WO2024045828A1 - 操作系统安全启动方法、操作系统安装方法及相关装置 - Google Patents
操作系统安全启动方法、操作系统安装方法及相关装置 Download PDFInfo
- Publication number
- WO2024045828A1 WO2024045828A1 PCT/CN2023/102938 CN2023102938W WO2024045828A1 WO 2024045828 A1 WO2024045828 A1 WO 2024045828A1 CN 2023102938 W CN2023102938 W CN 2023102938W WO 2024045828 A1 WO2024045828 A1 WO 2024045828A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- operating system
- acceleration device
- public key
- acceleration
- instruction
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 105
- 238000009434 installation Methods 0.000 title claims abstract description 46
- 230000001133 acceleration Effects 0.000 claims abstract description 232
- 230000015654 memory Effects 0.000 claims description 69
- 238000012795 verification Methods 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 17
- 238000004891 communication Methods 0.000 claims description 2
- 238000011022 operating instruction Methods 0.000 claims 2
- 238000012545 processing Methods 0.000 description 35
- 230000006870 function Effects 0.000 description 24
- 238000012986 modification Methods 0.000 description 15
- 230000004048 modification Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 10
- 230000009286 beneficial effect Effects 0.000 description 6
- 238000013500 data storage Methods 0.000 description 5
- 230000002093 peripheral effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011900 installation process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
Definitions
- the present application relates to the field of computer technology, and in particular to an operating system secure startup method, operating system installation method and related devices.
- the computing equipment in the data center can be called a host.
- a data processing unit (DPU) and an infrastructure processor (IPU) can be set for the host.
- Acceleration device offloads some functions from the host to the acceleration device.
- An operating system can be installed in the host's acceleration device, and various programs can be run based on the OS to achieve different data processing functions. Since the OS may be invaded by malware while it is running, the reliability of data processing and the security of user information are affected.
- This application provides an operating system safe startup method, operating system installation method and related devices, which can ensure the safe startup and reliable operation of the operating system.
- the first aspect provides a secure boot method for an operating system, which can be applied to accelerated devices.
- the method may include the following steps: obtaining a startup instruction for starting an operating system of the acceleration device; identifying a first public key from a plurality of public keys stored in the acceleration device, where the first public key is one of the plurality of public keys. Public key, the first public key is used to verify the running file of the operating system; start the operating system of the acceleration device according to the verification result.
- the acceleration device can identify the first public key used to verify the running file of the currently started operating system from the multiple OS public keys. For multiple OS public keys, The running files of the operating system signed by the private key corresponding to any OS public key in the key can be verified. Therefore, this application can verify operating systems signed with different private keys, determine whether the running files of the operating system have been changed, and ensure the safe startup and reliable operation of the operating system.
- multiple public keys can be stored in a database DB within the flash memory of the acceleration device.
- the acceleration device can obtain the second public key saved in the BIOS area of the basic input and output system, and verify the public key set containing multiple public keys based on the second public key. When verifying When passed, obtains multiple public keys in the public key collection.
- multiple public keys are stored in a public key set, and the second public key is used to verify the public key set to prevent leakage or tampering of multiple public keys and ensure the security of multiple public keys.
- the acceleration device when identifying the first public key from multiple public keys, can traverse each of the multiple public keys and verify the running files of the operating system one by one; when the running When the file verification passes, the public key used when the verification passes will be used as the first public key.
- the acceleration device traverses multiple public keys to find the first public key that can verify the running file of the operating system. It can support secure startup of operating systems that use different private keys for signature.
- the acceleration device before obtaining the startup instruction, can install the operating system in the following manner: download the image file of the operating system installer from the server, and install it in the acceleration device based on the image file of the operating system installer. operating system.
- the server is communicatively connected with the acceleration device, and the server is used to store the image file.
- an operating system installation method may include: the control device receives an operation instruction, the operation instruction is used to instruct the installation of the operating system in an acceleration device set, the acceleration device set includes at least one acceleration device, and the acceleration device The collection communicates with the control device. Based on the received operation instruction, the control device sends a restart instruction to the acceleration devices included in the acceleration device set. The restart instruction is used to instruct the acceleration devices included in the acceleration device set to download the image file of the operating system installation program from the server.
- the control device may issue a restart instruction to at least one acceleration device included in the acceleration device set, So that at least one acceleration device can download the image file of the operating system installation program from the server based on the restart instruction and complete the installation of the operating system, so that operating systems that support secure boot can be installed in batches in the acceleration device collection without the need to install them one by one. It can reduce the time spent installing the operating system and improve efficiency.
- the image file of the operating system installation program is used to install the operating system signed with the first private key
- the first private key is the private key corresponding to the first public key
- the first public key is the acceleration One public key among multiple public keys pre-stored in the device.
- a third aspect provides an operating system secure boot device, which includes various modules for executing the operating system secure boot method in the first aspect or any possible implementation of the first aspect.
- a fourth aspect provides an operating system installation device, which includes various modules for executing the operating system installation method in the second aspect or any possible implementation of the second aspect.
- an acceleration device including a memory and a processor.
- the memory stores a computer program that can be run on the processor.
- the computer program is executed by the processor, the The processor implements the operation steps of the method described in the above first aspect or any possible implementation manner of the first aspect.
- a sixth aspect provides a control device, including a memory and a processor.
- the memory stores a computer program that can be run on the processor.
- the computer program is executed by the processor, the The processor implements the operation steps of the method described in the above second aspect or any possible implementation manner of the second aspect.
- the seventh aspect provides an operating system installation system, including a set of servers, control devices and acceleration devices.
- the acceleration device set is communicatively connected with the control device and the server; the acceleration device set includes at least one acceleration device.
- the acceleration device included in the acceleration device set downloads the image file of the operating system installation program from the server based on the restart instruction sent by the control device, and installs the operating system based on the image file of the operating system installation program.
- a chip including a processor and a power supply circuit; the power supply circuit is used to supply power to the processor, and the processor is used to execute a computer program to implement the above-mentioned first aspect or any of the possible implementation methods of the first aspect. The steps of the method described in.
- a chip including a processor and a power supply circuit; the power supply circuit is used to supply power to the processor, and the processor is used to execute a computer program to implement the above second aspect or any of the possible implementation methods of the second aspect. The steps of the method described in.
- a computer-readable storage medium is provided.
- Computer-executable instructions are stored in the computer-readable storage medium.
- the computer-executable instructions are used to cause the computer to execute the above-mentioned first aspect or any one of the first aspects.
- a computer-readable storage medium is provided.
- Computer-executable instructions are stored in the computer-readable storage medium.
- the computer-executable instructions are used to cause the computer to execute the above second aspect or any one of the second aspects.
- Figure 1 is a schematic structural diagram of a data processing system provided by this application.
- FIG. 2 is a schematic structural diagram of another operating system installation system provided by this application.
- FIG. 3 is a schematic flow chart of an operating system secure startup method provided by this application.
- Figure 4 is a schematic structural diagram of a memory of an acceleration device provided by this application.
- Figure 5 is a schematic diagram of the interactive flow of an operating system installation method provided by this application.
- FIG. 6 is a structural block diagram of an operating system secure boot device provided by this application.
- FIG. 7 is a structural block diagram of an operating system installation device provided by this application.
- FIG. 8 is a structural block diagram of an acceleration device provided by this application.
- FIG. 9 is a structural block diagram of a control device provided by this application.
- Figure 10 is a structural block diagram of a chip provided by this application.
- BIOS Basic input output system
- the BIOS stores the programs in the memory chip, the important basic input and output programs in the acceleration device, the acceleration device power-on self-test program and the operating system self-startup program.
- the main function of BIOS is to provide the lowest and most direct hardware settings and control for the computer.
- Acceleration device used to offload some functions of the host's processor. For example, high-performance data processing functions in the network, storage or operating system that are not suitable for central processor processing can be offloaded to the acceleration device, freeing up the host's processor. computing power. Acceleration devices can include, but are not limited to, computing units with offload functions such as DPU, IPU, system on chip (SoC), iNIC or smartNIC. Among them, iNIC or smartNIC can be understood as an intelligent network card.
- SoC system on chip
- this application provides a safe startup method for the operating system.
- the acceleration device obtains the startup instructions for starting the operating system, and identifies the first public key from multiple public keys stored in the acceleration device. The key is used to verify the operating file of the OS, and the acceleration device starts the operating system based on the verification results. Multiple public keys are stored in the acceleration device of this application.
- the acceleration device can identify the first public key used to verify the running file of the currently started OS from the multiple public keys. For any of the multiple public keys, The running files of the OS corresponding to a public key can be verified. Therefore, this application can verify operating systems corresponding to multiple different public keys, determine whether the operating files of the OS have been changed, and ensure the safe startup and reliable operation of the operating system.
- FIG. 1 shows a schematic structural diagram of a data processing system.
- the data processing system may include a host 100 and an acceleration device 130 connected to the host 100 .
- the host 100 may be any computing device in a computing device cluster, a physical server in a cloud computing cluster or a server in a network management center, or may be a personal computer or other electronic device.
- the host 100 can receive data input by the user and process the data. If the host 100 is a computing device or server in a computing device cluster, the host 100 can receive data input by the user through the client.
- the client can be installed on the user's terminal device.
- the terminal device can include but is not limited to personal computers, mobile phones, and tablets. Computer or smart vehicle terminal, etc.
- Host 100 may include processor 110 and memory 120 .
- the processor 110 is the computing core and control core of the host 100. It can be a central processing unit (Central Processing unit, CPU) or other specific integrated circuits.
- the processor 110 can also be other general-purpose processors, digital signal processing (DSP), application specific integrated circuit (ASIC), field programmable gate array (field programmable gate array, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
- DSP digital signal processing
- ASIC application specific integrated circuit
- FPGA field programmable gate array
- Programmable logic devices discrete gate or transistor logic devices, discrete hardware components, etc.
- the host 100 can be equipped with multiple processors.
- Processor 110 includes one or more processor cores.
- An operating system and other software programs are installed in the processor 110, so that the processor 110 can access the memory 120 and various peripheral component interconnect express (PCIe) devices.
