WO2024131018A1 - Verification method and apparatus for server - Google Patents

Verification method and apparatus for server Download PDF

Info

Publication number
WO2024131018A1
WO2024131018A1 PCT/CN2023/104191 CN2023104191W WO2024131018A1 WO 2024131018 A1 WO2024131018 A1 WO 2024131018A1 CN 2023104191 W CN2023104191 W CN 2023104191W WO 2024131018 A1 WO2024131018 A1 WO 2024131018A1
Authority
WO
WIPO (PCT)
Prior art keywords
basic input
output system
verification method
integrity
initialization data
Prior art date
Application number
PCT/CN2023/104191
Other languages
French (fr)
Chinese (zh)
Inventor
许鑫
吴保锡
韩春超
徐国振
崔士伟
王传国
Original Assignee
苏州元脑智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 苏州元脑智能科技有限公司 filed Critical 苏州元脑智能科技有限公司
Publication of WO2024131018A1 publication Critical patent/WO2024131018A1/en

Links

Definitions

  • Embodiments of the present application relate to the field of server security, and in particular, to a verification method, a verification device, a non-volatile readable storage medium, and an electronic device for a server.
  • servers are carrying more and more computing power.
  • servers run important information such as business systems and user data. Once the server hardware is maliciously tampered with, the information in the server will also face the risk of being tampered with and stolen.
  • the root of trust is a passively called security hardware that requires the call of firmware to complete the integrity collection and integrity verification operations. Therefore, it is necessary to ensure the security of the code that initially uses the root of trust in order to ensure the security and trustworthiness of the subsequent root of trust behavior.
  • the detection of the first section of running code on the server relies on specific CPU (Central Processing Unit) functions (such as Intel PFR technology or Intel TXT technology), which are not compatible with all processors; or use the baseboard management controller (Baseboard Management Controller, BMC) to verify the Basic Input Output System (Basic Input Output System, BIOS) technology, but the BMC verification of BIOS technology is only valid when loading the BIOS firmware, and can only verify the BIOS firmware itself, and cannot obtain the integrity of other components, such as Raid (Redundant Arrays of Independent Disks) cards, graphics cards, operating system kernels, etc.
  • CPU Central Processing Unit
  • BIOS Basic Input Output System
  • the embodiments of the present application provide a verification method, a verification device, a non-volatile readable storage medium, and an electronic device for a server, so as to at least solve the problem in the related art that the integrity of components other than BIOS firmware in the server cannot be verified.
  • a verification method for a server is provided, the verification method is applied to a baseboard management controller, the server includes an in-band management system, the verification method includes: when the power state of the in-band management system is a startup state, judging whether the initialization data of the basic input/output system in the in-band management system is complete, and obtaining a judgment result; when the judgment result indicates that the initialization data of the basic input/output system in the in-band management system is complete, outputting a power-on instruction to the in-band management system, so that the basic input/output system runs, and sending measurement chain information; Based on the received metric chain information, the integrity of components in the in-band management system except for the initialization data of the basic input and output system is verified.
  • the verification method further includes: before determining whether the initialization data of the basic input and output system in the in-band management system is complete, detecting the power state of the in-band management system, wherein the power state includes: startup state, running state, and power-off state.
  • determining whether initialization data of a basic input/output system in an in-band management system is complete to obtain a determination result includes: calculating a measurement value of the initialization data of the basic input/output system to obtain measurement value information; and determining whether the measurement value information is complete based on a reference value library to obtain a determination result, wherein the reference value library includes integrity values of multiple basic input/output system components corresponding to the basic input/output system.
  • the verification method also includes: obtaining a basic input/output system update request and an updated BIOS file, wherein the BIOS file includes updated integrity values of multiple basic input/output system components; parsing the BIOS file according to the update request to obtain a set of integrity values corresponding to the update request; and using the integrity value set to update a baseline value library.
  • the verification method further includes: when the judgment result indicates that the initialization data of the BIOS in the in-band management system is incomplete, powering off components in the in-band management system except the initialization data of the BIOS.
  • the verification method further includes: sending measurement value information to a basic input/output system, so that the basic input/output system generates measurement chain information according to the measurement value information and integrity information of components in the in-band management system except for the initialization data of the basic input/output system.
  • sending measurement value information to a basic input/output system includes: exchanging a session key with the basic input/output system to obtain a first key, and allowing the basic input/output system to obtain a second key; encrypting the measurement value information using the second key to generate a measurement value ciphertext; sending the measurement value ciphertext to the basic input/output system, so that the basic input/output system decrypts the measurement value ciphertext according to the second key to obtain the measurement value information.
  • the above-mentioned verification method also includes: before verifying the integrity of components other than the initialization data of the basic input/output system in the in-band management system according to the measurement chain information, using the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information, wherein the basic input/output system obtains the measurement chain ciphertext according to the measurement value information and the integrity information of the components other than the initialization data of the basic input/output system in the in-band management system.
  • the verification method also includes: recording a first moment when the measurement value information is sent to a basic input/output system, and a second moment when the measurement chain information is received; determining whether a time difference between the first moment and the second moment is greater than a preset threshold; and when the determination result indicates that the time difference between the first moment and the second moment is greater than the preset threshold, performing a power-off operation on components in the in-band management system except for the initialization data of the basic input/output system.
  • another verification method for a server includes an in-band management system, the verification method is applied to a basic input/output system in the in-band management system, the verification method includes: when the power state of the in-band management system is a startup state, sending a startup signal to a baseboard management controller, so that the baseboard management controller determines whether the initialization data of the basic input/output system is complete, and outputs a power-on instruction when the judgment result indicates that the initialization data of the basic input/output system is complete; when the power-on instruction is received, controlling the basic input/output system to run, and sending measurement chain information to the baseboard management controller, so that the baseboard management controller verifies the components in the in-band management system except the initialization data of the basic input/output system according to the received measurement chain information.
  • the integrity of the parts includes: when the power state of the in-band management system is a startup state, sending a startup signal to a baseboard management controller, so that the baseboard management controller determines whether the initialization data of the basic
  • the verification method further includes: when the judgment result indicates that the initialization data of the basic input/output system is incomplete, receiving a control signal sent by the baseboard management controller, the control signal being used to control power-off of components in the in-band management system except for the initialization data of the basic input/output system.
  • the above-mentioned verification method also includes: sending a basic input/output system update request and an updated BIOS file to a baseboard management controller, so that the baseboard management controller parses the BIOS file according to the update request, obtains a set of integrity values corresponding to the update request, and uses the integrity value set to update the baseline value library, wherein the BIOS file includes updated integrity values of multiple basic input/output system components.
  • the verification method also includes: receiving measurement value information sent by a baseboard management controller, wherein the measurement value information includes the measurement value of the initialization data of the basic input and output system; obtaining the integrity information of the components in the in-band management system except the initialization data of the basic input and output system; and generating measurement chain information based on the measurement value information and the integrity information.
  • receiving measurement value information sent by a baseboard management controller includes: exchanging a session key with the baseboard management controller to obtain a second key, and allowing the baseboard management controller to obtain a first key, wherein the second key is used to encrypt the measurement value information to generate a measurement value ciphertext; and using the second key to decrypt the measurement value ciphertext to obtain the measurement value information.
  • sending measurement chain information to a baseboard management controller includes: encrypting the measurement chain information using a first key to obtain a measurement chain ciphertext; sending the measurement chain ciphertext to the baseboard management controller, so that the baseboard management controller decrypts the measurement chain ciphertext using the first key to obtain the measurement chain information.
  • the verification method further includes: receiving a control signal sent by a baseboard management controller when a time difference between a first moment and a second moment is greater than a preset threshold, wherein the first moment is a moment when measurement value information sent by the baseboard management controller is received, and the second moment is a moment when measurement chain information is sent to the baseboard management controller, and the control signal is used to control the power-off of components in the in-band management system except for the initialization data of the basic input and output system.
  • a verification device for a server is provided, the verification device is applied to a baseboard management controller, the server includes an in-band management system, the verification device includes: a judgment module, which is used to judge whether the initialization data of the basic input-output system in the in-band management system is complete when the power state of the in-band management system is the startup state, and obtain a judgment result; an output module, which is used to output a power-on instruction to the in-band management system when the judgment result indicates that the initialization data of the basic input-output system in the in-band management system is complete, so that the basic input-output system runs and sends measurement chain information; a verification module, which is used to verify the integrity of components in the in-band management system except the initialization data of the basic input-output system according to the received measurement chain information.
  • another verification device for a server which is applied to a basic input/output system in an in-band management system.
  • the server includes the in-band management system, and the verification device includes: a first sending module, which is used to send a startup signal to a baseboard management controller when the power state of the in-band management system is a startup state, so that the baseboard management controller determines whether the initialization data of the basic input/output system is complete, and outputs a power-on instruction when the judgment result indicates that the initialization data of the basic input/output system is complete; a second sending module, which is used to control the operation of the basic input/output system when the power-on instruction is received, and send measurement chain information to the baseboard management controller, so that the baseboard management controller verifies the integrity of components in the in-band management system except the initialization data of the basic input/output system according to the received measurement chain information.
  • a non-volatile readable storage medium in which a computer program is stored, wherein the computer program is configured to execute the steps of any of the above method embodiments when running.
  • an electronic device including a memory and a processor, wherein a computer program is stored in the memory, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
  • the baseboard management controller (BMC) is first used to determine whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, so that the integrity of the BootBlock (the boot block in the basic input and output system, which contains the minimum instruction set for booting) first run by the BIOS can be verified, thereby ensuring the security and reliability of the initial running state of the BIOS; after the BIOS is executed, the BMC receives the measurement chain collected during this startup and transmitted by the BIOS, and performs secondary verification to verify the integrity of other hardware, kernel and other components.
  • BIOS basic input and output system
  • FIG1 is a flow chart of a method for verifying integrity of a server according to an embodiment of the present application
  • FIG2 is a system structure block diagram of a method for verifying the integrity of a server according to an embodiment of the present application
  • FIG. 3 is a flowchart of updating a reference value in a method for verifying integrity of a server according to an embodiment of the present application
  • FIG4 is a startup timing diagram of a method for verifying integrity of a server according to an embodiment of the present application
  • FIG5 is a schematic diagram of a complete process of an integrity verification method according to an embodiment of the present application.
  • FIG6 is a flow chart of another integrity verification method for a server according to an embodiment of the present application.
  • FIG. 7 is a structural block diagram of an integrity verification device for a server according to an embodiment of the present application.
  • FIG8 is a structural block diagram of another integrity verification device for a server according to an embodiment of the present application.
  • Trusted root A security device that provides trusted services according to relevant specifications.
  • the currently released trusted root specifications include TPM (Trusted Platform Module) and TCM (Trusted Cryptography Module).
  • BMC Baseboard Management Controller
  • BIOS Basic Input Output System
  • In-band management system A system that uses a unified physical channel to transmit management control information and data information.
  • in-band management operations refer to the management of various hardware units within the server computing unit.
  • Out-of-bind management system Management control information and data information are transmitted through different physical channels. The two are completely independent and do not affect each other.
  • out-of-band management operations refer to managing various hardware units on the server through the network services provided by BMC.
  • Management unit and computing unit The management unit is used to monitor and control the status of various hardware on the computer.
  • the management unit refers to the BMC system.
  • the computing unit refers to the CPU, memory, storage and other hardware that the operating system relies on when running, and is generally also called the Host side.
  • the management unit and the computing unit operate independently of each other and only transmit management information through a limited hardware bus.
  • BMC, management unit, and out-of-band management are the same concept, which refers to monitoring various hardware on the server through BMC;
  • Host, computing unit, and in-band management are the same concept, which refers to the CPU, memory, storage and other hardware transmitting information through physical links.
  • BootBlock A type of firmware volume that contains the first program loaded and run in the BIOS firmware. It is used for initialization operations and is the first program executed after the host is powered on.
  • FIG. 1 is a flow chart of a server integrity verification method according to an embodiment of the present application. As shown in FIG. 1 , the process includes the following steps:
  • Step S102 when the power state of the in-band management system is the startup state, the baseboard management controller determines whether the initialization data of the basic input and output system in the in-band management system is complete, and obtains a determination result;
  • Step S104 when the judgment result indicates yes, the baseboard management controller outputs a power-on instruction to the in-band management system to enable the basic input and output system to run and send the measurement chain information;
  • Step S106 The baseboard management controller verifies the integrity of components in the in-band management system except the initialization data of the basic input and output system according to the received metric chain information.
  • the baseboard management controller (BMC) is first used to determine whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, so that the integrity of the BootBlock first run by the BIOS can be verified, ensuring the security and reliability of the initial running state of the BIOS; after the BIOS is executed, the BMC receives the measurement chain collected during this startup and transmitted by the BIOS, and performs secondary verification to verify the integrity of other hardware, kernel and other components.
  • BIOS basic input and output system
  • BIOS and other hardware, kernel and other components Only after the integrity verification of the BIOS and other hardware, kernel and other components is completed can the operating system be started, so that the integrity of the BIOS and other components in the in-band management system can be verified in stages through the BMC, solving the problem that the BMC cannot obtain the integrity of other components (such as Raid cards, graphics cards, operating system kernels, etc.), and achieving the effect that the BMC can verify the integrity of the BIOS and other components in the server.
  • other components such as Raid cards, graphics cards, operating system kernels, etc.
  • the server can complete the measurement and integrity verification of the BIOS initial running program without relying on a specific CPU architecture.
  • the in-band management system collects data from the verified component, and the out-of-band management system executes the verification logic.
  • the out-of-band manager can directly obtain the integrity information of each server component from the BMC without logging into the in-band system.
  • step S102 when the power state of the in-band management system is the startup state, the baseboard management controller (BMC) determines whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, and obtains a determination result. That is, when the power state of the server changes to startup (operations such as power on, restart, and quick startup), the first stage verification of the BIOS is immediately performed.
  • BMC baseboard management controller
  • the baseboard management controller includes a power status monitoring module 110, as shown in Figure 2.
  • the verification method in this embodiment also includes: the power status monitoring module detects the power status of the in-band management system, wherein the power status includes: startup status, running status, and power-off status.
  • the power status monitoring module in the BMC can obtain the change of the power status of the in-band management system, so that when the server power status changes to startup, the first stage verification of the BIOS is immediately performed to ensure the security and reliability of the initial running logic of the BIOS.
  • the baseboard management controller includes a first verification module 120, as shown in Figure 2.
  • the BMC determines whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, and obtains a judgment result, including: the first verification module calculates the measurement value of the initialization data of the BIOS to obtain the measurement value information, the boot program with the above initialization data is the first program loaded and run in the BIOS firmware, which is used for the initial initialization operation and is the first program executed after the Host is powered on; the first verification module determines whether the measurement value information is complete according to the reference value library, and obtains the judgment result, wherein the reference value library includes the integrity values of multiple basic input and output system components (BIOS components) corresponding to the BIOS.
  • the reference value library includes the integrity values of multiple basic input and output system components (BIOS components) corresponding to the BIOS.
  • the first verification module is used to verify the BootBlock of the BIOS for the first time, calculate the BootBlock metric value in the current BIOS Flash, and verify the BIOS BootBlock according to the benchmark value library. If the verification fails, the Host is powered off to ensure that the initial execution logic of the BIOS is secure and reliable.
  • the baseboard management controller further includes a reference value management module 130, as shown in Figure 2.
  • the verification method in this embodiment further includes: the reference value management module obtains a basic input and output system (BIOS) update request and an updated BIOS file, wherein the BIOS file includes updated integrity values of multiple BIOS components; the reference value management module parses the BIOS file according to the update request to obtain an integrity value set corresponding to the update request; and uses the integrity value set to update the reference value library.
  • BIOS basic input and output system
  • the above-mentioned benchmark value management module can not only provide verification benchmark values for the verification module, but also provide benchmark value update services. After the BMC completes the BIOS update operation, it will calculate the updated integrity value of the BIOS component, thereby synchronously updating the benchmark value to ensure that the BIOS update and the updated benchmark value can be carried out synchronously.
  • the updating process of the above-mentioned reference value may include the following steps:
  • BMC completes BIOS flashing: BMC has integrated the functional logic of BIOS flashing, and this functional logic will also verify the integrity and legality of the BIOS file to be flashed. Therefore, the baseline value update logic can reuse the existing BMC BIOS update logic without the need to independently verify the legality of the BIOS file;
  • BIOS files contain multiple BIOS components, such as various FVs (Firmware Volumes), SecureBoot, etc. Calculate the integrity value of each component, that is, calculate the hash value (hash function, or hash value) of each BIOS module;
  • Update the runtime benchmark value library Update the integrity value set calculated in step 2) to the runtime benchmark value library to ensure that the new BIOS can start normally, that is, the benchmark value library module parses and updates the calculated hash value to the runtime benchmark value library;
  • step S104 when the judgment result indicates yes, the baseboard management controller (BMC) outputs a power-on instruction to the in-band management system, so that the basic input and output system (BIOS) runs and sends the measurement chain information.
  • BMC baseboard management controller
  • the first verification module sends the measurement value information to the basic input and output system (BIOS), so that the BIOS generates measurement chain information according to the measurement value information and the integrity information of the components in the in-band management system except the BootBlock of the BIOS.
  • the measurement chain is based on the trusted root and collects the integrity information of each component when the computer is started, such as the BIOS, OpROM (option read-only memory, OptionROM), operating system kernel, etc.
  • the baseboard management controller further includes a control module 140, as shown in FIG2.
  • the verification method in this embodiment also includes: the power state monitoring module records the first moment when the measurement value of the boot program is sent to the basic input and output system (BIOS), and the second moment when the measurement chain information is received; the power state monitoring module determines whether the time difference between the first moment and the second moment is greater than a preset threshold; when the judgment result indicates that it is greater than the preset threshold, the power state monitoring module sends a power-off instruction to the control module, so that the control module performs a power-off operation on the components in the in-band management system except the BootBlock of the BIOS according to the power-off instruction.
  • the Host control module refers to the logic module that controls the in-band power-on in the existing BMC, and the module related to the integrity verification calls the module according to the verification result to implement the power-off operation on the Host.
  • a timer may be provided in the power status monitoring module. By starting the timer for timing, if the measurement chain information sent by the BIOS cannot be obtained within the specified time, it is considered that the BIOS has been maliciously modified. At this time, the control module of the Host may be called to power off the Host.
  • BMC baseboard management controller
  • BIOS basic input and output system
  • the above-mentioned BMC also includes a first trusted root management module 150, as shown in FIG2.
  • the BMC sends the measurement value of the boot program to the BIOS, including: the first trusted root management module exchanges session keys with the BIOS to obtain the first key, and enables the BIOS to obtain the second key; the first trusted root management module uses the second key to encrypt the measurement value information to generate a measurement value ciphertext; the first trusted root management module sends the measurement value ciphertext to the BIOS, so that the BIOS decrypts the measurement value ciphertext according to the second key to obtain the measurement value information.
  • the trusted root management module refers to the key engine using the trusted root to ensure the confidentiality of the data.
  • the BMC uses the cryptographic mechanism of the trusted root to ensure the confidentiality of the data interacting with the BIOS.
