CN116301266B - PCIe (peripheral component interconnect express) equipment in-band resetting method and device based on security authentication - Google Patents
PCIe (peripheral component interconnect express) equipment in-band resetting method and device based on security authentication Download PDFInfo
- Publication number
- CN116301266B CN116301266B CN202310200242.4A CN202310200242A CN116301266B CN 116301266 B CN116301266 B CN 116301266B CN 202310200242 A CN202310200242 A CN 202310200242A CN 116301266 B CN116301266 B CN 116301266B
- Authority
- CN
- China
- Prior art keywords
- reset
- pcie
- band
- pcie device
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000002093 peripheral effect Effects 0.000 title description 2
- 230000003993 interaction Effects 0.000 claims description 11
- 230000002159 abnormal effect Effects 0.000 abstract description 7
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 4
- PCTMTFRHKVHKIS-BMFZQQSSSA-N (1s,3r,4e,6e,8e,10e,12e,14e,16e,18s,19r,20r,21s,25r,27r,30r,31r,33s,35r,37s,38r)-3-[(2r,3s,4s,5s,6r)-4-amino-3,5-dihydroxy-6-methyloxan-2-yl]oxy-19,25,27,30,31,33,35,37-octahydroxy-18,20,21-trimethyl-23-oxo-22,39-dioxabicyclo[33.3.1]nonatriaconta-4,6,8,10 Chemical group C1C=C2C[C@@H](OS(O)(=O)=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H]([C@H](C)CCCC(C)C)[C@@]1(C)CC2.O[C@H]1[C@@H](N)[C@H](O)[C@@H](C)O[C@H]1O[C@H]1/C=C/C=C/C=C/C=C/C=C/C=C/C=C/[C@H](C)[C@@H](O)[C@@H](C)[C@H](C)OC(=O)C[C@H](O)C[C@H](O)CC[C@@H](O)[C@H](O)C[C@H](O)C[C@](O)(C[C@H](O)[C@H]2C(O)=O)O[C@H]2C1 PCTMTFRHKVHKIS-BMFZQQSSSA-N 0.000 description 2
- 101100321992 Drosophila melanogaster ABCD gene Proteins 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a method and a device for in-band reset of PCIe equipment based on security authentication, wherein the method comprises the following steps: receiving authentication request information sent by a host into a secure authentication address of an in-band management unit of PCIe equipment; if the authentication request information is matched with the predefined authentication sequence, receiving an in-band reset command of the PCIe device issued by the host; determining a module to be reset of the PCIe device by analyzing an in-band reset command of the PCIe device, recording a reset state of the module to be reset, and executing reset of the module to be reset. The technical scheme of the invention realizes the in-band reset method with a configurable reset range, carries out safety certification before issuing a reset command, only responds to the reset command after the safety certification is passed, avoids abnormal reset of unsafe software, and can record reset information before reset so as to be used for inquiring after the reset is completed by a host driver.
Description
Technical Field
The invention belongs to the technical field of buses, and particularly relates to a method and a device for in-band resetting of PCIe equipment based on security authentication.
Background
PCIe (PCI Express) is a high-speed serial computer expansion bus standard. In a typical PCIe system, a host may access one or more PCIe devices in a topology over a PCIe bus. PCIe interfaces have a wide range of applications, such as storage, AI intelligence, etc. In order to ensure system synchronization, and controllability, the host typically controls device resets in the PCIe system, if necessary. For example, when the device is just accessed to the host, the host resets the device, so that the device can be ensured to be in a default state before starting working, then the system is started, and the host performs operations such as enumeration, configuration and the like on the device. In the working process, if the host finds that the equipment is abnormal, the host initiates reset to the equipment, so that the equipment returns to the initial state and resumes working.
Fig. 1 is a topology diagram of a conventional PCIe system. PCIe systems may include HOSTs (HOST), PCIe Switch devices, and EP devices (PCIe endpoint devices) that are underhung from PCIe Switch devices. Wherein the PCIe Switch device is a SoC chip in a PCIe topology, and may be used to extend the number of PCIe lanes. PCIe Switch devices typically include an upstream port UP, a BUS, a plurality of downstream ports DP, and an IMCPU system (Internal Manage CPU, in-band management CPU). Data communication between the HOST, PCIe Switch device and EP may be via PCIe links and other functions may be facilitated via other out-of-band signals, such as implementing a device reset function via a perst# signal.