- PCIe peripheral component interconnect express
- the processor 110 is connected to the memory 120 through a double data rate (DDR) bus or other types of buses.
- the memory 120 is the memory of the host 100 .
- the memory 120 is usually used to store various running software in the operating system, input data to be processed, data processing results, etc. In order to improve the access speed of the processor 110, the memory 120 needs to have the advantage of fast access speed.
- dynamic random access memory DRAM
- the memory 120 can also be other random access memories, such as static random access memory (Static Random Access Memory, SRAM), etc.
- the memory 120 may also be a read-only memory (Read Only Memory, ROM).
- read-only memory for example, it can be programmable read-only memory (Programmable Read Only Memory, PROM), erasable programmable read-only memory (Erasable Programmable Read Only Memory, EPROM), etc. This embodiment does not limit the number and type of memories 120 .
- PROM Programmable Read Only Memory
- EPROM Erasable Programmable Read Only Memory
- the host 100 may also include an input/output (I/O) interface.
- I/O interface is used to communicate with devices located external to host 100.
- the terminal device can input data to the host 100 through the I/O interface.
- the host 100 then sends the processing result of the data to the terminal device through the I/O interface.
- the data processing system is also provided with a data storage device 140.
- the data storage device 140 can be located outside the host 100 and exchange data with the host 100 through the network.
- the data storage device 140 may also be located inside the host and exchange data with the processor 110 through a bus.
- the data storage device 140 may be but is not limited to a hard disk.
- the acceleration device 130 is used to offload part of the functions of the processor 110 .
- acceleration device 130 may be used to offload designated data processing functions of processor 110 .
- the processor 110 sends the received specified data processing task and input data to the acceleration device 130.
- the acceleration device 130 completes the specified data processing task according to the input data and then sends the processing result to the processor 110.
- the acceleration device 130 can be directly inserted into a card slot on the motherboard of the host 100 and exchange data with the processor 110 through the PCIe bus. need to say It is obvious that the PCIe bus can be replaced by a bus using the Compute Express Link (CXL), Universal Serial Bus (Universal Serial Bus, USB) protocol or other protocols.
- the acceleration device 130 offloads some functions of the processor 110, and the processor 110 can be dedicated to management and other functions, thereby improving the performance of the processor 110.
- An operating system can be installed in the acceleration device 130, and various programs can be run based on the operating system to implement different data processing functions.
- FIG 2 shows a schematic structural diagram of an operating system installation system provided by this application.
- the operating system installation system may include a data processing system and a server 400.
- Data processing systems can be applied in cloud computing clusters or server clusters.
- the data processing system may include a control device 200 and an acceleration device set 300 that is communicatively connected to the control device 200.
- the acceleration device set 300 may include one or more acceleration devices.
- the acceleration device set shown in Figure 2 300 includes acceleration devices 310, 320, 330 and other acceleration devices.
- the acceleration devices included in the acceleration device set may communicate remotely with the server 400 through a network or other means.
- the control device 200 may be a baseboard management controller (BMC) of a host, or may be a dedicated microcontroller embedded on a motherboard of a computing device or server for managing hardware devices connected through a bus. As shown in Figure 2, the control device 200 can connect multiple acceleration devices and realize control and management of the multiple acceleration devices.
- BMC baseboard management controller
- the server 400 may be, but is not limited to, a PXE (preboot execution environment) server.
- the server 400 can store the image file of the operating system installation program.
- the acceleration device 310 , the acceleration device 320 and the acceleration device 330 can respectively download the image file of the operating system installation program from the server 400 under the control of the control device 200 .
- the acceleration device 310, the acceleration device 320, and the acceleration device 330 can respectively execute the installation process of the operating system based on the image file of the operating system installation program.
- this application provides a secure boot method for the operating system, which can be applied to the acceleration device shown in Figure 1 or Figure 2.
- Figure 3 is an operating system secure startup method provided by this application. As shown in Figure 3, the method includes the following steps:
- the startup instruction is used to start the operating system of the acceleration device.
- the acceleration device Before starting the acceleration device, you can pre-install the operating system in the acceleration device.
- the acceleration device can obtain the image file of the operating system installation program.
- the acceleration device can download the image file of the operating system installation program from the PXE server, or obtain the image file of the operating system installation program from an external storage device such as a disk. Based on the image file of the operating system installation program, in the acceleration device Install the operating system.
- the image file of the operating system installation program may include a running file signed with the first private key, and the operating system starts and runs based on the running file.
- the running file of the OS may be shimaa64.efi.
- the memory 420 of the acceleration device provided by this application may include a flash memory (flash) 421 and a hard disk 422.
- flash memory flash
- PK public keys
- the multiple public keys can be multiple certificates issued in different regions and different industries.
- the public key of the certification authority (CA) makes it convenient for users to select the required public key from multiple public keys according to actual needs.
- the first private key may be the private key corresponding to the first public key among the plurality of public keys.
- the image file to be signed can be sent to the signature server of the CA organization corresponding to the first public key, and the signature server uses the first private key pair corresponding to the first public key.
- the operating file of the OS in the image file is signed, so that the image file of the above-mentioned operating system installation program can be obtained and saved in an external storage device such as a PXE server or a disk.
- the acceleration device Before the acceleration device installs the operating system based on the image file of the operating system installer, you can first change the BIOS options and turn off the secure boot function in the BIOS options so that the acceleration device will not perform a secure boot the next time it is restarted. Then, the acceleration device can be restarted based on the image file of the operating system installation program to install the operating system. If the original operating system already exists in the acceleration device, the original operating system can be deleted through a formatting operation, and then the application of this application can be installed. operating system. Among them, the original operating system may be the operating system that comes with the acceleration device when it leaves the factory. During the installation of the operating system, the running file signed with the first private key can be saved in the hard disk 422 of the acceleration device.
- the hard disk 422 of the acceleration device can be, but is not limited to, a mechanical hard disk (hard disk drive, HDD), solid state Hard disk (solid state drive, SSD), etc. After installing the operating system, you can change the BIOS options again and re-enable the secure boot function in the BIOS options.
- the first public key is used to verify the operating file of the OS.
- multiple public keys are stored in the acceleration device. As shown in FIG. 4 , multiple public keys can be stored in the DB in the flash memory 421.
- the first public key is one public key among multiple public keys, and the first public key is also the public key corresponding to the above-mentioned first private key.
- the acceleration device can use each of the multiple public keys one by one to verify the running file of the OS; until the verification passes, the public key used when the verification passes is used as the is the first public key.
- the acceleration device may use any one of the multiple public keys as the current public key, and use the current public key to verify the running file of the OS saved in the hard disk 422 .
- each public key in the multiple public keys can be called an OS public key, that is, multiple OS public keys are saved in the acceleration server.
- DB in the device's flash memory.
- the second private key can be used to sign the multiple OS public keys. It can also be understood that the multiple OS public keys are saved in a database using the second private key.
- the public key set is stored in the DB in the flash memory of the acceleration device.
- the flash memory 421 of the acceleration device can also store information related to BIOS options, and the flash memory space that stores information related to BIOS options can be called a BIOS area.
- the second public key corresponding to the second private key may be stored in the BIOS area.
- the acceleration device can use the second public key saved in the BIOS area of the acceleration device to verify the public key set.
- the acceleration device obtains multiple OS public keys in the public key set and passes the above Method identifies a first public key from multiple OS public keys. Since the second public key saved in the BIOS area is used to verify the public key set saved in the DB, the second public key may also be called the DB public key.
- step S302 if the acceleration device uses the first public key among multiple OS public keys to verify the operating file of the OS, and the verification passes, it means that the operating system has not been invaded or changed, and the operation can be started based on the operating file of the OS. system. If the acceleration device uses each of the multiple OS public keys to verify the operating file of the OS, and the verification fails, it means that the operating system is likely to be invaded and the operating file of the OS may be changed. At this time, it cannot be based on the OS. The running file starts the operating system and can output prompt information to remind the user that the operating system may be invaded.
- the acceleration device can identify the first public key used to verify the running file of the currently started OS from the multiple OS public keys. For multiple OS public keys The running files of the OS signed by the private key corresponding to any OS public key can be verified. Therefore, this application can verify operating systems signed with different private keys, determine whether the operating files of the OS have been changed, and ensure the safe startup and reliable operation of the operating system.
- the public key set saved in the DB of the acceleration device can be updated and more public keys of CA institutions can be added to the public key set.
- the updated public key set can still be signed using the above-mentioned second private key, or it can be signed using a new private key. If a new private key is used for signing, the new public key corresponding to the new private key can be used to update the DB public key saved in the BIOS area of the acceleration device.
- this application provides an operating system installation method, through which operating systems that support secure boot can be installed in multiple acceleration devices at the same time.
- S501 The server saves the image file of the operating system installation program.
- the server can be a PXE server.
- the server can receive the image file of the operating system installation program uploaded by the user through the electronic device, and save the image file.
- the image file of the operating system installation program may include a running file of the OS signed with the first private key.
- the control device sends a first protocol modification instruction to the first acceleration device according to the received first setting instruction.
- the first setting instruction may be a protocol modification instruction input by the user. Before installing the operating system on the acceleration device, you can use protocol modification instructions to instruct the acceleration device to start remotely based on the server.
- the control device receives the protocol modification instruction input by the user, it can send a first protocol modification instruction to each acceleration device included in the acceleration device set that is communicatively connected to the control device.
- the first protocol modification instruction is used to instruct the acceleration device to start the protocol. Modified to server-based remote startup.
- Figure 5 takes the first acceleration device as an example for illustration.
- the first acceleration device can be any device in the acceleration device set.
- Other acceleration devices in the acceleration device set perform the same operations as the first acceleration device. In this embodiment, No longer.
- the first acceleration device sets the startup protocol to server-based remote startup according to the first protocol modification instruction.
- the first acceleration device may return a protocol modification completion message to the control device, or may not return a message to the control device.
- S504 The control device sends a first startup instruction to the first acceleration device according to the received first restart operation instruction.
- the control device When the control device receives the first restart operation instruction input by the user, it may send a first startup instruction to each acceleration device included in the acceleration device set that is communicatively connected to the control device.
- the first start instruction may also be called a restart instruction.