  • the key in the trusted root must also be used to protect the confidentiality of the benchmark value library. It is necessary to complete the session key interaction with the BIOS during the BIOS operation phase to ensure the security of subsequent communication data.
  • the confidentiality of the reference value library is ensured by the BMC. Since the BMC has an independent root of trust, the cryptographic engine in the BMC root of trust can be used to ensure the confidentiality of the reference value library.
  • the BMC uses the cryptographic mechanism of the root of trust to ensure the confidentiality of the data interacting with the BIOS. By completing the session key interaction with the BIOS during the BIOS operation phase, the security of subsequent communication data can be ensured.
  • the operation of updating the benchmark value library can be simultaneously added to the logic of flashing the BIOS, and the existing BIOS file verification logic during BIOS update can be reused.
  • the first trusted root management module is the trusted root management module of the BMC, which uses the key engine of the trusted root to ensure the confidentiality of the data.
  • the BMC After the BMC completes the key initialization, it exchanges the session key with the BIOS; if the BMC cannot obtain the session key information on the BIOS side, it waits in a loop to ensure the security of subsequent data interaction.
  • the key in the trusted root can also be used to protect the confidentiality of the reference value library.
  • the baseboard management controller (BMC) verifies the integrity of the components in the in-band management system except the BootBlock of the basic input and output system (BIOS) according to the received metric chain information.
  • the BMC further includes a second verification module 160, as shown in FIG2. If the BMC receives the measurement chain ciphertext encrypted by the BIOS, the first trusted root management module can use the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information; then, the second verification module performs a second integrity verification on the hardware, kernel and other components on the server according to the measurement chain information sent by the BIOS to ensure the security and reliability of the hardware environment in which the operating system runs.
  • the server startup timing diagram based on dual trusted roots in this embodiment is shown in Figure 4.
  • the first trusted root management module is initialized, and the benchmark value library is loaded and decrypted; after the BMC obtains the power signal of the Host, the BootBlock of the BIOS is verified according to the benchmark value library; after the first stage of BIOS verification is passed, the BMC exchanges session keys with the BIOS, and transmits the measurement value ciphertext, and receives the measurement chain information ciphertext transmitted by the BIOS on the BMC side to perform hardware integrity verification.
  • the integrity verification process may include:
  • the BMC power status detection module obtains power-on information. When the server in-band system is powered on, restarted, or performs startup operations such as quick startup, the BMC obtains these signals and immediately performs verification operations;
  • Verify BIOS BootBlock Use the first verification module of BMC to calculate the BootBlock measurement value in the current BIOS Flash, and verify whether the BIOS BootBlock is normal based on the benchmark value library. If the verification fails, power off the Host to ensure the security and reliability of the initial execution logic of the BIOS;
  • BIOS After BMC completes key initialization, it exchanges session keys with BIOS; if BIOS cannot obtain session key information from BMC, it waits in a loop to ensure the security of subsequent data interaction;
  • BMC obtains the integrity baseline values of various hardware, kernel and other components in the baseline value library, and compares them with the obtained measurement chain information. If there is a component with damaged integrity, it will be powered off to ensure the in-band operating system The operating environment is secure and reliable;
  • BMC records the results of each verification.
  • the out-of-band system administrator can directly obtain the integrity information of each component of the in-band system through BMC without logging into the in-band system.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method.
  • the technical solution of the present application, or the part that contributes to the prior art can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), and includes a number of instructions for a terminal device (which can be a mobile phone, computer, server, or network device, etc.) to execute the methods described in each embodiment of the present application.
  • a storage medium such as ROM/RAM, magnetic disk, optical disk
  • a terminal device which can be a mobile phone, computer, server, or network device, etc.
  • FIG. 6 is a flow chart of a server integrity verification method according to an embodiment of the present application. As shown in FIG. 6 , the process includes the following steps:
  • Step S202 when the power state of the in-band management system is the startup state, the basic input and output system in the in-band management system sends a startup signal to the baseboard management controller, so that the baseboard management controller determines whether the initialization data of the basic input and output system is complete, and outputs a power-on instruction when the judgment result indicates yes;
  • Step S204 when the in-band management system receives the power-on instruction, it controls the operation of the basic input/output system and sends the measurement chain information to the baseboard management controller, so that the baseboard management controller verifies the integrity of the components in the in-band management system except the initialization data of the basic input/output system according to the received measurement chain information.
  • the basic input and output system (BIOS) in the in-band management system first sends a startup signal to the baseboard management controller (BMC), so that the BMC determines whether the initialization data of the BIOS is complete, and can verify the integrity of the BootBlock that the BIOS runs first, ensuring the security and reliability of the initial running state of the BIOS; after the BIOS is executed, the measurement chain collected in this startup is sent to the BMC for secondary verification to verify the integrity of other hardware, kernel and other components.
  • BMC baseboard management controller
  • BIOS and other hardware, kernel and other components Only after the integrity verification of the BIOS and other hardware, kernel and other components is completed can the operating system be started, so that the integrity of the BIOS and other components in the in-band management system can be verified in stages, which solves the problem that the BMC cannot obtain the integrity of other components (such as Raid cards, graphics cards, operating system kernels, etc.), and achieves the effect that the BMC can verify the integrity of the BIOS and other components in the server.
  • other components such as Raid cards, graphics cards, operating system kernels, etc.
  • the server can complete the measurement and integrity verification of the initial BIOS running program without relying on a specific CPU architecture.
  • the in-band management system collects the data of the verified components, and the out-of-band management system executes the verification logic, realizing the isolation of verification data and verification logic.
  • the out-of-band manager can directly obtain the integrity information of each component of the server from the BMC without logging into the in-band system.
  • step S202 when the power state of the in-band management system is the startup state, the basic input and output system (BIOS) in the in-band management system sends a startup signal to the baseboard management controller (BMC), so that the BMC determines whether the initialization data of the BIOS is complete, and outputs a power-on instruction when the judgment result indicates yes.
  • BIOS basic input and output system
  • BMC baseboard management controller
  • a control signal sent by a control module in the BMC may be received, where the control signal is used to control the components in the in-band management system except the initialization data of the basic input and output system to be powered off.
  • the power status monitoring module in the BMC can obtain the change of the power status of the in-band management system, so that when the server power status changes to startup, the first stage verification of the BIOS is immediately performed to ensure that the BIOS is the most stable and reliable one.
  • the initial operation logic is safe and reliable.
  • the BIOS BootBlock is verified for the first time through the BMC, the BootBlock measurement value in the current BIOS Flash is calculated, and the BIOS BootBlock is verified according to the benchmark value library. If the verification fails, the host is powered off to ensure the safety and reliability of the initial execution logic of the BIOS.
  • a basic input/output system update request and an updated BIOS file are sent to a baseboard management controller, so that the baseboard management controller parses the BIOS file according to the update request, obtains a set of integrity values corresponding to the update request, and uses the integrity value set to update a baseline value library, wherein the BIOS file includes updated integrity values of multiple basic input/output system components.
  • the in-band management system controls the operation of the basic input and output system (BIOS) and sends measurement chain information to the baseboard management controller (BMC), so that the BMC verifies the integrity of the components in the in-band management system except the BootBlock of the BIOS based on the received measurement chain information.
  • BIOS basic input and output system
  • BMC baseboard management controller
  • the basic input and output system includes a measurement chain module 210, as shown in Figure 2.
  • the verification method in this embodiment also includes: the measurement chain module receives measurement value information sent by the baseboard management controller (BMC), wherein the measurement value information includes the measurement value of the initialization data of the BIOS; the measurement chain module obtains the integrity information of the components in the in-band management system except the boot program (BootBlock) with the initialization data of the BIOS; the measurement chain module generates the measurement chain information according to the measurement value information and the integrity information.
  • BMC baseboard management controller
  • the measurement chain module can reuse the existing BIOS measurement chain technology to collect the integrity information of each component when the BIOS is started and store it in the trusted root.
  • the measurement chain module receives the measurement value information transmitted by the BMC, and generates the measurement chain information according to the measurement value information and the integrity information of the components other than BIOS in the in-band management system.
  • the measurement chain is based on the trusted root and collects the integrity information of each component (such as BIOS, OpROM, operating system kernel, etc.) when the computer is started.
  • BMC baseboard management controller
  • BIOS basic input and output system
  • the above-mentioned BIOS also includes a second trusted root management module 220.
  • the BIOS receives the measurement value information sent by the BMC, including: the second trusted root management module exchanges session keys with the BMC to obtain the second key, and enables the BMC to obtain the first key, wherein the second key is used to encrypt the measurement value information and generate a measurement value ciphertext; the second trusted root management module uses the second key to decrypt the measurement value ciphertext to obtain the measurement value information.
  • the second trusted root management module is the trusted root management module of BIOS, which uses the trusted root key engine to ensure the confidentiality of data.
  • BIOS uses the trusted root cryptographic mechanism to ensure the confidentiality of data interacting with BMC.
  • the above-mentioned basic input and output system further includes an authentication module 230, as shown in Figure 2, sending the measurement chain information to the baseboard management controller (BMC), including: the second trusted root management module uses the first key to encrypt the measurement chain information to obtain the measurement chain ciphertext; the authentication module sends the measurement chain ciphertext to the BMC, so that the BMC uses the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information.
  • BMC baseboard management controller
  • the authentication module is based on the measurement chain built when the BIOS is started. Before the BIOS hands over the control of the server to the next component, the measurement chain information is sent to the BMC, and the BMC verifies the integrity of the hardware, kernel, etc. of the in-band system.
  • the moment when the measurement value information sent by the baseboard management controller is received is recorded as the first moment, and the moment when the measurement chain information is sent to the baseboard management controller is recorded as the second moment.
  • a control signal sent by the control module in the BMC is received, and the control signal is used to control the power-off of components in the in-band management system except for the initialization data of the basic input and output system.
  • the server startup timing diagram based on dual trusted roots in this embodiment is shown in FIG4 .
  • the BIOS After the BMC passes the first-stage verification of the BIOS, it controls the Host to power on and the BootBlock to run; the BIOS initializes the second trusted root management module, exchanges session keys with the BMC, and receives the measurement value ciphertext it passes, then records the BootBlock measurement event, and performs hardware initialization and measurement chain construction.
  • a verification device for a server is provided, which is used to implement the above-mentioned embodiment 1 and the preferred implementation mode thereof, and the description thereof will not be repeated.
  • the term "module” can implement a combination of software and/or hardware of a predetermined function.
  • the device described in the following embodiments is preferably implemented in software, the implementation of hardware, or a combination of software and hardware is also possible and conceivable.
  • FIG. 7 is a structural block diagram of a verification device for a server according to an embodiment of the present application. As shown in FIG. 7 , the device includes:
  • the judgment module 302 is used to use the baseboard management controller to judge whether the initialization data of the basic input and output system in the in-band management system is complete when the power state of the in-band management system is in the startup state, and obtain a judgment result;
  • the output module 304 is used to output a power-on instruction to the in-band management system using the baseboard management controller when the judgment result indicates yes, so that the basic input and output system runs and sends the measurement chain information;
  • the verification module 306 is used to verify the integrity of components in the in-band management system except the initialization data of the basic input and output system according to the received measurement chain information using the baseboard management controller.
  • judgment module 302, output module 304 and verification module 306 can correspond to steps S102 to S106 in Example 1, and the instances and application scenarios implemented by multiple modules and corresponding steps are the same, but are not limited to the contents disclosed in the above-mentioned Example 1.
  • the judgment module 302 is used to judge whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, so that the integrity of the BootBlock first run by the BIOS can be verified, ensuring the safety and reliability of the initial running state of the BIOS; after the BIOS is executed, the BMC receives the measurement chain collected during this startup transmitted by the BIOS, and performs secondary verification through the verification module 306 to verify the integrity of other hardware, kernel and other components.
  • BIOS basic input and output system
  • the baseboard management controller includes a power status monitoring module 110, as shown in FIG2 , and the power status monitoring module is used to detect the power status of the in-band management system, wherein the power status includes: startup status, running status, and power-off status.
  • the baseboard management controller includes a first verification module 120, as shown in FIG. 2 , the first verification module is used to calculate the measurement value of the initialization data of the BIOS to obtain the measurement value information.
  • the boot program with the above-mentioned initialization data is the first program loaded and run in the BIOS firmware, which is used for the initial initialization operation and is the first program executed after the Host is powered on; the first verification module is also used to determine whether the measurement value information is complete based on the benchmark value library to obtain a judgment result, wherein the benchmark value library includes the integrity values of multiple BIOS components corresponding to the BIOS.
  • the baseboard management controller further includes a baseline value management module 130, as shown in FIG2 , wherein the baseline value management module is used to obtain a basic input output system (BIOS) update request and an updated BIOS file, wherein the BIOS file includes updated integrity values of multiple BIOS components; the baseline value management module is also used to parse the BIOS file according to the update request to obtain a set of integrity values corresponding to the update request; the baseline value management module is also used to update the baseline value library using the integrity value set.
  • BIOS basic input output system
  • the first verification module is further used to send the measurement value information to the basic input and output system (BIOS), so that the BIOS generates measurement chain information based on the measurement value information and the integrity information of the components other than the BootBlock of the BIOS in the in-band management system.
  • the measurement chain is based on the trusted root and collects the integrity information of each component (such as BIOS, OpROM, operating system kernel, etc.) when the computer is started.
  • the baseboard management controller further includes a control module 140, as shown in FIG2 , the power status monitoring module is also used to record the first moment when the measurement value of the boot program is sent to the basic input and output system (BIOS), and the second moment when the measurement chain information is received; the power status monitoring module is used to determine whether the time difference between the first moment and the second moment is greater than a preset threshold; when the judgment result indicates that it is greater than the preset threshold, the power status monitoring module sends a power-off instruction to the control module, so that the control module performs a power-off operation on the components in the in-band management system except the BootBlock of the BIOS according to the power-off instruction.
  • the Host control module refers to the logic module that controls the in-band power-on in the existing BMC, and the module related to the integrity verification calls the module according to the verification result to implement the power-off operation on the Host.
  • the above-mentioned BMC also includes a first trusted root management module 150, as shown in FIG2, the first trusted root management module is used to exchange session keys with the BIOS, obtain a first key, and enable the BIOS to obtain a second key; the first trusted root management module is also used to encrypt the measurement value information using the second key to generate a measurement value ciphertext; the first trusted root management module is also used to send the measurement value ciphertext to the BIOS, so that the BIOS decrypts the measurement value ciphertext according to the second key to obtain the measurement value information.
  • the trusted root management module refers to the key engine using the trusted root to ensure the confidentiality of the data.
  • the BMC uses the cryptographic mechanism of the trusted root to ensure the confidentiality of the data interacting with the BIOS.
  • the key in the trusted root is also used to protect the confidentiality of the benchmark value library. It is necessary to complete the session key interaction with the BIOS during the BIOS operation phase to ensure the security of subsequent communication data.
  • the BMC further includes a second verification module 160.
  • the first trusted root management module is further configured to decrypt the measurement chain ciphertext using the first key to obtain measurement chain information.
  • the second verification module is configured to perform a second integrity verification on hardware, kernel and other components on the server according to the measurement chain information sent by the BIOS to ensure the security and reliability of the hardware environment in which the operating system runs.
  • the BMC may further include an integrity information maintenance module 170, as shown in FIG. 2, for maintaining the integrity verification result.
  • the out-of-band manager may call the module to obtain the integrity verification result.
  • the above modules can be implemented by software or hardware. For the latter, it can be implemented in the following ways, but not limited to: the above modules are all located in the same processor; or the above modules are implemented in any way. The combined forms are located in different processors.
  • module can implement a combination of software and/or hardware of a predetermined function.
  • the device described in the following embodiments is preferably implemented in software, the implementation of hardware, or a combination of software and hardware is also possible and conceived.
  • FIG8 is a structural block diagram of a verification device for a server according to an embodiment of the present application. As shown in FIG8 , the device includes:
  • the first sending module 402 is used for sending a startup signal to a baseboard management controller using a basic input/output system in the in-band management system when the power state of the in-band management system is the startup state, so that the baseboard management controller determines whether the initialization data of the basic input/output system is complete, and outputs a power-on instruction when the judgment result indicates yes;
  • the second sending module 404 is used to control the operation of the basic input and output system when the in-band management system receives a power-on instruction, and send measurement chain information to the baseboard management controller, so that the baseboard management controller verifies the integrity of the components in the in-band management system except the initialization data of the basic input and output system according to the received measurement chain information.
  • judgment module 402 and output module 404 can correspond to steps S202 to S206 in Example 2, and the instances and application scenarios implemented by multiple modules and corresponding steps are the same, but are not limited to the contents disclosed in the above-mentioned Example 2.
  • a startup signal is first sent to a baseboard management controller (BMC) through the first sending module 402, so that the BMC determines whether the initialization data of the BIOS is complete, and can verify the integrity of the BootBlock that the BIOS runs first, ensuring the safety and reliability of the initial running state of the BIOS; after the BIOS is executed, the measurement chain collected in this startup is sent to the BMC through the second sending module 404 for secondary verification to verify the integrity of other hardware, kernel and other components.
  • BMC baseboard management controller
  • the above-mentioned basic input and output system includes a measurement chain module 210, as shown in Figure 2, the measurement chain module is used to receive measurement value information sent by a baseboard management controller (BMC), wherein the measurement value information includes the measurement value of the initialization data of the BIOS; the measurement chain module is also used to obtain the integrity information of components in the in-band management system except the boot program (BootBlock) with initialization data of the BIOS; the measurement chain module is also used to generate measurement chain information based on the measurement value information and the integrity information.
  • BMC baseboard management controller
  • BMC baseboard management controller
  • BIOS basic input and output system
  • the above-mentioned BIOS also includes a second trusted root management module 220, as shown in Figure 2, the second trusted root management module is used to exchange session keys with the BMC to obtain a second key, and enable the BMC to obtain a first key, wherein the second key is used to encrypt the measurement value information and generate a measurement value ciphertext; the second trusted root management module is also used to use the second key to decrypt the measurement value ciphertext to obtain the measurement value information.
  • the second trusted root management module is used to exchange session keys with the BMC to obtain a second key, and enable the BMC to obtain a first key, wherein the second key is used to encrypt the measurement value information and generate a measurement value ciphertext; the second trusted root management module is also used to use the second key to decrypt the measurement value ciphertext to obtain the measurement value information.
  • the above-mentioned basic input and output system also includes an authentication module 230.
  • the second trusted root management module is also used to encrypt the measurement chain information using the first key to obtain the measurement chain ciphertext;
  • the authentication module is used to send the measurement chain ciphertext to the BMC, so that the baseboard management controller uses the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information.
  • the Host trusted root module of the in-band management system includes a key engine and an integrity engine.
  • inventions of the present application further provide a non-volatile readable storage medium, in which a computer program is stored, wherein the computer program is configured to execute the steps of any of the above method embodiments when running.
  • the above-mentioned non-volatile readable storage medium may include, but is not limited to: a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk or an optical disk, and other media that can store computer programs.
  • inventions of the present application further provide an electronic device, including a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
  • the electronic device may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
  • modules or steps of the present application can be implemented by a general computing device, they can be concentrated on a single computing device, or distributed on a network composed of multiple computing devices, they can be implemented by a program code executable by a computing device, so that they can be stored in a storage device and executed by the computing device, and in some cases, the steps shown or described can be executed in a different order from that herein, or they can be made into individual integrated circuit modules, or multiple modules or steps therein can be made into a single integrated circuit module for implementation.
  • the present application is not limited to any specific combination of hardware and software.