In the device reset mode, in the current PCIe system, the host may reset the down-hanging device through various means, and the two modes are generally divided into an out-of-band reset mode and an in-band reset mode. The out-of-band reset mode is typically reset with a pin, such as the PerST# pin described above, that links from the host to the hanging device. As shown in FIG. 1, when the host needs to perform an out-of-band reset for the down PCIe Switch device, the down PCIe Switch device is reset by asserting the PERST# pin. At the same time, the PCIe Switch device asserts the perst# pin output to the EP device, and the EP device that is suspended from the PCIe Switch device is reset. The above out-of-band device reset mode has the following problems: the reset procedure must rely on the external hardware pin signal perst#. The device can only unconditionally reset when the external pin signal perst# pin is active. After the host computer issues the instruction for resetting the device, although the hung device is restored to the initial state, all the previous state data of the device are lost, and the reason for triggering the device to reset cannot be acquired.
For the in-band Reset mode, the host sends a Reset command to the PCIe device using the PCIe link, and a Hot Reset mechanism is provided in the PCIe system, where the host may continuously send a specific code stream, for example, a specific data code stream defined in the PCIe protocol specification, through the PCIe link. After the device port receives two consecutive specific data streams, the PCIe device may be reset. If the PCIe link between the HOST HOST and the UP port of the PCIe Switch device transmits the TS1 stream of the Hot Reset at the HOST HOST, the UP port of the PCIe Switch device enters the Hot Reset state after receiving the stream, resulting in the Reset of the entire PCIe Switch device. However, the conventional in-band device reset method has the following disadvantages: firstly, when a host issues an instruction of resetting equipment, security authentication on the host side is absent, and as long as two continuous specific code streams are sent, the resetting of the down-hanging equipment can be triggered, so that abnormal resetting of unsafe software on the host side cannot be avoided; second, after the in-band device reset is completed, the entire PCIe Switch device is reset, also including the IMCPU system. Further, similar to the out-of-band reset, when the PCIe device internal state is restored to the initial state, the PCIe device previous state data has been lost entirely, and the cause triggering the device reset cannot be acquired.
Disclosure of Invention
The invention aims to provide a method and a device for in-band resetting of PCIe equipment based on security authentication, which aim to solve the problem that in-band resetting of PCIe equipment cannot realize security authentication and save reset state data.
According to a first aspect of the present invention, there is provided a method for in-band reset of a PCIe device based on security authentication, including:
receiving authentication request information sent by a host into a secure authentication address of an in-band management unit of PCIe equipment;
if the authentication request information is matched with a predefined authentication sequence, receiving an in-band reset command of PCIe equipment issued by the host;
determining a module to be reset of the PCIe device by analyzing an in-band reset command of the PCIe device, recording a reset state of the module to be reset, and executing reset on the module to be reset.
Preferably, if the authentication request information does not match a predefined authentication sequence, receiving the PCIe device in-band reset command is prohibited.
Preferably, the determining the module to be reset of the PCIe device by parsing the PCIe device in-band reset command further includes:
analyzing the in-band reset command of the PCIe device, and determining whether a reset range only comprises a control path of the PCIe device, only comprises a data path of the PCIe device or comprises the whole PCIe device, wherein the control path is an information interaction path between a software system and a host in the PCIe device, and the data path is a data forwarding path of a PCIe protocol and is responsible for forwarding a PCIe protocol message.
Preferably, the recording the reset state of the module to be reset further includes:
storing the reset state of the module to be reset in a reset state register in the PCIe device so that the host can inquire the reset state through a control channel of the PCIe device after the reset is completed.
Preferably, the reset state includes a state of whether reset is completed, a state of a reset reason, and a history of the number of resets.