- the first acceleration device sends a file download request to the server according to the startup protocol.
- the file download request can carry the identification information of the image file to be downloaded.
- S506 The server sends the image file of the operating system installation program to the first acceleration device according to the identification information of the image file carried in the file download request.
- the first acceleration device downloads the image file of the operating system installation program from the server.
- the image file of the operating system installation program contains the running file of the OS signed with the first private key.
- the first acceleration device installs the operating system in the acceleration device based on the image file of the operating system installation program.
- the process of installing the operating system on the first acceleration device can be performed with reference to the process of installing the operating system in the above embodiment, and will not be described again here.
- the operating file of the OS signed with the first private key is saved in the hard disk of the first acceleration device.
- S508 The control device sends a second protocol modification instruction to the first acceleration device according to the received second setting instruction.
- the second setting instruction may be a protocol modification instruction input by the user, which is used to instruct the acceleration device to start based on the local hard disk.
- the control device receives the second setting instruction input by the user, it can send a second protocol modification instruction to each acceleration device included in the acceleration device set that is communicatively connected to the control device.
- the second protocol modification instruction is used to indicate that the acceleration device will start.
- the protocol is modified to boot based on local hard disk.
- the first acceleration device sets the startup protocol to hard disk startup based on the acceleration device according to the second protocol modification instruction.
- S510 The control device sends a second startup instruction to the first acceleration device according to the received second restart operation instruction.
- control device When the control device receives the second restart operation instruction input by the user, it may send a second startup instruction to each acceleration device included in the acceleration device set that is communicatively connected to the control device.
- the first acceleration device reads the operating file of the OS from the hard disk of the acceleration device according to the startup protocol;
- the first acceleration device reads the running file of the OS from the hard disk of the first acceleration device.
- the running file of the OS is a running file signed with the first private key.
- the first acceleration device identifies the first public key from multiple public keys.
- the first public key is used to verify the running file of the OS and start the operating system according to the verification result.
- the process of starting the operating system by the first acceleration device can be performed with reference to the process of secure startup of the operating system recorded in the above embodiment, which will not be described again here.
- control device can issue a restart instruction to multiple acceleration devices in the acceleration device set, so that the multiple acceleration devices can download the image file of the operating system installation program from the server based on the restart instruction and complete the installation of the operating system.
- this application also provides an operating system secure boot device.
- the operating system secure boot device can be installed in the above-mentioned acceleration device.
- the operating system secure boot device 600 may include an instruction acquisition unit 601 and a system startup unit 602 .
- the operating system secure boot device 600 can be used to implement the functions of the method embodiment shown in Figure 3, and therefore can achieve the beneficial effects of the method embodiment shown in Figure 3.
- the instruction acquisition unit 601 can be used to obtain a startup instruction, which is used to start the operating system of the acceleration device;
- the system startup unit 602 can be used to identify the first public key from a plurality of public keys.
- a public key is stored in the acceleration device, the first public key is one of the plurality of public keys, and the first public key is used to verify the running file of the operating system; according to Verify the results and start the operating system.
- the operating system secure boot device 600 provided in this application can be implemented by a CPU, an ASIC or a PLD.
- the above PLD can be a CPLD, FPGA, GAL or any combination thereof.
- the operating system secure startup device 600 and its respective modules can also be software modules.
- the plurality of public keys are stored in a database DB within the flash memory of the acceleration device.
- system startup unit 602 can also be used to: obtain the second public key saved in the BIOS area of the acceleration device; verify a public key set containing multiple public keys based on the second public key; when the verification passes When , obtain multiple public keys in the public key set.
- system startup unit 602 may be configured to: traverse each of the multiple public keys and verify the running files of the operating system one by one; when the running files pass the verification, The public key used when the verification passes is used as the first public key.
- the operating system secure boot device 600 may also include a system installation unit, and the system installation unit may be configured with instructions
- the acquisition unit 601 is connected and used to: before obtaining the startup instruction, download the image file of the operating system installation program from the server, and install the operating system in the acceleration device based on the image file of the operating system installation program , the server is communicatively connected to the acceleration device, and the server is used to store the image file.
- the operating system secure boot device 600 provided according to the present application may correspond to performing the method described in the present application, and the above and other operations and/or functions of each unit of the operating system secure boot device 600 are respectively intended to implement the respective methods in FIG. 3 The corresponding process, for the sake of brevity, will not be repeated here.
- this application also provides an operating system installation device.
- the operating system installation device can be provided in the above-mentioned control device.
- the operating system installation device 700 may include an instruction receiving unit 701 and an instruction sending unit 702 .
- the operating system installation device 700 can be used to implement the functions of the method embodiment shown in Figure 5, and therefore can achieve the beneficial effects of the method embodiment shown in Figure 5.
- the instruction receiving unit 701 may be used to receive operation instructions; the operation instructions are used to instruct the installation of the operating system in the acceleration device set; the acceleration device set includes at least one acceleration device, and the acceleration device set is the same as the acceleration device set.
- Control device communication connection; the instruction sending unit 702 may be configured to send a restart instruction to the acceleration devices included in the acceleration device set based on the operation instruction; the restart instruction is used to indicate the acceleration included in the acceleration device set
- the device downloads the image file of the operating system installation program from the server.
- the operating system installation device 700 can be implemented by a CPU, an ASIC or a PLD.
- the PLD can be a CPLD, FPGA, GAL or any combination thereof.
- the secure startup of the operating system shown in Figure 5 can also be implemented through software, the operating system installation device 700 and its respective modules can also be software modules.
- the image file of the operating system installation program is used to install an operating system signed with a first private key.
- the first private key is the private key corresponding to the first public key.
- the first public key The key is one of multiple public keys pre-stored in the acceleration device.
- the operating system installation device 700 provided according to the present application may correspond to performing the method described in the present application, and the above and other operations and/or functions of each unit of the operating system installation device 700 are respectively in order to implement the respective methods in FIG. 5 The process, for the sake of brevity, will not be repeated here.
- this application also provides an acceleration device, which can be used to implement the functions of the method embodiment shown in Figure 3, so that the method shown in Figure 3 can be implemented Beneficial effects possessed by method embodiments.
- the structure of the acceleration device 800 can be as shown in Figure 8 , including a processor 801 and a memory 802 connected to the processor 801.
- the processor 801 and the memory 802 may be connected to each other through a bus, and the processor 801 may be a general processor, such as a microprocessor, or other conventional processor.
- the bus can be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc.
- PCI peripheral component interconnect
- EISA extended industry standard architecture
- the bus can be divided into address bus, data bus, control bus, etc.
- the memory 802 can be used to store software programs and modules.
- the processor 801 executes various functional applications and data processing of the acceleration device 800 by running the software programs and modules stored in the memory 802, such as the operating system security provided by this application. Start method.
- the memory 802 may mainly include a stored program area and a stored data area, wherein the stored program area may store an operating system, at least one application program, etc.; the stored data area may be used to store information corresponding to features and operators, as well as compressed data, etc. .
- memory 802 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
- the processor 801 in the acceleration device 800 is used to run the computer instructions or programs stored in the memory 802 to perform the functions in the method embodiment shown in FIG. 3 .
- the processor 801 is used to: obtain a startup instruction for starting the operating system of the acceleration device; identify a first public key from a plurality of public keys, the plurality of public keys Stored in the acceleration device, the first public key is one of the plurality of public keys, and the first public key is used to verify the running file of the operating system; start according to the verification result The operating system.
- the processor 801 may include one or more processing units, and different processing units may be independent devices or integrated into one or more processors.
- the processor 801 may also include a controller, which may generate operation control signals based on instruction operation codes and timing signals to complete the control of fetching and executing instructions.
- the acceleration device may include more or less components than shown in the figures, or some components may be combined, or some components may be separated, or may be arranged differently.
- the components illustrated may be implemented in hardware, software, or a combination of software and hardware.
- this application also provides a control device, which can be used to implement the functions of the method embodiment shown in Figure 5, so that the method shown in Figure 5 can be implemented Beneficial effects possessed by method embodiments.
- the structure of the control device 900 can be as shown in Figure 9, including a processor 901 and a memory 902 connected to the processor 901.
- the processor 901 and the memory 902 may be connected to each other through a bus, and the processor 901 may be a general processor, such as a microprocessor, or other conventional processor.
- the bus can be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc.
- PCI peripheral component interconnect
- EISA extended industry standard architecture
- the bus can be divided into address bus, data bus, control bus, etc.
- the memory 902 can be used to store software programs and modules.
- the processor 901 executes various functional applications and data processing of the control device 900 by running the software programs and modules stored in the memory 902, such as the operating system security provided by this application. Start method.
- the memory 902 may mainly include a stored program area and a stored data area, wherein the stored program area may store an operating system, at least one application program, etc.; the stored data area may be used to store information corresponding to features and operators, as well as compressed data, etc. .
- memory 902 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
- the processor 901 in the control device 900 is used to run the computer instructions or programs stored in the memory 902 to perform the functions in the method embodiment shown in FIG. 5 .
- the processor 901 is used to: receive operation instructions; the operation instructions are used to instruct the installation of the operating system in the acceleration device set; the acceleration device set includes at least one acceleration device, so The acceleration device set is communicatively connected with the control device; based on the operation instruction, a restart instruction is sent to the acceleration device included in the acceleration device set; the restart instruction is used to instruct the acceleration device included in the acceleration device set Download the image file of the operating system installation program from the server.
- the processor 901 may include one or more processing units, and different processing units may be independent devices or integrated into one or more processors.
- the processor 901 may also include a controller, which may generate operation control signals based on the instruction operation code and timing signals to complete the control of fetching and executing instructions.
- the acceleration device may include more or less components than shown in the figures, or some components may be combined, or some components may be separated, or may be arranged differently.
- the components illustrated may be implemented in hardware, software, or a combination of software and hardware.
- the operating system installation system may include a server 400, a control device 200 and an acceleration device set 300 , the acceleration device set 300 is communicatively connected with the control device 200 and the server 400 .
- the acceleration device set 300 includes at least one acceleration device.
- the acceleration devices included in the acceleration device set 300 can download the image file of the operating system installation program from the server 400 based on the restart instruction sent by the control device 200, and install the operating system based on the image file of the operating system installation program.
