CN114756905A - Method and device for realizing mainboard anti-counterfeiting and BIOS protection and control mainboard - Google Patents
Method and device for realizing mainboard anti-counterfeiting and BIOS protection and control mainboard Download PDFInfo
- Publication number
- CN114756905A CN114756905A CN202210659100.XA CN202210659100A CN114756905A CN 114756905 A CN114756905 A CN 114756905A CN 202210659100 A CN202210659100 A CN 202210659100A CN 114756905 A CN114756905 A CN 114756905A
- Authority
- CN
- China
- Prior art keywords
- bios
- encryption device
- counterfeiting
- encryption
- command
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Analysis (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Computational Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a method and a device for realizing mainboard anti-counterfeiting and BIOS protection and a control mainboard, wherein the method for realizing mainboard anti-counterfeiting and BIOS protection comprises the following steps: after entering the PEI phase, the BIOS runs an encryption encapsulation module which is led into the BIOS in advance, and accesses a slave device address used for mounting a safety encryption device through a hardware bus; when the access is successful, the safe encryption device is determined to be hung, and at least one command key verification is carried out on the safe encryption device through the encryption packaging module based on a hardware bus protocol; and when all the commands are executed and pass, confirming that the key is successfully verified, and jumping out of the encryption packaging module by the BIOS and entering the next stage until entering an operating system. The method can be compatible with the anti-counterfeiting of the multi-platform mainboard, the protection of the BIOS firmware and the like.
Description
Technical Field
The present application relates to the field of motherboard design technologies, and in particular, to a method and an apparatus for implementing motherboard anti-counterfeiting and BIOS protection, and a control motherboard.
Background
Along with the current high-speed development environment, the popularity of electronic products is higher and higher, so the copyright protection consciousness of the mainboard design is more and more emphasized, the defense mechanism for the mainboard anti-counterfeiting aspect in the market is weaker, the BIOS firmware of the same platform is easily applied to other mainboards for power-on verification, if the design difference on hardware is not too large, the applied BIOS firmware is easily turned on other mainboards, and then the operations such as tampering occur, so the old protection measures are not suitable for the development requirements of the mainboard anti-counterfeiting and BIOS protection at present.
Disclosure of Invention
In view of this, embodiments of the present application provide a method and an apparatus for implementing motherboard anti-counterfeiting and BIOS protection, and a control motherboard, which can implement the anti-counterfeiting and BIOS protection of the motherboard.
In a first aspect, an embodiment of the present application provides a method for implementing motherboard anti-counterfeiting and BIOS protection, including:
after entering the PEI stage, the BIOS runs an encryption packaging module which is pre-introduced into the BIOS, and accesses a slave device address for mounting a safety encryption device through a hardware bus;
when the access is successful, determining that a safety encryption device is hung, and carrying out at least one command key verification on the safety encryption device through the encryption packaging module based on a hardware bus protocol;
and when all the commands are executed and pass, confirming that the key verification is successful, and jumping out of the encryption packaging module by the BIOS and entering the next stage until entering an operating system.
In some embodiments, the method for implementing motherboard anti-counterfeiting and BIOS protection further comprises:
when the access fails or any command is not executed, the control alarms, and the BIOS enters a dead halt state.
In some embodiments, if the multiple command key checks are performed, the method further includes:
and sequentially executing the multiple commands according to a preset command sequence, stopping key verification if the current command fails to be executed, controlling to alarm, and then enabling the BIOS to enter a halt state.
In some embodiments, the at least one command key check comprises one or more of the following operations in combination:
waking up the secure cryptographic device from a sleep or idle state;
performing a read operation on the secure encryption device;
performing a write operation on the secure encryption device;
sending a Random command to the secure encryption device to enable the secure encryption device to generate a Random number of a preset byte;
after the random number is generated, sending a Nonce command to the secure encryption device to cause the secure encryption device to return a password generated based on the random number;
after the random number and the password are generated, an MAC command is sent to the security encryption device so that the security encryption device returns a first abstract, the returned first abstract is matched with a second abstract generated by the encryption packaging module based on the random number, the password and a preset secret key, and if the two abstracts are equal, the execution is confirmed to be passed.
In some embodiments, when performing a read or write operation on the secure encryption device, the method further includes:
and verifying and encrypting the identity of the data to be read or written by using the preset key.
