CN107038381A - A kind of managed firmware guard method based on binding mechanism - Google Patents
A kind of managed firmware guard method based on binding mechanism Download PDFInfo
- Publication number
- CN107038381A CN107038381A CN201710244703.2A CN201710244703A CN107038381A CN 107038381 A CN107038381 A CN 107038381A CN 201710244703 A CN201710244703 A CN 201710244703A CN 107038381 A CN107038381 A CN 107038381A
- Authority
- CN
- China
- Prior art keywords
- binding
- firmware
- managed
- authentication
- identifier information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The present invention provides a kind of managed firmware guard method based on binding mechanism; belong to server admin technical field; managed firmware obtains certain unique identifier information when starting for the first time from Management Controller; and write in the Flash of storage management firmware; managed firmware is bound together with this Management Controller; managed firmware is prevented to be used for other boards, so as to be protected to managed firmware.
Description
Technical field
The present invention relates to server admin technology, more particularly to a kind of managed firmware guard method based on binding mechanism.
Background technology
Data center has substantial amounts of server, in order to which these servers are carried out with effective management, server admin system
System is essential, and server admin firmware plays an important role in server management system, it is therefore desirable to solid to management
Part is protected.The use of encryption chip technology is a kind of conventional programmed protection solution, but this scheme needs increase outer
Portion's dedicated devices, and need in production for encryption chip preset key, to add production process.How simply and effectively to protect
It is the major issue for needing to solve that managed firmware program, which is not stolen illegally,.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of managed firmware guard method based on binding mechanism.
The technical scheme is that:
A kind of managed firmware guard method based on binding mechanism, managed firmware obtains certain when starting for the first time from Management Controller
Unique identifier information is planted, and is write in the Flash of storage management firmware, managed firmware is bundled in this Management Controller
Together, managed firmware is prevented to be used for other boards, so as to be protected to managed firmware.
Mainly include the following steps that:
(1) burning managed firmware is to Flash, electricity in management system;
(2) operation binding is set up and authentication processes before firmware starts managing process, whether has storage mark in detection Flash
The region of information is accorded with, if there is no then thinking that firmware is to run for the first time, binding is performed and sets up operation:
Read certain unique identifier information of Management Controller typing when manufacturing, it is preferable that this identifier letter
Breath represents that being stored in can be managed in the piece of firmware access in ROM using GUID;
Read-write storage region is created in Flash, and the above- mentioned information got is write;
Binding is re-executed to set up and the binding foundation in authentication processes and authentication operation;
(3) binding authentication behaviour is performed if binding is set up and authentication processes detect the region of existing storage identifier information
Make:
Read the identifier information in Management Controller and identifier memory area domain;
The above-mentioned identifier information of contrast, identical then binding authentication success, can start managing process, differ then binding authentication mistake
Lose, it is impossible to start managing process;
(4) binding is set up operation and only carried out when firmware first powers on startup, is only tied up in the start-up course after firmware
Determine authentication operation.
The premise that the present invention is realized is, it is necessary to which Management Controller chip has when manufacturing has been written into unique identifier
Addressable ROM in the piece of information.
The essence of the present invention is entered using managed firmware in the unique identifier information and Flash of Management Controller chip
Row binding, can be because Management Controller is different and can not run management therein if stealing managed firmware and being put into other boards
Process.
The beneficial effects of the invention are as follows:
The present invention is authenticated using the unique identifier information in ROM built in Management Controller, it is not necessary to which external dedicated is encrypted
Device, it is easy and effective.
Brief description of the drawings
Fig. 1 is the schematic diagram of the present invention.
Embodiment
More detailed illustrate is carried out to present disclosure below:
There is one piece of server master board, BMC (a Baseboard Management Controller, substrate pipe are placed on board
Manage controller), BMC has addressable ROM in piece, the unique GUID information of manufacturer's typing before BMC dispatches from the factory, pipe
Reason firmware is placed in SPI Flash, is articulated in by SPI interface on BMC.
It is electric on server, after BMC operating system nucleus start completions, perform binding and set up and authentication processes.Binding is set up
Whether there is with authentication processes detection/conf/binding.ini files, if there is no then think BMC be for the first time perform this
Process sets up operation, establishment/conf/binding.ini files and by ROM in the BMC pieces read, it is necessary to carry out binding
In this file of GUID Data Enters, re-execute binding and set up and the binding foundation in authentication processes and authentication operation, due to
Binding file is established, it is necessary to carry out binding authentication operation, the GUID stored in the GUID information and binding file in contrast BMC
Information, binding authentication success, can start managing process if consistent, and binding authentication fails if inconsistent, it is impossible to open
Dynamic managing process.Due to having to pass through the process of upper electro-detection before product export, managed firmware had performed binding and set up
Operation, therefore the firmware read from the SPI Flash of product by binding authentication operation because just can not can not be employed
To other boards.
Claims (4)
1. a kind of managed firmware guard method based on binding mechanism, it is characterised in that
A kind of unique identifier information is obtained from Management Controller when managed firmware starts for the first time, and writes storage management and is consolidated
In the Flash of part, managed firmware is bound together with this Management Controller.
2. according to the method described in claim 1, it is characterised in that
Comprise the following steps:
(1) burning managed firmware is to Flash, electricity in management system;
(2) operation binding is set up and authentication processes before firmware starts managing process, whether has storage mark in detection Flash
The region of information is accorded with, if there is no then thinking that firmware is to run for the first time, binding is performed and sets up operation:
A kind of unique identifier information of Management Controller typing when manufacturing is read,
Read-write storage region is created in Flash, and the above- mentioned information got is write;
Binding is re-executed to set up and the binding foundation in authentication processes and authentication operation;
(3) binding authentication behaviour is performed if binding is set up and authentication processes detect the region of existing storage identifier information
Make:
Read the identifier information in Management Controller and identifier memory area domain;
The above-mentioned identifier information of contrast, identical then binding authentication success, can start managing process, differ then binding authentication mistake
Lose, it is impossible to start managing process.
3. method according to claim 2, it is characterised in that
Binding is set up operation and only carried out when firmware first powers on startup, and binding is only carried out in the start-up course after firmware and is recognized
Card operation.
4. method according to claim 2, it is characterised in that
Identifier information represents that being stored in can be managed in the piece of firmware access in ROM using GUID.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710244703.2A CN107038381A (en) | 2017-04-14 | 2017-04-14 | A kind of managed firmware guard method based on binding mechanism |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710244703.2A CN107038381A (en) | 2017-04-14 | 2017-04-14 | A kind of managed firmware guard method based on binding mechanism |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107038381A true CN107038381A (en) | 2017-08-11 |
Family
ID=59535041
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710244703.2A Pending CN107038381A (en) | 2017-04-14 | 2017-04-14 | A kind of managed firmware guard method based on binding mechanism |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107038381A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107832588A (en) * | 2017-11-17 | 2018-03-23 | 珠海市多泰吉智能技术有限公司 | A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash |
CN109117332A (en) * | 2018-08-29 | 2019-01-01 | 郑州云海信息技术有限公司 | A kind of information-reading method and device |
CN111079124A (en) * | 2019-12-21 | 2020-04-28 | 广州小鹏汽车科技有限公司 | Security chip activation method and device, terminal equipment and server |
CN111291363A (en) * | 2020-01-19 | 2020-06-16 | 深圳信可通讯技术有限公司 | Communication module operation processing method and device, communication module and computer readable medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101145906A (en) * | 2006-09-13 | 2008-03-19 | 北京邦天科技有限公司 | Method and system for authenticating legality of receiving terminal in unidirectional network |