- the image file of the operating system installation program is used to install the operating system signed with the first private key.
- the first private key is the private key corresponding to the first public key
- the first public key is a plurality of public keys pre-stored in the acceleration device. A public key in the key.
- this application also provides a chip, which may be a computing chip.
- the chip can be used to implement the functions of the above method embodiments, and therefore can achieve the beneficial effects of the above method embodiments.
- the structure of the chip 1000 can be as shown in FIG. 10 , including a processor 1001 and a power supply circuit 1002 connected to the processor 1001 .
- the processor 1001 and the power supply circuit 1002 may be connected to each other through a bus, and the processor 1001 may be a general processor, such as a microprocessor, or other conventional processor.
- the bus can be a peripheral component interconnection standard PCI bus or an extended industry standard structure EISA bus, etc.
- the bus can be divided into address bus, data bus, control bus, etc.
- the power supply circuit 1002 is used to supply power to the processor 1001 through the bus.
- the processor 1001 can be connected to a memory provided outside the chip, or connected to a memory provided inside the chip, and run software programs and modules stored in the memory to execute various functional applications and data processing of the chip 1000 .
- the processor 1001 can execute the operating system secure boot method provided by this application. In other embodiments, the processor 1001 can execute the operating system installation method provided by this application.
- the processor 1001 may include one or more processing units, and different processing units may be independent devices or integrated into one or more processors.
- the processor 1001 may also include a controller, which may generate operation control signals based on instruction operation codes and timing signals to complete the control of fetching and executing instructions.
- the method steps in the embodiments of the present application may be implemented by hardware, or may be executed by a processor using computer programs or instructions. way to achieve it.
- a computer program or instructions may constitute a computer program product.
- This application also provides a computer program product containing computer-executable instructions.
- the computer-executable instructions are used to cause the computer to perform the functions in any of the above method embodiments.
- Computer-executable instructions can be stored in a computer-readable storage medium.
- This application also provides a computer-readable storage medium in which executable instructions are stored.
- the computer-executable instructions are used to cause the computer to perform the functions in any of the above method embodiments.
- the computer-readable storage medium provided by this application can be random access memory (random access memory, RAM), flash memory, read-only memory (read-only memory, ROM), programmable read-only memory (programmableROM, PROM), erasable memory Except for erasable PROM (EPROM), electrically erasable programmable read-only memory (electrically ePROM, EEPROM), registers, hard disks, removable hard disks, CD-ROMs or any other form of computer that is well known in the art. Read storage media.
- Computer-executable instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, the computer program or instructions may be transmitted from a website, computer, server, or A data center transmits data via wired or wireless means to another website site, computer, server, or data center.
- the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or data center that integrates one or more available media.
- the available media may be magnetic media, such as floppy disks, hard disks, and magnetic tapes; they may also be optical media, such as digital video discs (DVDs); they may also be semiconductor media, such as solid-state hard drives.
- the processor can be used to execute the program instructions and implement the above method flow.
- the processor may include but is not limited to at least one of the following: CPU, microprocessor, digital signal processor (digital signal processor, DSP), microcontroller unit (microcontroller unit, MCU), or artificial intelligence processor, etc.
- a computing device that runs software, each computing device may include one or more cores for executing software instructions to perform operations or processing.
- the processor can be built into an SoC, DPU or ASIC, or it can be an independent semiconductor chip.
- the processor may further include necessary hardware accelerators, such as FPGA, PLD, or logic circuits that implement dedicated logic operations.
- the hardware can be a CPU, microprocessor, DSP, MCU, artificial intelligence processor, ASIC, SoC, FPGA, PLD, dedicated digital circuit, hardware accelerator or non-integrated discrete device Any one or any combination thereof, which can run necessary software or not rely on software to perform the above method process.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
一种操作系统安全启动方法、操作系统安装方法及相关装置,涉及计算机技术领域。其中,操作系统安全启动方法可以应用于加速设备。加速设备中保存有多个OS公钥,加速设备可以从多个OS公钥中识别出用于对当前启动的操作系统的运行文件进行验证的第一公钥,针对多个OS公钥中的任一OS公钥对应的私钥进行签名的操作系统的运行文件,均可进行验证。因此,本申请可以对采用不同私钥进行签名的操作系统进行验证,确定操作系统的运行文件是否被更改,保障操作系统的安全启动和可靠运行。
Description
相关申请的交叉引用