In some embodiments, the hardware bus is I2C bus or SMBUS bus.
In some embodiments, the controlling alerting comprises:
the BIOS controls the buzzer to send out a sound alarm signal with preset frequency and/or controls the indicator lamp to send out a light alarm signal with preset frequency.
In a second aspect, an embodiment of the present application further provides a device for implementing anti-counterfeiting and BIOS protection of a motherboard, including:
the access module is used for running the encryption packaging module which is pre-introduced into the BIOS after the PEI phase is entered, and accessing the slave equipment address for mounting the safety encryption device through a hardware bus;
the verification module is used for determining that a safety encryption device is hung when the access is successful, and performing at least one command key verification on the safety encryption device through the encryption packaging module based on a hardware bus protocol;
and the confirmation module is used for confirming that the key is successfully verified when all the commands are executed and passed, and the BIOS jumps out of the encryption packaging module and enters the next stage until the operating system is entered.
In a third aspect, an embodiment of the present application further provides a control motherboard, where the control motherboard includes a processor and a memory, where the memory stores a computer program, and the processor is configured to execute the computer program to implement the method for implementing the motherboard anti-counterfeiting and BIOS protection.
In a fourth aspect, an embodiment of the present application further provides a readable storage medium, where a computer program is stored, and when the computer program is executed on a processor, the method for implementing the motherboard anti-counterfeiting and the BIOS protection is implemented.
The embodiment of the application has the following beneficial effects:
according to the method for realizing the anti-counterfeiting of the mainboard and the protection of the BIOS, after the BIOS enters a PEI stage, the BIOS runs an encryption packaging module which is pre-introduced into the BIOS, and the address of the slave equipment for mounting the safety encryption device is accessed through a hardware bus; when the access is successful, determining that a safety encryption device is hung, and carrying out at least one command key verification on the safety encryption device through the encryption packaging module based on a hardware bus protocol; and when all the commands are executed and pass, confirming that the key is verified successfully, namely the anti-counterfeiting of the main board is identified and the protection of the BIOS is successful, and jumping out the encryption packaging module by the BIOS and entering the next stage until entering an operating system. The method can be compatible with a plurality of mainboards of different platforms, and realizes the anti-counterfeiting and BIOS protection of the mainboards.
Drawings
To more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 shows a schematic operation flow diagram of a control main board according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating a BIOS running a cryptographic encapsulation module according to an embodiment of the present application;
FIG. 3 is a flow chart illustrating a multi-command key verification according to an embodiment of the present application;
fig. 4 shows a schematic structural diagram of a device for implementing anti-counterfeiting and BIOS protection of a motherboard according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments.
The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, as presented in the figures, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
Hereinafter, the terms "including", "having", and their derivatives, which may be used in various embodiments of the present application, are intended to indicate only specific features, numbers, steps, operations, elements, components, or combinations of the foregoing, and should not be construed as first excluding the existence of, or adding to, one or more other features, numbers, steps, operations, elements, components, or combinations of the foregoing. Furthermore, the terms "first," "second," "third," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the various embodiments of this application belong. The terms (such as those defined in commonly used dictionaries) should be interpreted as having a meaning that is consistent with their contextual meaning in the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein in various embodiments.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
The BIOS, a Basic Input/Output System and a Basic Input/Output System are bridges or interfaces between computer hardware and software, can provide a bottommost hardware control program for a computer, and have several stages in the operation process, wherein each stage can perform division processing on different things until the BIOS is guided to enter an operating System. For example, the PEI phase and the DXE phase are different phases in the BIOS boot process, wherein the PEI (Pre-EFI Initialization) phase is mainly used to initialize the memory and prepare the execution environment for the next DXE phase. The DXE phase is primarily used to drive the execution environment.
I2The C BUS (Inter-Integrated Circuit BUS) is a two-wire serial BUS developed by PHILIPS corporation, a serial data line (serial data SDA) and a serial clock line SCL (serial clock SCL), both of which are bi-directional. Each connected to I2The devices of the C BUS all have unique addresses, I2The C BUS has three types of signals in the transmission process, namely a start signal, an end signal and a response signal.