According to a second aspect of the present invention, there is provided an apparatus for in-band reset of PCIe devices based on security authentication, including:
the authentication request receiving unit is used for receiving authentication request information sent by the host to the security authentication address of the in-band management unit of the PCIe device;
the reset authentication unit is used for receiving an in-band reset command of the PCIe device issued by the host under the condition that the authentication request information is matched with a predefined authentication sequence;
the reset command analysis unit is used for determining a module to be reset of the PCIe device by analyzing the in-band reset command of the PCIe device, recording the reset state of the module to be reset, and executing reset on the module to be reset.
Preferably, the reset authentication unit is further configured to:
and if the authentication request information is not matched with the predefined authentication sequence, prohibiting receiving the in-band reset command of the PCIe device.
Preferably, the reset command parsing unit is further configured to:
analyzing the in-band reset command of the PCIe device, and determining whether a reset range only comprises a control path of the PCIe device, only comprises a data path of the PCIe device or comprises the whole PCIe device, wherein the control path is an information interaction path between a software system and a host in the PCIe device, and the data path is a data forwarding path of a PCIe protocol and is responsible for forwarding a PCIe protocol message.
Preferably, the reset command parsing unit is further configured to:
storing the reset state of the module to be reset in a reset state register in the PCIe device so that the host can inquire the reset state through a control channel of the PCIe device after the reset is completed.
Preferably, the reset state includes a state of whether reset is completed, a state of a reset reason, and a history of the number of resets.
Compared with the prior art, the technical scheme of the invention adopts an in-band reset mode, and the reset of PCIe equipment is independent of external pins, so that the configurable reset range is realized, for example, a reset control path or a data path is selected. Without resetting the data path, normal operation of the data path can be uninterrupted before and after the reset. The security authentication is carried out before the issuing of the reset command, and only the reset command after the passing of the security authentication is responded, so that the abnormal reset of unsafe software is avoided. In addition, the PCIe device chip may record reset information before resetting, so that the host driver may query after resetting is completed, and locate a reset reason, a reset result, a reset number of times, and the like.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure and process particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a typical out-of-band reset topology of a PCIe system according to the prior art.
FIG. 2 is a schematic diagram of an in-band secure reset topology of a PCIe system in accordance with the present invention.
FIG. 3 is a general flow chart of a method of secure authentication-based PCIe device in-band reset in accordance with the present invention.
Fig. 4 is a schematic diagram of an IMU in-band secure reset function module according to the invention.
FIG. 5 is a detailed flow diagram of a PCIe device in-band secure reset in accordance with the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which are derived by a person skilled in the art from the embodiments according to the invention without creative efforts, fall within the protection scope of the invention.
In PCIe systems, the host side runs drivers, while the PCIe Switch device side also runs software systems. In the working process, information interaction is needed between the equipment side software system and the host side driver, and when the host discovers that the equipment side software system does not respond for a long time, the reason may be that the equipment side software system is abnormal and downtime occurs. At this time, the host may choose to reset the device-side software, but the entire data path is still operating normally. The host issues a reset command to the device specifying that only the control path is reset, but not the data path, so that the data path can be maintained in normal operation. The control path may be an information interaction path between a software system in the PCIe Switch device and a host side, and the data path may be a data forwarding path of a PCIe protocol, which is responsible for forwarding a PCIe protocol packet.
Based on the analysis, the invention provides a PCIe device in-band resetting method based on security authentication. In PCIe systems, PCIe Switch device internal structures are logically divided into the control and data paths described above. For example, referring to fig. 2, the UP port UP and the BUS, and the down port DP form a data path of the PCIe Switch device, and perform an expansion function of the PCIe Switch device. While the control path is an information interaction path between the software System and the host in the PCIe Switch device, for example, the software System IMCPU System in fig. 2, the PCIe Switch device initialization configuration and the processing of in-band management may be performed. The IMCPU software system performs management information interaction with the host through IMU (Internal Manage Unit), VDP (Virtual DP), BUS, UP port UP.