本申请要求在2022年08月27日提交中国专利局、申请号为202211036209.4、申请名称为“操作系统安全启动方法、操作系统安装方法及相关装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本申请涉及计算机技术领域,尤其涉及一种操作系统安全启动方法、操作系统安装方法及相关装置。
随着计算机技术和网络技术的发展,数据中心可提供的服务越来越多,对数据中心内的计算设备的算力需要也越来越高。数据中心内的计算设备可以称为主机,为了节约主机的算力,提升主机的性能,可以为主机设置数据处理单元(data processing unit,DPU)和基础设施处理器(infrastructure processing unit,IPU)等加速设备,将部分功能从主机卸载至加速设备上。
主机的加速设备中可以安装操作系统(Operating system,OS),并基于OS运行各类程序,以实现不同的数据处理功能。由于OS在运行过程中,可能会受到恶意软件侵入,导致数据处理的可靠性和用户信息的安全性受到影响。
如何防止操作系统被侵入,是一个亟待解决的问题。
发明内容
本申请提供一种操作系统安全启动方法、操作系统安装方法及相关装置,可以保障操作系统的安全启动和可靠运行。
第一方面,提供一种操作系统安全启动方法,该方法可以应用于加速设备。该方法可以包括如下步骤:获取用于启动加速设备的操作系统的启动指示;从存储在加速设备内的多个公钥中识别第一公钥,第一公钥为多个公钥中的一个公钥,第一公钥用于对操作系统的运行文件进行验证;根据验证结果启动加速设备的操作系统。
本申请的加速设备中保存有多个OS公钥,加速设备可以从多个OS公钥中识别出用于对当前启动的操作系统的运行文件进行验证的第一公钥,针对多个OS公钥中的任一OS公钥对应的私钥进行签名的操作系统的运行文件,均可进行验证。因此,本申请可以对采用不同私钥进行签名的操作系统进行验证,确定操作系统的运行文件是否被更改,保障操作系统的安全启动和可靠运行。
在一种可能的实现方式中,多个公钥可以保存在加速设备的闪存内的数据库DB中。从多个公钥中识别第一公钥之前,加速设备可以获取基本输入输出系统BIOS区域保存的第二公钥,根据第二公钥对包含多个公钥的公钥集合进行验证,当验证通过时,获取公钥集合中的多个公钥。
上述实现方式中,将多个公钥保存在公钥集合中,采用第二公钥对公钥集合进行验证,以防止多个公钥泄漏或被篡改,保证多个公钥的安全性。
在一种可能的实现方式中,在从多个公钥中识别第一公钥时,加速设备可以遍历多个公钥中的每个公钥,逐个验证操作系统的运行文件;当所述运行文件验证通过时,将验证通过时采用的公钥作为第一公钥。加速设备通过遍历多个公钥,查找可以对操作系统的运行文件进行验证的第一公钥,针对采用不同私钥进行签名的操作系统,均可以支持操作系统的安全启动。
在一种可能的实现方式中,在获取启动指示之前,加速设备可以通过如下方式安装操作系统:从服务器下载操作系统安装程序的镜像文件,基于操作系统安装程序的镜像文件,在加速设备中安装操作系统。其中,服务器与加速设备通信连接,且服务器用于存储所述镜像文件。
第二方面,提供一种操作系统安装方法,该方法可以包括:控制设备接收操作指令,该操作指令用于指示在加速设备集合中安装操作系统,加速设备集合中包括至少一个加速设备,加速设备集合与控制设备通信连接。控制设备基于接收到的操作指令,向加速设备集合所包括的加速设备发送重启指示,重启指示用于指示加速设备集合所包括的加速设备从服务器下载操作系统安装程序的镜像文件。
上述操作系统安装方法中,控制设备可以向加速设备集合所包括的至少一个加速设备发出重启指示,
以使至少一个加速设备可以基于重启指示,从服务器下载操作系统安装程序的镜像文件,并完成操作系统的安装,从而可以实现在加速设备集合中批量安装支持安全启动的操作系统,无需逐一安装,可以减少安装操作系统花费的时间,提高效率。
在一种可能的实现方式中,操作系统安装程序的镜像文件用于安装采用第一私钥进行签名的操作系统,第一私钥为第一公钥对应的私钥,第一公钥为加速设备中预存的多个公钥中的一个公钥。
第三方面,提供一种操作系统安全启动装置,所述操作系统安全启动装置包括用于执行第一方面或第一方面任一种可能实现方式中的操作系统安全启动方法的各个模块。
第四方面,提供一种操作系统安装装置,所述操作系统安装装置包括用于执行第二方面或第二方面任一种可能实现方式中的操作系统安装方法的各个模块。
第五方面,提供一种加速设备,包括存储器和处理器,所述存储器上存储有可在所述处理器上运行的计算机程序,当所述计算机程序被所述处理器执行时,使得所述处理器实现上述第一方面或第一方面中任意一种可能的实现方式中所述方法的操作步骤。
第六方面,提供一种控制设备,包括存储器和处理器,所述存储器上存储有可在所述处理器上运行的计算机程序,当所述计算机程序被所述处理器执行时,使得所述处理器实现上述第二方面或第二方面中任意一种可能的实现方式中所述方法的操作步骤。
第七方面,提供一种操作系统安装系统,包括服务器、控制设备和加速设备集合。加速设备集合与控制设备和服务器通信连接;加速设备集合中包括至少一个加速设备。加速设备集合所包括的加速设备基于控制设备发送的重启指示,从服务器下载操作系统安装程序的镜像文件,并基于操作系统安装程序的镜像文件安装操作系统。
第八方面,提供一种芯片,包括处理器和供电电路;供电电路用于为处理器供电,处理器用于执行计算机程序,以实现上述第一方面或第一方面中任意一种可能的实现方式中所述方法的操作步骤。
第九方面,提供一种芯片,包括处理器和供电电路;供电电路用于为处理器供电,处理器用于执行计算机程序,以实现上述第二方面或第二方面中任意一种可能的实现方式中所述方法的操作步骤。
第十方面,提供一种计算机可读存储介质,所述计算机可读存储介质内存储有计算机可执行指令,该计算机可执行指令用于使计算机执行上述第一方面或第一方面中任意一种可能的实现方式中所述方法的操作步骤。
第十一方面,提供一种计算机可读存储介质,所述计算机可读存储介质内存储有计算机可执行指令,该计算机可执行指令用于使计算机执行上述第二方面或第二方面中任意一种可能的实现方式中所述方法的操作步骤。
上述第二方面至第十一方面中任一方面可以达到的技术效果可以参照上述第一方面中有益效果的描述,此处不再重复赘述。
本申请在上述各方面提供的实现方式的基础上,还可以进行进一步组合以提供更多实现方式。
图1为本申请提供的一种数据处理系统的结构示意图;
图2为本申请提供的另一种操作系统安装系统的结构示意图;
图3为本申请提供的一种操作系统安全启动方法的流程示意图;
图4为本申请提供的一种加速设备的存储器的结构示意图;
图5为本申请提供的一种操作系统安装方法的交互流程示意图;
图6为本申请提供的一种操作系统安全启动装置的结构框图;
图7为本申请提供的一种操作系统安装装置的结构框图;
图8为本申请提供的一种加速设备的结构框图;
图9为本申请提供的一种控制设备的结构框图;
图10为本申请提供的一种芯片的结构框图。
为了便于理解,首先对本申请中的部分用语进行解释说明。
(1)基本输入输出系统(basic input output system,BIOS):是一组固化到加速设备的板卡上的存
储芯片中的程序,BIOS保存着加速设备中重要的基本输入输出的程序、加速设备开机自检程序和操作系统自启动程序。BIOS的主要功能是为计算机提供最底层的、最直接的硬件设置和控制。
(2)加速设备:用于卸载主机的处理器的部分功能,例如,可以将网络、存储或操作系统中不适合中央处理器处理的高性能数据处理功能卸载到加速设备,释放主机的处理器的算力。加速设备可以包括但不限于DPU、IPU、系统级芯片(system on chip,SoC)、iNIC或smartNIC等具有卸载功能的计算单元。其中,iNIC或smartNIC可以理解为智能网卡。
为了防止操作系统被侵入或更改,本申请提供一种操作系统安全启动方法,加速设备获取启动操作系统的启动指示,从加速设备中存储的多个公钥中识别第一公钥,第一公钥用于对OS的运行文件进行验证,加速设备根据验证结果启动操作系统。本申请的加速设备中保存有多个公钥,加速设备可以从多个公钥中识别出用于对当前启动的OS的运行文件进行验证的第一公钥,针对多个公钥中的任一公钥对应的OS的运行文件,均可进行验证。因此,本申请可以对多种不同公钥对应的操作系统进行验证,确定OS的运行文件是否被更改,保障操作系统的安全启动和可靠运行。
下面结合附图介绍本申请提供的操作系统安全启动方法和操作系统安装方法。
本申请提供的操作系统安全启动方法和操作系统安装方法可以应用于图1或图2所示的应用场景中。图1示出了一种数据处理系统的结构示意图。如图1所示,该数据处理系统可以包括主机100和与主机100连接的加速设备130。主机100可以是计算设备集群中的任一计算设备、云计算集群中的物理服务器或网络管理中心的服务器,也可以是个人计算机或其他电子设备。主机100可以接收用户输入的数据,并对数据进行处理。如果主机100是计算设备集群中的计算设备或服务器,主机100可以接收用户通过客户端输入的数据,客户端可以安装在用户的终端设备上,终端设备可以包括但不限于个人电脑、手机、平板电脑或者智能车载终端等。
主机100可以包处理器110和存储器120。处理器110是主机100的运算核心和控制核心,它可以是中央处理器(Central Processing unit,CPU),也可以是其他特定的集成电路。处理器110还可以是其他通用处理器、数字信号处理器(digital signal processing,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现场可编程门阵列(field programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。
实际应用中,主机100能够设置多个处理器。处理器110中包括一个或多个处理器核。在处理器110中安装有操作系统和其他软件程序,从而处理器110能够实现对存储器120及各种外设部件互连标准扩展(peripheral component interconnect express,PCIe)设备的访问。
处理器110通过双倍速率(double data rate,DDR)总线或者其他类型的总线和存储器120相连。存储器120是主机100的内存。存储器120通常用来存放操作系统中各种正在运行的软件、待处理的输入数据以及数据的处理结果等。为了提高处理器110的访问速度,存储器120需要具备访问速度快的优点。示例性地,可以采用动态随机存取存储器(Dynamic Random Access Memory,DRAM)作为存储器120。除了DRAM之外,存储器120还可以是其他随机存取存储器,例如静态随机存取存储器(Static Random Access Memory,SRAM)等。另外,存储器120也可以是只读存储器(Read Only Memory,ROM)。而对于只读存储器,举例来说,可以是可编程只读存储器(Programmable Read Only Memory,PROM)、可抹除可编程只读存储器(Erasable Programmable Read Only Memory,EPROM)等。本实施例不对存储器120的数量和类型进行限定。
在一些实施例中,主机100还可以包括输入输出(input/output,I/O)接口。I/O接口用于与位于主机100外部的设备通信。例如,终端设备可以通过I/O接口向主机100输入数据,主机100对输入的数据进行处理之后,再通过I/O接口向终端设备发送对该数据的处理结果。
可选地,为了对数据进行持久化存储,数据处理系统中还设置有数据存储设备140,数据存储设备140可位于主机100的外部,通过网络与主机100交换数据。数据存储设备140也可以位于主机的内部,通过总线与处理器110交换数据。此时,数据存储设备140可以是但不限于硬盘。
加速设备130用于卸载处理器110的部分功能。示例性地,加速设备130可以用于卸载处理器110的指定数据处理功能。处理器110将接收的指定数据处理任务以及输入数据发送给加速设备130,加速设备130根据输入数据完成指定数据处理任务之后将处理结果发送给处理器110。在一些实施例中,加速设备130可以直接插在主机100的主板上的卡槽中,通过PCIe总线与处理器110交换数据。需要说
明的是,PCIe总线能够被替换成计算快速互联(compute express link,CXL)、通用串行总线(Universal Serial Bus,USB)协议或其他协议的总线。加速设备130卸载处理器110的部分功能,处理器110便可以专用于进行管理等功能,从而可以提升处理器110的性能。
加速设备130中可以安装操作系统,并基于操作系统运行各类程序,以实现不同的数据处理功能。