Smbus (system Management bus), a system Management bus, is proposed by Intel corporation for low rate communication between mobile PC and desktop PC systems. The SMBUS has two signal lines, SMBCLK and SMBDAT, i.e., one clock line and one data line, and both are bidirectional, and both are high when the bus is idle. Different devices are connected to the same Bus group, and only one Master is arranged on the SMBUS. All commands are issued by this Master. The other Slave devices (Slave) can only receive commands or reply data sent by the Master to the Master.
The embodiment of the application provides a method for realizing mainboard anti-counterfeiting and BIOS protection, which is simple and efficient and can be compatible with multi-platform mainboard anti-counterfeiting and BIOS protection. To realize the method, only SMBUS/I is needed to pass through on the mainboard2C, mounting a safety encryption device on the standard hardware bus, and simultaneously importing an encryption packaging module of the safety encryption device into the BIOS firmware for recompilation to obtain a new BIOS firmware imported with the encryption packaging module; and then, the key is verified by combining the safety encryption device and the encryption packaging module, so that the anti-counterfeiting and BIOS protection of the mainboard are realized. The encryption packaging module can be understood as a program module which performs BIOS compatible packaging on the secure encryption device.
For example, the secure encryption device may be an ATSHA204A, LCHAS 204, or the like. The ATSHA204A is a high-security hardware verification device, and the LCHA 204 is a home-made security chip compatible with the ATSHA 204A. The ATSHA204A device includes an electrically erasable programmable read only memory array that can be used for key storage, other read and write data, read only or confidential data, consumption records, and security configurations. The device has a plurality of specially designed defense mechanisms, and can prevent physical attacks (such as voltage and temperature tampering detection) on the device, or logic attacks (both logic clock and logic power supply voltage are generated internally to prevent the two signals from being directly attacked by using device pins) on transmission between the device and a system, and the like.
Through practical tests, the method of the embodiment of the application has been successfully verified on the following platforms, for example: platform such as feiteng, dragon core, sea light, Intel, AMD, million core, etc. carries out key verification through bus protocols such as SMBUS/I2C, etc. to realize the anti-counterfeiting and BIOS protection of the mainboard. The safe encryption device is embedded on the mainboard, occupies small space and is not easy to be found, the safe encryption device is mounted on SMBUS/I2C buses of the platform mainboards, then the BIOS firmware is led into the encryption packaging module for recompilation, and the regenerated BIOS firmware can realize mainboard anti-counterfeiting and BIOS protection.
Referring to fig. 1, a method for implementing motherboard anti-counterfeiting and BIOS protection will be described.
Exemplarily, the operation flow of the control motherboard in the whole boot process is as follows:
and S110, powering on the mainboard and starting up.
S120, BIOS enters Security (SEC) stage.
S130, the BIOS enters the Pre EFI Initialization (PEI) phase.
And S140, the BIOS runs the encryption packaging module, jumps out of the encryption packaging module after the requirement is met, and enters the next step.
S150, the BIOS enters a Driver Execution Environment (DXE) phase.
S160, the BIOS enters Boot Dev Select (BDS) phase.
And S170, normally entering an operating system.
In this embodiment, before the secure encryption device is used, the burning key is set to be in an unreadable and locked state, and the key set during burning is introduced into the encapsulation module of the secure encryption device, and then the BIOS is recompiled to generate a new BIOS firmware. It is understood that the BIOS referred to in the above steps is the new BIOS firmware. The anti-counterfeit verification of the motherboard and the protection of the BIOS firmware are mainly completed in step S140, that is, the BIOS runs the encryption encapsulation module.
As shown in FIG. 2, the method for implementing anti-counterfeiting and BIOS protection of the motherboard comprises steps S210-S260:
s210, after the PEI stage, the BIOS runs the encryption packaging module and accesses the slave device address for mounting the safety encryption device through the hardware bus.
Exemplarily, after entering the PEI phase, the BIOS enters the encryption encapsulation module to execute the corresponding program, and according to the hardware bus mounting design, through SMBUS or I2The C bus signal communication performs an initial access to the Slave Address (i.e., Slave Address) of the secure encryption device for mounting. If the Slave Address is successfully accessed, the existence of a safety encryption device is indicated, and the step is executedS220; otherwise, if the access Slave Address fails, it indicates that the secure encryption device does not exist, and step S230 is executed.
And S220, when the access is successful, determining that the security encryption device is mounted. Subsequently, the process proceeds to step S240.