Abstract

A verification method and apparatus for a server. The method comprises: in the situation in which a power supply of an in-band management system is on, determining whether initialization data of a basic input/output system in the in-band management system is complete or not, and obtaining a determination result; if the determination result indicates yes, outputting a power-on command to the in-band management system, so that the basic input/output system operates and sends measurement chain information; and, according to received measurement chain information, verifying the integrity of components except for the initialization data of the basic input/output system in the in-band management system. By using the described method, the problem that a substrate management controller cannot acquire the integrity of other components is solved, thus the substrate management controller can verify the integrity of board cards and components in a basic input/output system and a server.

Description

用于服务器的验证方法及装置Authentication method and device for server
相关申请的交叉引用CROSS-REFERENCE TO RELATED APPLICATIONS
本申请要求于2022年12月19日提交中国专利局,申请号为202211634914.4,申请名称为“用于服务器的验证方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to a Chinese patent application filed with the China Patent Office on December 19, 2022, with application number 202211634914.4 and application name “Authentication Method and Device for Server”, all contents of which are incorporated by reference in this application.
技术领域Technical Field
本申请实施例涉及服务器安全领域,具体而言,涉及一种用于服务器的验证方法、验证装置、非易失性可读存储介质以及电子设备。Embodiments of the present application relate to the field of server security, and in particular, to a verification method, a verification device, a non-volatile readable storage medium, and an electronic device for a server.
背景技术Background technique
随着云计算和大数据的兴起,服务器承载越来越多的计算力。服务器作为数据中心的基本单元,其上运行着业务系统、用户数据等重要信息,一旦服务器硬件被恶意篡改,服务器中的信息也将面临被篡改、窃取的风险。With the rise of cloud computing and big data, servers are carrying more and more computing power. As the basic unit of the data center, servers run important information such as business systems and user data. Once the server hardware is maliciously tampered with, the information in the server will also face the risk of being tampered with and stolen.
可信根是一种被动调用的安全硬件,需要固件的调用才能完成完整性采集、完整性验证的操作,因此,需要确保最初使用可信根的代码安全才可确保后续操作可信根行为的安全可信。目前,针对服务器第一段运行代码的检测依赖特定CPU(中央处理器,Central Processing Unit)功能(比如Intel PFR技术或Intel TXT技术),这些技术无法兼容所有的处理器;或者使用基板管理控制器(Baseboard Management Controller,BMC)验证基本输入输出系统(Basic Input Output System,BIOS)的技术,但BMC验证BIOS的技术只在加载BIOS固件时有效,且只能验证BIOS固件本身,并不能获取其他组件的完整性,上述组件如Raid(独立冗余磁盘阵列,Redundant Arrays of Independent Disks)卡、显卡、操作系统内核等。The root of trust is a passively called security hardware that requires the call of firmware to complete the integrity collection and integrity verification operations. Therefore, it is necessary to ensure the security of the code that initially uses the root of trust in order to ensure the security and trustworthiness of the subsequent root of trust behavior. At present, the detection of the first section of running code on the server relies on specific CPU (Central Processing Unit) functions (such as Intel PFR technology or Intel TXT technology), which are not compatible with all processors; or use the baseboard management controller (Baseboard Management Controller, BMC) to verify the Basic Input Output System (Basic Input Output System, BIOS) technology, but the BMC verification of BIOS technology is only valid when loading the BIOS firmware, and can only verify the BIOS firmware itself, and cannot obtain the integrity of other components, such as Raid (Redundant Arrays of Independent Disks) cards, graphics cards, operating system kernels, etc.
基于此,如何验证服务器中除BIOS固件之外组件的完整性,确保操作系统运行时硬件环境的安全可信,是目前亟需解决的技术问题。Based on this, how to verify the integrity of components in the server other than the BIOS firmware and ensure the security and reliability of the hardware environment when the operating system is running is a technical problem that urgently needs to be solved.
发明内容Summary of the invention
本申请实施例提供了一种用于服务器的验证方法、验证装置、非易失性可读存储介质以及电子设备,以至少解决相关技术中无法验证服务器中除BIOS固件之外组件的完整性的问题。The embodiments of the present application provide a verification method, a verification device, a non-volatile readable storage medium, and an electronic device for a server, so as to at least solve the problem in the related art that the integrity of components other than BIOS firmware in the server cannot be verified.
根据本申请的一个实施例,提供了一种用于服务器的验证方法,该验证方法应用于基板管理控制器,服务器包括带内管理系统,上述验证方法包括:在带内管理系统的电源状态为启动状态的情况下,判断带内管理系统中基本输入输出系统的初始化数据是否完整,得到判断结果;在判断结果指示为带内管理系统中基本输入输出系统的初始化数据完整的情况下,输出上电指令至带内管理系统,使得基本输入输出系统运行,并发送度量链信息; 根据接收的度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性。According to an embodiment of the present application, a verification method for a server is provided, the verification method is applied to a baseboard management controller, the server includes an in-band management system, the verification method includes: when the power state of the in-band management system is a startup state, judging whether the initialization data of the basic input/output system in the in-band management system is complete, and obtaining a judgment result; when the judgment result indicates that the initialization data of the basic input/output system in the in-band management system is complete, outputting a power-on instruction to the in-band management system, so that the basic input/output system runs, and sending measurement chain information; Based on the received metric chain information, the integrity of components in the in-band management system except for the initialization data of the basic input and output system is verified.
在一个示例性实施例中,验证方法还包括:在判断带内管理系统中基本输入输出系统的初始化数据是否完整之前,检测带内管理系统的电源状态,其中,电源状态包括:启动状态,运行状态,以及断电状态。In an exemplary embodiment, the verification method further includes: before determining whether the initialization data of the basic input and output system in the in-band management system is complete, detecting the power state of the in-band management system, wherein the power state includes: startup state, running state, and power-off state.
在一个示例性实施例中,判断带内管理系统中基本输入输出系统的初始化数据是否完整,得到判断结果,包括:计算基本输入输出系统的初始化数据的度量值,得到度量值信息;根据基准值库,判断度量值信息是否完整,得到判断结果,其中,基准值库包括与基本输入输出系统对应的多个基本输入输出系统组件的完整性值。In an exemplary embodiment, determining whether initialization data of a basic input/output system in an in-band management system is complete to obtain a determination result includes: calculating a measurement value of the initialization data of the basic input/output system to obtain measurement value information; and determining whether the measurement value information is complete based on a reference value library to obtain a determination result, wherein the reference value library includes integrity values of multiple basic input/output system components corresponding to the basic input/output system.
在一个示例性实施例中,验证方法还包括:获取基本输入输出系统的更新请求和更新的BIOS文件,其中,BIOS文件包括多个基本输入输出系统组件的更新的完整性值;根据更新请求解析BIOS文件,得到与更新请求对应的完整性值集合;采用完整性值集合,更新基准值库。In an exemplary embodiment, the verification method also includes: obtaining a basic input/output system update request and an updated BIOS file, wherein the BIOS file includes updated integrity values of multiple basic input/output system components; parsing the BIOS file according to the update request to obtain a set of integrity values corresponding to the update request; and using the integrity value set to update a baseline value library.
在一个示例性实施例中,上述验证方法还包括:在判断结果指示为带内管理系统中基本输入输出系统的初始化数据不完整的情况下,对带内管理系统中除基本输入输出系统的初始化数据之外的组件执行断电操作。In an exemplary embodiment, the verification method further includes: when the judgment result indicates that the initialization data of the BIOS in the in-band management system is incomplete, powering off components in the in-band management system except the initialization data of the BIOS.
在一个示例性实施例中,上述验证方法还包括:发送度量值信息至基本输入输出系统,使得基本输入输出系统根据度量值信息以及带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性信息,生成度量链信息。In an exemplary embodiment, the verification method further includes: sending measurement value information to a basic input/output system, so that the basic input/output system generates measurement chain information according to the measurement value information and integrity information of components in the in-band management system except for the initialization data of the basic input/output system.
在一个示例性实施例中,发送度量值信息至基本输入输出系统,包括:与基本输入输出系统交换会话密钥,得到第一密钥,并使得基本输入输出系统得到第二密钥;采用第二密钥将度量值信息加密,生成度量值密文;将度量值密文发送至基本输入输出系统,使得基本输入输出系统根据第二密钥,将度量值密文解密,得到度量值信息。In an exemplary embodiment, sending measurement value information to a basic input/output system includes: exchanging a session key with the basic input/output system to obtain a first key, and allowing the basic input/output system to obtain a second key; encrypting the measurement value information using the second key to generate a measurement value ciphertext; sending the measurement value ciphertext to the basic input/output system, so that the basic input/output system decrypts the measurement value ciphertext according to the second key to obtain the measurement value information.
在一个示例性实施例中,上述验证方法还包括:在根据度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性之前,采用第一密钥将度量链密文解密,得到度量链信息,其中,基本输入输出系统根据度量值信息以及带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性信息,得到度量链密文。In an exemplary embodiment, the above-mentioned verification method also includes: before verifying the integrity of components other than the initialization data of the basic input/output system in the in-band management system according to the measurement chain information, using the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information, wherein the basic input/output system obtains the measurement chain ciphertext according to the measurement value information and the integrity information of the components other than the initialization data of the basic input/output system in the in-band management system.
在一个示例性实施例中,验证方法还包括:记录将度量值信息发送至基本输入输出系统的第一时刻,以及接收到度量链信息的第二时刻;判断第一时刻与第二时刻的时差是否大于预设阈值;在判断结果指示第一时刻与第二时刻的时差大于预设阈值的情况下,对带内管理系统中除基本输入输出系统的初始化数据之外的组件执行断电操作。In an exemplary embodiment, the verification method also includes: recording a first moment when the measurement value information is sent to a basic input/output system, and a second moment when the measurement chain information is received; determining whether a time difference between the first moment and the second moment is greater than a preset threshold; and when the determination result indicates that the time difference between the first moment and the second moment is greater than the preset threshold, performing a power-off operation on components in the in-band management system except for the initialization data of the basic input/output system.
根据本申请的另一个实施例,提供了另一种用于服务器的验证方法,上述服务器包括带内管理系统,该验证方法应用于带内管理系统中的基本输入输出系统,上述验证方法包括:在带内管理系统的电源状态为启动状态的情况下,发送启动信号至基板管理控制器,使得基板管理控制器判断基本输入输出系统的初始化数据是否完整,并在判断结果指示为基本输入输出系统的初始化数据完整的情况下输出上电指令;在接收到上电指令的情况下,控制基本输入输出系统运行,并发送度量链信息至基板管理控制器,使得基板管理控制器根据接收的度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组 件的完整性。According to another embodiment of the present application, another verification method for a server is provided, the server includes an in-band management system, the verification method is applied to a basic input/output system in the in-band management system, the verification method includes: when the power state of the in-band management system is a startup state, sending a startup signal to a baseboard management controller, so that the baseboard management controller determines whether the initialization data of the basic input/output system is complete, and outputs a power-on instruction when the judgment result indicates that the initialization data of the basic input/output system is complete; when the power-on instruction is received, controlling the basic input/output system to run, and sending measurement chain information to the baseboard management controller, so that the baseboard management controller verifies the components in the in-band management system except the initialization data of the basic input/output system according to the received measurement chain information. The integrity of the parts.
在一个示例性实施例中,上述验证方法还包括:在判断结果指示为基本输入输出系统的初始化数据不完整的情况下,接收基板管理控制器发送的控制信号,控制信号用于控制带内管理系统中除基本输入输出系统的初始化数据之外的组件断电。In an exemplary embodiment, the verification method further includes: when the judgment result indicates that the initialization data of the basic input/output system is incomplete, receiving a control signal sent by the baseboard management controller, the control signal being used to control power-off of components in the in-band management system except for the initialization data of the basic input/output system.
在一个示例性实施例中,上述验证方法还包括:发送基本输入输出系统的更新请求和更新的BIOS文件至基板管理控制器,使得基板管理控制器根据更新请求解析BIOS文件,得到与更新请求对应的完整性值集合,并采用完整性值集合,更新基准值库,其中,BIOS文件包括多个基本输入输出系统组件的更新的完整性值。In an exemplary embodiment, the above-mentioned verification method also includes: sending a basic input/output system update request and an updated BIOS file to a baseboard management controller, so that the baseboard management controller parses the BIOS file according to the update request, obtains a set of integrity values corresponding to the update request, and uses the integrity value set to update the baseline value library, wherein the BIOS file includes updated integrity values of multiple basic input/output system components.
在一个示例性实施例中,验证方法还包括:接收基板管理控制器发送的度量值信息,其中,度量值信息包括基本输入输出系统的初始化数据的度量值;获取带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性信息;根据度量值信息和完整性信息,生成度量链信息。In an exemplary embodiment, the verification method also includes: receiving measurement value information sent by a baseboard management controller, wherein the measurement value information includes the measurement value of the initialization data of the basic input and output system; obtaining the integrity information of the components in the in-band management system except the initialization data of the basic input and output system; and generating measurement chain information based on the measurement value information and the integrity information.
在一个示例性实施例中,接收基板管理控制器发送的度量值信息,包括:与基板管理控制器交换会话密钥,得到第二密钥,并使得基板管理控制器得到第一密钥,其中,第二密钥用于将度量值信息加密,生成度量值密文;采用第二密钥将度量值密文解密,得到度量值信息。In an exemplary embodiment, receiving measurement value information sent by a baseboard management controller includes: exchanging a session key with the baseboard management controller to obtain a second key, and allowing the baseboard management controller to obtain a first key, wherein the second key is used to encrypt the measurement value information to generate a measurement value ciphertext; and using the second key to decrypt the measurement value ciphertext to obtain the measurement value information.
在一个示例性实施例中,发送度量链信息至基板管理控制器,包括:采用第一密钥将度量链信息加密,得到度量链密文;将度量链密文发送至基板管理控制器,使得基板管理控制器采用第一密钥将度量链密文解密,得到度量链信息。In an exemplary embodiment, sending measurement chain information to a baseboard management controller includes: encrypting the measurement chain information using a first key to obtain a measurement chain ciphertext; sending the measurement chain ciphertext to the baseboard management controller, so that the baseboard management controller decrypts the measurement chain ciphertext using the first key to obtain the measurement chain information.
在一个示例性实施例中,上述验证方法还包括:在第一时刻与第二时刻的时差大于预设阈值的情况下,接收基板管理控制器发送的控制信号,其中,第一时刻为接收到基板管理控制器发送的度量值信息的时刻,第二时刻为发送度量链信息至基板管理控制器的时刻,控制信号用于控制带内管理系统中除基本输入输出系统的初始化数据之外的组件断电。In an exemplary embodiment, the verification method further includes: receiving a control signal sent by a baseboard management controller when a time difference between a first moment and a second moment is greater than a preset threshold, wherein the first moment is a moment when measurement value information sent by the baseboard management controller is received, and the second moment is a moment when measurement chain information is sent to the baseboard management controller, and the control signal is used to control the power-off of components in the in-band management system except for the initialization data of the basic input and output system.
根据本申请的另一个实施例,提供了一种用于服务器的验证装置,该验证装置应用于基板管理控制器,该服务器包括带内管理系统,该验证装置包括:判断模块,用于在带内管理系统的电源状态为启动状态的情况下,判断带内管理系统中基本输入输出系统的初始化数据是否完整,得到判断结果;输出模块,用于在判断结果指示为带内管理系统中基本输入输出系统的初始化数据完整的情况下,输出上电指令至带内管理系统,使得基本输入输出系统运行,并发送度量链信息;验证模块,用于根据接收的度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性。According to another embodiment of the present application, a verification device for a server is provided, the verification device is applied to a baseboard management controller, the server includes an in-band management system, the verification device includes: a judgment module, which is used to judge whether the initialization data of the basic input-output system in the in-band management system is complete when the power state of the in-band management system is the startup state, and obtain a judgment result; an output module, which is used to output a power-on instruction to the in-band management system when the judgment result indicates that the initialization data of the basic input-output system in the in-band management system is complete, so that the basic input-output system runs and sends measurement chain information; a verification module, which is used to verify the integrity of components in the in-band management system except the initialization data of the basic input-output system according to the received measurement chain information.
根据本申请的另一个实施例,提供了另一种用于服务器的验证装置,该验证装置应用于带内管理系统中的基本输入输出系统,该服务器包括带内管理系统,该验证装置包括:第一发送模块,在带内管理系统的电源状态为启动状态的情况下,用于发送启动信号至基板管理控制器,使得基板管理控制器判断基本输入输出系统的初始化数据是否完整,并在判断结果指示为基本输入输出系统的初始化数据完整的情况下输出上电指令;第二发送模块,用于在接收到上电指令的情况下,控制基本输入输出系统运行,并发送度量链信息至基板管理控制器,使得基板管理控制器根据接收的度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性。 According to another embodiment of the present application, another verification device for a server is provided, which is applied to a basic input/output system in an in-band management system. The server includes the in-band management system, and the verification device includes: a first sending module, which is used to send a startup signal to a baseboard management controller when the power state of the in-band management system is a startup state, so that the baseboard management controller determines whether the initialization data of the basic input/output system is complete, and outputs a power-on instruction when the judgment result indicates that the initialization data of the basic input/output system is complete; a second sending module, which is used to control the operation of the basic input/output system when the power-on instruction is received, and send measurement chain information to the baseboard management controller, so that the baseboard management controller verifies the integrity of components in the in-band management system except the initialization data of the basic input/output system according to the received measurement chain information.
根据本申请的又一个实施例,还提供了一种非易失性可读存储介质,非易失性可读存储介质中存储有计算机程序,其中,计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。According to another embodiment of the present application, a non-volatile readable storage medium is provided, in which a computer program is stored, wherein the computer program is configured to execute the steps of any of the above method embodiments when running.
根据本申请的又一个实施例,还提供了一种电子设备,包括存储器和处理器,存储器中存储有计算机程序,处理器被设置为运行计算机程序以执行上述任一项方法实施例中的步骤。According to another embodiment of the present application, an electronic device is provided, including a memory and a processor, wherein a computer program is stored in the memory, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
通过本申请,在加载BIOS前,先通过基板管理控制器(BMC)判断带内管理系统中基本输入输出系统(BIOS)的初始化数据是否完整,可以验证BIOS最先运行的BootBlock(基本输入输出系统中的引导块,包含有用于引导的最小指令集)的完整性,确保BIOS最初运行状态的安全可信;在BIOS执行完毕后,由BMC接收BIOS传递的本次启动收集的度量链,并进行二次验证,验证其他硬件、内核等组件的完整性,只有当完成对BIOS及其他硬件、内核等组件的完整性验证后才能启动操作系统,从而可以通过BMC分阶段验证BIOS及带内管理系统中其他组件的完整性,且带外管理者可以直接通过BMC获取硬件、内核等组件的完整性状态,而不必进入带内管理系统,解决了BMC不能获取其他组件(比如Raid卡、显卡、操作系统内核等)的完整性的问题,达到BMC可以验证BIOS及服务器中其它组件的完整性的效果。Through the present application, before loading BIOS, the baseboard management controller (BMC) is first used to determine whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, so that the integrity of the BootBlock (the boot block in the basic input and output system, which contains the minimum instruction set for booting) first run by the BIOS can be verified, thereby ensuring the security and reliability of the initial running state of the BIOS; after the BIOS is executed, the BMC receives the measurement chain collected during this startup and transmitted by the BIOS, and performs secondary verification to verify the integrity of other hardware, kernel and other components. Only after the integrity verification of the BIOS and other hardware, kernel and other components is completed can the operating system be started, so that the integrity of the BIOS and other components in the in-band management system can be verified in stages through the BMC, and the out-of-band manager can directly obtain the integrity status of the hardware, kernel and other components through the BMC without entering the in-band management system, thereby solving the problem that the BMC cannot obtain the integrity of other components (such as Raid cards, graphics cards, operating system kernels, etc.), and achieving the effect that the BMC can verify the integrity of the BIOS and other components in the server.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是根据本申请实施例的一种用于服务器的完整性验证方法的流程图;FIG1 is a flow chart of a method for verifying integrity of a server according to an embodiment of the present application;
