TW202113616A - Method of booting server - Google Patents

Method of booting server Download PDF

Info

Publication number
TW202113616A
TW202113616A TW108134363A TW108134363A TW202113616A TW 202113616 A TW202113616 A TW 202113616A TW 108134363 A TW108134363 A TW 108134363A TW 108134363 A TW108134363 A TW 108134363A TW 202113616 A TW202113616 A TW 202113616A
Authority
TW
Taiwan
Prior art keywords
management controller
baseboard management
signal
programmable logic
logic device
Prior art date
Application number
TW108134363A
Other languages
Chinese (zh)
Other versions
TWI740214B (en
Inventor
孫佩傑
陳允迪
侯智仁
黃添壽
陳佳佑
王紹宇
Original Assignee
技嘉科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 技嘉科技股份有限公司 filed Critical 技嘉科技股份有限公司
Priority to TW108134363A priority Critical patent/TWI740214B/en
Publication of TW202113616A publication Critical patent/TW202113616A/en
Application granted granted Critical
Publication of TWI740214B publication Critical patent/TWI740214B/en

Links

Images

Landscapes

  • Programmable Controllers (AREA)

Abstract

A method of booting server is adapted to a server including a complex programmable logic device (CPLD) and a baseboard management controller (BMC). The method comprises receiving a first enable signal by the CPLD, outputting a second enable signal according to the first enable signal to the BMC by the CPLD, outputting a checking signal according to the second enable signal by the BMC, outputting a response signal corresponding to the checking signal to the BMC when CPLD determines that the CPLD has received the checking signal within a first predetermined period and determines that the checking signal is legal, and controlling the operating system of the server to boot when the BMC determines that the BMC receives the response signal within a second predetermined period and determines that the response signal is legal.

Description

伺服器啟動方法Server startup method

本發明係關於一種伺服器啟動方法,特別係關於一種基於複雜可程式邏輯裝置及基板管理控制器的伺服器啟動方法。The present invention relates to a server startup method, in particular to a server startup method based on a complex programmable logic device and a baseboard management controller.

近年來,由於雲端服務(Cloud Server)及資料中心的興起(Data Center),讓許多中小企業選擇以租借的方式租用資料中心的伺服器,以節省建置硬體的成本。其中,複雜可程式化邏輯裝置(Complex Programmable Logic Device,CPLD)常用於控制伺服器的電源,而基板管理控制器(Baseboard Management Controller,BMC)則是控制伺服器的整體運作,以確保伺服器提供正常的服務。In recent years, due to the rise of cloud services (Cloud Server) and data centers (Data Center), many small and medium-sized enterprises have chosen to rent data center servers in the form of lease to save the cost of building hardware. Among them, the complex programmable logic device (Complex Programmable Logic Device, CPLD) is often used to control the power of the server, and the baseboard management controller (Baseboard Management Controller, BMC) is to control the overall operation of the server to ensure that the server provides Normal service.

然一般供應商只會在租用到期時更新作業系統,若供應商未對CPLD或BMC韌體的合法性進行檢測,則當有心人士在該伺服器植入惡意病毒時,則下一個租借的使用者便會在不知情的情況下將自己的資料暴露在危險之中。因此,如何避免伺服器被植入惡意程式,並且保護儲存於伺服器上的資料及數據以及避免被惡意竄改或是竊取,已是現今重要的課題。However, the general supplier will only update the operating system when the lease expires. If the supplier does not check the legitimacy of the CPLD or BMC firmware, when someone who wants to plant a malicious virus on the server, the next lease will be Users will expose their data to danger without their knowledge. Therefore, how to prevent the server from being implanted with malicious programs, protect the data and data stored on the server, and avoid malicious tampering or theft, has become an important issue today.

鑒於上述,本發明提供一種以滿足上述需求的伺服器啟動方法。In view of the above, the present invention provides a server startup method that meets the above requirements.