And S230, when the access fails, determining that no security encryption device exists. At this point, the method may jump to step S260, i.e., alarm is performed, and then the BIOS is brought into a dead halt state.
In an alternative, when the alarm is made, the BIOS may cooperate to turn on an alarm signal with a specific frequency, such as a buzzer or an indicator light. Taking the buzzer as an example, the alarm can be controlled to give out two alarms after a long time or a break; taking the indicator light as an example, the light and dark alarms can be controlled to be issued one or more times, and the like, and are not limited in particular here.
S240, the BIOS performs at least one command key verification on the safety encryption device through the encryption packaging module based on a hardware bus protocol.
For example, if the secure encryption device is mounted through the SMBUS bus, the BIOS performs a command operation on the secure encryption device through the encryption encapsulation module through the SMBUS bus protocol, so as to verify the key that has been burned into the secure encryption device and is imported into the encryption encapsulation module, thereby implementing security verification on the motherboard and the BIOS firmware. Also, if pass I2C, hardware mounting is carried out through the bus I2The C bus protocol performs command operations.
For the secure cryptographic device described above, the at least one command for key verification may include, but is not limited to including: one or more combinations of Command Wake, Command Read, Command Write, Command random, Command Nonce, Command MAC, and Command CheckMAC operations. Wherein, the Command Wake is used for waking up; command Read is used for data reading; command Write is used for data writes; the Command Random is used for generating Random numbers; the Command Nonce is used to generate an arbitrary or non-repeating random number that is used only once; the Command MAC can be used to return a value (also called digest) of a corresponding byte calculated by a hashing algorithm in the key field, such as 32 bytes of SHA-256 digest, etc. The Command checkMAC can be used to check the generated digest.
Taking the wake-up command as an example, the BIOS is based on SMBUS or I through the encryption encapsulation module2The C protocol sends a Command Wake Command to the security encryption device to Wake up the security encryption device in a dormant or idle state; if the command is successfully awakened, the current command is indicated to be executed and passed. Similarly, for other commands, if the secure encryption device can respond or feed back corresponding information, it indicates that the current command is valid, and therefore the execution may be considered to pass.
In this embodiment, when there are multiple commands, it is indicated that the key verification is successful only when all the commands are executed. In an embodiment, when performing key verification of multiple commands, the commands may be sequentially executed according to a preset command sequence, as shown in fig. 3, if a current command is successfully executed, execution of a next command is started; otherwise, if the current item command fails to be executed, that is, if one item fails to be executed, the verification may be stopped, and the process jumps to step S260, that is, the control performs an alarm, and then the BIOS enters a dead halt state. It is to be understood that the entering of the dead halt state is merely an example for prompting that there is a security problem in the current motherboard or BIOS firmware, and that if a command is not successfully executed and the key verification process is interrupted, other states may be entered or prompted, which is not limited herein.
S310, the safety encryption device is awakened from a dormant or idle state. After successful awakening, the next operation can be carried out. If the wake-up operation fails, it indicates that the secure encryption device may have a problem, and the subsequent key verification operation may be stopped directly.
And S320, reading the security encryption device. For example, 4 bytes may be read from the secure encryption device, and optionally, the data to be read or written may be authenticated and encrypted using the pre-set key.
And S330, writing the security encryption device. For example, 4 bytes may be written from the secure encryption device, and optionally, the data to be read or written may be authenticated and encrypted using the pre-set key.
S340, sending a Random command to the secure encryption device, so that the secure encryption device generates a Random number of a preset byte. For example, the cryptographic package module may cause the secure cryptographic device to generate a 32-byte Random number via a Random command.
S350, sending a Nonce command to the secure encryption device to make the secure encryption device return a password generated based on the random number. It will be appreciated that the Random command will typically need to be sent before the Nonce command is sent. For example, the generated random number may be used to cause the encryption device to return a 32-byte Tempkey.
S360, after generating the random number and the password, a MAC command is sent to the secure encryption device to make the secure encryption device return the first digest (referred to as digest1 herein). The first digest is used for matching with a second digest (noted as digest 2) generated by the encryption packaging module through a hash operation based on a random number, a password and a preset key.
And S370, if the two digests are equal, the check command (checkMAC command) is executed to pass, otherwise, the check command does not pass. If the two digests are judged to be equal, corresponding Bool type values can be returned, if 0 represents equal, 1 represents unequal, otherwise, the two digests can also be returned.