图2是根据本申请实施例的一种用于服务器的完整性验证方法中采用的系统结构框图;FIG2 is a system structure block diagram of a method for verifying the integrity of a server according to an embodiment of the present application;
图3是根据本申请实施例的一种用于服务器的完整性验证方法中基准值的更新流程图;3 is a flowchart of updating a reference value in a method for verifying integrity of a server according to an embodiment of the present application;
图4是根据本申请实施例的一种用于服务器的完整性验证方法的启动时序图;FIG4 is a startup timing diagram of a method for verifying integrity of a server according to an embodiment of the present application;
图5是根据本申请实施例的一种完整性验证方法的完整流程示意图;FIG5 is a schematic diagram of a complete process of an integrity verification method according to an embodiment of the present application;
图6是根据本申请实施例的另一种用于服务器的完整性验证方法的流程图;FIG6 is a flow chart of another integrity verification method for a server according to an embodiment of the present application;
图7是根据本申请实施例的一种用于服务器的完整性验证装置的结构框图;7 is a structural block diagram of an integrity verification device for a server according to an embodiment of the present application;
图8是根据本申请实施例的另一种用于服务器的完整性验证装置的结构框图。FIG8 is a structural block diagram of another integrity verification device for a server according to an embodiment of the present application.
具体实施方式Detailed ways
下文中将参考附图并结合实施例来详细说明本申请的实施例。The embodiments of the present application will be described in detail below with reference to the accompanying drawings and in combination with the embodiments.
需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It should be noted that the terms "first", "second", etc. in the specification and claims of this application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence.
为了便于描述,以下对本申请实施例涉及的部分名词或术语进行说明:For the convenience of description, some nouns or terms involved in the embodiments of the present application are explained below:
可信根:根据相关规范提供可信服务的安全设备,当前发布的可信根规范的有TPM(Trusted Platform Module,可信平台模块)、TCM(Trusted Cryptography Module,可信密码模块)。Trusted root: A security device that provides trusted services according to relevant specifications. The currently released trusted root specifications include TPM (Trusted Platform Module) and TCM (Trusted Cryptography Module).
基板管理控制器(Baseboard Management Controller,BMC):一种独立于服务器计算 单元的管理单元,通过硬件总线与服务器计算单元连接,用于监控计算机的硬件状态、运行状态等。Baseboard Management Controller (BMC): A controller that is independent of the server computing The management unit of the unit is connected to the server computing unit through a hardware bus and is used to monitor the hardware status, operating status, etc. of the computer.
基本输入输出系统(Basic Input Output System,BIOS):固化在存储芯片中的程序,计算机计算单元最先执行的代码,一般用于完成计算机硬件初始化、硬件自检、为操作系统提供硬件管理接口等功能。Basic Input Output System (BIOS): A program solidified in the memory chip, the first code executed by the computer's computing unit, generally used to complete computer hardware initialization, hardware self-test, and provide a hardware management interface for the operating system.
带内管理系统(in-bind system):使用统一物理通道传输管理控制信息与数据信息的系统。在服务器领域,带内管理操作指在服务器计算单元内部管理各个硬件单元。In-band management system: A system that uses a unified physical channel to transmit management control information and data information. In the server field, in-band management operations refer to the management of various hardware units within the server computing unit.
带外管理系统(out-of-bind management system):通过不同的物理通道传送管理控制信息和数据信息,两者完全独立,互不影响。在在服务器领域,带外管理操作指通过BMC提供的网路服务管理服务器上的各个硬件单元。Out-of-bind management system: Management control information and data information are transmitted through different physical channels. The two are completely independent and do not affect each other. In the server field, out-of-band management operations refer to managing various hardware units on the server through the network services provided by BMC.
管理单元与计算单元:管理单元用于监管控制计算机上各个硬件的状态,服务器领域,管理单元指BMC系统。计算单元指操作系统运行时依赖的CPU、内存、存储及其他硬件,一般也称为Host端。管理单元和计算单元相互独立运行,只通过有限的硬件总线传输管理信息。为减少歧义,本案中,BMC、管理单元、带外管理为相同概念,指通过BMC监控服务器上的各个硬件;Host、计算单元、带内管理为相同概念,指CPU、内存、存储等硬件通过物理链路传输信息。Management unit and computing unit: The management unit is used to monitor and control the status of various hardware on the computer. In the server field, the management unit refers to the BMC system. The computing unit refers to the CPU, memory, storage and other hardware that the operating system relies on when running, and is generally also called the Host side. The management unit and the computing unit operate independently of each other and only transmit management information through a limited hardware bus. To reduce ambiguity, in this case, BMC, management unit, and out-of-band management are the same concept, which refers to monitoring various hardware on the server through BMC; Host, computing unit, and in-band management are the same concept, which refers to the CPU, memory, storage and other hardware transmitting information through physical links.
BootBlock:固件卷的一种,包含了BIOS固件中最先被加载运行的程序,用于最初的初始化操作,是Host上电后最先执行的程序。BootBlock: A type of firmware volume that contains the first program loaded and run in the BIOS firmware. It is used for initialization operations and is the first program executed after the host is powered on.
实施例1Example 1
在本实施例中提供了一种服务器完整性验证方法,图1是根据本申请实施例的用于服务器的完整性验证方法的流程图,如图1所示,该流程包括如下步骤:In this embodiment, a server integrity verification method is provided. FIG. 1 is a flow chart of a server integrity verification method according to an embodiment of the present application. As shown in FIG. 1 , the process includes the following steps:
步骤S102,在带内管理系统的电源状态为启动状态的情况下,基板管理控制器判断带内管理系统中基本输入输出系统的初始化数据是否完整,得到判断结果;Step S102, when the power state of the in-band management system is the startup state, the baseboard management controller determines whether the initialization data of the basic input and output system in the in-band management system is complete, and obtains a determination result;
步骤S104,在判断结果指示为是的情况下,基板管理控制器输出上电指令至带内管理系统,以使得基本输入输出系统运行,并发送度量链信息;Step S104, when the judgment result indicates yes, the baseboard management controller outputs a power-on instruction to the in-band management system to enable the basic input and output system to run and send the measurement chain information;
步骤S106,基板管理控制器根据接收的度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性。Step S106 : The baseboard management controller verifies the integrity of components in the in-band management system except the initialization data of the basic input and output system according to the received metric chain information.
通过上述步骤,在加载BIOS前,先通过基板管理控制器(BMC)判断带内管理系统中基本输入输出系统(BIOS)的初始化数据是否完整,可以验证BIOS最先运行的BootBlock的完整性,确保BIOS最初运行状态的安全可信;在BIOS执行完毕后,由BMC接收BIOS传递的本次启动收集的度量链,并进行二次验证,验证其他硬件、内核等组件的完整性,只有当完成对BIOS及其他硬件、内核等组件的完整性验证后才能启动操作系统,从而可以通过BMC分阶段验证BIOS及带内管理系统中其他组件的完整性,解决了BMC不能获取其他组件(比如Raid卡、显卡、操作系统内核等)的完整性的问题,达到BMC可以验证BIOS及服务器中其它组件的完整性的效果。Through the above steps, before loading the BIOS, the baseboard management controller (BMC) is first used to determine whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, so that the integrity of the BootBlock first run by the BIOS can be verified, ensuring the security and reliability of the initial running state of the BIOS; after the BIOS is executed, the BMC receives the measurement chain collected during this startup and transmitted by the BIOS, and performs secondary verification to verify the integrity of other hardware, kernel and other components. Only after the integrity verification of the BIOS and other hardware, kernel and other components is completed can the operating system be started, so that the integrity of the BIOS and other components in the in-band management system can be verified in stages through the BMC, solving the problem that the BMC cannot obtain the integrity of other components (such as Raid cards, graphics cards, operating system kernels, etc.), and achieving the effect that the BMC can verify the integrity of the BIOS and other components in the server.
并且,通过上述步骤,使得服务器可以不依赖特定CPU架构完成对BIOS最初运行程序的度量及完整性验证。带内管理系统采集被验证组件的数据,带外管理系统执行验证逻 辑,实现了验证数据与验证逻辑的隔离。带外管理者可以直接在BMC获取服务器各组件的完整性信息,而无需在登录带内系统。Furthermore, through the above steps, the server can complete the measurement and integrity verification of the BIOS initial running program without relying on a specific CPU architecture. The in-band management system collects data from the verified component, and the out-of-band management system executes the verification logic. The out-of-band manager can directly obtain the integrity information of each server component from the BMC without logging into the in-band system.
在上述步骤S102中,在带内管理系统的电源状态为启动状态的情况下,基板管理控制器(BMC)判断带内管理系统中基本输入输出系统(BIOS)的初始化数据是否完整,得到判断结果。即当服务器电源状态改变为启动时(开机、重启、快速启动等操作),立即执行对BIOS的第一阶段验证。In the above step S102, when the power state of the in-band management system is the startup state, the baseboard management controller (BMC) determines whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, and obtains a determination result. That is, when the power state of the server changes to startup (operations such as power on, restart, and quick startup), the first stage verification of the BIOS is immediately performed.
在一些可选的实施方式中,上述基板管理控制器(BMC)包括电源状态监控模块110,如图2所示。此时,本实施例中的验证方法还包括:电源状态监控模块检测带内管理系统的电源状态,其中,电源状态包括:启动状态,运行状态,以及断电状态。In some optional implementations, the baseboard management controller (BMC) includes a power status monitoring module 110, as shown in Figure 2. At this time, the verification method in this embodiment also includes: the power status monitoring module detects the power status of the in-band management system, wherein the power status includes: startup status, running status, and power-off status.
在上述实施方式中,通过BMC中的电源状态监控模块可以获取到带内管理系统的电源状态的改变,从而当服务器电源状态改变为启动时,立即执行对BIOS的第一阶段验证,确保BIOS最初运行逻辑的安全可信。In the above implementation, the power status monitoring module in the BMC can obtain the change of the power status of the in-band management system, so that when the server power status changes to startup, the first stage verification of the BIOS is immediately performed to ensure the security and reliability of the initial running logic of the BIOS.
为了执行对BIOS的第一阶段验证,上述基板管理控制器(BMC)包括第一验证模块120,如图2所示。在一些可选的实施方式中,BMC判断带内管理系统中基本输入输出系统(BIOS)的初始化数据是否完整,得到判断结果,包括:第一验证模块计算BIOS的初始化数据的度量值,得到度量值信息,具有上述初始化数据的引导程序即BIOS固件中最先被加载运行的程序,用于最初的初始化操作,是Host上电后最先执行的程序;第一验证模块根据基准值库,判断度量值信息是否完整,得到判断结果,其中,基准值库包括与BIOS对应的多个基本输入输出系统组件(BIOS组件)的完整性值。In order to perform the first stage verification of the BIOS, the baseboard management controller (BMC) includes a first verification module 120, as shown in Figure 2. In some optional implementations, the BMC determines whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, and obtains a judgment result, including: the first verification module calculates the measurement value of the initialization data of the BIOS to obtain the measurement value information, the boot program with the above initialization data is the first program loaded and run in the BIOS firmware, which is used for the initial initialization operation and is the first program executed after the Host is powered on; the first verification module determines whether the measurement value information is complete according to the reference value library, and obtains the judgment result, wherein the reference value library includes the integrity values of multiple basic input and output system components (BIOS components) corresponding to the BIOS.
具体地,通过上述第一验证模块对BIOS的BootBlock进行第一次验证,计算当前BIOS Flash中的BootBlock度量值,根据基准值库验证BIOS BootBlock。如验证失败,对Host执行断电操作,确保BIOS最初执行逻辑的安全可信。Specifically, the first verification module is used to verify the BootBlock of the BIOS for the first time, calculate the BootBlock metric value in the current BIOS Flash, and verify the BIOS BootBlock according to the benchmark value library. If the verification fails, the Host is powered off to ensure that the initial execution logic of the BIOS is secure and reliable.
在一些可选的实施方式中,上述基板管理控制器(BMC)还包括基准值管理模块130,如图2所示。此时,本实施例中的验证方法还包括:基准值管理模块获取基本输入输出系统(BIOS)的更新请求和更新的BIOS文件,其中,BIOS文件包括多个BIOS组件的更新的完整性值;基准值管理模块根据更新请求解析BIOS文件,得到与更新请求对应的完整性值集合;采用完整性值集合,更新基准值库。In some optional implementations, the baseboard management controller (BMC) further includes a reference value management module 130, as shown in Figure 2. At this time, the verification method in this embodiment further includes: the reference value management module obtains a basic input and output system (BIOS) update request and an updated BIOS file, wherein the BIOS file includes updated integrity values of multiple BIOS components; the reference value management module parses the BIOS file according to the update request to obtain an integrity value set corresponding to the update request; and uses the integrity value set to update the reference value library.
上述基准值管理模块不仅可以为验证模块提供验证基准值,还可以提供基准值更新服务,当BMC执行完BIOS更新操作后,会计算BIOS组件的更新的完整性值,从而同步更新基准值,确保更新BIOS与更新的基准值能同步进行。The above-mentioned benchmark value management module can not only provide verification benchmark values for the verification module, but also provide benchmark value update services. After the BMC completes the BIOS update operation, it will calculate the updated integrity value of the BIOS component, thereby synchronously updating the benchmark value to ensure that the BIOS update and the updated benchmark value can be carried out synchronously.
示例性的,如图3所示,上述基准值的更新流程可以包括以下步骤:Exemplarily, as shown in FIG3 , the updating process of the above-mentioned reference value may include the following steps:
1)BMC完成BIOS刷写:BMC已经集成了BIOS刷写的功能逻辑,且该功能逻辑也会验证待刷写BIOS文件的完整性、合法性等,因此,基准值更新逻辑可复用已有的BMC更新BIOS逻辑,而无需再独立验证BIOS文件的合法性;1) BMC completes BIOS flashing: BMC has integrated the functional logic of BIOS flashing, and this functional logic will also verify the integrity and legality of the BIOS file to be flashed. Therefore, the baseline value update logic can reuse the existing BMC BIOS update logic without the need to independently verify the legality of the BIOS file;
2)解析BIOS文件:BIOS文件中包含了多个BIOS组件,比如各个FV(固件卷,Firmware Volume)、SecureBoot(安全启动)等内容,计算各个组件的完整性值,即计算BIOS各个模块的Hash值(散列函数,或称哈希值); 2) Parsing BIOS files: BIOS files contain multiple BIOS components, such as various FVs (Firmware Volumes), SecureBoot, etc. Calculate the integrity value of each component, that is, calculate the hash value (hash function, or hash value) of each BIOS module;
3)更新运行时基准值库:将步骤2)计算的完整性值集合更新到运行时的基准值库中,确保新的BIOS可以正常启动,即基准值库模块解析将计算得到Hash值更新至运行时基准值库;3) Update the runtime benchmark value library: Update the integrity value set calculated in step 2) to the runtime benchmark value library to ensure that the new BIOS can start normally, that is, the benchmark value library module parses and updates the calculated hash value to the runtime benchmark value library;
4)更新基准值库:BMC每次启动时根据被可信根保护的持久化存储基准值库创建运行时的基准值库,因此更新操作还应更新持久化存储的基准值库。4) Update the baseline value library: Each time the BMC starts, it creates a runtime baseline value library based on the persistent storage baseline value library protected by the trusted root. Therefore, the update operation should also update the persistent storage baseline value library.
在上述步骤S104中,在判断结果指示为是的情况下,基板管理控制器(BMC)输出上电指令至带内管理系统,使得基本输入输出系统(BIOS)运行,并发送度量链信息。In the above step S104, when the judgment result indicates yes, the baseboard management controller (BMC) outputs a power-on instruction to the in-band management system, so that the basic input and output system (BIOS) runs and sends the measurement chain information.
具体地,上述第一验证模块发送度量值信息至基本输入输出系统(BIOS),使得BIOS根据度量值信息以及带内管理系统中除BIOS的BootBlock之外的组件的完整性信息,生成度量链信息。其中,度量链是基于可信根,收集到的计算机启动时各个组件的完整性信息,上述组件如BIOS、OpROM(选项只读存储器,OptionROM)、操作系统内核等。Specifically, the first verification module sends the measurement value information to the basic input and output system (BIOS), so that the BIOS generates measurement chain information according to the measurement value information and the integrity information of the components in the in-band management system except the BootBlock of the BIOS. The measurement chain is based on the trusted root and collects the integrity information of each component when the computer is started, such as the BIOS, OpROM (option read-only memory, OptionROM), operating system kernel, etc.
在一些可选的实施方式中,上述基板管理控制器(BMC)还包括控制模块140,如图2所示。此时,本实施例中的验证方法还包括:电源状态监控模块记录将引导程序的度量值发送至基本输入输出系统(BIOS)的第一时刻,以及接收到度量链信息的第二时刻;电源状态监控模块判断第一时刻与第二时刻的时差是否大于预设阈值;在判断结果指示大于预设阈值的情况下,电源状态监控模块发送断电指令至控制模块,使得控制模块根据断电指令,对带内管理系统中除BIOS的BootBlock之外的组件执行断电操作。其中,Host控制模块指现有BMC中控制带内上电的逻辑模块,与完整性验证相关的模块根据验证结果调用该模块实现对Host的断电操作。In some optional embodiments, the baseboard management controller (BMC) further includes a control module 140, as shown in FIG2. At this time, the verification method in this embodiment also includes: the power state monitoring module records the first moment when the measurement value of the boot program is sent to the basic input and output system (BIOS), and the second moment when the measurement chain information is received; the power state monitoring module determines whether the time difference between the first moment and the second moment is greater than a preset threshold; when the judgment result indicates that it is greater than the preset threshold, the power state monitoring module sends a power-off instruction to the control module, so that the control module performs a power-off operation on the components in the in-band management system except the BootBlock of the BIOS according to the power-off instruction. Among them, the Host control module refers to the logic module that controls the in-band power-on in the existing BMC, and the module related to the integrity verification calls the module according to the verification result to implement the power-off operation on the Host.
具体地,由于本实施例中完整性验证具有两个过程,为防止恶意攻击者旁路第二次验证的逻辑,电源状态监控模块中可以具有定时器,通过启动定时器进行计时,如果在规定时间获取不到BIOS发送的度量链信息,则认为BIOS被恶意修改,此时可以调用Host的控制模块对Host进行断电操作。Specifically, since the integrity verification in this embodiment has two processes, in order to prevent malicious attackers from bypassing the logic of the second verification, a timer may be provided in the power status monitoring module. By starting the timer for timing, if the measurement chain information sent by the BIOS cannot be obtained within the specified time, it is considered that the BIOS has been maliciously modified. At this time, the control module of the Host may be called to power off the Host.
为了确保基板管理控制器(BMC)与基本输入输出系统(BIOS)之间传递验证数据的安全可靠,双方通过各自的可信根确保交互数据的安全可信。In order to ensure the security and reliability of verification data transmitted between the baseboard management controller (BMC) and the basic input and output system (BIOS), both parties ensure the security and reliability of the interactive data through their own trusted roots.
在一些可选的实施方式中,上述BMC还包括第一可信根管理模块150,如图2所示。此时,BMC发送引导程序的度量值至BIOS,包括:第一可信根管理模块与BIOS交换会话密钥,得到第一密钥,并使得BIOS得到第二密钥;第一可信根管理模块采用第二密钥将度量值信息加密,生成度量值密文;第一可信根管理模块将度量值密文发送至BIOS,使得BIOS根据第二密钥,将度量值密文解密,得到度量值信息。其中,可信根管理模块指使用可信根的密钥引擎确保数据的机密性。BMC使用可信根的密码学机制确保与BIOS交互数据的机密性,同时为确保基准值库的安全,也要使用可信根中的密钥保护基准值库的机密性。需要在BIOS运行阶段完成与BIOS的会话密钥交互,确保后续通信数据的安全。In some optional implementations, the above-mentioned BMC also includes a first trusted root management module 150, as shown in FIG2. At this time, the BMC sends the measurement value of the boot program to the BIOS, including: the first trusted root management module exchanges session keys with the BIOS to obtain the first key, and enables the BIOS to obtain the second key; the first trusted root management module uses the second key to encrypt the measurement value information to generate a measurement value ciphertext; the first trusted root management module sends the measurement value ciphertext to the BIOS, so that the BIOS decrypts the measurement value ciphertext according to the second key to obtain the measurement value information. Among them, the trusted root management module refers to the key engine using the trusted root to ensure the confidentiality of the data. The BMC uses the cryptographic mechanism of the trusted root to ensure the confidentiality of the data interacting with the BIOS. At the same time, in order to ensure the security of the benchmark value library, the key in the trusted root must also be used to protect the confidentiality of the benchmark value library. It is necessary to complete the session key interaction with the BIOS during the BIOS operation phase to ensure the security of subsequent communication data.
在上述可选的实施方式中,基准值库的机密性由BMC确保,由于BMC有独立的可信根,可使用BMC可信根中的密码学引擎确保基准值库的机密性。BMC使用可信根的密码学机制确保与BIOS交互数据的机密性。通过在BIOS运行阶段完成与BIOS的会话密钥交互,可以确保后续通信数据的安全。 In the above optional implementation, the confidentiality of the reference value library is ensured by the BMC. Since the BMC has an independent root of trust, the cryptographic engine in the BMC root of trust can be used to ensure the confidentiality of the reference value library. The BMC uses the cryptographic mechanism of the root of trust to ensure the confidentiality of the data interacting with the BIOS. By completing the session key interaction with the BIOS during the BIOS operation phase, the security of subsequent communication data can be ensured.
同时,由于BMC已经集成了刷写BIOS固件的逻辑,因此可以在刷写BIOS的逻辑中同步加入更新基准值库的操作,复用已有的BIOS更新时的BIOS文件验证逻辑。At the same time, since the BMC has integrated the logic of flashing the BIOS firmware, the operation of updating the benchmark value library can be simultaneously added to the logic of flashing the BIOS, and the existing BIOS file verification logic during BIOS update can be reused.
具体地,上述第一可信根管理模块即为BMC的可信根管理模块,其使用可信根的密钥引擎确保数据的机密性,待BMC完成密钥初始化后,与BIOS交换会话密钥;如BMC获取不到BIOS端的会话密钥信息,则循环等待,确保后续的数据交互的安全。此外,为了确保基准值库的安全,还可以使用可信根中的密钥保护基准值库的机密性。Specifically, the first trusted root management module is the trusted root management module of the BMC, which uses the key engine of the trusted root to ensure the confidentiality of the data. After the BMC completes the key initialization, it exchanges the session key with the BIOS; if the BMC cannot obtain the session key information on the BIOS side, it waits in a loop to ensure the security of subsequent data interaction. In addition, in order to ensure the security of the reference value library, the key in the trusted root can also be used to protect the confidentiality of the reference value library.
在上述步骤S106中,基板管理控制器(BMC)根据接收的度量链信息,验证带内管理系统中除基本输入输出系统(BIOS)的BootBlock之外的组件的完整性。In the above step S106, the baseboard management controller (BMC) verifies the integrity of the components in the in-band management system except the BootBlock of the basic input and output system (BIOS) according to the received metric chain information.
在一些可选的实施方式中,上述BMC还包括第二验证模块160,如图2所示。若BMC接收到的是BIOS加密后的度量链密文,第一可信根管理模块可以采用第一密钥将度量链密文解密,得到度量链信息;然后,第二验证模块根据BIOS发送的度量链信息对服务器上的硬件、内核等组件进行第二次完整性验证,确保操作系统运行硬件环境的安全可信。In some optional implementations, the BMC further includes a second verification module 160, as shown in FIG2. If the BMC receives the measurement chain ciphertext encrypted by the BIOS, the first trusted root management module can use the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information; then, the second verification module performs a second integrity verification on the hardware, kernel and other components on the server according to the measurement chain information sent by the BIOS to ensure the security and reliability of the hardware environment in which the operating system runs.
示例性的,本实施例中基于双可信根的服务器启动时序图如图4所示,BMC上电运行后,初始化第一可信根管理模块,加载并解密基准值库;在BMC端获取到Host的电源信号后,根据基准值库验证BIOS的BootBlock;对BIOS的第一阶段验证通过后,BMC与BIOS交换会话密钥,以及传递度量值密文,并在BMC端接收BIOS传递的度量链信息密文,以进行硬件完整性校验。Exemplarily, the server startup timing diagram based on dual trusted roots in this embodiment is shown in Figure 4. After the BMC is powered on, the first trusted root management module is initialized, and the benchmark value library is loaded and decrypted; after the BMC obtains the power signal of the Host, the BootBlock of the BIOS is verified according to the benchmark value library; after the first stage of BIOS verification is passed, the BMC exchanges session keys with the BIOS, and transmits the measurement value ciphertext, and receives the measurement chain information ciphertext transmitted by the BIOS on the BMC side to perform hardware integrity verification.
下面将结合附图5进一步说明本实施例中的验证方法,如图5的流程图所示,完整性的验证流程可以包括:The verification method in this embodiment will be further described below with reference to FIG. 5 . As shown in the flowchart of FIG. 5 , the integrity verification process may include:
1)监控电源状态:通过BMC的电源状态检测模块获取上电等信息,当服务器带内系统上电、重启或执行快速启动等启动操作时,BMC获取这些信号后,立即执行验证操作;1) Monitor the power status: The BMC power status detection module obtains power-on information. When the server in-band system is powered on, restarted, or performs startup operations such as quick startup, the BMC obtains these signals and immediately performs verification operations;
2)验证BIOS BootBlock:利用BMC的第一验证模块计算当前BIOS Flash中的BootBlock度量值,根据基准值库验证BIOS BootBlock是否正常。如验证失败,对Host执行断电操作,确保BIOS最初执行逻辑的安全可信;2) Verify BIOS BootBlock: Use the first verification module of BMC to calculate the BootBlock measurement value in the current BIOS Flash, and verify whether the BIOS BootBlock is normal based on the benchmark value library. If the verification fails, power off the Host to ensure the security and reliability of the initial execution logic of the BIOS;
3)初始化第一可信根管理模块:Host上电,BIOS开始运行后,BMC初始化第一可信根管理模块,构建本次启动时需要的会话密钥;3) Initialize the first trusted root management module: After the host is powered on and the BIOS starts running, the BMC initializes the first trusted root management module and builds the session key required for this startup;
4)与BIOS交换会话密钥:待BMC完成密钥初始化后,与BIOS交换会话密钥;如BIOS获取不到BMC端的会话密钥信息,则循环等待,确保后续的数据交互的安全;4) Exchange session keys with BIOS: After BMC completes key initialization, it exchanges session keys with BIOS; if BIOS cannot obtain session key information from BMC, it waits in a loop to ensure the security of subsequent data interaction;
5)传输BootBlock度量值:由于BMC无法访问BIOS的可信根,BMC需将BootBlock的度量数据传递至带内系统,由BIOS生成BootBlock的度量事件并存放到带内系统的可信根中;5) Transmit BootBlock measurement values: Since the BMC cannot access the trusted root of the BIOS, the BMC needs to transmit the BootBlock measurement data to the in-band system. The BIOS generates BootBlock measurement events and stores them in the trusted root of the in-band system.
6)启动定时器:由于第一验证只验证BootBlock的完整性,不能验证BIOS其他组件的完整性,为防止BIOS其他组件被恶意篡改导致发送度量信息的逻辑无法执行,启动定时器等待BIOS发送的度量链信息,只有在规定时间内BMC完成验证才能关闭该定时器,如在规定时间未获取有效的度量信息,则认为BIOS已经不可信,执行断电操作;6) Start the timer: Since the first verification only verifies the integrity of the BootBlock and cannot verify the integrity of other BIOS components, in order to prevent other BIOS components from being maliciously tampered with, resulting in the inability to execute the logic of sending measurement information, the timer is started to wait for the measurement chain information sent by the BIOS. The timer can only be turned off when the BMC completes the verification within the specified time. If no valid measurement information is obtained within the specified time, the BIOS is considered untrustworthy and the power-off operation is executed;
7)Host完整性验证:BMC获取基准值库中的各硬件、内核等组件的完整性基准值,与获取的度量链信息对比,如出现完整性被破坏的组件,则执行断电,确保带内操作系统 运行环境的安全可信;7) Host integrity verification: BMC obtains the integrity baseline values of various hardware, kernel and other components in the baseline value library, and compares them with the obtained measurement chain information. If there is a component with damaged integrity, it will be powered off to ensure the in-band operating system The operating environment is secure and reliable;
8)记录验证结果:BMC记录每一次验证的结果,带外系统管理者可以直接通过BMC获取带内系统每一组件的完整性信息而无需在登录带内系统。8) Record verification results: BMC records the results of each verification. The out-of-band system administrator can directly obtain the integrity information of each component of the in-band system through BMC without logging into the in-band system.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of the present application, or the part that contributes to the prior art, can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), and includes a number of instructions for a terminal device (which can be a mobile phone, computer, server, or network device, etc.) to execute the methods described in each embodiment of the present application.
实施例2Example 2
在本实施例中提供了一种服务器完整性验证方法,图6是根据本申请实施例的用于服务器的完整性验证方法的流程图,如图6所示,该流程包括如下步骤:In this embodiment, a server integrity verification method is provided. FIG. 6 is a flow chart of a server integrity verification method according to an embodiment of the present application. As shown in FIG. 6 , the process includes the following steps:
步骤S202,在带内管理系统的电源状态为启动状态的情况下,带内管理系统中的基本输入输出系统发送启动信号至基板管理控制器,以使得基板管理控制器判断基本输入输出系统的初始化数据是否完整,并在判断结果指示为是的情况下输出上电指令;Step S202, when the power state of the in-band management system is the startup state, the basic input and output system in the in-band management system sends a startup signal to the baseboard management controller, so that the baseboard management controller determines whether the initialization data of the basic input and output system is complete, and outputs a power-on instruction when the judgment result indicates yes;
步骤S204,带内管理系统在接收到上电指令的情况下,控制基本输入输出系统运行,并发送度量链信息至基板管理控制器,以使得基板管理控制器根据接收的度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性。Step S204, when the in-band management system receives the power-on instruction, it controls the operation of the basic input/output system and sends the measurement chain information to the baseboard management controller, so that the baseboard management controller verifies the integrity of the components in the in-band management system except the initialization data of the basic input/output system according to the received measurement chain information.
通过上述步骤,先通过带内管理系统中的基本输入输出系统(BIOS)发送启动信号至基板管理控制器(BMC),使得BMC判断BIOS的初始化数据是否完整,可以验证BIOS最先运行的BootBlock的完整性,确保BIOS最初运行状态的安全可信;在BIOS执行完毕后,将本次启动收集的度量链发送给BMC进行二次验证,验证其他硬件、内核等组件的完整性,只有当完成对BIOS及其他硬件、内核等组件的完整性验证后才能启动操作系统,从而可以实现对BIOS及带内管理系统中其他组件的完整性分阶段的验证,解决了BMC不能获取其他组件(比如Raid卡、显卡、操作系统内核等)的完整性的问题,达到BMC可以验证BIOS及服务器中其它组件的完整性的效果。Through the above steps, the basic input and output system (BIOS) in the in-band management system first sends a startup signal to the baseboard management controller (BMC), so that the BMC determines whether the initialization data of the BIOS is complete, and can verify the integrity of the BootBlock that the BIOS runs first, ensuring the security and reliability of the initial running state of the BIOS; after the BIOS is executed, the measurement chain collected in this startup is sent to the BMC for secondary verification to verify the integrity of other hardware, kernel and other components. Only after the integrity verification of the BIOS and other hardware, kernel and other components is completed can the operating system be started, so that the integrity of the BIOS and other components in the in-band management system can be verified in stages, which solves the problem that the BMC cannot obtain the integrity of other components (such as Raid cards, graphics cards, operating system kernels, etc.), and achieves the effect that the BMC can verify the integrity of the BIOS and other components in the server.
并且,通过上述步骤,使得服务器可以不依赖特定CPU架构完成对BIOS最初运行程序的度量及完整性验证。带内管理系统采集被验证组件的数据,带外管理系统执行验证逻辑,实现了验证数据与验证逻辑的隔离。带外管理者可以直接在BMC获取服务器各组件的完整性信息,而无需在登录带内系统。In addition, through the above steps, the server can complete the measurement and integrity verification of the initial BIOS running program without relying on a specific CPU architecture. The in-band management system collects the data of the verified components, and the out-of-band management system executes the verification logic, realizing the isolation of verification data and verification logic. The out-of-band manager can directly obtain the integrity information of each component of the server from the BMC without logging into the in-band system.
在上述步骤S202中,在带内管理系统的电源状态为启动状态的情况下,带内管理系统中的基本输入输出系统(BIOS)发送启动信号至基板管理控制器(BMC),使得BMC判断BIOS的初始化数据是否完整,并在判断结果指示为是的情况下输出上电指令。In the above step S202, when the power state of the in-band management system is the startup state, the basic input and output system (BIOS) in the in-band management system sends a startup signal to the baseboard management controller (BMC), so that the BMC determines whether the initialization data of the BIOS is complete, and outputs a power-on instruction when the judgment result indicates yes.
而在上述判断结果指示为否的情况下,可以通过接收BMC中控制模块发送的控制信号,控制信号用于控制带内管理系统中除基本输入输出系统的初始化数据之外的组件断电。When the above determination result indicates no, a control signal sent by a control module in the BMC may be received, where the control signal is used to control the components in the in-band management system except the initialization data of the basic input and output system to be powered off.
具体地,BMC中的电源状态监控模块可以获取到带内管理系统的电源状态的改变,从而当服务器电源状态改变为启动时,立即执行对BIOS的第一阶段验证,确保BIOS最 初运行逻辑的安全可信。通过BMC对BIOS的BootBlock进行第一次验证,计算当前BIOS Flash中的BootBlock度量值,根据基准值库验证BIOS BootBlock。如验证失败,对Host执行断电操作,确保BIOS最初执行逻辑的安全可信。Specifically, the power status monitoring module in the BMC can obtain the change of the power status of the in-band management system, so that when the server power status changes to startup, the first stage verification of the BIOS is immediately performed to ensure that the BIOS is the most stable and reliable one. The initial operation logic is safe and reliable. The BIOS BootBlock is verified for the first time through the BMC, the BootBlock measurement value in the current BIOS Flash is calculated, and the BIOS BootBlock is verified according to the benchmark value library. If the verification fails, the host is powered off to ensure the safety and reliability of the initial execution logic of the BIOS.
在一些可选的实施方式中,发送基本输入输出系统的更新请求和更新的BIOS文件至基板管理控制器,使得基板管理控制器根据更新请求解析BIOS文件,得到与更新请求对应的完整性值集合,并采用完整性值集合,更新基准值库,其中,BIOS文件包括多个基本输入输出系统组件的更新的完整性值。In some optional embodiments, a basic input/output system update request and an updated BIOS file are sent to a baseboard management controller, so that the baseboard management controller parses the BIOS file according to the update request, obtains a set of integrity values corresponding to the update request, and uses the integrity value set to update a baseline value library, wherein the BIOS file includes updated integrity values of multiple basic input/output system components.
在上述步骤S204中,带内管理系统在接收到上电指令的情况下,控制基本输入输出系统(BIOS)运行,并发送度量链信息至基板管理控制器(BMC),使得BMC根据接收的度量链信息,验证带内管理系统中除BIOS的BootBlock之外的组件的完整性。In the above step S204, upon receiving the power-on instruction, the in-band management system controls the operation of the basic input and output system (BIOS) and sends measurement chain information to the baseboard management controller (BMC), so that the BMC verifies the integrity of the components in the in-band management system except the BootBlock of the BIOS based on the received measurement chain information.
在一些可选的实施方式中,上述基本输入输出系统(BIOS)包括度量链模块210,如图2所示。此时,本实施例中的验证方法还包括:度量链模块接收基板管理控制器(BMC)发送的度量值信息,其中,度量值信息包括BIOS的初始化数据的度量值;度量链模块获取带内管理系统中除BIOS的具有初始化数据的引导程序(BootBlock)之外的组件的完整性信息;度量链模块根据度量值信息和完整性信息,生成度量链信息。In some optional implementations, the basic input and output system (BIOS) includes a measurement chain module 210, as shown in Figure 2. At this time, the verification method in this embodiment also includes: the measurement chain module receives measurement value information sent by the baseboard management controller (BMC), wherein the measurement value information includes the measurement value of the initialization data of the BIOS; the measurement chain module obtains the integrity information of the components in the in-band management system except the boot program (BootBlock) with the initialization data of the BIOS; the measurement chain module generates the measurement chain information according to the measurement value information and the integrity information.
在上述可选的实施方式中,度量链模块可以复用已有BIOS度量链技术,在BIOS启动时收集各个组件的完整性信息,并存放到可信根中。In the above optional implementation, the measurement chain module can reuse the existing BIOS measurement chain technology to collect the integrity information of each component when the BIOS is started and store it in the trusted root.
具体地,上述度量链模块接收BMC传递的度量值信息,从而根据度量值信息以及带内管理系统中除BIOS之外的组件的完整性信息,生成度量链信息。其中,度量链是基于可信根,收集到的计算机启动时各个组件(比如BIOS、OpROM、操作系统内核等)的完整性信息。Specifically, the measurement chain module receives the measurement value information transmitted by the BMC, and generates the measurement chain information according to the measurement value information and the integrity information of the components other than BIOS in the in-band management system. The measurement chain is based on the trusted root and collects the integrity information of each component (such as BIOS, OpROM, operating system kernel, etc.) when the computer is started.
为了确保基板管理控制器(BMC)与基本输入输出系统(BIOS)之间传递验证数据的安全可靠,双方通过各自的可信根确保交互数据的安全可信。In order to ensure the security and reliability of verification data transmitted between the baseboard management controller (BMC) and the basic input and output system (BIOS), both parties ensure the security and reliability of the interactive data through their own trusted roots.
在一些可选的实施方式中,上述BIOS还包括第二可信根管理模块220,如图2所示,BIOS接收BMC发送的度量值信息,包括:第二可信根管理模块与BMC交换会话密钥,得到第二密钥,并使得BMC得到第一密钥,其中,第二密钥用于将度量值信息加密,生成度量值密文;第二可信根管理模块采用第二密钥将度量值密文解密,得到度量值信息。In some optional embodiments, the above-mentioned BIOS also includes a second trusted root management module 220. As shown in Figure 2, the BIOS receives the measurement value information sent by the BMC, including: the second trusted root management module exchanges session keys with the BMC to obtain the second key, and enables the BMC to obtain the first key, wherein the second key is used to encrypt the measurement value information and generate a measurement value ciphertext; the second trusted root management module uses the second key to decrypt the measurement value ciphertext to obtain the measurement value information.
在上述可选的实施方式中,第二可信根管理模块即为BIOS的可信根管理模块,其使用可信根的密钥引擎确保数据的机密性。BIOS使用可信根的密码学机制确保与BMC交互数据的机密性。In the above optional implementation, the second trusted root management module is the trusted root management module of BIOS, which uses the trusted root key engine to ensure the confidentiality of data. BIOS uses the trusted root cryptographic mechanism to ensure the confidentiality of data interacting with BMC.
在一些可选的实施方式中,上述基本输入输出系统(BIOS)还包括认证模块230,如图2所示,发送度量链信息至基板管理控制器(BMC),包括:第二可信根管理模块采用第一密钥将度量链信息加密,得到度量链密文;认证模块将度量链密文发送至BMC,使得BMC采用第一密钥将度量链密文解密,得到度量链信息。In some optional embodiments, the above-mentioned basic input and output system (BIOS) further includes an authentication module 230, as shown in Figure 2, sending the measurement chain information to the baseboard management controller (BMC), including: the second trusted root management module uses the first key to encrypt the measurement chain information to obtain the measurement chain ciphertext; the authentication module sends the measurement chain ciphertext to the BMC, so that the BMC uses the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information.
在上述可选的实施方式中,认证模块基于BIOS启动时构建的度量链,在BIOS将服务器控制权交给后一组件前,将度量链信息发送到BMC,由BMC端验证带内系统各硬件、内核等的完整性。 In the above optional implementation, the authentication module is based on the measurement chain built when the BIOS is started. Before the BIOS hands over the control of the server to the next component, the measurement chain information is sent to the BMC, and the BMC verifies the integrity of the hardware, kernel, etc. of the in-band system.
在一些可选的实施方式中,接收到基板管理控制器发送的度量值信息的时刻记录为第一时刻,发送度量链信息至基板管理控制器的时刻记录为第二时刻,在第一时刻与第二时刻的时差大于预设阈值的情况下,接收BMC中控制模块发送的控制信号,该控制信号用于控制带内管理系统中除基本输入输出系统的初始化数据之外的组件断电。In some optional embodiments, the moment when the measurement value information sent by the baseboard management controller is received is recorded as the first moment, and the moment when the measurement chain information is sent to the baseboard management controller is recorded as the second moment. When the time difference between the first moment and the second moment is greater than a preset threshold, a control signal sent by the control module in the BMC is received, and the control signal is used to control the power-off of components in the in-band management system except for the initialization data of the basic input and output system.
示例性的,本实施例中基于双可信根的服务器启动时序图如图4所示,BMC端对BIOS的第一阶段验证通过后,控制Host上电运行,BootBlock运行;BIOS端初始化第二可信根管理模块,并与BMC交换会话密钥,以及并接收其传递的度量值密文,然后记录BootBlock度量事件,并进行硬件初始化和度量链的构建。Exemplarily, the server startup timing diagram based on dual trusted roots in this embodiment is shown in FIG4 . After the BMC passes the first-stage verification of the BIOS, it controls the Host to power on and the BootBlock to run; the BIOS initializes the second trusted root management module, exchanges session keys with the BMC, and receives the measurement value ciphertext it passes, then records the BootBlock measurement event, and performs hardware initialization and measurement chain construction.
实施例3Example 3
本实施例中提供了一种用于服务器的验证装置,该装置用于实现上述实施例1及其中优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the present embodiment, a verification device for a server is provided, which is used to implement the above-mentioned embodiment 1 and the preferred implementation mode thereof, and the description thereof will not be repeated. As used below, the term "module" can implement a combination of software and/or hardware of a predetermined function. Although the device described in the following embodiments is preferably implemented in software, the implementation of hardware, or a combination of software and hardware is also possible and conceivable.
图7是根据本申请实施例的用于服务器的验证装置的结构框图,如图7所示,该装置包括:FIG. 7 is a structural block diagram of a verification device for a server according to an embodiment of the present application. As shown in FIG. 7 , the device includes:
判断模块302,用于在带内管理系统的电源状态为启动状态的情况下,采用基板管理控制器判断带内管理系统中基本输入输出系统的初始化数据是否完整,得到判断结果;The judgment module 302 is used to use the baseboard management controller to judge whether the initialization data of the basic input and output system in the in-band management system is complete when the power state of the in-band management system is in the startup state, and obtain a judgment result;
输出模块304,用于在判断结果指示为是的情况下,采用基板管理控制器输出上电指令至带内管理系统,使得基本输入输出系统运行,并发送度量链信息;The output module 304 is used to output a power-on instruction to the in-band management system using the baseboard management controller when the judgment result indicates yes, so that the basic input and output system runs and sends the measurement chain information;
验证模块306,用于采用基板管理控制器根据接收的度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性。The verification module 306 is used to verify the integrity of components in the in-band management system except the initialization data of the basic input and output system according to the received measurement chain information using the baseboard management controller.
此处需要说明的是,上述判断模块302、输出模块304以及验证模块306可以对应于实施例1中的步骤S102至步骤S106,多个模块与对应的步骤所实现的实例和应用场景相同,但不限于上述实施例1所公开的内容。It should be noted here that the above-mentioned judgment module 302, output module 304 and verification module 306 can correspond to steps S102 to S106 in Example 1, and the instances and application scenarios implemented by multiple modules and corresponding steps are the same, but are not limited to the contents disclosed in the above-mentioned Example 1.
通过上述模块,在加载BIOS前,先通过判断模块302判断带内管理系统中基本输入输出系统(BIOS)的初始化数据是否完整,可以验证BIOS最先运行的BootBlock的完整性,确保BIOS最初运行状态的安全可信;在BIOS执行完毕后,由BMC接收BIOS传递的本次启动收集的度量链,并通过验证模块306进行二次验证,验证其他硬件、内核等组件的完整性,只有当完成对BIOS及其他硬件、内核等组件的完整性验证后才能启动操作系统,从而可以通过BMC分阶段验证BIOS及带内管理系统中其他组件的完整性,解决了BMC不能获取其他组件(比如Raid卡、显卡、操作系统内核等)的完整性的问题,达到BMC可以验证BIOS及服务器中其它组件的完整性的效果。Through the above modules, before loading the BIOS, the judgment module 302 is used to judge whether the initialization data of the basic input and output system (BIOS) in the in-band management system is complete, so that the integrity of the BootBlock first run by the BIOS can be verified, ensuring the safety and reliability of the initial running state of the BIOS; after the BIOS is executed, the BMC receives the measurement chain collected during this startup transmitted by the BIOS, and performs secondary verification through the verification module 306 to verify the integrity of other hardware, kernel and other components. Only after the integrity verification of the BIOS and other hardware, kernel and other components is completed can the operating system be started, so that the integrity of the BIOS and other components in the in-band management system can be verified in stages through the BMC, which solves the problem that the BMC cannot obtain the integrity of other components (such as Raid cards, graphics cards, operating system kernels, etc.), and achieves the effect that the BMC can verify the integrity of the BIOS and other components in the server.
在一些可选的实施方式中,上述基板管理控制器(BMC)包括电源状态监控模块110,如图2所示,电源状态监控模块用于检测带内管理系统的电源状态,其中,电源状态包括:启动状态,运行状态,以及断电状态。In some optional embodiments, the baseboard management controller (BMC) includes a power status monitoring module 110, as shown in FIG2 , and the power status monitoring module is used to detect the power status of the in-band management system, wherein the power status includes: startup status, running status, and power-off status.
为了执行对BIOS的第一阶段验证,上述基板管理控制器(BMC)包括第一验证模块120,如图2所示,第一验证模块用于计算BIOS的初始化数据的度量值,得到度量值信息, 具有上述初始化数据的引导程序即BIOS固件中最先被加载运行的程序,用于最初的初始化操作,是Host上电后最先执行的程序;第一验证模块还用于根据基准值库,判断度量值信息是否完整,得到判断结果,其中,基准值库包括与BIOS对应的多个BIOS组件的完整性值。In order to perform the first stage verification of the BIOS, the baseboard management controller (BMC) includes a first verification module 120, as shown in FIG. 2 , the first verification module is used to calculate the measurement value of the initialization data of the BIOS to obtain the measurement value information. The boot program with the above-mentioned initialization data is the first program loaded and run in the BIOS firmware, which is used for the initial initialization operation and is the first program executed after the Host is powered on; the first verification module is also used to determine whether the measurement value information is complete based on the benchmark value library to obtain a judgment result, wherein the benchmark value library includes the integrity values of multiple BIOS components corresponding to the BIOS.
在一些可选的实施方式中,上述基板管理控制器(BMC)还包括基准值管理模块130,如图2所示,基准值管理模块用于获取基本输入输出系统(BIOS)的更新请求和更新的BIOS文件,其中,BIOS文件包括多个BIOS组件的更新的完整性值;基准值管理模块还用于根据更新请求解析BIOS文件,得到与更新请求对应的完整性值集合;基准值管理模块还用于采用完整性值集合,更新基准值库。In some optional embodiments, the baseboard management controller (BMC) further includes a baseline value management module 130, as shown in FIG2 , wherein the baseline value management module is used to obtain a basic input output system (BIOS) update request and an updated BIOS file, wherein the BIOS file includes updated integrity values of multiple BIOS components; the baseline value management module is also used to parse the BIOS file according to the update request to obtain a set of integrity values corresponding to the update request; the baseline value management module is also used to update the baseline value library using the integrity value set.
在一些可选的实施方式中,上述第一验证模块还用于发送度量值信息至基本输入输出系统(BIOS),使得BIOS根据度量值信息以及带内管理系统中除BIOS的BootBlock之外的组件的完整性信息,生成度量链信息。其中,度量链是基于可信根,收集到的计算机启动时各个组件(比如BIOS、OpROM、操作系统内核等)的完整性信息。In some optional implementations, the first verification module is further used to send the measurement value information to the basic input and output system (BIOS), so that the BIOS generates measurement chain information based on the measurement value information and the integrity information of the components other than the BootBlock of the BIOS in the in-band management system. The measurement chain is based on the trusted root and collects the integrity information of each component (such as BIOS, OpROM, operating system kernel, etc.) when the computer is started.
在一些可选的实施方式中,上述基板管理控制器(BMC)还包括控制模块140,如图2所示,电源状态监控模块还用于记录将引导程序的度量值发送至基本输入输出系统(BIOS)的第一时刻,以及接收到度量链信息的第二时刻;电源状态监控模块用于判断第一时刻与第二时刻的时差是否大于预设阈值;在判断结果指示大于预设阈值的情况下,电源状态监控模块发送断电指令至控制模块,使得控制模块根据断电指令,对带内管理系统中除BIOS的BootBlock之外的组件执行断电操作。其中,Host控制模块指现有BMC中控制带内上电的逻辑模块,与完整性验证相关的模块根据验证结果调用该模块实现对Host的断电操作。In some optional embodiments, the baseboard management controller (BMC) further includes a control module 140, as shown in FIG2 , the power status monitoring module is also used to record the first moment when the measurement value of the boot program is sent to the basic input and output system (BIOS), and the second moment when the measurement chain information is received; the power status monitoring module is used to determine whether the time difference between the first moment and the second moment is greater than a preset threshold; when the judgment result indicates that it is greater than the preset threshold, the power status monitoring module sends a power-off instruction to the control module, so that the control module performs a power-off operation on the components in the in-band management system except the BootBlock of the BIOS according to the power-off instruction. Among them, the Host control module refers to the logic module that controls the in-band power-on in the existing BMC, and the module related to the integrity verification calls the module according to the verification result to implement the power-off operation on the Host.
为了确保BMC与BIOS之间传递验证数据的安全可靠,双方通过各自的可信根确保交互数据的安全可信。In order to ensure the security and reliability of verification data transmitted between BMC and BIOS, both parties use their own trusted roots to ensure the security and reliability of the interactive data.
在一些可选的实施方式中,上述BMC还包括第一可信根管理模块150,如图2所示,第一可信根管理模块用于与BIOS交换会话密钥,得到第一密钥,并使得BIOS得到第二密钥;第一可信根管理模块还用于采用第二密钥将度量值信息加密,生成度量值密文;第一可信根管理模块还用于将度量值密文发送至BIOS,使得BIOS根据第二密钥,将度量值密文解密,得到度量值信息。其中,可信根管理模块指使用可信根的密钥引擎确保数据的机密性。BMC使用可信根的密码学机制确保与BIOS交互数据的机密性,同时为确保基准值库的安全,也要使用可信根中的密钥保护基准值库的机密性。需要在BIOS运行阶段完成与BIOS的会话密钥交互,确保后续通信数据的安全。In some optional implementations, the above-mentioned BMC also includes a first trusted root management module 150, as shown in FIG2, the first trusted root management module is used to exchange session keys with the BIOS, obtain a first key, and enable the BIOS to obtain a second key; the first trusted root management module is also used to encrypt the measurement value information using the second key to generate a measurement value ciphertext; the first trusted root management module is also used to send the measurement value ciphertext to the BIOS, so that the BIOS decrypts the measurement value ciphertext according to the second key to obtain the measurement value information. Among them, the trusted root management module refers to the key engine using the trusted root to ensure the confidentiality of the data. The BMC uses the cryptographic mechanism of the trusted root to ensure the confidentiality of the data interacting with the BIOS. At the same time, in order to ensure the security of the benchmark value library, the key in the trusted root is also used to protect the confidentiality of the benchmark value library. It is necessary to complete the session key interaction with the BIOS during the BIOS operation phase to ensure the security of subsequent communication data.
在一些可选的实施方式中,上述BMC还包括第二验证模块160,如图2所示,第一可信根管理模块还用于采用第一密钥将度量链密文解密,得到度量链信息;第二验证模块用于根据BIOS发送的度量链信息对服务器上的硬件、内核等组件进行第二次完整性验证,确保操作系统运行硬件环境的安全可信。In some optional implementations, the BMC further includes a second verification module 160. As shown in FIG2 , the first trusted root management module is further configured to decrypt the measurement chain ciphertext using the first key to obtain measurement chain information. The second verification module is configured to perform a second integrity verification on hardware, kernel and other components on the server according to the measurement chain information sent by the BIOS to ensure the security and reliability of the hardware environment in which the operating system runs.
上述BMC还可以包括完整性信息维护模块170,如图2所示,用于维护完整性验证的结果,带外管理者可以调用该模块获取完整性验证的结果。The BMC may further include an integrity information maintenance module 170, as shown in FIG. 2, for maintaining the integrity verification result. The out-of-band manager may call the module to obtain the integrity verification result.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述各个模块以任意 组合的形式分别位于不同的处理器中。It should be noted that the above modules can be implemented by software or hardware. For the latter, it can be implemented in the following ways, but not limited to: the above modules are all located in the same processor; or the above modules are implemented in any way. The combined forms are located in different processors.
实施例4Example 4
本实施例中提供了另一种用于服务器的验证装置,该装置用于实现上述实施例2及其中优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the present embodiment, another verification device for a server is provided, which is used to implement the above-mentioned embodiment 2 and the preferred implementation mode thereof, and the description thereof will not be repeated. As used below, the term "module" can implement a combination of software and/or hardware of a predetermined function. Although the device described in the following embodiments is preferably implemented in software, the implementation of hardware, or a combination of software and hardware is also possible and conceived.
图8是根据本申请实施例的用于服务器的验证装置的结构框图,如图8所示,该装置包括:FIG8 is a structural block diagram of a verification device for a server according to an embodiment of the present application. As shown in FIG8 , the device includes:
第一发送模块402,在带内管理系统的电源状态为启动状态的情况下,用于采用带内管理系统中的基本输入输出系统发送启动信号至基板管理控制器,使得基板管理控制器判断基本输入输出系统的初始化数据是否完整,并在判断结果指示为是的情况下输出上电指令;The first sending module 402 is used for sending a startup signal to a baseboard management controller using a basic input/output system in the in-band management system when the power state of the in-band management system is the startup state, so that the baseboard management controller determines whether the initialization data of the basic input/output system is complete, and outputs a power-on instruction when the judgment result indicates yes;
第二发送模块404,用于在带内管理系统在接收到上电指令的情况下,控制基本输入输出系统运行,并发送度量链信息至基板管理控制器,使得基板管理控制器根据接收的度量链信息,验证带内管理系统中除基本输入输出系统的初始化数据之外的组件的完整性。The second sending module 404 is used to control the operation of the basic input and output system when the in-band management system receives a power-on instruction, and send measurement chain information to the baseboard management controller, so that the baseboard management controller verifies the integrity of the components in the in-band management system except the initialization data of the basic input and output system according to the received measurement chain information.
此处需要说明的是,上述判断模块402和输出模块404可以对应于实施例2中的步骤S202至步骤S206,多个模块与对应的步骤所实现的实例和应用场景相同,但不限于上述实施例2所公开的内容。It should be noted here that the above-mentioned judgment module 402 and output module 404 can correspond to steps S202 to S206 in Example 2, and the instances and application scenarios implemented by multiple modules and corresponding steps are the same, but are not limited to the contents disclosed in the above-mentioned Example 2.
通过上述模块,先通过第一发送模块402发送启动信号至基板管理控制器(BMC),使得BMC判断BIOS的初始化数据是否完整,可以验证BIOS最先运行的BootBlock的完整性,确保BIOS最初运行状态的安全可信;在BIOS执行完毕后,通过第二发送模块404将本次启动收集的度量链发送给BMC进行二次验证,验证其他硬件、内核等组件的完整性,只有当完成对BIOS及其他硬件、内核等组件的完整性验证后才能启动操作系统,从而可以实现对BIOS及带内管理系统中其他组件的完整性分阶段的验证,解决了BMC不能获取其他组件(比如Raid卡、显卡、操作系统内核等)的完整性的问题,达到BMC可以验证BIOS及服务器中其它组件的完整性的效果。Through the above modules, a startup signal is first sent to a baseboard management controller (BMC) through the first sending module 402, so that the BMC determines whether the initialization data of the BIOS is complete, and can verify the integrity of the BootBlock that the BIOS runs first, ensuring the safety and reliability of the initial running state of the BIOS; after the BIOS is executed, the measurement chain collected in this startup is sent to the BMC through the second sending module 404 for secondary verification to verify the integrity of other hardware, kernel and other components. Only after the integrity verification of the BIOS and other hardware, kernel and other components is completed can the operating system be started, thereby realizing the staged verification of the integrity of the BIOS and other components in the in-band management system, solving the problem that the BMC cannot obtain the integrity of other components (such as Raid card, graphics card, operating system kernel, etc.), and achieving the effect that the BMC can verify the integrity of the BIOS and other components in the server.
在一些可选的实施方式中,上述基本输入输出系统(BIOS)包括度量链模块210,如图2所示,度量链模块用于接收基板管理控制器(BMC)发送的度量值信息,其中,度量值信息包括BIOS的初始化数据的度量值;度量链模块还用于获取带内管理系统中除BIOS的具有初始化数据的引导程序(BootBlock)之外的组件的完整性信息;度量链模块还用于根据度量值信息和完整性信息,生成度量链信息。In some optional embodiments, the above-mentioned basic input and output system (BIOS) includes a measurement chain module 210, as shown in Figure 2, the measurement chain module is used to receive measurement value information sent by a baseboard management controller (BMC), wherein the measurement value information includes the measurement value of the initialization data of the BIOS; the measurement chain module is also used to obtain the integrity information of components in the in-band management system except the boot program (BootBlock) with initialization data of the BIOS; the measurement chain module is also used to generate measurement chain information based on the measurement value information and the integrity information.
为了确保基板管理控制器(BMC)与基本输入输出系统(BIOS)之间传递验证数据的安全可靠,双方通过各自的可信根确保交互数据的安全可信。In order to ensure the security and reliability of verification data transmitted between the baseboard management controller (BMC) and the basic input and output system (BIOS), both parties ensure the security and reliability of the interactive data through their own trusted roots.
在一些可选的实施方式中,上述BIOS还包括第二可信根管理模块220,如图2所示,第二可信根管理模块用于与BMC交换会话密钥,得到第二密钥,并使得BMC得到第一密钥,其中,第二密钥用于将度量值信息加密,生成度量值密文;第二可信根管理模块还用于采用第二密钥将度量值密文解密,得到度量值信息。 In some optional embodiments, the above-mentioned BIOS also includes a second trusted root management module 220, as shown in Figure 2, the second trusted root management module is used to exchange session keys with the BMC to obtain a second key, and enable the BMC to obtain a first key, wherein the second key is used to encrypt the measurement value information and generate a measurement value ciphertext; the second trusted root management module is also used to use the second key to decrypt the measurement value ciphertext to obtain the measurement value information.
在一些可选的实施方式中,上述基本输入输出系统(BIOS)还包括认证模块230,如图2所示,第二可信根管理模块还用于采用第一密钥将度量链信息加密,得到度量链密文;认证模块用于将度量链密文发送至BMC,使得基板管理控制器采用第一密钥将度量链密文解密,得到度量链信息。In some optional embodiments, the above-mentioned basic input and output system (BIOS) also includes an authentication module 230. As shown in Figure 2, the second trusted root management module is also used to encrypt the measurement chain information using the first key to obtain the measurement chain ciphertext; the authentication module is used to send the measurement chain ciphertext to the BMC, so that the baseboard management controller uses the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information.
在一些可选的实施方式中,如图2所示,带内管理系统的Host可信根模块包括密钥引擎和完整性引擎。In some optional implementations, as shown in FIG2 , the Host trusted root module of the in-band management system includes a key engine and an integrity engine.
本申请的其它实施例还提供了一种非易失性可读存储介质,该非易失性可读存储介质中存储有计算机程序,其中,该计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。Other embodiments of the present application further provide a non-volatile readable storage medium, in which a computer program is stored, wherein the computer program is configured to execute the steps of any of the above method embodiments when running.
在一个示例性实施例中,上述非易失性可读存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储计算机程序的介质。In an exemplary embodiment, the above-mentioned non-volatile readable storage medium may include, but is not limited to: a USB flash drive, a read-only memory (ROM), a random access memory (RAM), a mobile hard disk, a magnetic disk or an optical disk, and other media that can store computer programs.
本申请的其它实施例还提供了一种电子设备,包括存储器和处理器,该存储器中存储有计算机程序,该处理器被设置为运行计算机程序以执行上述任一项方法实施例中的步骤。Other embodiments of the present application further provide an electronic device, including a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
在一个示例性实施例中,上述电子设备还可以包括传输设备以及输入输出设备,其中,该传输设备和上述处理器连接,该输入输出设备和上述处理器连接。In an exemplary embodiment, the electronic device may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
本实施例中的具体示例可以参考上述实施例及示例性实施方式中所描述的示例,本实施例在此不再赘述。For specific examples in this embodiment, reference may be made to the examples described in the above embodiments and exemplary implementation modes, and this embodiment will not be described in detail herein.
显然,本领域的技术人员应该明白,上述的本申请的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本申请不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the above modules or steps of the present application can be implemented by a general computing device, they can be concentrated on a single computing device, or distributed on a network composed of multiple computing devices, they can be implemented by a program code executable by a computing device, so that they can be stored in a storage device and executed by the computing device, and in some cases, the steps shown or described can be executed in a different order from that herein, or they can be made into individual integrated circuit modules, or multiple modules or steps therein can be made into a single integrated circuit module for implementation. Thus, the present application is not limited to any specific combination of hardware and software.
以上所述仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。 The above description is only the preferred embodiment of the present application and is not intended to limit the present application. For those skilled in the art, the present application may have various modifications and variations. Any modification, equivalent replacement, improvement, etc. made within the principles of the present application shall be included in the protection scope of the present application.

Claims (20)

  1. 一种用于服务器的验证方法,其特征在于,所述验证方法应用于基板管理控制器,所述服务器包括带内管理系统,所述验证方法包括:A verification method for a server, characterized in that the verification method is applied to a baseboard management controller, the server includes an in-band management system, and the verification method includes:
    在所述带内管理系统的电源状态为启动状态的情况下,判断所述带内管理系统中基本输入输出系统的初始化数据是否完整,得到判断结果;When the power state of the in-band management system is in the startup state, determining whether the initialization data of the basic input and output system in the in-band management system is complete, and obtaining a determination result;
    在所述判断结果指示为所述带内管理系统中基本输入输出系统的初始化数据完整的情况下,输出上电指令至所述带内管理系统,使得所述基本输入输出系统运行,并发送度量链信息;When the judgment result indicates that the initialization data of the basic input and output system in the in-band management system is complete, outputting a power-on instruction to the in-band management system so that the basic input and output system runs and sends the measurement chain information;
    根据接收的所述度量链信息,验证所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件的完整性。The integrity of components in the in-band management system except the initialization data of the basic input and output system is verified according to the received metric chain information.
  2. 根据权利要求1所述的验证方法,其特征在于,所述验证方法还包括:The verification method according to claim 1, characterized in that the verification method further comprises:
    在判断所述基本输入输出系统的初始化数据是否完整之前,检测所述带内管理系统的电源状态,其中,所述电源状态包括:所述启动状态,运行状态,以及断电状态。Before determining whether the initialization data of the basic input/output system is complete, the power state of the in-band management system is detected, wherein the power state includes: the startup state, the running state, and the power-off state.
  3. 根据权利要求2所述的验证方法,其特征在于,判断所述带内管理系统中基本输入输出系统的初始化数据是否完整,得到判断结果,包括:The verification method according to claim 2 is characterized in that judging whether the initialization data of the basic input and output system in the in-band management system is complete and obtaining the judgment result comprises:
    计算所述基本输入输出系统的初始化数据的度量值,得到度量值信息;Calculating the metric value of the initialization data of the basic input and output system to obtain metric value information;
    根据基准值库,判断所述度量值信息是否完整,得到所述判断结果,其中,所述基准值库包括与所述基本输入输出系统对应的多个基本输入输出系统组件的完整性值。According to a reference value library, it is judged whether the measurement value information is complete to obtain the judgment result, wherein the reference value library includes integrity values of multiple basic input and output system components corresponding to the basic input and output system.
  4. 根据权利要求3所述的验证方法,其特征在于,所述验证方法还包括:The verification method according to claim 3, characterized in that the verification method further comprises:
    获取所述基本输入输出系统的更新请求和更新的BIOS文件,其中,所述BIOS文件包括多个基本输入输出系统组件的更新的完整性值;Obtaining an update request for the basic input/output system and an updated BIOS file, wherein the BIOS file includes updated integrity values of a plurality of basic input/output system components;
    根据所述更新请求解析所述BIOS文件,得到与所述更新请求对应的完整性值集合;Parsing the BIOS file according to the update request to obtain a set of integrity values corresponding to the update request;
    采用所述完整性值集合,更新所述基准值库。The reference value library is updated using the integrity value set.
  5. 根据权利要求3所述的验证方法,其特征在于,所述验证方法还包括:The verification method according to claim 3, characterized in that the verification method further comprises:
    在所述判断结果指示为所述带内管理系统中基本输入输出系统的初始化数据不完整的情况下,对所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件执行断电操作。When the determination result indicates that the initialization data of the basic input/output system in the in-band management system is incomplete, a power-off operation is performed on components in the in-band management system except for the initialization data of the basic input/output system.
  6. 根据权利要求3所述的验证方法,其特征在于,还包括:The verification method according to claim 3, further comprising:
    发送所述度量值信息至所述基本输入输出系统,使得所述基本输入输出系统根据所述度量值信息以及所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件的完整性信息,生成度量链信息。The metric value information is sent to the basic input/output system, so that the basic input/output system generates metric chain information according to the metric value information and integrity information of components in the in-band management system except initialization data of the basic input/output system.
  7. 根据权利要求6所述的验证方法,其特征在于,所述发送所述度量值信息至所述基本输入输出系统,包括:The verification method according to claim 6, wherein the sending the measurement value information to the basic input and output system comprises:
    与所述基本输入输出系统交换会话密钥,得到第一密钥,并使得所述基本输入输出系 统得到第二密钥;The session key is exchanged with the basic input and output system to obtain a first key, and the basic input and output system The system obtains the second key;
    采用所述第二密钥将所述度量值信息加密,生成度量值密文;Encrypting the measurement value information using the second key to generate measurement value ciphertext;
    将所述度量值密文发送至所述基本输入输出系统,使得所述基本输入输出系统根据所述第二密钥,将所述度量值密文解密,得到所述度量值信息。The metric value ciphertext is sent to the basic input/output system, so that the basic input/output system decrypts the metric value ciphertext according to the second key to obtain the metric value information.
  8. 根据权利要求7所述的验证方法,其特征在于,还包括:The verification method according to claim 7, further comprising:
    在根据所述度量链信息,验证所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件的完整性之前,采用所述第一密钥将度量链密文解密,得到所述度量链信息,其中,所述基本输入输出系统根据所述度量值信息以及所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件的完整性信息,得到所述度量链密文。Before verifying the integrity of the components in the in-band management system except the initialization data of the basic input-output system according to the measurement chain information, the measurement chain ciphertext is decrypted using the first key to obtain the measurement chain information, wherein the basic input-output system obtains the measurement chain ciphertext according to the measurement value information and the integrity information of the components in the in-band management system except the initialization data of the basic input-output system.
  9. 根据权利要求6所述的验证方法,其特征在于,所述验证方法还包括:The verification method according to claim 6, characterized in that the verification method further comprises:
    记录将所述度量值信息发送至所述基本输入输出系统的第一时刻,以及接收到所述度量链信息的第二时刻;Recording a first time when the metric value information is sent to the basic input and output system, and a second time when the metric chain information is received;
    判断所述第一时刻与所述第二时刻的时差是否大于预设阈值;Determining whether the time difference between the first moment and the second moment is greater than a preset threshold;
    在判断结果指示所述第一时刻与所述第二时刻的时差大于所述预设阈值的情况下,对所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件执行断电操作。When the judgment result indicates that the time difference between the first moment and the second moment is greater than the preset threshold, a power-off operation is performed on components in the in-band management system except for the initialization data of the basic input and output system.
  10. 一种用于服务器的验证方法,其特征在于,所述服务器包括带内管理系统,所述验证方法应用于所述带内管理系统中的基本输入输出系统,所述验证方法包括:A verification method for a server, characterized in that the server includes an in-band management system, the verification method is applied to a basic input and output system in the in-band management system, and the verification method includes:
    在所述带内管理系统的电源状态为启动状态的情况下,发送启动信号至基板管理控制器,使得所述基板管理控制器判断所述基本输入输出系统的初始化数据是否完整,并在判断结果指示为所述基本输入输出系统的初始化数据完整的情况下输出上电指令;When the power state of the in-band management system is in the startup state, sending a startup signal to the baseboard management controller, so that the baseboard management controller determines whether the initialization data of the basic input and output system is complete, and outputs a power-on instruction when the judgment result indicates that the initialization data of the basic input and output system is complete;
    在接收到所述上电指令的情况下,控制所述基本输入输出系统运行,并发送度量链信息至所述基板管理控制器,使得所述基板管理控制器根据接收的所述度量链信息,验证所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件的完整性。When the power-on instruction is received, the basic input-output system is controlled to run, and measurement chain information is sent to the baseboard management controller, so that the baseboard management controller verifies the integrity of components in the in-band management system except the initialization data of the basic input-output system according to the received measurement chain information.
  11. 根据权利要求10所述的验证方法,其特征在于,所述验证方法还包括:The verification method according to claim 10, characterized in that the verification method further comprises:
    在所述判断结果指示为所述基本输入输出系统的初始化数据不完整的情况下,接收所述基板管理控制器发送的控制信号,所述控制信号用于控制所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件断电。When the judgment result indicates that the initialization data of the basic input/output system is incomplete, a control signal sent by the baseboard management controller is received, wherein the control signal is used to control the components in the in-band management system except the initialization data of the basic input/output system to be powered off.
  12. 根据权利要求10所述的验证方法,其特征在于,所述验证方法还包括:The verification method according to claim 10, characterized in that the verification method further comprises:
    发送所述基本输入输出系统的更新请求和更新的BIOS文件至所述基板管理控制器,使得所述基板管理控制器根据所述更新请求解析所述BIOS文件,得到与所述更新请求对应的完整性值集合,并采用所述完整性值集合,更新基准值库,其中,所述BIOS文件包括多个基本输入输出系统组件的更新的完整性值。Sending an update request for the basic input/output system and an updated BIOS file to the baseboard management controller, so that the baseboard management controller parses the BIOS file according to the update request, obtains a set of integrity values corresponding to the update request, and uses the set of integrity values to update a baseline value library, wherein the BIOS file includes updated integrity values of multiple basic input/output system components.
  13. 根据权利要求10所述的验证方法,其特征在于,所述验证方法还包括:The verification method according to claim 10, characterized in that the verification method further comprises:
    接收所述基板管理控制器发送的度量值信息,其中,所述度量值信息包括所述基本输 入输出系统的初始化数据的度量值;Receive the metric value information sent by the baseboard management controller, wherein the metric value information includes the basic input Metrics of initialization data for input and output systems;
    获取所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件的完整性信息;Acquire integrity information of components in the in-band management system except for the initialization data of the basic input and output system;
    根据所述度量值信息和所述完整性信息,生成度量链信息。Generate measurement chain information according to the measurement value information and the integrity information.
  14. 根据权利要求13所述的验证方法,其特征在于,接收所述基板管理控制器发送的度量值信息,包括:The verification method according to claim 13, wherein receiving the measurement value information sent by the baseboard management controller comprises:
    与所述基板管理控制器交换会话密钥,得到第二密钥,并使得所述基板管理控制器得到第一密钥,其中,所述第二密钥用于将所述度量值信息加密,生成度量值密文;exchanging a session key with the baseboard management controller to obtain a second key, and enabling the baseboard management controller to obtain a first key, wherein the second key is used to encrypt the measurement value information to generate a measurement value ciphertext;
    采用所述第二密钥将所述度量值密文解密,得到所述度量值信息。The second key is used to decrypt the metric value ciphertext to obtain the metric value information.
  15. 根据权利要求14所述的验证方法,其特征在于,所述发送度量链信息至所述基板管理控制器,包括:The verification method according to claim 14, wherein the sending of the measurement chain information to the baseboard management controller comprises:
    采用所述第一密钥将所述度量链信息加密,得到度量链密文;Encrypting the measurement chain information using the first key to obtain a measurement chain ciphertext;
    将所述度量链密文发送至所述基板管理控制器,使得所述基板管理控制器采用所述第一密钥将所述度量链密文解密,得到所述度量链信息。The measurement chain ciphertext is sent to the baseboard management controller, so that the baseboard management controller uses the first key to decrypt the measurement chain ciphertext to obtain the measurement chain information.
  16. 根据权利要求15所述的验证方法,其特征在于,还包括:The verification method according to claim 15, further comprising:
    在第一时刻与第二时刻的时差大于预设阈值的情况下,接收所述基板管理控制器发送的控制信号,其中,所述第一时刻为接收到所述基板管理控制器发送的度量值信息的时刻,所述第二时刻为发送所述度量链信息至所述基板管理控制器的时刻,所述控制信号用于控制所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件断电。In a case where a time difference between a first moment and a second moment is greater than a preset threshold, a control signal sent by the baseboard management controller is received, wherein the first moment is a moment when the measurement value information sent by the baseboard management controller is received, and the second moment is a moment when the measurement chain information is sent to the baseboard management controller, and the control signal is used to control the power-off of components in the in-band management system except for the initialization data of the basic input and output system.
  17. 一种用于服务器的验证装置,其特征在于,所述验证装置应用于基板管理控制器,所述服务器包括带内管理系统,所述验证装置包括:A verification device for a server, characterized in that the verification device is applied to a baseboard management controller, the server includes an in-band management system, and the verification device includes:
    判断模块,用于在所述带内管理系统的电源状态为启动状态的情况下,判断所述带内管理系统中基本输入输出系统的初始化数据是否完整,得到判断结果;A judgment module, used for judging whether the initialization data of the basic input and output system in the in-band management system is complete when the power state of the in-band management system is in the startup state, and obtaining a judgment result;
    输出模块,用于在所述判断结果指示为所述带内管理系统中基本输入输出系统的初始化数据完整的情况下,输出上电指令至所述带内管理系统,使得所述基本输入输出系统运行,并发送度量链信息;an output module, configured to output a power-on instruction to the in-band management system, so that the basic input-output system runs, and send measurement chain information, if the judgment result indicates that the initialization data of the basic input-output system in the in-band management system is complete;
    验证模块,用于根据接收的所述度量链信息,验证所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件的完整性。A verification module is used to verify the integrity of components in the in-band management system except the initialization data of the basic input and output system according to the received measurement chain information.
  18. 一种用于服务器的验证装置,其特征在于,所述服务器包括带内管理系统,所述验证装置应用于所述带内管理系统中的基本输入输出系统,所述验证装置包括:A verification device for a server, characterized in that the server includes an in-band management system, the verification device is applied to a basic input and output system in the in-band management system, and the verification device includes:
    第一发送模块,在所述带内管理系统的电源状态为启动状态的情况下,用于发送启动信号至基板管理控制器,使得所述基板管理控制器判断所述基本输入输出系统的初始化数据是否完整,并在判断结果指示为所述基本输入输出系统的初始化数据完整的情况下输出上电指令; a first sending module, configured to send a startup signal to a baseboard management controller when the power state of the in-band management system is a startup state, so that the baseboard management controller determines whether the initialization data of the basic input/output system is complete, and outputs a power-on instruction when the determination result indicates that the initialization data of the basic input/output system is complete;
    第二发送模块,用于在接收到所述上电指令的情况下,控制所述基本输入输出系统运行,并发送度量链信息至所述基板管理控制器,使得所述基板管理控制器根据接收的所述度量链信息,验证所述带内管理系统中除所述基本输入输出系统的初始化数据之外的组件的完整性。The second sending module is used to control the operation of the basic input and output system and send measurement chain information to the baseboard management controller when receiving the power-on instruction, so that the baseboard management controller verifies the integrity of components in the in-band management system except the initialization data of the basic input and output system according to the received measurement chain information.
  19. 一种非易失性可读存储介质,其特征在于,所述非易失性可读存储介质中存储有计算机程序,其中,所述计算机程序被处理器执行时实现所述权利要求1至9任一项中所述的验证方法的步骤,或者实现权利要求10至16任一项中所述的验证方法的步骤。A non-volatile readable storage medium, characterized in that a computer program is stored in the non-volatile readable storage medium, wherein when the computer program is executed by a processor, the steps of the verification method described in any one of claims 1 to 9 are implemented, or the steps of the verification method described in any one of claims 10 to 16 are implemented.
  20. 一种电子设备,包括存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现所述权利要求1至9任一项中所述的验证方法的步骤,或者实现权利要求10至16任一项中所述的验证方法的步骤。 An electronic device comprises a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the verification method described in any one of claims 1 to 9 or the steps of the verification method described in any one of claims 10 to 16 when executing the computer program.
PCT/CN2023/104191 2022-12-19 2023-06-29 Verification method and apparatus for server WO2024131018A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211634914.4 2022-12-19

Publications (1)

Publication Number Publication Date
WO2024131018A1 true WO2024131018A1 (en) 2024-06-27

Family

ID=

Similar Documents

Publication Publication Date Title
US9288155B2 (en) Computer system and virtual computer management method
JP4855679B2 (en) Encapsulation of reliable platform module functions by TCPA inside server management coprocessor subsystem
EP1975836B1 (en) Server active management technology (AMT) assisted secure boot
EP2681689B1 (en) Protecting operating system configuration values
US8832778B2 (en) Methods and apparatuses for user-verifiable trusted path in the presence of malware
EP3540626B1 (en) Enclave launch and authentication
US7506380B2 (en) Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
US8327125B2 (en) Content securing system
US20040064457A1 (en) Mechanism for providing both a secure and attested boot
EP1309916A2 (en) A computer system operable to revert to a trusted state
CN103119560A (en) Demand based usb proxy for data stores in service processor complex
US20240104213A1 (en) Securing node groups
US20200067912A1 (en) Implementing authentication protocol for merging multiple server nodes with trusted platform modules utilizing provisioned node certificates to support concurrent node add and remove
CN111125707A (en) BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module
JP5220675B2 (en) Thin client master rewrite system, thin client master rewrite method, and thin client
WO2024131018A1 (en) Verification method and apparatus for server
CN115618366B (en) Authentication method and device for server
CN115604315A (en) Remote processing device and method of server and electronic equipment
US20230359741A1 (en) Trusted boot method and apparatus, electronic device, and readable storage medium
CN111858114B (en) Device starting exception handling and device starting control method, device and system
CN111506897B (en) Data processing method and device
CN108228219B (en) Method and device for verifying BIOS validity during in-band refreshing of BIOS
US11275817B2 (en) System lockdown and data protection
CN116305092B (en) Method and system for realizing trusted virtualization system
CN112769800B (en) Switch integrity verification method and device and computer storage medium