图2示出了本申请提供的一种操作系统安装系统的结构示意图,该操作系统安装系统可以包括数据处理系统和服务器400。数据处理系统可以应用于云计算集群或服务器集群中。如图2所示,该数据处理系统可以包括控制设备200和与控制设备200通信连接的加速设备集合300,加速设备集合300中可以包括一个或多个加速设备,图2所示的加速设备集合300中包括加速设备310、加速设备320、加速设备330等加速设备。加速设备集合中包括的加速设备可以通过网络或其他方式与服务器400进行远程通信。
控制设备200可以是主机(host)的基板管理控制器(baseboard management controller,BMC),也可以是嵌入在计算设备或服务器的主板上的专用微控制器,用于管理通过总线连接的硬件设备。如图2所示,控制设备200可以连接多个加速设备,并实现对多个加速设备的控制和管理。
服务器400可以是但不限于PXE(preboot execution environment,预启动执行环境)服务器。服务器400中可以保存操作系统安装程序的镜像文件,加速设备310、加速设备320和加速设备330可以在控制设备200的控制下,分别从服务器400下载操作系统安装程序的镜像文件。加速设备310、加速设备320和加速设备330可以分别基于操作系统安装程序的镜像文件,执行操作系统的安装过程。
为了防止操作系统被侵入或更改,本申请提供一种操作系统安全启动方法,该方法可以应用于图1或图2所示的加速设备。图3为本申请提供的一种操作系统安全启动方法,如图3所示,该方法包括如下步骤:
S301,获取启动指示。
其中,启动指示用于启动加速设备的操作系统。
在启动加速设备之前,可以预先在加速设备中安装操作系统。在安装操作系统时,加速设备可以获取操作系统安装程序的镜像文件。示例性地,加速设备可以从PXE服务器下载操作系统安装程序的镜像文件,或者,从磁盘等外接存储设备中获取操作系统安装程序的镜像文件,基于操作系统安装程序的镜像文件,在加速设备中安装操作系统。
为实现操作系统的安全启动,操作系统安装程序的镜像文件中可以包含采用第一私钥进行签名的运行文件,操作系统基于该运行文件启动和运行。示例性地,OS的运行文件可以是shimaa64.efi。如图4所示,本申请提供的加速设备的存储器420可以包括闪存(flash)421和硬盘422。闪存421中设有变量区(variables),变量区的数据库(data base,DB)中存储有多个公钥(pubkey,PK),多个公钥可以是不同地区、不同行业的多个证书颁发中心(certification authority,CA)的公钥,从而方便用户根据实际需求从多个公钥中选择所需的公钥。
第一私钥可以是多个公钥中的第一公钥对应的私钥。在从多个公钥中确定第一公钥后,可以将待签名的镜像文件发送至第一公钥对应的CA机构的签名服务器,由签名服务器采用第一公钥对应的第一私钥对镜像文件中OS的运行文件进行签名,从而可以获得上述的操作系统安装程序的镜像文件,保存在PXE服务器或磁盘等外接存储设备中。
加速设备在基于操作系统安装程序的镜像文件安装操作系统之前,可以先更改BIOS选项,关闭BIOS选项中的安全根(secure boot)功能,以使加速设备在下次重启时不进行安全启动。然后,加速设备可以基于操作系统安装程序的镜像文件重新启动,以安装操作系统,如果加速设备中已经存在原有操作系统,可以通过格式化操作,将原有操作系统删除,再安装本申请的操作系统。其中,原有操作系统可以是加速设备出厂时自带的操作系统。在安装操作系统的过程中,可以将采用第一私钥进行签名的运行文件保存在加速设备的硬盘422中,加速设备的硬盘422可以是但不限于机械硬盘(hard disk drive,HDD)、固态硬盘(solid state drive,SSD)等。在安装操作系统之后,可以再次更改BIOS选项,重新开启BIOS选项中的secure boot功能。
S302,从多个公钥中识别第一公钥,第一公钥用于对OS的运行文件进行验证。
其中,多个公钥存储在加速设备中,如图4所示,多个公钥可以存储在闪存421内的DB中。第一公钥为多个公钥中的一个公钥,第一公钥也是上述第一私钥对应的公钥。接收到启动指示,加速设备可以逐一采用多个公钥中的每个公钥,验证OS的运行文件;直至验证通过,将验证通过时采用的公钥作
为第一公钥。在执行过程中,加速设备可以将多个公钥中的任一公钥作为当前公钥,并采用当前公钥对硬盘422中保存的OS的运行文件进行验证。如果验证未通过,则重复执行如下步骤:采用未进行验证的公钥中的任一公钥更新当前公钥,并采用当前公钥对OS的运行文件进行验证。直至验证通过,将验证通过时的当前公钥作为第一公钥。DB中保存的多个公钥用于对硬盘中保存的OS的运行文件进行验证,因此多个公钥中的每个公钥均可以称为OS公钥,即多个OS公钥保存在加速设备的闪存内的DB中。
在一些实施例中,为了保证多个OS公钥的安全性,可以采用第二私钥对多个OS公钥进行签名,也可以理解为,将多个OS公钥保存在采用第二私钥进行签名的公钥集合中,公钥集合保存在加速设备的闪存内的DB中。如图4所示,加速设备的闪存421中还可以保存BIOS选项的相关信息,保存BIOS选项的相关信息的闪存空间可以称为BIOS区域。第二私钥对应的第二公钥可以保存在BIOS区域。接收到启动指示,加速设备可以采用加速设备的BIOS区域保存的第二公钥,对公钥集合进行验证,如果验证通过,则加速设备获取公钥集合中的多个OS公钥,并通过上述方法从多个OS公钥中识别第一公钥。由于BIOS区域保存的第二公钥用于对DB中保存的公钥集合进行验证,因此第二公钥也可以称为DB公钥。
S303,根据验证结果启动操作系统。
在步骤S302中,如果加速设备采用多个OS公钥中的第一公钥,对OS的运行文件进行验证时,验证通过,说明操作系统未受到侵入或更改,可以基于OS的运行文件启动操作系统。如果加速设备采用多个OS公钥中的每个OS公钥对OS的运行文件进行验证,均验证未通过,说明操作系统很可能受到侵入,OS的运行文件可能被更改,此时不能基于OS的运行文件启动操作系统,可以输出提示信息,提示用户操作系统可能受到侵入。
本申请的加速设备中保存有多个OS公钥,加速设备可以从多个OS公钥中识别出用于对当前启动的OS的运行文件进行验证的第一公钥,针对多个OS公钥中的任一OS公钥对应的私钥进行签名的OS的运行文件,均可进行验证。因此,本申请可以对采用不同私钥进行签名的操作系统进行验证,确定OS的运行文件是否被更改,保障操作系统的安全启动和可靠运行。
在一些实施例中,如果加速设备中保存的多个OS公钥不能满足要求,可以对加速设备的DB中保存的公钥集合进行更新,向公钥集合中加入更多CA机构的公钥。更新后的公钥集合仍可以采用上述第二私钥进行签名,也可以采用新的私钥进行签名。如果采用新的私钥进行签名,可以采用新的私钥对应的新公钥更新加速设备的BIOS区域保存的DB公钥。
在一些实施例中,考虑到在一个加速设备中安装操作系统大约需要花费10分钟的时间,如果在多个加速设备中逐一安装操作系统,将耗费大量时间。为节约时间,本申请提供一种操作系统安装方法,通过该安装方法,可以同时在多个加速设备中安装支持安全启动的操作系统。
下面以图2所示的应用场景为例,参照图5所示的交互流程图,说明本申请提供的操作系统安装方法。如图5所示,该方法可以包括如下步骤:
S501,服务器保存操作系统安装程序的镜像文件。
其中,服务器可以是PXE服务器。
服务器可以接收用户通过电子设备上传的操作系统安装程序的镜像文件,并保存该镜像文件。操作系统安装程序的镜像文件中可以包括采用第一私钥进行签名的OS的运行文件。
S502,控制设备根据接收到的第一设置指令,向第一加速设备发送第一协议修改指示。
其中,第一设置指令可以是用户输入的协议修改指令。在加速设备安装操作系统之前,可以通过协议修改指令指示加速设备基于服务器远程启动。控制设备接收到用户输入的协议修改指令,可以向与控制设备通信连接的加速设备集合所包括的每个加速设备分别发送第一协议修改指示,第一协议修改指示用于指示加速设备将启动协议修改为基于服务器远程启动。
图5中以第一加速设备为例进行说明,第一加速设备可以是加速设备集合中的任一设备,加速设备集合中的其他加速设备执行的操作与第一加速设备相同,本实施例中不再赘述。
S503,第一加速设备根据第一协议修改指示,将启动协议设置为基于服务器远程启动。
第一加速设备修改启动协议后,可以向控制设备返回协议修改完成消息,也可以不向控制设备返回消息。
S504,控制设备根据接收到的第一重启操作指令,向第一加速设备发送第一启动指令。
控制设备接收到用户输入的第一重启操作指令,可以向与控制设备通信连接的加速设备集合所包括的每个加速设备分别发送第一启动指示。第一启动指示也可以称为重启指示。
S505,第一加速设备根据启动协议,向服务器发送文件下载请求。
文件下载请求中可以携带需要下载的镜像文件的标识信息。
S506,服务器根据文件下载请求中携带的镜像文件的标识信息,向第一加速设备发送操作系统安装程序的镜像文件。
由于当前的启动协议指示基于服务器远程启动,因此第一加速设备从服务器下载操作系统安装程序的镜像文件。操作系统安装程序的镜像文件中包含采用第一私钥进行签名的OS的运行文件。
S507,第一加速设备基于操作系统安装程序的镜像文件,在加速设备中安装操作系统。
第一加速设备安装操作系统的过程,可以参照上述实施例中安装操作系统的过程执行,在此不再赘述。安装完成后,采用第一私钥进行签名的OS的运行文件保存在第一加速设备的硬盘中。
S508,控制设备根据接收到的第二设置指令,向第一加速设备发送第二协议修改指示。
其中,第二设置指令可以是用户输入的协议修改指令,用于指示加速设备基于本地硬盘启动。控制设备接收到用户输入的第二设置指令,可以向与控制设备通信连接的加速设备集合所包括的每个加速设备分别发送第二协议修改指示,第二协议修改指示用于指示加速设备将启动协议修改为基于本地硬盘启动。
S509,第一加速设备根据第二协议修改指示,将启动协议设置为基于加速设备的硬盘启动。
S510,控制设备根据接收到的第二重启操作指令,向第一加速设备发送第二启动指令。
控制设备接收到用户输入的第二重启操作指令,可以向与控制设备通信连接的加速设备集合所包括的每个加速设备分别发送第二启动指示。
S511,第一加速设备根据启动协议,从加速设备的硬盘中读取OS的运行文件;
由于当前的启动协议指示基于加速设备的硬盘启动,因此第一加速设备从第一加速设备的硬盘中读取OS的运行文件。OS的运行文件是采用第一私钥进行签名的运行文件。
S512,第一加速设备从多个公钥中识别第一公钥,第一公钥用于对OS的运行文件进行验证,并根据验证结果启动操作系统。
第一加速设备启动操作系统的过程,可以参照上述实施例记载的操作系统安全启动的过程执行,在此不再赘述。
上述实施例中,控制设备可以向加速设备集合中的多个加速设备发出重启指示,以使多个加速设备可以基于重启指示,从服务器下载操作系统安装程序的镜像文件,并完成操作系统的安装,从而可以实现在多个加速设备中批量安装支持安全启动的操作系统,无需逐一安装,可以减少安装操作系统花费的时间,提高效率。
与图3所示的方法实施例基于相同的技术构思,本申请还提供一种操作系统安全启动装置。该操作系统安全启动装置可以设置在上述加速设备内。在一些实施例中,如图6所示,该操作系统安全启动装置600可以包括指示获取单元601和系统启动单元602。操作系统安全启动装置600可以用于实现图3所示的方法实施例的功能,因此可以实现图3所示的方法实施例所具备的有益效果。
其中,指示获取单元601,可以用于获取启动指示,所述启动指示用于启动加速设备的操作系统;系统启动单元602,可以用于从多个公钥中识别第一公钥,所述多个公钥存储在所述加速设备中,所述第一公钥为所述多个公钥中的一个公钥,所述第一公钥用于对所述操作系统的运行文件进行验证;根据验证结果启动操作系统。
应理解的是,本申请提供的操作系统安全启动装置600可以通过CPU,也可以通过ASIC或PLD实现,上述PLD可以是CPLD,FPGA,GAL或其任意组合。也可以通过软件实现图3所示的操作系统安全启动时,操作系统安全启动装置600及其各个模块也可以为软件模块。
在一些实施例中,所述多个公钥保存在所述加速设备的闪存内的数据库DB中。
在一些实施例中,系统启动单元602,还可以用于:获取加速设备的BIOS区域保存的第二公钥;根据第二公钥对包含多个公钥的公钥集合进行验证;当验证通过时,获取公钥集合中的多个公钥。
在一些实施例中,系统启动单元602,具体可以用于:遍历所述多个公钥中的每个公钥,逐个验证所述操作系统的运行文件;当所述运行文件验证通过时,将验证通过时采用的公钥作为所述第一公钥。
在一些实施例中,操作系统安全启动装置600还可以包括系统安装单元,系统安装单元可以与指示
获取单元601连接,用于:在获取启动指示之前,从服务器下载所述操作系统安装程序的镜像文件,并基于所述操作系统安装程序的镜像文件,在所述加速设备中安装所述操作系统,所述服务器与所述加速设备通信连接,所述服务器用于存储所述镜像文件。
根据本申请提供的操作系统安全启动装置600可对应于执行本申请中描述的方法,并且操作系统安全启动装置600的各个单元的上述和其它操作和/或功能分别为了实现图3中的各个方法的相应流程,为了简洁,在此不再赘述。