依據本發明一實施例的一種伺服器啟動方法,適用於包含一複雜可程式邏輯裝置以及一基板管理控制器的一伺服器,包含:以該複雜可程式邏輯裝置接收一第一啟動訊號;以該複雜可程式邏輯裝置依據該第一啟動訊號輸出一第二啟動訊號到該基板管理控制器;以該基板管理控制器依據該第二啟動訊號輸出一檢核訊號;以該複雜可程式邏輯裝置判斷是否於一第一預定時段內接收到該檢核訊號;當判斷該複雜可程式邏輯裝置於該第一預定時段內接收到該檢核訊號,判斷該檢核訊號是否合法;當以該複雜可程式邏輯裝置判斷該檢核訊號合法,輸出對應該檢核訊號的一回應訊號到該基板管理控制器;以該基板管理控制器判斷是否於一第二預定時段內接收到該回應訊號;當以該基板管理控制器判斷於該第二預定時段內接收到該回應訊號,判斷該回應訊號是否合法;以及當以該基板管理控制器判斷該回應訊號合法,以該基板管理控制器控制該伺服器的一作業系統的啟動。A server activation method according to an embodiment of the present invention is suitable for a server including a complex programmable logic device and a baseboard management controller, including: receiving a first activation signal with the complex programmable logic device; and The complex programmable logic device outputs a second activation signal to the baseboard management controller according to the first activation signal; uses the baseboard management controller to output a check signal based on the second activation signal; uses the complex programmable logic device Determine whether the verification signal is received within a first predetermined period of time; when it is determined that the complex programmable logic device receives the verification signal within the first predetermined period of time, determine whether the verification signal is legal; The programmable logic device determines that the check signal is legal, and outputs a response signal corresponding to the check signal to the baseboard management controller; when the baseboard management controller determines whether the response signal is received within a second predetermined time period; When the baseboard management controller determines that the response signal is received within the second predetermined time period, it is determined whether the response signal is legal; and when the baseboard management controller determines that the response signal is legal, the baseboard management controller controls the servo Start of an operating system of the device.

藉由上述實施內容,本發明透過以複雜可程式邏輯裝置及基板管理控制器相互驗證,可以避免伺服器韌體被竄改,並且保護儲存於伺服器上的資料及數據。With the above implementation content, the present invention can prevent server firmware from being tampered with by mutually verifying the complex programmable logic device and the baseboard management controller, and protect the data and data stored on the server.

以上之關於本揭露內容之說明及以下之實施方式之說明係用以示範與解釋本發明之精神與原理,並且提供本發明之專利申請範圍更進一步之解釋。The above description of the disclosure and the following description of the implementation manners are used to demonstrate and explain the spirit and principle of the present invention, and to provide a further explanation of the patent application scope of the present invention.

以下在實施方式中詳細敘述本發明之詳細特徵以及優點,其內容足以使任何熟習相關技藝者了解本發明之技術內容並據以實施,且根據本說明書所揭露之內容、申請專利範圍及圖式,任何熟習相關技藝者可輕易地理解本發明相關之目的及優點。以下之實施例係進一步詳細說明本發明之觀點,但非以任何觀點限制本發明之範疇。The detailed features and advantages of the present invention will be described in detail in the following embodiments. The content is sufficient to enable anyone familiar with the relevant art to understand the technical content of the present invention and implement it accordingly, and according to the content disclosed in this specification, the scope of patent application and the drawings. Anyone who is familiar with relevant skills can easily understand the purpose and advantages of the present invention. The following examples further illustrate the viewpoints of the present invention in detail, but do not limit the scope of the present invention by any viewpoint.

請參考圖1,圖1係依據本發明一實施例所繪示的伺服器啟動方法的流程圖。其中,本發明揭露的伺服器啟動方法適用於包含一複雜可程式邏輯裝置(Complex Programmable Logic Device,CPLD)以及一基板管理控制器(Baseboard Management Controller,BMC)的一伺服器。Please refer to FIG. 1. FIG. 1 is a flowchart of a server activation method according to an embodiment of the present invention. Among them, the server startup method disclosed in the present invention is applicable to a server including a complex programmable logic device (CPLD) and a baseboard management controller (BMC).

當伺服器的複雜可程式邏輯裝置接收第一啟動訊號後(步驟S01),便執行步驟S02:以複雜可程式邏輯裝置依據第一啟動訊號輸出第二啟動訊號到基板管理控制器。詳細來說,複雜可程式邏輯裝置被啟動(Boot)後(舉例來說,當伺服器的電源按鍵被觸發時,伺服器的複雜可程式邏輯裝置會接收到第一啟動訊號而被啟動),複雜可程式邏輯裝置接著輸出第二啟動訊號到基板管理控制器以使基板管理控制器啟動。當基板管理控制器接收到第二啟動訊號後,執行步驟S03:以基板管理控制器依據第二啟動訊號輸出檢核訊號。進一步來說,基板管理控制器受第二啟動訊號所啟動時,會產生檢核訊號,並輸出檢核訊號到複雜可程式邏輯裝置。其中,檢核訊號可以是欲向複雜可程式邏輯裝置要求一或多個特定參數的訊號。所述特定參數例如為複雜可程式邏輯裝置或基板管理控制器的更新日期、基板管理控制器的韌體版本號、伺服器或整台電腦主機的序列號碼等,或者為前述韌體更新日期、版本號及/或序列號碼經過加密後的代碼,本發明不以此為限。After the complex programmable logic device of the server receives the first activation signal (step S01), step S02 is executed: the complex programmable logic device outputs the second activation signal to the baseboard management controller according to the first activation signal. In detail, after the complex programmable logic device is activated (Boot) (for example, when the power button of the server is triggered, the complex programmable logic device of the server will receive the first activation signal and be activated), The complex programmable logic device then outputs a second activation signal to the baseboard management controller to activate the baseboard management controller. After the baseboard management controller receives the second activation signal, step S03 is executed: the baseboard management controller outputs a check signal according to the second activation signal. Furthermore, when the baseboard management controller is activated by the second activation signal, it will generate a check signal and output the check signal to the complex programmable logic device. Wherein, the check signal can be a signal that requires one or more specific parameters from the complex programmable logic device. The specific parameter is, for example, the update date of the complex programmable logic device or the baseboard management controller, the firmware version number of the baseboard management controller, the serial number of the server or the entire computer host, etc., or the aforementioned firmware update date, The version number and/or serial number are encrypted codes, and the present invention is not limited to this.