The PCIe Switch device resets and restarts the entire IMCPU software system and IMU (without resetting the BUS, UP port UP) in response to a reset command from the host to the control path. During the reset process, the PCIe Switch device provides a reset status register for the host to query. Because the register is not reset during in-band reset, i.e. the state remains unchanged after the state is updated, the state of the reset state register can remain after in-band reset, including whether the reset is completed, the reset reason, or the history of the reset times. After the control path of the PCIe Switch device is reset and restarted, the software system at the PCIe Switch device side is reloaded, the host may reestablish communication with the driver at the PCIe Switch device side, and the host may also query the reset state through the IMU control path.
In the system working process, if the service side is abnormal, the host can initiate resetting the data path of the PCIe Switch device. The PCIe Switch device resets and restarts the entire data path in response to a reset command from the host to the data path. The host may designate not only the data path or control path that resets only the PCIe Switch device, but also the entire device including the reset control path and the data path. After the device reset is completed and the link establishment with the host is completed again, the host can query the reset state of the PCIe device and acquire the previous reset reasons, the historical reset times and other states. In addition, before the host issues the reset command, a security authentication mechanism is provided, and the PCIe Switch device can authenticate whether the reset operation of the host is a legal operation or not, and the PCIe Switch device only responds to the legal reset operation.
Based on the in-band secure reset topology of fig. 2, referring to the flowchart of fig. 3, the present invention provides in a first aspect a method for in-band resetting of PCIe devices based on secure authentication, comprising:
step 101: and receiving authentication request information sent by the host into a secure authentication address of an in-band management unit of the PCIe device.
Before the host issues the reset command, the invention enables the PCIe Switch device to authenticate whether the reset operation of the host is legal or not through the security authentication mechanism, and the PCIe Switch device only responds to the legal reset operation. The host first needs to send a specific sequence of data, also called authentication request information, to a specific address of an address space of an in-band management unit IMU of the PCIe Switch device for host-side identity authentication before reset. Through the security authentication operation, the reset command received by the PCIe Switch device is ensured to be safe and effective, and illegal reset is prevented from being carried out by issuing the reset command by an illegal host program.
In the control path, the IMU is a PCIe VEP (Virtual EP) device, and the host may access the address space of the IMU through the PCIe data path. Through the address space of the IMU, the host may access the on-chip memory space of the PCIe Switch device. Because the on-chip memory space of the PCIe Switch device can be accessed by the on-chip software of the PCIe Switch device, the information interaction between the host and the on-chip software of the PCIe Switch device can be realized through the data transmission mode.
Step 102: and if the authentication request information is matched with a predefined authentication sequence, receiving an in-band reset command of the PCIe device issued by the host.
The IMCPU system of the PCIe Switch device stores a security authentication sequence in advance for verifying that the reset operation of the host is legal operation, if the current authentication request information accords with the authentication sequence, the authentication is determined to be successful, namely the reset request is legal, and the PCIe Switch device only responds to the legal reset operation and is ready for executing reset. If the security authentication is not passed, the IMCPU system ignores the reset request, and prohibits receiving the in-band reset command of the PCIe device, so that the reset is not executed.
Fig. 4 is a schematic diagram of a secure reset function module of an IMU. The security authentication flow module is used for performing security authentication sequence detection on command data issued by the host, firstly determining that the address of a write command issued by the host is a security authentication address, and then writing data of the same address is writing data of a predefined specific authentication sequence, wherein writing data flow conforming to the specific sequence indicates that security authentication is successful. The specific authentication sequence is provided by a secure authentication sequence module, which may be preconfigured by on-chip software, for example.
Optionally, in step 102, a timeout mechanism may be further provided for the secure authentication procedure. Referring to fig. 4, the timeout timer module is configured to timeout the security authentication, and if a preset configuration time is exceeded between security authentication sequences, the security authentication process is returned to an initial state, and the security authentication is restarted.
Step 103: determining a module to be reset of the PCIe device by analyzing the in-band reset command of the PCIe device, recording the reset state of the module to be reset, and executing reset on the module to be reset.