与图5所示的方法实施例基于相同的技术构思,本申请还提供一种操作系统安装装置。该操作系统安装装置可以设置在上述控制设备内。在一些实施例中,如图7所示,该操作系统安装装置700可以包括指令接收单元701和指示发送单元702。操作系统安装装置700可以用于实现图5所示的方法实施例的功能,因此可以实现图5所示的方法实施例所具备的有益效果。
其中,指令接收单元701,可以用于接收操作指令;所述操作指令用于指示在加速设备集合中安装操作系统;所述加速设备集合中包括至少一个加速设备,所述加速设备集合与所述控制设备通信连接;指示发送单元702,可以用于基于所述操作指令,向所述加速设备集合所包括的加速设备发送重启指示;所述重启指示用于指示所述加速设备集合所包括的加速设备从服务器下载操作系统安装程序的镜像文件。
应理解的是,本申请提供的操作系统安装装置700可以通过CPU,也可以通过ASIC或PLD实现,上述PLD可以是CPLD,FPGA,GAL或其任意组合。也可以通过软件实现图5所示的操作系统安全启动时,操作系统安装装置700及其各个模块也可以为软件模块。
在一些实施例中,所述操作系统安装程序的镜像文件用于安装采用第一私钥进行签名的操作系统,所述第一私钥为第一公钥对应的私钥,所述第一公钥为加速设备中预存的多个公钥中的一个公钥。
根据本申请提供的操作系统安装装置700可对应于执行本申请中描述的方法,并且操作系统安装装置700的各个单元的上述和其它操作和/或功能分别为了实现图5中的各个方法的相应流程,为了简洁,在此不再赘述。
与图3所示的方法实施例基于相同的技术构思,本申请还提供一种加速设备,该加速设备可以用于实现图3所示的方法实施例的功能,因此可以实现图3所示的方法实施例所具备的有益效果。
在一些实施例中,该加速设备800的结构可以如图8所示,包括处理器801以及与处理器801连接的存储器802。处理器801和存储器802之间可以通过总线相互连接,处理器801可以是通用处理器,如微处理器,或其他常规的处理器。总线可以是外设部件互连标准(peripheral component interconnect,PCI)总线或扩展工业标准结构(extended industry standard architecture,EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。
其中,存储器802可用于存储软件程序以及模块,处理器801通过运行存储在存储器802中的软件程序以及模块,从而执行加速设备800的各种功能应用以及数据处理,如本申请提供的操作系统安全启动方法。
存储器802可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个应用的应用程序等;存储数据区可用于存储特征与算子对应信息,以及压缩后的数据等。此外,存储器802可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。
加速设备800中的处理器801用于运行存储器802中保存的计算机指令或者程序,执行图3所示的方法实施例中的功能。当加速设备800用于实现上述方法时,处理器801用于:获取用于启动所述加速设备的操作系统的启动指示;从多个公钥中识别第一公钥,所述多个公钥存储在所述加速设备中,所述第一公钥为所述多个公钥中的一个公钥,所述第一公钥用于对所述操作系统的运行文件进行验证;根据验证结果启动所述操作系统。
在一些实施例中,处理器801可以包括一个或多个处理单元,不同的处理单元可以是独立的器件,也可以集成在一个或多个处理器中。处理器801中还可以包括控制器,控制器可以根据指令操作码和时序信号,产生操作控制信号,完成取指令和执行指令的控制。
可以理解的是,本申请实施例示意的结构并不构成对数据处理设备的具体限定。在本申请另一些实施例中,加速设备可以包括比图示更多或更少的部件,或者组合某些部件,或者拆分某些部件,或者不同的部件布置。图示的部件可以以硬件,软件或软件和硬件的组合实现。
与图5所示的方法实施例基于相同的技术构思,本申请还提供一种控制设备,该控制设备可以用于实现图5所示的方法实施例的功能,因此可以实现图5所示的方法实施例所具备的有益效果。
在一些实施例中,该控制设备900的结构可以如图9所示,包括处理器901以及与处理器901连接的存储器902。处理器901和存储器902之间可以通过总线相互连接,处理器901可以是通用处理器,如微处理器,或其他常规的处理器。总线可以是外设部件互连标准(peripheral component interconnect,PCI)总线或扩展工业标准结构(extended industry standard architecture,EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。
其中,存储器902可用于存储软件程序以及模块,处理器901通过运行存储在存储器902中的软件程序以及模块,从而执行控制设备900的各种功能应用以及数据处理,如本申请提供的操作系统安全启动方法。
存储器902可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个应用的应用程序等;存储数据区可用于存储特征与算子对应信息,以及压缩后的数据等。此外,存储器902可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。
控制设备900中的处理器901用于运行存储器902中保存的计算机指令或者程序,执行图5所示的方法实施例中的功能。当控制设备900用于实现上述方法时,处理器901用于:接收操作指令;所述操作指令用于指示在加速设备集合中安装操作系统;所述加速设备集合中包括至少一个加速设备,所述加速设备集合与所述控制设备通信连接;基于所述操作指令,向所述加速设备集合所包括的加速设备发送重启指示;所述重启指示用于指示所述加速设备集合所包括的加速设备从服务器下载操作系统安装程序的镜像文件。
在一些实施例中,处理器901可以包括一个或多个处理单元,不同的处理单元可以是独立的器件,也可以集成在一个或多个处理器中。处理器901中还可以包括控制器,控制器可以根据指令操作码和时序信号,产生操作控制信号,完成取指令和执行指令的控制。
可以理解的是,本申请实施例示意的结构并不构成对数据处理设备的具体限定。在本申请另一些实施例中,加速设备可以包括比图示更多或更少的部件,或者组合某些部件,或者拆分某些部件,或者不同的部件布置。图示的部件可以以硬件,软件或软件和硬件的组合实现。
与图5所示的方法实施例基于相同的技术构思,本申请还提供一种操作系统安装系统,如图2所示,该操作系统安装系统可以包括服务器400、控制设备200和加速设备集合300,加速设备集合300与控制设备200和服务器400通信连接。加速设备集合300中包括至少一个加速设备。加速设备集合300中包括的加速设备可以基于控制设备200发送的重启指示,从服务器400下载操作系统安装程序的镜像文件,并基于操作系统安装程序的镜像文件安装操作系统。
其中,操作系统安装程序的镜像文件用于安装采用第一私钥进行签名的操作系统,第一私钥为第一公钥对应的私钥,第一公钥为加速设备中预存的多个公钥中的一个公钥。
与上述方法实施例基于相同的技术构思,本申请还提供一种芯片,该芯片可以是计算芯片。该芯片可以用于实现上述方法实施例的功能,因此可以实现上述方法实施例所具备的有益效果。
在一些实施例中,该芯片1000的结构可以如图10所示,包括处理器1001以及与处理器1001连接的供电电路1002。处理器1001和供电电路1002之间可以通过总线相互连接,处理器1001可以是通用处理器,如微处理器,或其他常规的处理器。总线可以是外设部件互连标准PCI总线或扩展工业标准结构EISA总线等。总线可以分为地址总线、数据总线、控制总线等。供电电路1002用于通过总线为处理器1001供电。
处理器1001可以与设置在芯片外部的存储器连接,或者与设置在芯片内部的存储器连接,运行存储在存储器中的软件程序以及模块,从而执行芯片1000的各种功能应用以及数据处理。
在一些实施例中,处理器1001可以执行本申请提供的操作系统安全启动方法。在另一些实施例中,处理器1001可以执行本申请提供的操作系统安装方法。
在一些实施例中,处理器1001可以包括一个或多个处理单元,不同的处理单元可以是独立的器件,也可以集成在一个或多个处理器中。处理器1001中还可以包括控制器,控制器可以根据指令操作码和时序信号,产生操作控制信号,完成取指令和执行指令的控制。
本申请的实施例中的方法步骤可以通过硬件的方式来实现,也可以由处理器执行计算机程序或指令
的方式来实现。计算机程序或指令可以构成计算机程序产品。
本申请还提供一种计算机程序产品,包含有计算机可执行指令。在一种实施例中,该计算机可执行指令用于使计算机执行上述任意一种方法实施例中的功能。
计算机可执行指令可以被存放于计算机可读存储介质中,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质内存储有可执行指令。在一种实施例中,该计算机可执行指令用于使计算机执行上述任意一种方法实施例中的功能。
本申请提供的计算机可读存储介质可以是随机存取存储器(random access memory,RAM)、闪存、只读存储器(read-only memory,ROM)、可编程只读存储器(programmableROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically ePROM,EEPROM)、寄存器、硬盘、移动硬盘、CD-ROM或者本领域熟知的任何其它形式的计算机可读存储介质。
计算机可执行指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机程序或指令可以从一个网站站点、计算机、服务器或数据中心通过有线或无线方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是集成一个或多个可用介质的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,例如,软盘、硬盘、磁带;也可以是光介质,例如,数字视频光盘(digital video disc,DVD);还可以是半导体介质,例如,固态硬盘。
以上模块或单元的一个或多个可以软件、硬件或二者结合来实现。当以上任一模块或单元以软件实现的时候,所述软件以计算机程序指令的方式存在,并被存储在存储器中,处理器可以用于执行所述程序指令并实现以上方法流程。所述处理器可以包括但不限于以下至少一种:CPU、微处理器、数字信号处理器(digital signal processor,DSP)、微控制器(microcontroller unit,MCU)、或人工智能处理器等各类运行软件的计算设备,每种计算设备可包括一个或多个用于执行软件指令以进行运算或处理的核。该处理器可以内置于SoC、DPU或ASIC,也可是一个独立的半导体芯片。该处理器内处理用于执行软件指令以进行运算或处理的核外,还可进一步包括必要的硬件加速器,如FPGA、PLD或者实现专用逻辑运算的逻辑电路。
当以上模块或单元以硬件实现的时候,该硬件可以是CPU、微处理器、DSP、MCU、人工智能处理器、ASIC、SoC、FPGA、PLD、专用数字电路、硬件加速器或非集成的分立器件中的任一个或任一组合,其可以运行必要的软件或不依赖于软件以执行以上方法流程。
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。
Claims (18)
- 一种操作系统安全启动方法,其特征在于,应用于加速设备,所述方法包括:获取启动指示,所述启动指示用于启动所述加速设备的操作系统;从多个公钥中识别第一公钥,所述多个公钥存储在所述加速设备中,所述第一公钥为所述多个公钥中的一个公钥,所述第一公钥用于对所述操作系统的运行文件进行验证;根据验证结果启动所述操作系统。
- 根据权利要求1所述的方法,其特征在于,所述多个公钥保存在所述加速设备的闪存内的数据库DB中。
- 根据权利要求1或2所述的方法,其特征在于,所述从多个公钥中识别第一公钥之前,所述方法还包括:获取所述加速设备的基本输入输出系统BIOS区域保存的第二公钥;根据所述第二公钥对包含所述多个公钥的公钥集合进行验证;当验证通过时,获取所述公钥集合中的所述多个公钥。
- 根据权利要求1至3中任一项所述的方法,其特征在于,所述从多个公钥中识别第一公钥,包括:遍历所述多个公钥中的每个公钥,逐个验证所述操作系统的运行文件;当所述运行文件验证通过时,将验证通过时采用的公钥作为所述第一公钥。
- 根据权利要求1至4中任一项所述的方法,其特征在于,所述获取启动指示之前,所述方法还包括:从服务器下载所述操作系统安装程序的镜像文件,所述服务器与所述加速设备通信连接,所述服务器用于存储所述镜像文件;基于所述操作系统安装程序的镜像文件,在所述加速设备中安装操作系统。