Therefore, when the above-mentioned multiple commands are executed in sequence, only when the last verification command is executed and the two digests are equal, it indicates that the key verification is passed, and the step S250 is executed to identify the success of the anti-counterfeiting of the motherboard and the protection of the BIOS.
And S250, when all the command key verification passes, confirming that the key verification is successful, and jumping out of the encryption packaging module by the BIOS.
S260, when the access fails or the key check fails, the control gives an alarm, and then the BIOS enters a dead halt state.
The implementation method for mainboard anti-counterfeiting and BIOS protection of the embodiment utilizes SMBUS/I on the mainboard2C, etc. hardware bus to mount the safety encryption device and simultaneously import the addition of the safety encryption device through BIOS firmwareAnd the encryption packaging module is used for carrying out key verification by utilizing a bus protocol based on the security encryption device and the encryption packaging module so as to realize the anti-counterfeiting of the mainboard and the anti-theft of the BIOS.
In summary, the beneficial effects of the present application include at least the following: firstly, the method comprises the following steps: because the secret key is set to be unreadable and locked by a writer before the safe encryption device is used, the secret key in the device is only known by a mainboard supplier, and the secret key set by writing is led into the encryption packaging function module of the device and is recompiled by the BIOS, so that the difficulty of searching the secret key from the generated BIOS firmware is obviously increased. Secondly, the method comprises the following steps: if desired via SMBUS/I2It is also unrealistic to intercept the key through the C bus, because the secure encryption device and the encapsulation module of the secure encryption device in this embodiment do not upload the key through the SMBUS/I2C bus, but randomly generate a 32-byte random number as a challenge code to send to the secure encryption device through the encryption encapsulation module, the secure encryption device will perform a hash operation with the received challenge code and output a set of Digest1, and then send back to the encryption encapsulation module in the BIOS, and the encryption encapsulation module also calculates a set of Digest2 with the above related data, and then compares with the Digest1 returned by the secure encryption device, if they are the same, it indicates that the key burned in the motherboard is correct, and if they are not the same, the verification fails. Since the challenge code sent each time is randomly generated, the check code for checking the key each time is different, and therefore interception of the key on the bus cannot be achieved. Thirdly, the steps of: because the BIOS is recompiled, the key cannot be obtained through disassembling, and therefore the key cannot be leaked, and the anti-counterfeiting and BIOS protection of the mainboard can be realized.
Referring to fig. 4, based on the method of the foregoing embodiment, the present embodiment provides a device 100 for implementing motherboard anti-counterfeiting and BIOS protection, exemplarily, the device 100 includes:
the access module 110 is used for running an encryption encapsulation module which is pre-introduced into the BIOS after the PEI phase is entered, and accessing a slave device address for mounting a safety encryption device through a hardware bus;
the verification module 120 is configured to determine that a secure encryption device is mounted when the access is successful, and perform at least one command key verification on the secure encryption device through the encryption encapsulation module based on a hardware bus protocol;
and the confirmation module 130 is configured to, when all the commands are executed successfully, confirm that the key is verified successfully, and the BIOS jumps out of the encryption and encapsulation module and enters the next stage until entering the operating system.
It is understood that the apparatus of the present embodiment corresponds to the method of the above embodiment, and the alternatives of the above embodiment are also applicable to the present embodiment, so the description is not repeated here.
The application also provides a control mainboard, for example, the control mainboard can be various mainboards used for industrial control and the like. Exemplarily, the control main board includes a processor and a memory, where the memory stores a computer program, and the processor executes the computer program, so that the control main board executes the above-mentioned method for implementing main board anti-counterfeiting and BIOS protection or the functions of each module in the above-mentioned apparatus for implementing main board anti-counterfeiting and BIOS protection.
The application also provides a readable storage medium for storing the computer program used in the control mainboard.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, each functional module or unit in each embodiment of the present application may be integrated together to form an independent part, or each module may exist alone, or two or more modules may be integrated to form an independent part.
The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a smart phone, a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application.