Only after the security authentication is passed, the reset command issued by the host can be received by the IMU of the PCIe device. The reset command analysis module is responsible for receiving and analyzing the reset command issued by the host, namely the host writes 4-byte data into the reset address of the IMU. Only on the basis of safety authentication, the IMU can execute receiving and analyzing, and then outputs a reset command to the chip reset module, so that the reset of the target modules such as a data path, a control path and the like is realized.
As described above, the PCIe Switch device provides a reset status register for the host to query, and may also write the reset status of the module to be reset into the reset status register before the reset is performed. The reset state register includes a state of whether the reset is completed, a state including a reset reason, a state including a history of the number of resets, and the like, which may remain after the reset. The host can acquire the state information of the PCIe Switch device through the control path, and can query the previous state after resetting by prerecording the reset state, thereby acquiring the information of the reset reason, the reset result, the reset times and the like.
The host may issue write data to the IMU via the control data path, and in an address space of the IMU, the storage unit is composed of an address space in units of 4-byte addresses, and different 4-byte address spaces have different meanings, in a preferred embodiment of the present invention, a first 4-byte address space represents a security authentication address, and a second 4-byte address space represents a reset address. The host may issue a reset command to the PCIe Switch device via the reset address, the reset command may be selected from a plurality of types for specifying a module to be reset, such as resetting only the IMCPU system, resetting only the data path, or resetting the entire PCIe Switch device.
Corresponding to the in-band safety reset function module of fig. 4, the in-band safety reset flow of the present invention is shown in fig. 5, and the meanings of the flows are as follows:
and at the initial state stage of the IMU, waiting for receiving the security authentication sequence at any time. When the IMU receives the host character, it means that the IMU receives the write data of the host to the security authentication address. It is determined whether the received character is the correct character of the security authentication sequence. If the current character is the correct character, judging whether the character number of the security authentication sequence is received completely. If the current character is not the correct character, the initial state is returned. While receiving the current character, starting a timer, if the time threshold of the timer is exceeded and the next character is not received, returning the security authentication flow to the initial state, and if the time is not overtime, continuing to wait for the next character. When all the received write data of the security authentication addresses are completed, judging whether the received write data of the security authentication addresses accords with the sequence of a pre-configured security authentication sequence, if so, indicating that the security authentication is passed, informing the IMU to wait for a reset command issued by a host side, namely waiting for the write data of the reset address by the host, and resetting an internal data path, a control path or both of the chip according to the reset range of the write data when the IMU subsequently receives the write data of the reset address.
The secure authentication-based PCIe device in-band reset procedure of the present invention is described below in connection with one specific example. Assuming that the security authentication sequence is ABCD, A, B, C, D each character may represent one 4 bytes of data; the reset command is exemplified by F, G, H, F, G, H each character representing a reset type. For example, the F data is a reset-only control path, the G data is a reset-only data path, and the H data is a simultaneous reset control path and data path. The following is an example of a flow for successful completion of the secure authentication with in-band reset:
1. starting a safety authentication flow, wherein the IMU is in an initial state, and waiting for receiving a safety authentication sequence at any time;
2. the IMU receives write data of the host computer to the security authentication address;
3. judging whether the first character is A, if so, the first character of the security authentication sequence is A, and the security authentication process continues to the next step (if not, the security authentication process returns to the initial state).
4. Judging whether the authentication is completed or not, and if the unreceived subsequent characters exist, not finishing the current authentication.
5. Starting a timer, judging whether the next character is received overtime, and if the next character is not received yet beyond a pre-configured time threshold, returning the security authentication flow to an initial state;
6. if the preset time threshold value is not exceeded, continuing to wait for the next character;
7. judging whether the second character is B, if so, the second character conforming to the security authentication sequence is continued to step 8 (if not, the security authentication flow returns to the initial state);
8. repeating the steps 2-6 until all the characters are received; and judging whether the third character and the fourth character are C and D respectively, if so, conforming to the security authentication sequence (if not, returning the security authentication flow to the initial state).
9. If all the characters of the security authentication sequence are received currently, the authentication is completed, whether the security authentication is passed or not is continuously judged, and the received character sequence ABCD accords with the security authentication sequence, so that the authentication is passed.
11. The IMU waits for the host side to write data to the reset address;
12. when write data for the reset address is received, resetting the data path, the control path and the like in the chip according to the reset range corresponding to the write data. For example, if the write data to the reset address is F, the PCIe device is controlled to reset only the control path, if the write data to the reset address is G, the PCIe device is controlled to reset only the data path, and so on.
13. The security authentication flow ends.
Therefore, the method for in-band resetting of the PCIe device based on the security authentication provided by the invention does not depend on external pins for resetting the PCIe device, but adopts an in-band resetting mode, and provides a resetting method with a configurable resetting range, which is not limited to resetting of a single part in a chip, such as a resetting control path or a data path, or resetting of both or the whole chip. For example, without resetting the data path, the data path can be left without interrupting its normal data transfer operation before and after the reset. For both the security authentication sequence and the reset command, a special in-band authentication address space is provided, so that the values of the security authentication sequence and the reset command can be flexibly configured according to the needs. Particularly, before the reset command is issued, the method needs to execute the safety authentication, and the reset command can be issued successfully only after the safety authentication is passed, so that abnormal reset of unsafe software of a host side is avoided. In addition, the PCIe device chip may record the reset information before resetting, and after resetting is completed, the reset information may be continuously retained, so that the host driver may query, and locate a reset reason, a reset result, a reset number of times, and the like.
It should be noted that, although the in-band reset method of the present invention is described herein by taking a PCIe Switch device as an example, the method of the present invention is not limited to the PCIe Switch device, but is applicable to various types of PCIe devices including PCIe EP devices and the like. On the basis of the invention, the on-chip software system and the host driver can be updated as required, and the safety authentication sequence, the authentication sequence character value and the reset value are redefined, so that the reset safety is further enhanced.
Accordingly, the present invention provides in a second aspect an apparatus for in-band reset of PCIe devices based on secure authentication, comprising:
the authentication request receiving unit is used for receiving authentication request information sent by the host to the security authentication address of the in-band management unit of the PCIe device;
the reset authentication unit is used for receiving an in-band reset command of the PCIe device issued by the host under the condition that the authentication request information is matched with a predefined authentication sequence;
the reset command analysis unit is used for determining a module to be reset of the PCIe device by analyzing the in-band reset command of the PCIe device, recording the reset state of the module to be reset, and executing reset on the module to be reset.
It will be appreciated that the character values, character sizes, authentication sequences, etc. parameters, PCIe device internal topology, and in-band reset procedures described in the above embodiments are merely examples. Those skilled in the art may also readily devise combinations and adaptations of the structural features of the above embodiments or adaptation of the parameters or sequence of individual steps of the above described method flows according to the needs of use without limiting the inventive concept to the specific structures and steps illustrated above.
While the invention has been described in detail with reference to the foregoing embodiments, it will be appreciated by those skilled in the art that variations may be made in the techniques described in the foregoing embodiments, or equivalents may be substituted for elements thereof; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (6)
1. A method for in-band reset of PCIe devices based on security authentication, comprising:
receiving authentication request information sent by a host into a secure authentication address of an in-band management unit of PCIe equipment;
if the authentication request information is matched with a predefined authentication sequence, receiving an in-band reset command of PCIe equipment issued by the host;
determining a module to be reset of the PCIe device by analyzing the in-band reset command of the PCIe device, recording the reset state of the module to be reset, and executing reset on the module to be reset;
the determining the module to be reset of the PCIe device by analyzing the PCIe device in-band reset command further includes:
analyzing the in-band reset command of the PCIe device, and determining whether a reset range only comprises a control path of the PCIe device, only comprises a data path of the PCIe device or comprises the whole PCIe device, wherein the control path is an information interaction path between a software system in the PCIe device and a host, and the software system carries out management information interaction with the host through an in-band management unit, a virtual downlink port, a bus and an uplink port; the data path is a data forwarding path of a PCIe protocol and is responsible for forwarding PCIe protocol messages;
the recording the reset state of the module to be reset further includes:
storing the reset state of the module to be reset in a reset state register in the PCIe device so that the host can inquire the reset state through a control channel of the PCIe device after the reset is completed;
wherein the reset status register is not reset during an in-band reset.