請繼續參考圖1,於步驟S04中,複雜可程式邏輯裝置判斷是否於第一預定時段內接收到檢核訊號。一般而言,第一預定時段的時間長度可以依據實際需求決定,且此第一預定時段可以從複雜可程式邏輯裝置輸出第二啟動訊號後開始起算,當複雜可程式邏輯裝置未於第一預定時段內接收到檢核訊號,則會執行步驟S05來產生並輸出錯誤記錄,然而第一預定時段的起算時間點亦可以依實際所需調整,本發明不以此為限。詳細而言,當複雜可程式邏輯裝置未於第一預定時段內接收到檢核訊號,表示基板管理控制器可能運作超時 (Timeout),故產生並輸出錯誤記錄。錯誤記錄可以包含發生錯誤之裝置(於上述狀況中即為基板管理控制器)以及錯誤事件(於上述狀況中即為運作超時事件),複雜可程式邏輯裝置可以將錯誤記錄儲存於系統日誌中,或是透過網路輸出至雲端資料庫或其他系統,本發明不以此為限。另外,由於複雜可程式邏輯裝置為伺服器上控制電源序列的主要元件,因此於另一實施例中,當複雜可程式邏輯裝置未於第一預定時段內接收到檢核訊號時,可以直接控制電源序列關閉而讓伺服器無法啟動。Please continue to refer to FIG. 1, in step S04, the complex programmable logic device determines whether the check signal is received within the first predetermined time period. Generally speaking, the length of the first predetermined period of time can be determined according to actual needs, and the first predetermined period of time can be calculated from the time the complex programmable logic device outputs the second activation signal. When the complex programmable logic device is not in the first predetermined period If the check signal is received within the time period, step S05 is executed to generate and output the error record. However, the starting time point of the first predetermined time period can also be adjusted according to actual needs, and the present invention is not limited to this. In detail, when the complex programmable logic device does not receive the check signal within the first predetermined period of time, it means that the BMC may be operating overtime (Timeout), and therefore, an error record is generated and output. The error log can include the device where the error occurred (in the above situation, it is the baseboard management controller) and the error event (in the above situation, it is the operation timeout event), the complex programmable logic device can store the error log in the system log , Or output to a cloud database or other system through the network, the present invention is not limited to this. In addition, since the complex programmable logic device is the main component for controlling the power supply sequence on the server, in another embodiment, when the complex programmable logic device does not receive the verification signal within the first predetermined period of time, it can be directly controlled The power sequence is turned off and the server cannot be started.

當複雜可程式邏輯裝置判斷於第一預定時段內接收到檢核訊號,會接續執行步驟S06以判斷檢核訊號是否合法。進一步來說,複雜可程式邏輯裝置會判斷檢核訊號是否符合預存於複雜可程式邏輯裝置的預設要求。更進一步來說,在確認複雜可程式邏輯裝置與基板管理控制器未被竄改或被植入惡意程式時(例如伺服器甫安裝時),複雜可程式邏輯裝置與基板管理控制器彼此可以協定好一檢核流程。舉例來說,所述檢核流程為基板管理控制器會向複雜可程式邏輯裝置要求電腦版本參數,則檢核訊號及預設要求即為「要求電腦版本參數」。上述參數僅為舉例,本發明不以此為限。When the complex programmable logic device determines that the verification signal is received within the first predetermined time period, it will continue to execute step S06 to determine whether the verification signal is legal. Furthermore, the complex programmable logic device will determine whether the check signal meets the preset requirements pre-stored in the complex programmable logic device. Furthermore, when it is confirmed that the complex programmable logic device and the baseboard management controller have not been tampered with or implanted with malicious programs (for example, when the server is just installed), the complex programmable logic device and the baseboard management controller can be negotiated with each other A review process. For example, in the verification process, the baseboard management controller will request the computer version parameters from the complex programmable logic device, and the verification signal and the default request are "required computer version parameters". The above-mentioned parameters are only examples, and the present invention is not limited thereto.