Claims (10)
1. A method for realizing main board anti-counterfeiting and BIOS protection is characterized by comprising the following steps:
after entering the PEI stage, the BIOS runs an encryption packaging module which is pre-introduced into the BIOS, and accesses a slave device address for mounting a safety encryption device through a hardware bus;
when the access is successful, determining that a safety encryption device is hung, and carrying out at least one command key verification on the safety encryption device through the encryption packaging module based on a hardware bus protocol;
and when all the commands are executed and pass, confirming that the key verification is successful, and jumping out of the encryption packaging module by the BIOS and entering the next stage until entering an operating system.
2. The method for implementing anti-counterfeiting and BIOS protection of a motherboard according to claim 1, further comprising:
when the access fails or any command is not executed, the control alarms, and the BIOS enters a dead halt state.
3. The method for implementing anti-counterfeiting and BIOS protection of a motherboard as claimed in claim 1, wherein when performing multi-command key verification, the method further comprises:
and sequentially executing the multiple commands according to a preset command sequence, stopping key verification if the current command fails to be executed, controlling to alarm, and then enabling the BIOS to enter a halt state.
4. The method for implementing anti-counterfeiting and BIOS protection of a motherboard as claimed in claim 1 or 3, wherein the at least one command key verification comprises one or more of the following operations:
waking up the secure cryptographic device from a sleep or idle state;
performing a read operation on the secure encryption device;
performing a write operation on the secure encryption device;
sending a Random command to the secure encryption device to enable the secure encryption device to generate a Random number of a preset byte;
after the random number is generated, sending a Nonce command to the secure encryption device to cause the secure encryption device to return a password generated based on the random number;
and after the random number and the password are generated, sending an MAC command to the security encryption device so as to enable the security encryption device to return a first abstract, matching the returned first abstract with a second abstract generated by the encryption packaging module based on the random number, the password and a preset key, and if the two abstracts are equal, confirming that the execution is passed.
5. The method for implementing motherboard anti-counterfeiting and BIOS protection according to claim 4, wherein when performing read or write operation on the secure encryption device, further comprising:
and performing identity authentication and encryption on data to be read or written by using the preset key.
6. The method for implementing anti-counterfeiting and BIOS protection of motherboard as claimed in claim 1, wherein the hardware bus is I2A C bus or an SMBUS bus.
7. The method for implementing anti-counterfeiting and BIOS protection of a motherboard according to claim 2 or 3, wherein the controlling the alarm comprises:
the BIOS controls the buzzer to send out a sound alarm signal with preset frequency and/or controls the indicator lamp to send out a light alarm signal with preset frequency.
8. The utility model provides a mainboard is anti-fake and BIOS protection realizes device which characterized in that includes:
the access module is used for running the encryption packaging module which is pre-introduced into the BIOS after the PEI phase is entered, and accessing the slave equipment address for mounting the safety encryption device through a hardware bus;
the verification module is used for determining that a safety encryption device is hung when the access is successful, and performing at least one command key verification on the safety encryption device through the encryption packaging module based on a hardware bus protocol;
and the confirmation module is used for confirming that the key is successfully verified when all the commands are executed and passed, and the BIOS jumps out of the encryption packaging module and enters the next stage until the operating system is entered.
9. A control motherboard, comprising a processor and a memory, wherein the memory stores a computer program, and the processor is configured to execute the computer program to implement the method for implementing motherboard anti-counterfeiting and BIOS protection according to any one of claims 1 to 7.