2. The secure authentication-based PCIe device in-band reset method of claim 1, further comprising:
and if the authentication request information is not matched with the predefined authentication sequence, prohibiting receiving the in-band reset command of the PCIe device.
3. The secure authentication-based PCIe device in-band reset method of claim 1, wherein the reset state comprises a state of whether reset is complete, a state of a reset reason, and a historical number of resets.
4. An apparatus for in-band reset of PCIe devices based on security authentication, comprising:
the authentication request receiving unit is used for receiving authentication request information sent by the host to the security authentication address of the in-band management unit of the PCIe device;
the reset authentication unit is used for receiving an in-band reset command of the PCIe device issued by the host under the condition that the authentication request information is matched with a predefined authentication sequence;
the reset command analysis unit is used for determining a module to be reset of the PCIe device by analyzing the in-band reset command of the PCIe device, recording the reset state of the module to be reset and executing reset on the module to be reset;
the reset command parsing unit is further configured to:
analyzing the in-band reset command of the PCIe device, and determining whether a reset range only comprises a control path of the PCIe device, only comprises a data path of the PCIe device or comprises the whole PCIe device, wherein the control path is an information interaction path between a software system in the PCIe device and a host, and the software system carries out management information interaction with the host through an in-band management unit, a virtual downlink port, a bus and an uplink port; the data path is a data forwarding path of a PCIe protocol and is responsible for forwarding PCIe protocol messages;
the reset command parsing unit is further configured to:
storing the reset state of the module to be reset in a reset state register in the PCIe device so that the host can inquire the reset state through a control channel of the PCIe device after the reset is completed;
wherein the reset status register is not reset during an in-band reset.
5. The apparatus of secure authentication-based PCIe device in-band reset of claim 4, wherein the reset authentication unit is further configured to:
and if the authentication request information is not matched with the predefined authentication sequence, prohibiting receiving the in-band reset command of the PCIe device.
6. The apparatus of claim 4, wherein the reset status comprises a status of whether the reset is complete, a status of a reset reason, and a historical number of resets.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310200242.4A CN116301266B (en) | 2023-03-03 | 2023-03-03 | PCIe (peripheral component interconnect express) equipment in-band resetting method and device based on security authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310200242.4A CN116301266B (en) | 2023-03-03 | 2023-03-03 | PCIe (peripheral component interconnect express) equipment in-band resetting method and device based on security authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116301266A CN116301266A (en) | 2023-06-23 |
| CN116301266B true CN116301266B (en) | 2023-11-17 |
Family
ID=86837302
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310200242.4A Active CN116301266B (en) | 2023-03-03 | 2023-03-03 | PCIe (peripheral component interconnect express) equipment in-band resetting method and device based on security authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116301266B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1665154A (en) * | 2004-03-04 | 2005-09-07 | 中兴通讯股份有限公司 | An embedded system in-band reset method and apparatus thereof |
| CN101165696A (en) * | 2006-10-16 | 2008-04-23 | 中国长城计算机深圳股份有限公司 | Safety identification method based on safe computer |
| CN113114595A (en) * | 2021-04-08 | 2021-07-13 | 山东华芯半导体有限公司 | Dual-port PCIe SSD link fault tolerance device and method |
| CN114328024A (en) * | 2021-12-31 | 2022-04-12 | 深圳忆联信息***有限公司 | PCIe function level reset implementation method and device, computer equipment and storage medium |
| CN114448780A (en) * | 2022-01-27 | 2022-05-06 | 西安微电子技术研究所 | Ethernet controller exception handling system and method based on pcie interface |