當複雜可程式邏輯裝置判斷檢核訊號為合法時,表示基板管理控制器韌體應未被竄改,則執行步驟S07由複雜可程式邏輯裝置產生並輸出對應檢核訊號的回應訊號。進一步來說,所述回應訊號包含對應於檢核訊號中的要求的特定參數,詳細舉例如前所列於此不再贅述。另一方面,當複雜可程式邏輯裝置判斷檢核訊號不合法時,便會執行步驟S05輸出錯誤記錄,或是控制電源序列關閉。When the complex programmable logic device determines that the check signal is legal, it means that the firmware of the baseboard management controller should not be tampered with, and step S07 is executed to generate and output a response signal corresponding to the check signal by the complex programmable logic device. Furthermore, the response signal includes a specific parameter corresponding to the request in the check signal. The detailed examples are listed above and will not be repeated here. On the other hand, when the complex programmable logic device determines that the check signal is illegal, it will execute step S05 to output an error record, or control the power sequence to shut down.

於步驟S08中,基板管理控制器判斷是否於第二預定時段內收到回應訊號。進一步來說,第二預定時段可以從基板管理控制器輸出檢核訊號後開始起算。當基板管理控制器未於第二預定時段內收到回應訊號,於步驟S05輸出錯誤記錄。同理於前述可程式邏輯裝置之判斷,當基板管理控制器未於第二預定時段內接收到回應訊號,表示複雜可程式邏輯裝置可能運作超時,因此產生並輸出錯誤記錄。所述錯誤記錄同於前述複雜可程式邏輯裝置在判斷錯誤事件發生時所作的錯誤記錄,於此不再贅述。反之,當基板管理控制器判斷於第二預定時段內收到回應訊號,則接續於步驟S09判斷回應訊號是否合法。進一步來說,基板管理控制器會判斷複雜可程式邏輯裝置對應預設要求所輸出的回應訊號是否符合於基板管理控制器中的預設參數或記錄。In step S08, the baseboard management controller determines whether the response signal is received within the second predetermined time period. Furthermore, the second predetermined period of time may start after the baseboard management controller outputs the check signal. When the baseboard management controller does not receive the response signal within the second predetermined time period, it outputs an error record in step S05. Similarly to the judgment of the aforementioned programmable logic device, when the baseboard management controller does not receive the response signal within the second predetermined period of time, it means that the complex programmable logic device may be operating overtime, and therefore an error record is generated and output. The error record is the same as the error record made by the aforementioned complex programmable logic device when judging the occurrence of an error event, and will not be repeated here. Conversely, when the baseboard management controller determines that the response signal is received within the second predetermined time period, it continues to determine whether the response signal is legal or not in step S09. Furthermore, the baseboard management controller determines whether the response signal output by the complex programmable logic device corresponding to the preset request is consistent with the preset parameters or records in the baseboard management controller.

舉例而言,若預設要求為更新日期,複雜可程式邏輯裝置會對應地將自身的更新日期作為回應訊號輸出,則基板管理控制器會判斷回應訊號中之複雜可程式邏輯裝置的更新日期是否與基板管理控制器自身的更新日期相符,若相符則表示合法。舉另一個例子來說,基板管理控制器與複雜可程式邏輯裝置亦可在先前更新時即通知彼此的更新時間,因此預設要求亦可以為基板管理控制器或是複雜可程式邏輯裝置的更新日期。此外,回應訊號亦可以是對應上述檢核訊號的韌體版本號、伺服器或整台電腦主機的序列號碼等,本發明不以此為限。For example, if the default request is the update date, the complex programmable logic device will correspondingly output its own update date as a response signal, and the baseboard management controller will determine whether the update date of the complex programmable logic device in the response signal is It matches the update date of the baseboard management controller itself. If it matches, it means it is legal. For another example, the baseboard management controller and the complex programmable logic device can also notify each other of the update time when they are previously updated, so the default request can also be the update of the baseboard management controller or the complex programmable logic device date. In addition, the response signal can also be the firmware version number corresponding to the above-mentioned check signal, the serial number of the server or the entire computer host, etc., and the present invention is not limited to this.

當基板管理控制器判斷回應訊號合法,便執行步驟S10:以基板管理控制器啟動作業系統;而當複雜可程式邏輯裝置判斷檢核訊號不合法時,便會執行步驟S05以產生並輸出錯誤記錄。所述錯誤記錄如前列實施例所述,於此不再贅述。When the baseboard management controller determines that the response signal is legal, it executes step S10: start the operating system with the baseboard management controller; and when the complex programmable logic device determines that the check signal is illegal, it executes step S05 to generate and output an error record . The error record is as described in the previous embodiment, and will not be repeated here.

請參考圖2,圖2係依據本發明另一實施例所繪示的伺服器啟動方法的流程圖。其中,圖2之伺服器啟動方法的流程圖相似於圖1之流程圖,惟不同處在於圖2的步驟S08「基板管理控制器判斷是否於第二預定時段內收到回應訊號」及S09「判斷回應訊號是否合法」之判斷結果為「否」時,接續到步驟S05’。Please refer to FIG. 2, which is a flowchart of a server activation method according to another embodiment of the present invention. Among them, the flowchart of the server startup method in Figure 2 is similar to the flowchart in Figure 1, but the difference lies in the step S08 of Figure 2 "The baseboard management controller determines whether the response signal is received within the second predetermined time period" and S09" When the judgment result of judging whether the response signal is legal" is "No", proceed to step S05'.

詳細而言,在圖2的步驟S08中,當基板管理控制器判斷未於第二預定時段內接收到回應訊號或在步驟S09判斷回應訊號不合法時,則執行步驟S05’:判斷「否」是否超過N次。換句話說,基板管理控制器會判斷未接收到回應訊號及回應訊號不合法的判斷次數是否超過N次(例如為5次,亦可依實際需求增加或減少)。當基板管理控制器判斷未接收到回應訊號及回應訊號不合法的判斷次數不超過N次(即「否」不超過N次),則再次執行步驟S03輸出檢核訊號;反之,當基板管理控制器判斷未接收到回應訊號以及回應訊號不合法的判斷次數超過N次(即「否」超過N次),則執行步驟S05:輸出錯誤記錄。所述錯誤記錄如前列實施例所述,於此不再贅述。此外,當基板管理控制器於步驟S05’判斷「否」不超過N次並接續執行步驟S03後,則步驟S04的第一預定時段可以從複雜可程式邏輯裝置輸出對應檢核訊號的回應訊號(步驟S07)開始起算,然而第一預定時段的起算時間點亦可以依實際所需調整,本發明不以此為限。In detail, in step S08 of FIG. 2, when the baseboard management controller determines that the response signal is not received within the second predetermined time period or that the response signal is illegal in step S09, it executes step S05': determine "No" Whether more than N times. In other words, the baseboard management controller will determine whether the number of times that the response signal is not received and the response signal is illegal exceeds N times (for example, 5 times, which can be increased or decreased according to actual demand). When the baseboard management controller judges that the response signal is not received and the response signal is illegal, the number of judgments does not exceed N times (that is, "No" does not exceed N times), then step S03 is executed again to output the check signal; otherwise, when the baseboard management control If the device judges that the response signal is not received and the response signal is illegal, the number of judgments exceeds N times (that is, “No” exceeds N times), then step S05: output error records is performed. The error record is as described in the previous embodiment, and will not be repeated here. In addition, after the baseboard management controller determines "No" in step S05' for no more than N times and continues to execute step S03, the first predetermined period of step S04 can output a response signal corresponding to the check signal from the complex programmable logic device ( Step S07) Start counting, but the start time point of the first predetermined period of time can also be adjusted according to actual needs, and the present invention is not limited to this.

其中,在圖1及圖2的實施例中,在基板管理控制器啟動作業系統後,基板管理控制器可以經過一段時間後再產生另一檢核訊號,並執行如步驟S04中複雜可程式邏輯裝置對此檢核訊號進行判斷,並接續進行如圖1及圖2中接續步驟S04後的流程,當執行到如步驟S09基板管理控制器判斷由複雜可程式邏輯裝置輸出的對應此檢核訊號的回應訊號合法時,則維持作業系統的啟動狀態。Among them, in the embodiment of FIG. 1 and FIG. 2, after the baseboard management controller starts the operating system, the baseboard management controller can generate another check signal after a period of time, and execute the complex programmable logic as in step S04 The device judges this check signal, and continues the process after step S04 in Fig. 1 and Fig. 2, when it is executed to step S09, the baseboard management controller judges that the check signal output by the complex programmable logic device corresponds to this check signal When the response signal of is legal, the operating system is maintained in the activated state.

請參考圖3,圖3係依據本發明一實施例所繪示的執行自驗證運算的流程圖。更詳細而言,圖3揭示的自驗證運算是在圖1或圖2的步驟S10(即啟動作業系統)後執行。Please refer to FIG. 3, which is a flowchart of performing a self-verification operation according to an embodiment of the present invention. In more detail, the self-verification operation disclosed in FIG. 3 is executed after step S10 (that is, the operating system is started) in FIG. 1 or FIG. 2.

請繼續參考圖3,當作業系統被啟動後,可以執行步驟S11:以基板管理控制器執行自驗證運算並取得運算值。詳細而言,基板管理控制器可以基於基板管理控制器的可執行檔以及函式庫檔的至少一者執行自驗證運算並取得運算值。其中,所述自驗證運算較佳是雜湊運算(Hash Algorithm),故運算值較佳為雜湊值(Hash Value)。更詳細而言,雜湊運算例如是訊息摘要5演算法(Message-Digest 5 Algorithm,MD5)、循環冗餘校驗(Cyclic Redundancy Check,CRC) 演算法、安全散列演算法(Secure Hash Algorithm,SHA)或進階加密標準(Advanced Encryption Standard,AES)演算法,又在雜湊演算法中,安全散列演算法及進階加密標準演算法係較安全的加密方式。然自驗證運算亦可以是不對稱密碼演算法(Rivest-Shamir-Adleman,RSA)、雜湊訊息鑑別碼(Hash-Based Message Authentication Code,HMAC)、64基演算法(Base 64)等。Please continue to refer to FIG. 3, when the operating system is started, step S11 can be executed: the baseboard management controller executes the self-verification calculation and obtains the calculation value. In detail, the baseboard management controller may perform a self-verification calculation based on at least one of the executable file and the library file of the baseboard management controller and obtain the calculation value. Wherein, the self-verification operation is preferably a hash algorithm, so the calculated value is preferably a hash value. In more detail, the hash operation is, for example, the Message-Digest 5 Algorithm (MD5), the Cyclic Redundancy Check (CRC) algorithm, and the Secure Hash Algorithm (SHA). ) Or Advanced Encryption Standard (AES) algorithm, and in the hash algorithm, the secure hash algorithm and the Advanced Encryption Standard algorithm are more secure encryption methods. However, the self-verification operation can also be asymmetric cryptographic algorithm (Rivest-Shamir-Adleman, RSA), hash-based message authentication code (HMAC), base 64 algorithm (Base 64), etc.

請繼續參考圖3並接續上述步驟S11,當基板管理控制器取得運算值後,於步驟S12以基板管理控制器判斷運算值是否與參考值相等,意即以基板管理控制器判斷運算值(雜湊值)是否正確。當以基板管理控制器判斷運算值相等於參考值,則每間隔一間隔時段以基板管理控制器基於上述的可執行檔及函式庫檔的至少一者執行自驗證運算;當以基板管理控制器判斷運算值不相等於參考值,則以基板管理控制器在步驟S13輸出又另一錯誤記錄。其中,上述之參考值可以是在基板管理控制器在確定可執行檔及函式庫檔尚未被竄改且未被植入惡意程式時(例如伺服器安裝時),以可執行檔或函式庫檔依據自驗證運算執行運算以取得之參考值,換言之,當自驗證運算執行完即可確認伺服器是否被竄改。Please continue to refer to Figure 3 and continue with the above step S11. After the baseboard management controller obtains the calculated value, in step S12 the baseboard management controller determines whether the calculated value is equal to the reference value, which means that the baseboard management controller determines the calculated value (hash Value) is correct. When the baseboard management controller determines that the calculated value is equal to the reference value, the baseboard management controller executes a self-verification calculation based on at least one of the executable file and the library file every interval time interval; when the baseboard management controls If the processor determines that the calculated value is not equal to the reference value, the baseboard management controller outputs another error record in step S13. Wherein, the aforementioned reference value can be used as an executable file or a library when the baseboard management controller determines that the executable file and library file have not been tampered with and have not been implanted with malicious programs (for example, when the server is installed) The file is based on the reference value obtained by performing an operation based on the self-verification operation. In other words, after the self-verification operation is executed, it can be confirmed whether the server has been tampered with.

藉由上述內容,本發明的一或多個實施例所提出之伺服器啟動方法可以在啟動作業系統前,透過複雜可程式邏輯裝置判斷基板管理控制器的韌體的合法性,且以基板管理控制器判斷複雜可程式邏輯裝置的合法性。透過上述交叉驗證的方法,可以避免在基板管理控制器或複雜可程式邏輯裝置的韌體被竄改的狀況下啟動作業系統,進而避免作業系統的運作產生錯誤。另外透過上述交叉驗證方法亦可判斷複雜可程式邏輯裝置或基板管理控制器的韌體是否為指定廠商所開發。若發現複雜可程式邏輯裝置或基板管理控制器遭竄改或非指定廠商所開發,亦能輸出錯誤記錄以提醒相關操作人員。Based on the above content, the server startup method proposed by one or more embodiments of the present invention can determine the legality of the firmware of the baseboard management controller through a complex programmable logic device before starting the operating system, and use the baseboard management The controller judges the legality of the complex programmable logic device. Through the above-mentioned cross-validation method, it is possible to avoid starting the operating system under the condition that the firmware of the baseboard management controller or the complex programmable logic device is tampered with, thereby avoiding errors in the operation of the operating system. In addition, the above cross-validation method can also be used to determine whether the firmware of a complex programmable logic device or a baseboard management controller is developed by a designated manufacturer. If it is found that complex programmable logic devices or baseboard management controllers have been tampered with or developed by non-designated manufacturers, error records can also be output to remind relevant operators.

此外,本發明的一或多個實施例所提出之伺服器啟動方法可藉由基板管理控制器基於可執行檔及函式庫檔執行自驗證運算,以判斷基板管理控制器本身韌體的合法性,且可以於間隔一段間隔時段再次執行自驗證運算以定期檢查基板管理控制器的韌體的合法性,藉此避免伺服器在作業系統開始運作後的某個時間點遭到竄改、植入惡意程式或檔案系統損毀,更可以避免基板管理控制器的韌體的合法性被誤判。另外,當上述自驗證運算以雜湊運算來實施時,除了可以兼具安全性與執行速度,更可以避免拉長伺服器的開機時間及影響伺服器的效能。In addition, the server startup method proposed in one or more embodiments of the present invention can use the BMC to perform a self-verification operation based on executable files and library files to determine the legality of the firmware of the BMC. It can perform self-verification again at intervals to check the legality of the baseboard management controller’s firmware regularly, so as to prevent the server from being tampered with and implanted at a certain point in time after the operating system starts to operate. Malicious programs or file system damage can prevent misjudgment of the legality of the firmware of the baseboard management controller. In addition, when the above-mentioned self-verification operation is implemented as a hash operation, in addition to having both security and execution speed, it can also avoid prolonging the boot time of the server and affecting the performance of the server.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明。在不脫離本發明之精神和範圍內,所為之更動與潤飾,均屬本發明之專利保護範圍。關於本發明所界定之保護範圍請參考所附之申請專利範圍。Although the present invention is disclosed in the foregoing embodiments, it is not intended to limit the present invention. All changes and modifications made without departing from the spirit and scope of the present invention fall within the scope of the patent protection of the present invention. For the scope of protection defined by the present invention, please refer to the attached scope of patent application.

no

圖1係依據本發明一實施例所繪示的伺服器啟動方法的流程圖。 圖2係依據本發明另一實施例所繪示的伺服器啟動方法的流程圖。 圖3係依據本發明一實施例所繪示的伺服器啟動方法中的自驗證運算的流程圖。FIG. 1 is a flowchart of a server activation method according to an embodiment of the present invention. FIG. 2 is a flowchart of a server activation method according to another embodiment of the present invention. FIG. 3 is a flowchart of the self-verification operation in the server startup method according to an embodiment of the present invention.

Claims (9)

一種伺服器啟動方法,適用於包含一複雜可程式邏輯裝置以及一基板管理控制器的一伺服器,包含:以該複雜可程式邏輯裝置接收一第一啟動訊號;以該複雜可程式邏輯裝置依據該第一啟動訊號輸出一第二啟動訊號到該基板管理控制器;以該基板管理控制器依據該第二啟動訊號輸出一檢核訊號;以該複雜可程式邏輯裝置判斷是否於一第一預定時段內接收到該檢核訊號;當判斷該複雜可程式邏輯裝置於該第一預定時段內接收到該檢核訊號,判斷該檢核訊號是否合法;當以該複雜可程式邏輯裝置判斷該檢核訊號合法,輸出對應該檢核訊號的一回應訊號到該基板管理控制器;以該基板管理控制器判斷是否於一第二預定時段內接收到該回應訊號;當以該基板管理控制器判斷於該第二預定時段內接收到該回應訊號,判斷該回應訊號是否合法;以及當以該基板管理控制器判斷該回應訊號合法,以該基板管理控制器控制該伺服器的一作業系統的啟動。A server activation method, suitable for a server including a complex programmable logic device and a baseboard management controller, includes: receiving a first activation signal by the complex programmable logic device; based on the complex programmable logic device The first activation signal outputs a second activation signal to the baseboard management controller; the baseboard management controller outputs a check signal according to the second activation signal; and the complex programmable logic device determines whether it is in a first predetermined The check signal is received within the time period; when it is determined that the complex programmable logic device receives the check signal within the first predetermined time period, it is determined whether the check signal is legal; when the complex programmable logic device is used to determine the check signal If the verification signal is legal, output a response signal corresponding to the verification signal to the baseboard management controller; use the baseboard management controller to determine whether the response signal is received within a second predetermined time period; when the baseboard management controller determines When the response signal is received within the second predetermined time period, it is determined whether the response signal is legal; and when the substrate management controller determines that the response signal is legal, the substrate management controller controls the activation of an operating system of the server . 如請求項1所述的方法,其中當該基板管理控制器判斷未於該第二預定時段內接收到該回應訊號,以及該基板管理控制器判斷該回應訊號不合法的一判斷次數未超過一預訂次數,以該基板管理控制器輸出該檢核訊號。The method according to claim 1, wherein when the baseboard management controller determines that the response signal is not received within the second predetermined time period, and the number of times the baseboard management controller determines that the response signal is illegal does not exceed one For the number of reservations, the baseboard management controller outputs the check signal. 如請求項1所述的方法,其中以該複雜可程式邏輯裝置判斷該回應訊號是否合法包含,以該複雜可程式邏輯裝置判斷該回應訊號是否符合記錄於該複雜可程式邏輯裝置的一預設參數。The method according to claim 1, wherein the complex programmable logic device is used to determine whether the response signal is legally included, and the complex programmable logic device is used to determine whether the response signal conforms to a preset recorded in the complex programmable logic device parameter. 如請求項1所述的方法,其中當該複雜可程式邏輯裝置判斷未於該第一預定時段內接收到該檢核訊號時,以該複雜可程式邏輯裝置輸出一錯誤記錄。The method according to claim 1, wherein when the complex programmable logic device determines that the check signal is not received within the first predetermined time period, the complex programmable logic device outputs an error record. 如請求項1所述的方法,其中當該基板管理控制器判斷未於該第二預定時段內接收到該回應訊號時,以該基板管理控制器輸出一錯誤記錄。The method according to claim 1, wherein when the baseboard management controller determines that the response signal is not received within the second predetermined time period, the baseboard management controller outputs an error record. 如請求項1所述的方法,其中該方法更包含在啟動該作業系統後,以該基板管理控制器基於一可執行檔以及一函式庫檔的至少一者執行一自驗證運算並取得一運算值,且以該基板管理控制器判斷該運算值是否與一參考值相等。The method according to claim 1, wherein the method further comprises, after starting the operating system, performing a self-verification operation with the baseboard management controller based on at least one of an executable file and a library file to obtain a The calculated value, and the baseboard management controller determines whether the calculated value is equal to a reference value. 如請求項6所述的方法,其中當判斷該運算值不相等於該參考值,以該基板管理控制器輸出又另一錯誤記錄。The method according to claim 6, wherein when it is determined that the calculated value is not equal to the reference value, another error record is output by the baseboard management controller. 如請求項6所述的方法,其中當判斷該運算值相等於該參考值,間隔一間隔時段以該基板管理控制器基於該可執行檔以及該函式庫檔的至少一者執行該自驗證運算。The method according to claim 6, wherein when it is determined that the calculated value is equal to the reference value, the baseboard management controller performs the self-verification based on at least one of the executable file and the function library file at an interval time interval Operation. 如請求項6所述的方法,其中該自驗證運算是一雜湊運算。The method according to claim 6, wherein the self-verification operation is a hash operation.
TW108134363A 2019-09-24 2019-09-24 Method of booting server TWI740214B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108134363A TWI740214B (en) 2019-09-24 2019-09-24 Method of booting server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108134363A TWI740214B (en) 2019-09-24 2019-09-24 Method of booting server

Publications (2)

Publication Number Publication Date
TW202113616A true TW202113616A (en) 2021-04-01
TWI740214B TWI740214B (en) 2021-09-21

Family

ID=76604477

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108134363A TWI740214B (en) 2019-09-24 2019-09-24 Method of booting server

Country Status (1)

Country Link
TW (1) TWI740214B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015094160A1 (en) * 2013-12-16 2015-06-25 Hewlett-Packard Development Company, L.P. Firmware authentication
US9805200B2 (en) * 2016-02-01 2017-10-31 Quanta Computer, Inc. System and method for firmware verification
US10725792B2 (en) * 2016-12-15 2020-07-28 Western Digital Technologies, Inc. Non-volatile storage device with multiple boot partitions
CN107766073A (en) * 2017-10-23 2018-03-06 郑州云海信息技术有限公司 A kind of structure and method of supporting server start to change BMC flash

Also Published As

Publication number Publication date
TWI740214B (en) 2021-09-21

Similar Documents

Publication Publication Date Title
JP4769608B2 (en) Information processing apparatus having start verification function
US11012241B2 (en) Information handling system entitlement validation
EP2681689B1 (en) Protecting operating system configuration values
US8806221B2 (en) Securely recovering a computing device
TWI559167B (en) A unified extensible firmware interface(uefi)-compliant computing device and a method for administering a secure boot in the uefi-compliant computing device
US8375369B2 (en) Run-time code injection to perform checks
US9129103B2 (en) Authenticate a hypervisor with encoded information
US20080163212A1 (en) Paralleled management mode integrity checks
US7694341B2 (en) Run-time code injection to perform checks
EP1999679A2 (en) Method and system for secure software provisioning
US11398896B2 (en) Building device with blockchain based verification of building device files
US10102378B2 (en) Boot images for units under test
JP6846457B2 (en) Automatic verification method and system
TWI754219B (en) Update signals
US20110161645A1 (en) Content securing system
WO2016165215A1 (en) Method and apparatus for loading code signing on applications
JP2003122588A (en) Software processing device and software installation method
WO2019057314A1 (en) Enclave handling on an execution platform
TWI740214B (en) Method of booting server
KR101320680B1 (en) Method and apparatus for integrity check of software
WO2020034881A1 (en) Method and apparatus for activating trusted execution environment
CN116561734A (en) Verification method, verification device, computer and computer configuration system
CN111506897B (en) Data processing method and device
TWI696091B (en) Platform configurations
CN112632552A (en) Server starting method