10. A readable storage medium storing a computer program, wherein the computer program, when executed on a processor, implements the method for implementing motherboard anti-counterfeiting and BIOS protection according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210659100.XA CN114756905B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing mainboard anti-counterfeiting and BIOS protection and control mainboard |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210659100.XA CN114756905B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing mainboard anti-counterfeiting and BIOS protection and control mainboard |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114756905A true CN114756905A (en) | 2022-07-15 |
| CN114756905B CN114756905B (en) | 2022-09-13 |
Family
ID=82336297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210659100.XA Active CN114756905B (en) | 2022-06-13 | 2022-06-13 | Method and device for realizing mainboard anti-counterfeiting and BIOS protection and control mainboard |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114756905B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115795490A (en) * | 2023-02-13 | 2023-03-14 | 惠州大亚湾华北工控实业有限公司 | Trusted starting method and device, industrial control host and readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060224878A1 (en) * | 2005-03-31 | 2006-10-05 | Intel Corporation | System and method for trusted early boot flow |
| US20090327684A1 (en) * | 2008-06-25 | 2009-12-31 | Zimmer Vincent J | Apparatus and method for secure boot environment |
| CN106156658A (en) * | 2016-07-04 | 2016-11-23 | 昆山百敖电子科技有限公司 | A kind of software protecting encryption and authentication method based on firmware layer |
| CN106156635A (en) * | 2016-07-29 | 2016-11-23 | 深圳兆日科技股份有限公司 | Method for starting terminal and device |
| CN106991299A (en) * | 2017-05-05 | 2017-07-28 | 济南浪潮高新科技投资发展有限公司 | A kind of encryption authentication module and the BIOS/firmware guard method based on the module |
| CN114357536A (en) * | 2021-12-24 | 2022-04-15 | 锋微固件(深圳)有限公司 | BIOS protection system based on domestic Feiteng platform board card |
-
2022
- 2022-06-13 CN CN202210659100.XA patent/CN114756905B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060224878A1 (en) * | 2005-03-31 | 2006-10-05 | Intel Corporation | System and method for trusted early boot flow |
| US20090327684A1 (en) * | 2008-06-25 | 2009-12-31 | Zimmer Vincent J | Apparatus and method for secure boot environment |
| CN106156658A (en) * | 2016-07-04 | 2016-11-23 | 昆山百敖电子科技有限公司 | A kind of software protecting encryption and authentication method based on firmware layer |
| CN106156635A (en) * | 2016-07-29 | 2016-11-23 | 深圳兆日科技股份有限公司 | Method for starting terminal and device |
| CN106991299A (en) * | 2017-05-05 | 2017-07-28 | 济南浪潮高新科技投资发展有限公司 | A kind of encryption authentication module and the BIOS/firmware guard method based on the module |
| CN114357536A (en) * | 2021-12-24 | 2022-04-15 | 锋微固件(深圳)有限公司 | BIOS protection system based on domestic Feiteng platform board card |
Non-Patent Citations (3)
| Title |
|---|
| FEITINGFJ: "加密芯片ATSHA204之使用", 《CSDN》 * |
| TW: "ATSHA204A加密芯片攻略——使用篇", 《CSDN》 * |
| 王斌等: "基于安全控制模块的高可信计算机研究", 《***工程与电子技术》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115795490A (en) * | 2023-02-13 | 2023-03-14 | 惠州大亚湾华北工控实业有限公司 | Trusted starting method and device, industrial control host and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114756905B (en) | 2022-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI643070B (en) | Securely booting a computing device | |
| CN100454322C (en) | Information processing device having activation verification function | |
| EP3522059B1 (en) | Perform security action based on inventory comparison | |
| CN111030822B (en) | Method and system for protecting firmware, and computer readable medium | |
| US10489612B2 (en) | Memory controller to verify authenticity of data | |
| CN110472421B (en) | Mainboard and firmware safety detection method and terminal equipment | |
| US10013563B2 (en) | Systems and methods for binding a removable cryptoprocessor to an information handling system | |
| CN102883324A (en) | Security verification method, security verification device and mobile terminal for plugin call in mobile terminal | |
| CN102663301A (en) | Trusted computer and credibility detection method | |
| CN101968834A (en) | Encryption method and device for anti-copy plate of electronic product | |
| CN114756905B (en) | Method and device for realizing mainboard anti-counterfeiting and BIOS protection and control mainboard | |
| CN105718762B (en) | A kind of BIOS authentication method and device | |
| CN107526947A (en) | A kind of embedded software active control method | |
| US11899777B2 (en) | Memory module authentication extension | |
| JP2022519926A (en) | Data attestation in memory | |
| JP2006268861A (en) | Method and control device for controlling access of computer to user data | |
| CN112560120A (en) | Secure memory bank and starting method thereof | |
| CN111709033A (en) | Method, system, device and medium for safely starting server based on PUF | |
| CN115130114A (en) | Gateway safety starting method and device, electronic equipment and storage medium | |
| CN115062290A (en) | Component authentication method and device | |
| CN115017517A (en) | Chip and checking method | |
| CN109583196B (en) | Key generation method | |
| CN115795490B (en) | Trusted starting method and device, industrial control host and readable storage medium | |
| CN112084538A (en) | Method and system for preventing firmware from being copied for terminal equipment | |
| CN101673324A (en) | Method for starting computer system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |