring measurement of security initiation
CN111338698A (en) * 2020-02-23 2020-06-26 苏州浪潮智能科技有限公司 Method and system for accurately booting server by BIOS (basic input output System)
CN113391845A (en) * 2021-06-25 2021-09-14 苏州浪潮智能科技有限公司 Data interaction method and device and related components

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103514399A (en) * 2012-06-19 2014-01-15 鸿富锦精密工业(深圳)有限公司 Firmware verification method and system
JP2014096032A (en) * 2012-11-09 2014-05-22 Nec Corp Firmware verification system, firmware verification method, and firmware verification program
CN111399919A (en) * 2020-03-06 2020-07-10 苏州浪潮智能科技有限公司 Starting method and system of server, electronic equipment and storage medium
CN112463222A (en) * 2020-11-11 2021-03-09 苏州浪潮智能科技有限公司 Data interaction method, device and equipment between server BIOS and BMC
CN114428963A (en) * 2022-04-06 2022-05-03 浪潮(山东)计算机科技有限公司 Server starting method, device, equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117436090A (en) * 2023-12-18 2024-01-23 苏州元脑智能科技有限公司 Start verification system, method, electronic equipment and storage medium
CN117436090B (en) * 2023-12-18 2024-03-08 苏州元脑智能科技有限公司 Start verification system, method, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN114428963A (en) 2022-05-03
CN114428963B (en) 2022-07-08

Similar Documents

Publication Publication Date Title
WO2023193351A1 (en) Server starting method and apparatus, device, and storage medium
US11093258B2 (en) Method for trusted booting of PLC based on measurement mechanism
TWI606396B (en) Motherboard, computer-readable storage device and firmware verification method
KR101453266B1 (en) Demand based usb proxy for data stores in service processor complex
US9898609B2 (en) Trusted boot of a virtual machine
US8254579B1 (en) Cryptographic key distribution using a trusted computing platform
CN105718806A (en) Method for achieving trusted active measurement based on domestic BMC and TPM2.0
TW201337736A (en) Web-based interface to access a function of a basic input/output system
US20220067165A1 (en) Security measurement method and security measurement device for startup of server system, and server
JP6293133B2 (en) Network-based management of protected data sets
CN113645179B (en) Method for configuring virtual entity, computer system and storage medium
US20240005021A1 (en) Virtualizing secure storage of a baseboard management controller to a host computing device
BR112014009445B1 (en) METHOD FOR AN ELECTRONIC DEVICE, NON TRANSITIONAL STORAGE MEDIA READY BY MACHINE STORING INSTRUCTIONS AND ELECTRONIC DEVICE
CN111414612A (en) Security protection method and device for operating system mirror image and electronic equipment
WO2020145944A1 (en) Securing node groups
US20230342472A1 (en) Computer System, Trusted Function Component, and Running Method
WO2023098052A1 (en) Server operation and maintenance method and apparatus, and device and storage medium
US8140835B2 (en) Updating a basic input/output system (‘BIOS’) boot block security module in compute nodes of a multinode computer
WO2022100014A1 (en) Method and apparatus for controlling system startup, device and readable storage medium
CN112925653B (en) Virtualization cluster expansion method, related equipment and computer readable storage medium
US20230359741A1 (en) Trusted boot method and apparatus, electronic device, and readable storage medium
Pedone et al. Trusted computing technology and proposals for resolving cloud computing security problems
Liu et al. Trusted authentication mechanism based on dual authentication architecture in industrial IOT-based optical access network
Zhang et al. Embedded trusted computing environment build based on QEMU virtual machine architecture
CN113836591A (en) Operating system information acquisition method and device, computer equipment and medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22936284

Country of ref document: EP

Kind code of ref document: A1