CN101589398A (en) * | 2006-12-28 | 2009-11-25 | 桑迪士克股份有限公司 | Upgrading a memory card that has security mechanisms that prevent copying of secure content and applications |
CN105069350A (en) * | 2015-08-24 | 2015-11-18 | 上海繁易电子科技有限公司 | Encryption method and apparatus for embedded operating system |
US20160140344A1 (en) * | 2013-06-24 | 2016-05-19 | Nippon Telegraph And Telephone Corporation | Security information management system and security information management method |
-
2017
- 2017-04-14 CN CN201710244703.2A patent/CN107038381A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101145906A (en) * | 2006-09-13 | 2008-03-19 | 北京邦天科技有限公司 | Method and system for authenticating legality of receiving terminal in unidirectional network |
CN101589398A (en) * | 2006-12-28 | 2009-11-25 | 桑迪士克股份有限公司 | Upgrading a memory card that has security mechanisms that prevent copying of secure content and applications |
US20160140344A1 (en) * | 2013-06-24 | 2016-05-19 | Nippon Telegraph And Telephone Corporation | Security information management system and security information management method |
CN105069350A (en) * | 2015-08-24 | 2015-11-18 | 上海繁易电子科技有限公司 | Encryption method and apparatus for embedded operating system |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107832588A (en) * | 2017-11-17 | 2018-03-23 | 珠海市多泰吉智能技术有限公司 | A kind of anti-method and apparatus and computer-readable storage medium divulged a secret of Flash |
CN109117332A (en) * | 2018-08-29 | 2019-01-01 | 郑州云海信息技术有限公司 | A kind of information-reading method and device |
CN111079124A (en) * | 2019-12-21 | 2020-04-28 | 广州小鹏汽车科技有限公司 | Security chip activation method and device, terminal equipment and server |
CN111079124B (en) * | 2019-12-21 | 2023-02-10 | 广州小鹏汽车科技有限公司 | Security chip activation method and device, terminal equipment and server |
CN111291363A (en) * | 2020-01-19 | 2020-06-16 | 深圳信可通讯技术有限公司 | Communication module operation processing method and device, communication module and computer readable medium |
CN111291363B (en) * | 2020-01-19 | 2022-02-15 | 深圳信可通讯技术有限公司 | Communication module operation processing method and device, communication module and computer readable medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107038381A (en) | A kind of managed firmware guard method based on binding mechanism | |
CN105069350B (en) | Encryption method and device for embedded operating system | |
CN100378609C (en) | Method and apparatus for unlocking a computer system hard drive | |
FI114416B (en) | Method for securing the electronic device, the backup system and the electronic device | |
CN102831079B (en) | A kind of method that mobile terminal is detected and mobile terminal | |
CN101334827A (en) | Magnetic disc encryption method and magnetic disc encryption system for implementing the method | |
CN109445705B (en) | Firmware authentication method and solid state disk | |
CN106161442A (en) | A kind of system control user login method | |
CN109918933B (en) | Method for preventing recorded data from being stolen by encrypting recorded port | |
CN100583119C (en) | Mobile memory and method for controlling data download of computer | |
CN112783537A (en) | Embedded linux operating system upgrading method and system based on MTD storage equipment | |
CN107679421A (en) | A kind of movable memory apparatus monitoring means of defence and system | |
US11023140B2 (en) | NVDIMM with removable storage | |
JP5680617B2 (en) | Secure data sharing system and execution method | |
CN104537282A (en) | Encryption flash disk and large data computation technology based authorization use method | |
CN104361280B (en) | A kind of method realizing carrying out authentic authentication to USB storage device by SMI interrupt | |
CN114662164A (en) | Identity authentication and access control system, method and equipment based on encrypted hard disk | |
CN110730079B (en) | System for safe starting and trusted measurement of embedded system based on trusted computing module | |
JP2010176490A (en) | Usb storage device, host computer, usb storage system and program | |
CN103105783B (en) | embedded element and control method | |
CN108363912B (en) | Program code secret protection method and device | |
CN109885731A (en) | A kind of power monitoring platform data information MAP matching process and system | |
CN111125723A (en) | Encryption card identification method, device, equipment and storage medium | |
CN101447012B (en) | Method for verifying electronic device and firmware therein | |
CN111832057A (en) | Self-destruction method for U disk file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170811 |