- 一种操作系统安装方法,其特征在于,应用于控制设备,所述方法包括:接收操作指令;所述操作指令用于指示在加速设备集合中安装操作系统;所述加速设备集合中包括至少一个加速设备,所述加速设备集合与所述控制设备通信连接;基于所述操作指令,向所述加速设备集合所包括的加速设备发送重启指示;所述重启指示用于指示所述加速设备集合所包括的加速设备从服务器下载操作系统安装程序的镜像文件。
- 根据权利要求6所述的方法,其特征在于,所述操作系统安装程序的镜像文件用于安装采用第一私钥进行签名的操作系统,所述第一私钥为第一公钥对应的私钥,所述第一公钥为加速设备中预存的多个公钥中的一个公钥。
- 一种操作系统安全启动装置,其特征在于,应用于加速设备,所述装置包括:指示获取单元,用于获取启动指示,所述启动指示用于启动所述加速设备的操作系统;系统启动单元,用于从多个公钥中识别第一公钥,所述多个公钥存储在所述加速设备中,所述第一公钥为所述多个公钥中的一个公钥,所述第一公钥用于对所述操作系统的运行文件进行验证;根据验证结果启动所述操作系统。
- 根据权利要求8所述的装置,其特征在于,所述多个公钥保存在所述加速设备的闪存内的数据库DB中。
- 根据权利要求8或9所述的装置,其特征在于,所述系统启动单元,还用于:获取所述加速设备的基本输入输出系统BIOS区域保存的第二公钥;根据所述第二公钥对包含所述多个公钥的公钥集合进行验证;当验证通过时,获取所述公钥集合中的所述多个公钥。
- 根据权利要求8至10中任一项所述的装置,其特征在于,所述装置还包括:系统安装单元,用于:从服务器下载所述操作系统安装程序的镜像文件,并基于所述操作系统安装程序的镜像文件,在所述加速设备中安装所述操作系统;所述服务器与所述加速设备通信连接,所述服务器用于存储所述镜像文件。
- 一种操作系统安装装置,其特征在于,应用于控制设备,所述装置包括:指令接收单元,用于接收操作指令;所述操作指令用于指示在加速设备集合中安装操作系统;所述加速设备集合中包括至少一个加速设备,所述加速设备集合与所述控制设备通信连接;指示发送单元,用于基于所述操作指令,向所述集合所包括的加速设备发送重启指示;所述重启指示用于指示所述加速设备集合所包括的加速设备从服务器下载操作系统安装程序的镜像文件。
- 根据权利要求12所述的装置,其特征在于,所述操作系统安装程序的镜像文件用于安装采用第一私钥进行签名的操作系统,所述第一私钥为第一公钥对应的私钥,所述第一公钥为加速设备中预存的多个公钥中的一个公钥。
- 一种加速设备,其特征在于,包括:存储器和处理器,所述存储器上存储有计算机程序;所述处理器用于执行所述存储器中存储的所述计算机程序,以实现如权利要求1至5中任一项所述的方法。
- 一种控制设备,其特征在于,包括:存储器和处理器,所述存储器上存储有计算机程序;所述处理器用于执行所述存储器中存储的所述计算机程序,以实现如权利要求6或7所述的方法。
- 一种操作系统安装系统,其特征在于,包括服务器、控制设备和加速设备集合;所述加速设备集合与所述控制设备和所述服务器通信连接;所述加速设备集合中包括至少一个加速设备;所述加速设备集合所包括的加速设备基于所述控制设备发送的重启指示,从所述服务器下载操作系统安装程序的镜像文件,并基于所述操作系统安装程序的镜像文件安装操作系统。
- 一种芯片,其特征在于,包括处理器和供电电路;所述供电电路用于为所述处理器供电,所述处理器用于执行计算机程序,以实现如权利要求1至5中任一项所述的方法,或者,如权利要求6或7所述的方法。
- 一种计算机可读存储介质,其特征在于,存储有计算机可执行指令,所述计算机可执行指令用于使计算机执行如权利要求1至5中任一项所述的方法,或者,如权利要求6或7所述的方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211036209.4 | 2022-08-27 | ||
CN202211036209.4A CN117668845A (zh) | 2022-08-27 | 2022-08-27 | 操作系统安全启动方法、操作系统安装方法及相关装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2024045828A1 true WO2024045828A1 (zh) | 2024-03-07 |
Family
ID=90075640
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2023/102938 WO2024045828A1 (zh) | 2022-08-27 | 2023-06-27 | 操作系统安全启动方法、操作系统安装方法及相关装置 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN117668845A (zh) |
WO (1) | WO2024045828A1 (zh) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109597658A (zh) * | 2017-09-28 | 2019-04-09 | 英特尔公司 | 在计算环境中动态地启用和禁用加速器设备的技术 |
CN109766134A (zh) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | 系统启动方法、装置、电子设备及存储介质 |
CN112292678A (zh) * | 2019-01-04 | 2021-01-29 | 百度时代网络技术(北京)有限公司 | 用于验证将要由主机系统的数据处理加速器执行的内核对象的方法与系统 |
US20210359861A1 (en) * | 2017-09-27 | 2021-11-18 | Amlogic (Shanghai) Co., Ltd. | Microcode signature security management system based on trustzone technology and method |
-
2022
- 2022-08-27 CN CN202211036209.4A patent/CN117668845A/zh active Pending
-
2023
- 2023-06-27 WO PCT/CN2023/102938 patent/WO2024045828A1/zh unknown
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210359861A1 (en) * | 2017-09-27 | 2021-11-18 | Amlogic (Shanghai) Co., Ltd. | Microcode signature security management system based on trustzone technology and method |
CN109597658A (zh) * | 2017-09-28 | 2019-04-09 | 英特尔公司 | 在计算环境中动态地启用和禁用加速器设备的技术 |
CN112292678A (zh) * | 2019-01-04 | 2021-01-29 | 百度时代网络技术(北京)有限公司 | 用于验证将要由主机系统的数据处理加速器执行的内核对象的方法与系统 |
CN109766134A (zh) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | 系统启动方法、装置、电子设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN117668845A (zh) | 2024-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10754955B2 (en) | Authenticating a boot path update | |
US8874953B2 (en) | System and method of cloud testing and remote monitoring for integrated circuit components in system validation | |
US8544092B2 (en) | Integrity verification using a peripheral device | |
KR101453266B1 (ko) | 서비스 프로세서 컴플렉스 내의 데이터 저장을 위한 요구 기반 usb 프록시 | |
US11194588B2 (en) | Information handling systems and method to provide secure shared memory access at OS runtime | |
US20170012770A1 (en) | Key management for a rack server system | |
CN107567629B (zh) | 在可信执行环境容器中的动态固件模块加载器 | |
US10831897B2 (en) | Selective enforcement of secure boot database entries in an information handling system | |
US11886886B2 (en) | System and method for runtime synchronization and authentication of pre-boot device drivers for a rescue operating system | |
US20240028738A1 (en) | Trusted verification system and method, motherboard, micro-board card, and storage medium | |
CN114817105B (zh) | 设备枚举的方法、装置、计算机设备以及存储介质 | |
JP2017513098A (ja) | ファウンテンコードを用いる管理情報のブロードキャスト | |
US11321077B1 (en) | Live updating of firmware behavior | |
CN113434202A (zh) | 一种设备的启动方法、装置、电子设备及计算机存储介质 | |
US8140835B2 (en) | Updating a basic input/output system (‘BIOS’) boot block security module in compute nodes of a multinode computer | |
CN113946854B (zh) | 一种文件访问控制方法、装置及计算机可读存储介质 | |
CN114969713A (zh) | 设备验证方法、设备及系统 | |
CN111198832B (zh) | 一种处理方法和电子设备 | |
US20230100899A1 (en) | Modularized basic input output system (bios) firmware activation | |
US12067121B2 (en) | Trusted boot method and apparatus, electronic device, and readable storage medium | |
US11347859B2 (en) | Systems and methods for leveraging authentication for cross operating system single sign on (SSO) capabilities | |
WO2024045828A1 (zh) | 操作系统安全启动方法、操作系统安装方法及相关装置 | |
CN115442083B (zh) | 设备接入方法、数据交换方法、装置、设备及存储介质 | |
EP4172828B1 (en) | Static configuration of accelerator card security modes | |
US11960337B2 (en) | Customized thermal and power policies in computers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23858866 Country of ref document: EP Kind code of ref document: A1 |