| CN115328830A (en) * | 2022-10-17 | 2022-11-11 | 南京芯驰半导体科技有限公司 | PCIe host-to-device interrupt sending method and system |
| CN115550291A (en) * | 2022-11-30 | 2022-12-30 | 苏州浪潮智能科技有限公司 | Reset system and method for switch, storage medium, and electronic device |
| CN115687228A (en) * | 2023-01-03 | 2023-02-03 | 中国科学院国家空间科学中心 | Satellite-borne solid-state storage system and method based on PCIe bus |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11157439B2 (en) * | 2019-07-25 | 2021-10-26 | Western Digital Technologies, Inc. | Method for delaying fundamental reset in power loss protection (PLP) enabled devices |
-
2023
- 2023-03-03 CN CN202310200242.4A patent/CN116301266B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1665154A (en) * | 2004-03-04 | 2005-09-07 | 中兴通讯股份有限公司 | An embedded system in-band reset method and apparatus thereof |
| CN101165696A (en) * | 2006-10-16 | 2008-04-23 | 中国长城计算机深圳股份有限公司 | Safety identification method based on safe computer |
| CN113114595A (en) * | 2021-04-08 | 2021-07-13 | 山东华芯半导体有限公司 | Dual-port PCIe SSD link fault tolerance device and method |
| CN114328024A (en) * | 2021-12-31 | 2022-04-12 | 深圳忆联信息***有限公司 | PCIe function level reset implementation method and device, computer equipment and storage medium |
| CN114448780A (en) * | 2022-01-27 | 2022-05-06 | 西安微电子技术研究所 | Ethernet controller exception handling system and method based on pcie interface |
| CN115328830A (en) * | 2022-10-17 | 2022-11-11 | 南京芯驰半导体科技有限公司 | PCIe host-to-device interrupt sending method and system |
| CN115550291A (en) * | 2022-11-30 | 2022-12-30 | 苏州浪潮智能科技有限公司 | Reset system and method for switch, storage medium, and electronic device |
| CN115687228A (en) * | 2023-01-03 | 2023-02-03 | 中国科学院国家空间科学中心 | Satellite-borne solid-state storage system and method based on PCIe bus |
Non-Patent Citations (1)
| Title |
|---|
| 一种PCI总线Master模块接口设计;史森茂;邵翠萍;龚龙庆;;计算机技术与发展(第07期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116301266A (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6775830B1 (en) | Computer system and a program install method thereof | |
| US9430266B2 (en) | Activating a subphysical driver on failure of hypervisor for operating an I/O device shared by hypervisor and guest OS and virtual computer system | |
| US20020023151A1 (en) | Multi-path computer system | |
| US20170054593A1 (en) | Transformation of peripheral component interconnect express compliant virtual devices in a network environment | |
| CN103069771A (en) | A method, apparatus, and system for manageability and secure routing and endpoint access | |
| US11799697B2 (en) | Fast equalization method, chip, and communications system | |
| CN113190487B (en) | PCIe (peripheral component interconnect express) equipment hot-drawing method and device | |
| US20070198761A1 (en) | Connection management mechanism | |
| JP2000172639A (en) | Remote operation method and data processing system | |
| CN107948063B (en) | Method for establishing aggregation link and access equipment | |
| CN110880998B (en) | Message transmission method and device based on programmable device | |
| CN114116378A (en) | Method, system, terminal and storage medium for acquiring PCIe device temperature | |
| CN115904520A (en) | Configuration storage method based on PCIE topological state change and related equipment | |
| CN110941580A (en) | Method for reading information and serial small computer system interface SAS expander | |
| US9608884B2 (en) | System and method for remote management of a computer | |
| US20230025979A1 (en) | Systems and methods for peripheral device security | |
| KR19990072916A (en) | Data communication system, data communication method and data communication apparatus | |
| CN116301266B (en) | PCIe (peripheral component interconnect express) equipment in-band resetting method and device based on security authentication | |
| US7457887B1 (en) | Method and system for processing asynchronous event notifications | |
| EP1829335B1 (en) | Network interface with remote control functionality | |
| JP2003152806A (en) | Switch connection control system for communication path | |
| US10795848B2 (en) | Dual way communication method, system, and master device thereof | |
| US10127053B2 (en) | Hardware device safe mode | |
| JP3465637B2 (en) | Server and control method thereof | |
| US6643717B1 (en) | Flow control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |