[go: up one dir, main page]

HK40022245A - Method and related device for firmware safety detection for electronic device - Google Patents

Method and related device for firmware safety detection for electronic device Download PDF

Info

Publication number
HK40022245A
HK40022245A HK42020012540.9A HK42020012540A HK40022245A HK 40022245 A HK40022245 A HK 40022245A HK 42020012540 A HK42020012540 A HK 42020012540A HK 40022245 A HK40022245 A HK 40022245A
Authority
HK
Hong Kong
Prior art keywords
firmware
management controller
board card
baseboard management
basic input
Prior art date
Application number
HK42020012540.9A
Other languages
Chinese (zh)
Other versions
HK40022245B (en
Inventor
杨韬
Original Assignee
腾讯科技(深圳)有限公司
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of HK40022245A publication Critical patent/HK40022245A/en
Publication of HK40022245B publication Critical patent/HK40022245B/en

Links

Description

Firmware safety detection method of electronic equipment and related equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a firmware security detection method for an electronic device and a related device.
Background
Server platforms or network devices, unlike PCs (Personal computers), often have a number of additional hardware or boards, typically small computing systems with corresponding firmware programs. The firmware programs of these additional hardware or boards, together with the firmware program of the BIOS (basic input/Output System) of the server or the network device itself, form a firmware program set of the server platform or the network device.
Because all firmware programs are started before the operating system, and meanwhile, PCIE (Peripheral Component Interconnect Express) bus devices of a modern computer system can initiate DMA (Direct Memory Access) Direct Memory Access, if the firmware programs contain malicious codes, a trojan back door can be implanted into the operating system during running through DMA and the like, so that the information security of the computer system is damaged.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure.
Disclosure of Invention
The embodiment of the disclosure provides a firmware security detection method and device for electronic equipment, the electronic equipment and a computer readable storage medium, which can improve the bottom layer security of a computer system.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
The embodiment of the disclosure provides a firmware safety detection method for electronic equipment. The method comprises the following steps: starting the baseboard management controller; confirming target board card equipment of which the firmware is to be verified from the board card equipment; detecting the validity of the firmware of the basic input output system by using the baseboard management controller; and detecting the legality of the firmware of the target board card equipment by using the baseboard management controller.
The embodiment of the disclosure provides a firmware safety detection device of electronic equipment, wherein the electronic equipment comprises a basic input and output system and a substrate management controller and is provided with a board card device. The device comprises: a baseboard management control starting module configured to start the baseboard management controller; the target board card equipment confirmation module is configured to confirm target board card equipment of which the firmware is to be verified from the board card equipment; a basic system firmware detection module configured to detect validity of firmware of the basic input output system using the baseboard management controller; and the board card equipment firmware detection module is configured to detect the legality of the firmware of the target board card equipment by using the baseboard management controller.
In some exemplary embodiments of the disclosure, the firmware of the baseboard management controller includes a boot program, a firmware verification program, and a baseboard management controller firmware certificate public key/hash, and a baseboard management controller core firmware program, a baseboard management controller function package, and a certificate/hash of the bios and board devices. The baseboard management control starting module may include: the preferential power-on unit is configured to power on the substrate management controller and the board card device after a power supply of the electronic device is powered on; a boot program loading unit configured to load the boot program; a firmware verification program loading unit configured to load the firmware verification program, and verify the baseboard management controller core firmware program, the baseboard management controller function package, and the certificate/hash of the BIOS and the board device according to the baseboard management controller firmware certificate public key/hash; and the baseboard management control trusted starting unit is configured to load the baseboard management controller core firmware program and the baseboard management controller function package if the certification/hash verification of the baseboard management controller core firmware program, the baseboard management controller function package and the BIOS and board card device passes.
In some exemplary embodiments of the present disclosure, the apparatus further comprises: a baseboard management control termination module configured to terminate starting the baseboard management controller if the baseboard management controller core firmware program, the baseboard management controller function package, and the certificate/hash verification of the BIOS and the board device do not pass; the first alarm module is configured to generate and send first alarm information.
In some exemplary embodiments of the present disclosure, the boot program, the firmware verification program, and the baseboard management controller firmware certificate public key/hash are stored in a first memory; the baseboard management controller core firmware program, the baseboard management controller function package and the certificate/hash of the basic input/output system and the board card equipment are stored in a second memory; and respectively signing the certificate/hash of the baseboard management controller core firmware program, the baseboard management controller function package and the basic input/output system and the board card equipment by adopting a baseboard management controller certificate private key.
In some exemplary embodiments of the present disclosure, the basic system firmware detection module includes: the first instruction sending unit is configured to send a first control instruction to the first multiplexer through the first bus by the baseboard management controller; a first firmware image file reading unit configured to read the firmware image file of the bios through the first bus by the first multiplexer according to the first control instruction and return the firmware image file to the bmc, where the firmware image file of the bios is stored in a first memory chip based on a first bus protocol; the first firmware verification unit is configured to verify the validity of the firmware of the basic input output system by the baseboard management controller according to the firmware image file of the basic input output system and the certificate/hash of the basic input output system.
In some exemplary embodiments of the present disclosure, the apparatus further comprises: the basic input and output system starting module is configured to start the basic input and output system if the firmware of the basic input and output system passes verification; and the basic input and output system forbidding module is configured to forbid the basic input and output system from starting and generate and send second alarm information if the firmware of the basic input and output system is not verified.
In some exemplary embodiments of the present disclosure, the board device firmware detection module includes: the board card firmware verification unit is configured to poll the target board card device one by one through the baseboard management controller, and verify whether the firmware of the target board card device conforms to the certificate/hash of the board card device; a non-secure device recording unit configured to record, if the firmware of the target board card device is not verified, the target board card device that is not verified as a non-secure device; and the automatic processing unit is configured to carry out automatic processing on the non-safety equipment.
In some exemplary embodiments of the present disclosure, the target board card device includes a first board card device. Wherein, the board firmware verification unit includes: a second instruction transmitting subunit configured to transmit, by the baseboard management controller, a second control instruction to the first multiplexer through the first bus; a first firmware image file reading subunit, configured to, by the first multiplexer, read the firmware image file of the first board card device through the first bus according to the second control instruction, and return the firmware image file to the baseboard management controller, where the firmware image file of the first board card device is stored in a second storage chip based on a first bus protocol; and the first firmware verification subunit is configured to verify the validity of the firmware of the first board card device by the baseboard management controller according to the firmware image file of the first board card device and the certificate/hash of the board card device.
In some exemplary embodiments of the present disclosure, the target board card device further includes a second board card device. Wherein, the board firmware verification unit further comprises: a third instruction transmitting subunit configured to transmit, by the baseboard management controller, a third control instruction to the first multiplexer through the first bus; a third instruction forwarding subunit configured to send the third control instruction to the second bus-to-first bus protocol translator through the first bus by the first multiplexer; a third instruction translation subunit configured to send the third control instruction to a second multiplexer by the second bus-to-first bus protocol translator; a second firmware image reading subunit configured to, by the second multiplexer, read the firmware image of the second board device through a second bus according to the third control instruction, and return the firmware image to the baseboard management controller, where the firmware image of the second board device is stored in a third storage chip based on a second bus protocol; and the second firmware verification subunit is configured to verify the validity of the firmware of the second board card device according to the firmware image file of the second board card device and the certificate/hash of the board card device.
In some exemplary embodiments of the present disclosure, the automated processing unit comprises: a first execution subunit, a second execution subunit, a third execution subunit, or a fourth execution subunit. The first execution subunit is configured to execute the bios initialization process to start an operating system of the electronic device. The second execution subunit is configured to shield or power off the non-secure device, generate third warning information, execute the basic input output system initialization process, and start an operating system of the electronic device. The third execution subunit is configured to generate third warning information, execute the basic input output system initialization process, and start the operating system of the electronic device. The fourth execution subunit is configured to prohibit the bios initialization process and the operating system boot of the electronic device.
In some exemplary embodiments of the present disclosure, the apparatus further comprises: the normal starting module is configured to execute the initialization process of the basic input and output system and start the operating system of the electronic equipment if the firmware of the basic input and output system and the firmware of the target board card equipment are verified to pass; and the real-time detection module is configured to detect the legality of the firmware of the target board card equipment by using the baseboard management controller again in the running process of the operating system.
In some exemplary embodiments of the present disclosure, the apparatus further comprises: and the hot plug module is configured to trigger a hot plug event of the bus where the target board card device is located if the target board card device fails to be verified again.
The disclosed embodiments provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the firmware security detection method of an electronic device as described in the above embodiments.
An embodiment of the present disclosure provides an electronic device, including: one or more processors; a storage configured to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the firmware security detection method of the electronic device as described in the above embodiments.
In the technical solutions provided in some embodiments of the present disclosure, for an electronic device that includes a basic input/output system and a board management controller and is installed with a board device, the board management controller is first started to use the board management controller as a root of trust of the electronic device; confirming target board card equipment of which the firmware is to be verified from the board card equipment; then, the baseboard management controller is used for detecting the legality of the firmware of the basic input/output system, and the baseboard management controller is used for detecting the legality of the firmware of the target board card device, namely starting from a credible baseboard management controller, a credible verification flow is initiated for hardware with the firmware to be verified in all electronic devices, so that on one hand, a safety detection scheme of the electronic device firmware based on a flattened credible chain is realized; on the other hand, the security of the electronic equipment as a basic hardware platform is greatly guaranteed, and the back implantation of hostile intelligence institutions, commercial spyware and the like on the electronic equipment hardware can be effectively resisted.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty. In the drawings:
fig. 1 is a schematic diagram illustrating an exemplary system architecture to which a firmware security detection method of an electronic device or a firmware security detection apparatus of an electronic device according to an embodiment of the present disclosure may be applied;
FIG. 2 illustrates a schematic structural diagram of a computer system suitable for use with the electronic device used to implement embodiments of the present disclosure;
FIG. 3 schematically shows a flow diagram of a firmware security detection method of an electronic device according to an embodiment of the present disclosure;
FIG. 4 is a diagram illustrating a processing procedure of step S310 shown in FIG. 3 in one embodiment;
FIG. 5 schematically illustrates a trusted boot process of a BMC, according to an embodiment of the disclosure;
FIG. 6 schematically shows a flow diagram of a firmware security detection method of an electronic device according to a further embodiment of the present disclosure;
FIG. 7 is a diagram illustrating a processing procedure of step S330 shown in FIG. 3 in one embodiment;
FIG. 8 schematically illustrates a flow chart of a firmware security detection method of an electronic device according to yet another embodiment of the present disclosure;
FIG. 9 is a diagram illustrating a processing procedure of step S340 illustrated in FIG. 3 in one embodiment;
FIG. 10 is a diagram illustrating a processing procedure of step S341 shown in FIG. 9 in one embodiment;
fig. 11 is a schematic view showing a processing procedure of step S341 shown in fig. 9 in another embodiment;
FIG. 12 schematically illustrates a connection of a BMC to platform firmware, according to an embodiment of the disclosure;
FIG. 13 schematically illustrates a flow chart of a firmware security detection method of an electronic device according to yet another embodiment of the present disclosure;
fig. 14 schematically shows a block diagram of a firmware security detection apparatus of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
Fig. 1 shows a schematic diagram of an exemplary system architecture 100 to which a firmware security detection method of an electronic device or a firmware security detection apparatus of an electronic device of an embodiment of the present disclosure may be applied.
As shown in fig. 1, the system architecture 100 may include one or more of terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation. For example, the server 105 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a web service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, and the like, but not limited thereto. The terminal devices 101, 102, 103 and the server 105 may be directly or indirectly connected through wired or wireless communication, and the present application is not limited thereto.
The server 105 may be a server that provides various services. For example, server 105 starts the baseboard management controller of server 105; and confirms the target board card device whose firmware is to be verified from the board card devices of the server 105; detecting, using the baseboard management controller, validity of firmware of a basic input output system of the server 105; and detecting the legality of the firmware of the target board card equipment by using the baseboard management controller.
Also for example, the terminal device 103 (which may also be the terminal device 101 or 102) may be a smart tv, a VR (virtual Reality)/AR (Augmented Reality) helmet display, or a mobile terminal such as a smart phone, a tablet computer, etc. on which an instant messaging, a navigation, a video Application (APP) and the like are installed, and the user may send various requests to the server 105 through the smart tv, the VR/AR helmet display or the instant messaging, the video APP. The server 105 may obtain, based on the request, feedback information in response to the request, and return the feedback information to the smart television, the VR/AR head mounted display, or the instant messaging and video APP, and then display the returned feedback information through the smart television, the VR/AR head mounted display, or the instant messaging and video APP.
FIG. 2 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present disclosure.
It should be noted that the computer system 200 of the electronic device shown in fig. 2 is only an example, and should not bring any limitation to the functions and the scope of the application of the embodiments of the present disclosure.
As shown in fig. 2, the computer system 200 includes a Central Processing Unit (CPU)201 that can perform various appropriate actions and processes in accordance with a program stored in a Read-Only Memory (ROM) 202 or a program loaded from a storage section 208 into a Random Access Memory (RAM) 203. In the RAM 203, various programs and data necessary for system operation are also stored. The CPU 201, ROM 202, and RAM 203 are connected to each other via a bus 204. An input/output (I/O) interface 205 is also connected to bus 204.
The following components are connected to the I/O interface 205: an input portion 206 including a keyboard, a mouse, and the like; an output section 207 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 208 including a hard disk and the like; and a communication section 209 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 209 performs communication processing via a network such as the internet. A drive 210 is also connected to the I/O interface 205 as needed. A removable medium 211, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is mounted on the drive 210 as necessary, so that a computer program read out therefrom is installed into the storage section 208 as necessary.
In particular, the processes described below with reference to the flowcharts may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 209 and/or installed from the removable medium 211. The computer program, when executed by a Central Processing Unit (CPU)201, performs various functions defined in the methods and/or apparatus of the present application.
It should be noted that the computer readable storage medium shown in the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM) or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable storage medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF (radio frequency), etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods, apparatus, and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules and/or units and/or sub-units described in the embodiments of the present disclosure may be implemented by software, or may be implemented by hardware, and the described modules and/or units and/or sub-units may also be disposed in a processor. Wherein the names of such modules and/or units and/or sub-units in some cases do not constitute a limitation on the modules and/or units and/or sub-units themselves.
As another aspect, the present application also provides a computer-readable storage medium, which may be included in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer-readable storage medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the method as described in the embodiments below. For example, the electronic device may implement the steps shown in fig. 3, 4, 6, 7, 8, 9, 10, 11, or 13.
Cloud technology refers to a hosting technology for unifying serial resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.
Cloud technology (Cloud technology) is based on a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied in a Cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
The technical scheme provided by the embodiment of the disclosure relates to Cloud Security (Cloud Security).
Cloud security refers to the generic name of security software, hardware, users, organizations, and security cloud platforms applied based on cloud computing business models. The cloud security integrates emerging technologies and concepts such as parallel processing, grid computing and unknown virus behavior judgment, abnormal monitoring of software behaviors in the network is achieved through a large number of meshed clients, the latest information of trojans and malicious programs in the internet is obtained and sent to the server for automatic analysis and processing, and then the virus and trojan solution is distributed to each client.
The main research directions of cloud security include: 1. the cloud computing security mainly researches how to guarantee the security of the cloud and various applications on the cloud, including the security of a cloud computer system, the secure storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like; 2. the cloud of the security infrastructure mainly researches how to adopt cloud computing to newly build and integrate security infrastructure resources and optimize a security protection mechanism, and comprises the steps of constructing a super-large-scale security event and an information acquisition and processing platform through a cloud computing technology, realizing the acquisition and correlation analysis of mass information, and improving the handling control capability and the risk control capability of the security event of the whole network; 3. the cloud security service mainly researches various security services, such as anti-virus services and the like, provided for users based on a cloud computing platform.
At present, a trojan backdoor based on external hardware of a server platform or a board card has real attack exposure, such as Sonic Screwdriver in the Vault7 project, which can be used to destroy the BIOS password. In addition, 2sigma Thunderstrike2 attack demonstration is provided, so that worm type transmission of firmware backdoor is realized, namely malicious PCIE network card is transmitted to clean BIOS, and then the polluted BIOS is transmitted to clean PCIE network card equipment.
For the firmware security detection of the peripheral hardware or the board card of the server platform, the related technology includes the following two schemes:
the first scheme is as follows: the method is carried out based on UEFI (Unified Extensible Firmware Interface) Secure Boot, the Secure Boot technology depends on a UEFI BIOS execution framework, and in a BDS (Boot Device Select) stage in the starting process of the UEFI BIOS, whether Option rom of PCIE peripheral hardware meets HASH (HASH) or certificate signature preset in the BIOS or not is detected, so that whether the Option rom is loaded or not is determined.
However, on the one hand, the detection means is limited to the OptionRom part in the UEFI BIOS Boot process, that is, the Secure Boot technology only detects the OptionRom firmware part which needs to be additionally loaded in the BIOS Boot and only belongs to a small part of the peripheral hardware or the board firmware itself, so that the firmware part irrelevant to the BIOS cannot be detected by the Secure Boot. Specifically, the board firmware can be understood as two parts, the first part is the most critical original firmware started by the operating system of the board itself, and the board firmware automatically runs as long as being powered on; the second part is that when the BIOS of the main board realizes the advanced functions of the board card, the BIOS program actively inquires a function packet program obtained by the board card, and the BIOS can realize the advanced functions of the board card after loading the function packet program; whereas uefish Boot technology can only verify the second part and not the first part. On the other hand, the Secure Boot technology is built on the basis of the UEFI BIOS starting process, detection must be performed at each time of starting, and detection timing is solidified after the BIOS is started and before an operating system runs, so that whether platform hardware is illegally tampered cannot be detected in real time, and limitation is very large. In addition, the Secure Boot technology can only detect peripheral devices on the PCIE bus, and has great limitation to the fact that peripheral devices on non-PCIE buses cannot be detected.
The second scheme is as follows: based on the server security starting technology of the BMC (Baseboard Management Controller), the BMC firmware is incorporated into the measurement process of the TCM (Trusted Cryptography Module) and the TPCM (Trusted Platform Control Module), and the trust of the BMC firmware is ensured.
However, the secure boot technology only incorporates the BMC into the trusted computing metric process, and the metrics of other platform hardware or peripheral devices cannot be independently incorporated, so that the protection range is limited. The secure boot technology is an improved version of a TPM (Trusted Platform Module) scheme, and has limited Trusted computing metric capacity, and only fixed 8 registers are used to determine the change condition of the server firmware, so that a plurality of hardware shared registers are inevitably present, that is, a plurality of peripheral OptionRom firmware metrics share the same metric PCR (Platform status register) and are represented in a HASH form, and thus cannot be called independent incorporation. In addition, the problem of which board firmware is in existence cannot be visually confirmed among the several board firmware sharing the registers, that is, which peripheral has a potential safety hazard cannot be visually reflected.
Meanwhile, the two detection methods are based on the TPM or the BIOS as a detection root of trust, and multilayer trust chain iteration exists from system maneuvering to the root of trust to detected firmware. If the Bootguard stage before power-on is used as a trusted root, the SEC (Security) stage of UEFIBIOS (Universal electronic Security plus architecture for instrumentation) + PEI (Pre-EFI Initialization Environment for Initialization of extensible firmware interface) stage is checked; then, the PEI phase is used as a trusted chain, and a DXE (Driver execution environment) phase is verified; then, the DXE stage is used as a trusted chain to start a Secure Boot verification program; finally, the Secure Boot authentication program serves as a trusted chain to detect the OptionRom firmware portion of the PCIE bus device.
In the related technology, multi-layer transmission is verified step by step, so the definition and program implementation of a trust chain are realized by depending on mutual cooperation of a plurality of different suppliers, and because the verified program suppliers are different in the multi-transmission process of the trust chain, the calculation resources can be called differently, and the implementation levels of the suppliers are different, so that a theoretically complete methodology cannot really guarantee the completeness of the technology on an actual server, a bug is found and bypassed for a plurality of times in an actual environment, the reliability of the trust chain is reduced, and finally the verified firmware security conclusion is questioned.
Fig. 3 schematically shows a flowchart of a firmware security detection method of an electronic device according to an embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be executed by any electronic device with computing processing capability, such as the server 105 in fig. 1. In the following description, a server is used as an execution subject.
In the embodiment of the present disclosure, the electronic device may include a Basic Input Output System (BIOS) and a Baseboard Management Controller (BMC), and is installed with additional hardware such as a board device, and has a firmware program corresponding thereto.
In the embodiment of the present disclosure, the BIOS is a core software system directly solidified on the motherboard, and stores the most important basic input and output program of the server, the post-power-on self-test program, and the system self-start program. After starting up, BIOS reads and writes the specific information set by the system from ROM and other memories, and provides the most direct hardware setting and control for the server. The BMC management system is an embedded management subsystem independent of an operating system on a server mainboard and is used for providing a remote management function for a server by utilizing a virtual keyboard, an interface, a mouse, a power supply and the like. The user may monitor the physical characteristics of the server, such as temperature, voltage, fan operating status, power supply, and chassis intrusion, etc., of the components using the BMC. The BMC can perform operations such as firmware upgrading and machine equipment checking on the machine in a state that the machine is not started.
In the following embodiments, the electronic device is taken as an example of a server platform, and a detection scheme for the security of the firmware of the server platform is provided, which may be used to enhance the security protection of the server node, especially a highly important server related to sensitive private data processing. The server BMC is used as a function core, and the security sensing capability of the server hardware and the extrapolation board card is improved. The server platform may include BMC firmware and supporting circuits, etc. provided by a server vendor or an OEM (original equipment Manufacturer), such as ILO, iDrac, MegaRac SP-X, etc. Specifically, the following description will be given by taking the X86 server of MegaRac SP-X as an example. In this case, the board card device may include any one or more of a network card, a Raid (Redundant Arrays of independent Drives), an FC (Fiber optic card) card, and the like, which is not limited in this disclosure, and the board card device may be any self-contained or peripheral hardware installed on the server platform.
It is understood that the electronic device is not limited to the server platform, and in other embodiments, the electronic device may also be a network device, such as any one of a router, a switch, and the like, and the back door implantation detection during the operation of the network device may be performed by using the solution provided by the embodiments of the present disclosure. In this case, the board card device may include any one or more of various IPS (Intrusion Prevention System), IDS (Intrusion detection Systems), firewall, and antivirus module cards that are inserted into the network device, and may perform security detection on the inserted board card device, thereby discovering hidden backdoors in firmware such as a router and a switch.
As shown in fig. 3, a method for detecting the firmware security of an electronic device provided by an embodiment of the present disclosure may include the following steps.
In step S310, the baseboard management controller is started.
In step S320, a target board device whose firmware is to be verified is confirmed from the board devices.
In the embodiment of the present disclosure, after the BMC finishes the start process, it may enumerate all the hardware board devices of its own or external devices of the current server through the south bridge chip or other dedicated external buses, and determine that the board device with the firmware to be verified is the target board device. The function of the south bridge chip comprises the connection of peripheral equipment, so that the function of enumerating peripheral board cards can be realized through the south bridge chip. Specifically, a white list or a black list may be set to specify which board card devices whose firmware needs to be verified.
In step S330, the baseboard management controller is used to detect the validity of the firmware of the bios.
In step S340, the baseboard management controller is used to detect the validity of the firmware of the target board card device.
The firmware safety detection method of the electronic device provided by the embodiment of the disclosure is directed to the electronic device which comprises a basic input and output system and a substrate management controller and is provided with a board card device, the substrate management controller is started firstly, so that the substrate management controller is used as a root of trust of the electronic device; confirming target board card equipment of which the firmware is to be verified from the board card equipment; then, the baseboard management controller is used for detecting the legality of the firmware of the basic input/output system, and the baseboard management controller is used for detecting the legality of the firmware of the target board card device, namely starting from a credible baseboard management controller, a credible verification flow is initiated for hardware with the firmware to be verified in all electronic devices, so that on one hand, a safety detection scheme of the electronic device firmware based on a flattened credible chain is realized; on the other hand, the security of the electronic equipment as a basic hardware platform is greatly guaranteed, and the back implantation of hostile intelligence institutions, commercial spyware and the like on the electronic equipment hardware can be effectively resisted.
In this disclosure, the firmware of the baseboard management controller may include a boot program, a firmware verification program, a baseboard management controller firmware certificate public key/hash, a baseboard management controller core firmware program, a baseboard management controller function package, and a certificate/hash of the bios and the board card device.
Wherein the boot program, the firmware verification program, and the baseboard management controller firmware certificate public key/hash may be stored in a first memory.
For example, the first memory may be a ROM, but the present disclosure is not limited thereto.
The bmc core firmware program, the bmc function package, and the certificate/hash of the bios and the board device may be stored in the second memory.
For example, the second memory may be an SPI (Serial Peripheral Interface) Flash chip, but the present disclosure is not limited thereto.
The baseboard management controller core firmware program (BMC core firmware program), the baseboard management controller function package (BMC function package, that is, BMC additional function module), and the certificate/HASH of the bios and the board device (that is, other firmware certificate/HASH of the server platform) may be signed by the baseboard management controller certificate private key, respectively.
In the embodiment of the disclosure, the same certificate/HASH or three different certificates/hashes can be used to sign the BMC core firmware program, the BMC function package, and the other firmware certificates/hashes of the server platform, and the three packages, i.e., the BMC core firmware program, the BMC function package, and the other firmware certificates/hashes of the server platform, can be updated respectively by signing for three times, without requiring one-time update for all at once every time, and the operation and maintenance performance of the three packages can be improved.
Fig. 4 is a schematic diagram illustrating a processing procedure of step S310 shown in fig. 3 in an embodiment. As shown in fig. 4, in the embodiment of the present disclosure, the step S310 may further include the following steps.
In step S311, after the power supply of the electronic device is powered on, the baseboard management controller and the board card device are powered on.
In the embodiment of the present disclosure, a Logic function for controlling a power-on timing sequence of a motherboard power supply is added to the CPLD, the CPLD may be connected to the BMC through an Inter-Integrated Circuit (IIC) bus, and in order to implement establishment of a flattened trusted chain, first, a power-on Logic of the CPLD (Complex Programmable Logic Device) is modified, so that the BMC can control the power-on Logic of the CPLD, that is, before the CPU is powered on, the BMC can send a timing Logic control instruction to the CPLD, implement power-on timing sequence control of the motherboard, and implement the following functions:
firstly, after the power supply of the server mainboard is powered on, the BMC and the peripheral board card equipment are powered on and started preferentially, and the BMC sends a command to the CPLD to control the CPU not to be powered on so as to perform trusted boot of the BMC firmware.
Secondly, the BMC has the capability of determining power-off shielding and shielding-removing of the peripheral board card device.
Third, the BMC has the ability to decide to change the power on state of the CPU.
After the above capabilities are available, the starting process of the server is as follows: the peripheral board cards such as the BMC, the south bridge chip, the network card, the Raid card and the FC card are powered on first, and the CPU is not powered on, so that the BIOS is not started.
In step S312, the boot program is loaded.
Then, after the server power is powered on, the BMC processor chip may load a boot program (e.g., uboot) from the ROM, completing the minimum boot environment initialization.
In step S313, the firmware verification program is loaded, and the baseboard management controller core firmware program, the baseboard management controller function package, and the certificates/hashes of the bios and the board device are verified according to the baseboard management controller firmware certificate public key/hash.
And then, loading a firmware verification program and a BMC firmware certificate public key/HASH in the minimum starting environment, and verifying whether the BMC core firmware program, the additional function module and other firmware certificates/HASH of the server platform conform to the preset certificate/HASH in the ROM.
In step S314, if the certificate/hash of the bmc core firmware program, the bmc function package, and the bios and board device passes verification, the bmc core firmware program and the bmc function package are loaded.
The trusted boot process of the BMC is illustrated by the example of fig. 5.
FIG. 5 schematically illustrates a trusted boot process of a BMC according to an embodiment of the disclosure.
As shown in fig. 5, the BMC firmware package may be split into two parts, a) a BMC firmware certificate public key/HASH, a firmware verification program, and a minimal boot program, which may be stored in a Read Only Memory (ROM) as a full server initial core root of trust; b) the BMC core firmware program, the BMC function package and the other platform firmware certificate/HASH can be stored in a readable and writable Flash memory chip, such as an SPI Flash chip, wherein the BMC core firmware program, the BMC function package and the other platform firmware certificate can be respectively signed by a certificate private key. The other firmware certificate/HASH of the platform includes a certificate or HASH preset in the BMC by the firmware of the BIOS and the board card device that need to be verified on the server.
When the BMC is powered on, the minimized boot program is read from the ROM to run, then the firmware verification program in the ROM is run, the BMC firmware certificate public key/HASH in the ROM is loaded, and then the legality of the signature of the BMC core firmware program, the additional function module and other platform firmware certificates/HASH in the SPI Flash is verified respectively. If the BMC core firmware program, the additional function module and other platform firmware certificates/HASH pass the verification, the BMC meets the safe and trusted starting condition, and the BMC core firmware program and the additional function module are continuously loaded to finish the BMC starting process.
According to the firmware security detection method for the electronic device, security verification is respectively performed on the BMC core firmware program, the BMC functional package and other platform firmware certificates/HASH in the BMC power-on starting process, so that a trusted execution environment of a system platform can be established.
Fig. 6 schematically shows a flowchart of a firmware security detection method of an electronic device according to yet another embodiment of the present disclosure. As shown in fig. 6, compared with the above embodiments, the method provided by the embodiment of the present disclosure may further include the following steps.
In step S610, if the certificate/hash of the bmc core firmware program, the bmc function package, and the bios and board devices fails, the start of the bmc is terminated.
In step S620, first warning information is generated and transmitted.
In the embodiment of the present disclosure, if the BMC core firmware program, the additional function module, and the other platform firmware certificate/HASH cannot pass the verification, which indicates that there is a storage media fault, or the storage content is modified unexpectedly, and the BMC firmware image file is not authentic, the BMC start process is terminated, and an error state may be alerted through an LED (Light Emitting Diode) panel and/or a buzzer of the server, and the present disclosure does not limit the alert form.
Fig. 7 is a schematic diagram illustrating a processing procedure of step S330 shown in fig. 3 in an embodiment. As shown in fig. 7, the step S330 in the embodiment of the present disclosure may further include the following steps.
In step S331, the bmc sends a first control command to the first multiplexer through the first bus.
For example, the first bus may be an SPI bus, and a format of the first control command conforms to an SPI protocol, but the present disclosure is not limited thereto, and when a type of the first bus is changed, the format of the first control command is changed accordingly. The first control instruction is used for acquiring a firmware image file of the BIOS. The first multiplexer may be a first MUX (multiplexer).
In step S332, the first multiplexer reads the firmware image file of the bios through the first bus according to the first control instruction, and returns the firmware image file to the bmc, where the firmware image file of the bios is stored in a first memory chip based on a first bus protocol.
For example, the firmware image file of the BIOS may be stored in a flash memory chip based on the SPI protocol, but the present disclosure is not limited thereto.
In step S333, the baseboard management controller verifies the validity of the firmware of the bios according to the firmware image file of the bios and the certificate/hash of the bios.
According to the firmware security detection method for the electronic device provided by the embodiment of the disclosure, the BMC is connected to the first storage chip storing the firmware image file of the BIOS through the dedicated physical bus (for example, SPI bus), the BIOS firmware image file in the first storage chip can be directly read, and the security of the bottom layer of the computer system can be further improved without the aid of a shared physical bus (for example, PCIE bus).
Fig. 8 schematically shows a flowchart of a firmware security detection method of an electronic device according to still another embodiment of the present disclosure. As shown in fig. 8, compared with the other embodiments described above, the method provided by the embodiment of the present disclosure may further include the following steps.
In step S810, if the firmware of the bios passes verification, the bios is started.
In step S820, if the firmware of the bios is not verified, the bios is prohibited from being started, and second warning information is generated and sent.
The BMC and BIOS are the most important basic firmware in the server. However, in the application process, the BMC firmware may be tampered and integrity-damaged, and cannot guarantee security and credibility. In recent years, the BIOS has become a main target of some attacks such as viruses and trojans, once the BIOS is maliciously controlled, hardware, a file system, an operating system and specific software can be tampered and damaged, so the trojans in the firmware layer have extremely strong attack capability and are more difficult to find and clear. According to the method provided by the embodiment of the disclosure, the BMC is adopted to complete the trusted starting control of the server. Before the server is powered on and started, integrity measurement is firstly carried out on BMC and BIOS firmware, the firmware is ensured not to be maliciously tampered, and the server can be powered on and started only after the BMC and the BIOS pass integrity detection, so that a complete trust chain is constructed, and the trust of a system platform execution environment is ensured.
Fig. 9 is a schematic diagram illustrating a processing procedure of step S340 illustrated in fig. 3 in an embodiment. As shown in fig. 9, in the embodiment of the present disclosure, the step S340 may further include the following steps.
In step S341, the baseboard management controller polls the target board card devices one by one, and verifies whether the firmware of the target board card devices conforms to the certificate/hash of the board card devices.
The Polling (Polling) is a way for the CPU to decide how to provide services for the peripheral devices, also called "Programmed input/output" (Programmed I/O), and the CPU periodically issues an inquiry to sequentially inquire whether each peripheral device needs its services, if so, the peripheral device gives the services, and asks the next peripheral device after the services are finished, and then repeats the process continuously.
In step S342, if the firmware of the target card device is not verified, the target card device that is not verified is recorded as a non-secure device.
In step S343, the non-secure device is automatically processed.
In an exemplary embodiment, the automated processing of the non-secure device may include: executing the initialization process of the basic input and output system, and starting an operating system of the electronic equipment; or shielding or powering off the non-safety equipment, generating third alarm information, executing the initialization process of the basic input and output system, and starting an operating system of the electronic equipment; or generating third alarm information, executing the initialization process of the basic input and output system, and starting the operating system of the electronic equipment; or forbidding the initialization process of the basic input and output system and the startup of the operating system of the electronic equipment.
For example, when the firmware image which is not in accordance with the expectation is detected, the CPLD interface may be called to perform power-off processing on the hardware board device corresponding to the firmware, so that the operating system cannot sense the existence of the hardware board device when being started.
Taking MegaRac SP-X as an example, the reliability of firmware and a starting process of the BMC can be realized by matching and transforming hardware of the server BMC, and a credible root for platform hardware security detection is established. After the server is powered on, firstly, the BMC is subjected to a trusted starting process, meanwhile, the south bridge chip is powered on and initialized, and the BIOS and the CPU are delayed to be powered on and started. After the BMC finishes the starting process, enumerating all the self-contained or peripheral hardware board card devices of the current server through a south bridge chip or other special external buses, and confirming the target board card devices with firmware needing to be verified. After obtaining the device list to be verified, the BMC polls each target board card device one by one, verifies whether the firmware of the target board card device accords with a certificate or HASH preset in the BMC trusted storage, and records the verification result. When the BMC verifies that the results are not matched, the results are recorded into a safety event log or synchronized to a preset log server. Meanwhile, the board card equipment which does not pass the safety verification can select different automatic disposal modes, for example, the board card equipment which does not pass the safety verification is not disposed, the BIOS initialization process is executed, and the operating system is started; or, shielding or powering off the card device which fails to pass the verification, wherein the card device cannot be found by the BIOS and the operating system, and executing the BIOS initialization process to start the operating system; or triggering the firmware backup mechanism (if any) of the card device which fails to pass the verification, and verifying the card device again; or, the card device which is not verified is not treated, and the BIOS initialization and the operating system start are forbidden.
In the embodiment of the disclosure, the motherboard BIOS exists in the SPI Flash memory directly connected to the south bridge chip, so that the south bridge chip needs to be powered on when the motherboard BIOS firmware needs to be detected. In addition, if the shared PCIE bus is required to read the firmware of other boards, the south bridge chip also needs to be powered on to initialize the PCIE bus.
According to the firmware safety detection method for the electronic equipment, aiming at the electronic equipment with complex peripheral hardware ecology, after the BMC is established as a trusted root, the firmware verification of all hardware peripheral equipment of the subsequent electronic equipment is initiated and executed by the BMC, the state confirmation of the peripheral firmware is completed before the BIOS and the operating system are started, the detection result is submitted, the flat verification of a trusted chain is realized, and unsafe peripheral equipment is automatically handled, and the multilayer transmission of the trusted chain is not needed in the related technology, so that the definition and the program realization of the trusted chain are not needed to depend on the mutual cooperation of a plurality of different suppliers, the safety of a server serving as a basic operation hardware platform can be guaranteed, and the back door implantation of the peripheral hardware of the server can be effectively resisted.
Fig. 10 is a schematic diagram illustrating a processing procedure of step S341 shown in fig. 9 in an embodiment. In an embodiment of the present disclosure, the target board card device may include a first board card device. For example, if the electronic device is a server platform, the first board card device may include an FC card, but the disclosure is not limited thereto.
As shown in fig. 10, in the embodiment of the present disclosure, the step S341 may further include the following steps.
In step S3411, the bmc sends a second control command to the first multiplexer through the first bus.
For example, when the first bus is an SPI bus, the format of the second control command conforms to an SPI protocol, but the present disclosure is not limited thereto, and when the type of the first bus is changed, the format of the second control command is changed accordingly. The second control instruction is used for acquiring a firmware image file of the first board card device, such as an FC card.
In step S3412, the first multiplexer reads the firmware image file of the first board device through the first bus according to the second control instruction, and returns the firmware image file to the baseboard management controller, where the firmware image file of the first board device is stored in the second storage chip based on the first bus protocol.
In step S3413, the baseboard management controller verifies the validity of the firmware of the first board device according to the firmware image file of the first board device and the certificate/hash of the board device.
According to the firmware safety detection method for the electronic device, the BMC is connected with the second storage chip, in which the firmware image file of the first board card device is stored, through the first bus, the BMC directly reads the firmware image file of the first board card device to verify the firmware of the first board card device, and therefore the most critical original firmware started by the operating system of the first board card device can be verified, and the first board card device can also be verified to be a function package program for realizing high-level functions. Meanwhile, through a special physical bus such as an SPI bus, firmware verification can be achieved without the aid of a shared physical bus, and firmware verification can be achieved for non-PCIE bus peripheral equipment.
Fig. 11 is a schematic diagram illustrating a processing procedure of step S341 illustrated in fig. 9 in another embodiment. In the embodiment of the present disclosure, the target board card device may further include a second board card device. For example, the second board card device may be any one of a Raid card or a network card.
As shown in fig. 11, in the embodiment of the present disclosure, the step S341 may further include the following steps.
In step S3414, the bmc sends a third control command to the first multiplexer through the first bus.
For example, when the first bus is an SPI bus, the format of the third control command conforms to an SPI protocol, but the present disclosure is not limited thereto, and when the type of the first bus is changed, the format of the third control command is changed accordingly. The third control instruction is used for acquiring a firmware image file of the second board card device, such as a Raid card or a network card.
In step S3415, the first multiplexer sends the third control instruction to the second bus-to-first bus protocol translator through the first bus.
For example, the second bus-to-first bus protocol translator may use LPC2SPI, which may actually be selected according to a firmware flash chip/controller protocol, such as IIC, etc., are all possible.
In step S3416, the second bus-to-first bus protocol translator sends the third control instruction to a second multiplexer.
In step S3417, the second multiplexer reads the firmware image file of the second board device through the second bus according to the third control instruction, and returns the firmware image file to the baseboard management controller, where the firmware image file of the second board device is stored in a third memory chip based on a second bus protocol.
For example, the second bus may be an LPC (Low pin count) bus, but the present disclosure is not limited thereto.
In step S3418, the baseboard management controller verifies the validity of the firmware of the second board device according to the firmware image file of the second board device and the certificate/hash of the board device.
According to the firmware safety detection method for the electronic device, the connection between the BMC and the third storage chip, which stores the firmware image file of the second board card device, is realized through the first bus, the second bus, the multiplexer and the second bus to the first bus protocol translator, the BMC directly reads the firmware image file of the second board card device to verify the firmware of the second board card device, the most critical original firmware started by the operating system of the second board card device can be verified, and the second board card device can also be verified to be a function package program for realizing high-level functions. Meanwhile, the firmware verification can be realized through a special physical bus such as an SPI bus and an LPC bus without a shared physical bus, namely the firmware verification can be realized for non-PCIE bus peripheral equipment.
The following takes flash memories under the SPI protocol and the LPC protocol as examples, and shows a connection mode of the embodiment of the present disclosure to flash memory chips under the SPI protocol and the non-SPI protocol, and the embodiment is not limited to flash memories under the SPI protocol and the LPC protocol in practical application.
It should be noted that the scheme provided by the embodiment of the present disclosure may detect the firmware of any peripheral of the bus, and the principle is to establish a physical connection directly with the firmware memory chip of the board device, where the firmware memory chip may be an SPI or LPC protocol, and fig. 12 illustrates these two protocols, but is not limited to these two protocols.
FIG. 12 schematically illustrates a connection of a BMC to platform firmware according to an embodiment of the disclosure. In the embodiment of the disclosure, the BMC directly reads the image file in the flash memory of the board firmware by establishing a new bus for verification.
As shown in fig. 12, the BMC is connected to the first MUX through one SPI bus, and the first MUX is connected to the BIOS flash memory (flash chip storing the firmware image file of the BIOS) and the FC card flash memory (flash chip storing the firmware image file of the FC card) through two SPI buses, respectively. The first MUX is further connected to an LPC2SPI (protocol translator from an LPC protocol to an SPI protocol) through another SPI bus, the LPC2SPI is connected to the second MUX through one LPC bus, and the second MUX is respectively connected to a Raid card flash memory (a flash memory chip for storing a firmware image file of a Raid card) and a network card flash memory (a flash memory chip for storing a firmware image file of a network card) through two LPC buses.
In the embodiment of the disclosure, after the trusted BMC is started, the BMC serves as a trusted root, initiates a subsequent server platform firmware verification process, and completes firmware security state detection of the entire platform. The detection mode is that the combination of the multi-path selector and the protocol translator enables the BMC to use a single SPI controller (not limited to the SPI, but also other bus forms, the SPI is used here because a plurality of SPI controller interfaces exist in the BMC default public version design and are most widely used, and the firmware flash memory chip is also most widely used by the SPI protocol) to poll the board cards accessed to the server hardware platform, directly read firmware image files in the board cards and detect the validity of the firmware one by one.
For example, the BMC first reads the BIOS firmware image file from the BIOS Flash memory through the first MUX, and compares the image file with the certificate/HASH (in other firmware certificates of the platform) of the BIOS firmware pre-stored in the SPI Flash of the BMC to see whether the image file is consistent, if so, the BIOS firmware verification is passed, and if not, the BIOS firmware verification is not passed; then, the BMC reads the network card firmware image file from the network card Flash memory through the second MUX, compares the image file with a certificate/HASH (in other firmware certificates of the platform) of the network card firmware prestored in the SPI Flash of the BMC to see whether the image file is consistent with the certificate/HASH, if so, the network card firmware is verified to be passed, and if not, the network card firmware is verified to be not passed; then, reading a Raid card firmware image file from a Raid card Flash memory through a second MUX, comparing the image file with a certificate/HASH (in other firmware certificates of the platform) of the Raid card firmware prestored in an SPI Flash of the BMC to see whether the image file is consistent with the certificate/HASH, if so, passing the Raid card firmware verification, and if not, failing to pass the Raid card firmware verification; and finally, reading the image file of the FC card firmware from the FC card Flash memory through a first MUX, comparing the image file with a certificate/HASH (in other firmware certificates of the platform) of the FC card firmware prestored in the SPI Flash of the BMC to see whether the image file is consistent or not, if so, passing the verification of the FC card firmware, and if not, failing to pass the verification of the FC card firmware.
In the embodiment of the disclosure, one record is dedicated to the firmware detection result of each hardware on the electronic device, and the condition of sharing a register does not exist, so that which board card device has a safety problem can be intuitively reflected.
The scheme provided by the embodiment of the disclosure can be applied to the scenes of the automatic teller machines, for example, the automatic teller machines which are not attended by people are regularly subjected to security inspection, and the condition that the firmware such as the currency detection module and the camera module is not tampered is ensured. The main stream of the automatic teller machine is configured as an x86 server, and the scheme can be directly reused. However, the scheme provided by the embodiment of the present disclosure is not limited to the x86 server, and may also be applied to servers with architectures such as an ARM (Reduced Instruction Set computer ) Machines (RISC microprocessors), an MIPS (Microprocessor with interlocked pipeline architecture, without an internal interlocked pipeline stage), and the like, and as long as there is a BMC, the scheme may be implemented by small-scale modification. If the server is changed into other servers, the BMC is required to be firstly provided, the power-on sequence transformation is required to be carried out, and finally the hardware bus protocol adaptation is required to be carried out.
The embodiment of fig. 12 is a schematic diagram of the BMC sequentially polling other firmware of the platform by using a dedicated physical bus. However, in other embodiments, the BMC may also share the PCIE bus, and use an MCTP (Management component transport Protocol) Protocol to access the firmware storage chip to implement the corresponding function, but the shared PCIE bus needs to rely on the PCIE bridge device and may be spoofed by the PCIE bridge device.
In other embodiments, if the electronic device is a network device, the trusted boot of the BMC may be performed first; and then the firmware of various IPS, IDS, firewall and antivirus module cards installed on network equipment such as a router, a switch and the like is polled and verified in sequence through the BMC. It can be understood that the scheme of the embodiment of the present disclosure may be applicable to any electronic device having a BMC, and when the electronic device is changed, the corresponding board card device may also be adaptively changed.
In an exemplary embodiment, the method may further include: if the firmware of the basic input and output system and the firmware of the target board card device are verified to be passed, executing an initialization process of the basic input and output system, and starting an operating system of the electronic device; and in the running process of the operating system, detecting the legality of the firmware of the target board card equipment by using the baseboard management controller again.
In an exemplary embodiment, the method may further include: and if the target board card equipment does not pass the verification again, triggering a hot plug event of a bus where the target board card equipment is located.
In the embodiment of the present disclosure, the security detection process may be triggered after the operating system is started, and the action of reporting the insecure detection result is consistent with the above embodiment. However, at this time, since the board device has already been initialized by the operating system, the board device that fails the security verification cannot be directly shielded or powered off, and the handling action may be: no treatment is done; or triggering a hot plug event of the hardware bus where the card device which fails to pass the security verification is located (if the hardware bus supports the event). That is, the board card device which fails to detect is pulled out from the bus.
The method provided by the embodiment of the disclosure is not limited to initiating the detection before the operating system is started, and a real-time detection process can also be initiated in the operating process of the operating system, and when the non-safety device is detected, the server can be notified to the operation and maintenance related personnel for disposal. When a server administrator finds that the firmware of the server hardware is abnormal safely through a BMC console interface or a log operation and maintenance system, the administrator can choose to ignore the hardware abnormality, continue to load the hardware and start an operating system; or triggering the firmware safety detection again; or the server shuts down and removes the peripheral firmware with security problems.
The firmware safety detection method for the electronic equipment, provided by the embodiment of the disclosure, aims at the problems that the external hardware of the server platform is complex in ecology and the protection means in the related technology is large in limitation, and provides a server platform firmware detection scheme based on a flattened trusted chain. Firstly, security reinforcement is carried out on a BMC of a server to realize establishment of a trusted root, then a trusted verification process is initiated on all peripherals with firmware in the server from the BMC by means of a dedicated or shared physical bus, status confirmation of the peripheral firmware is completed before starting of a BIOS and an operating system, a detection result is submitted, and unsafe peripherals are automatically disposed. Meanwhile, the real-time detection process can also be started in the running process of the operating system. The embodiment of the disclosure provides a feasible server platform firmware safety detection method at any moment, relates to the improvement of server platform hardware and firmware, greatly guarantees the safety of a server as a basic operation hardware platform, and can effectively resist the back door implantation of enemy information institutions and commercial spy on server peripheral hardware.
The following description will take the devices with firmware on the server including BMC, BIOS, network card, Raid card, and FC card as examples.
Fig. 13 schematically shows a flowchart of a firmware security detection method of an electronic device according to still another embodiment of the present disclosure. As shown in fig. 13, the method provided by the embodiment of the present disclosure may include the following steps.
In step S1301, the server powers up.
In step S1302, determining whether the BMC trusted boot fails; if the failure occurs, the process proceeds to step S1403; if the verification is passed, the process goes to step S1404.
In step S1303, the server starts and terminates, and the front panel LED and the buzzer alarm.
In the embodiment of the disclosure, the BMC performs a trusted boot process, and if the trusted boot fails due to a failure, the server boot process is terminated, and an alarm is given through the front panel LED and the buzzer; and if the trusted boot passes, continuing the boot process.
In step S1304, the BMC verifies the firmware of the BIOS, the network card, the Raid card, and the FC card in sequence.
In the embodiment of the disclosure, the BMC sequentially initiates a firmware verification process to additional boards such as a BIOS, a network card, a Raid card, and an FC card, and detects whether a firmware signature certificate or HASH thereof conforms to a preset certificate or HASH of the BMC.
It should be noted that the order of firmware verification of the BIOS, the network card, the Raid card, and the FC card is not limited, and here, the detection itself is a single interface depending on the BMC, so that only one detection can be performed at a time, but the detection order is not concerned. If a plurality of interfaces of the BMC can be adopted for detection, the BIOS, the network card, the Raid card and the FC card can be verified in parallel.
In step S1305, if the BIOS firmware verification fails, the CPU does not power up, prohibits the BIOS from starting, and generates an alarm log.
In the embodiment of the disclosure, if the detection result of the BIOS firmware does not conform to the preset certificate or HASH of the BMC, the CPU is not powered on to start the BIOS, i.e., the BIOS is prohibited from starting, and an alarm log is generated to be processed by an administrator.
In step S1306, if the BIOS firmware verification passes but the network card firmware verification fails, the network card is masked, and an alarm log is generated, no network card exists, the CPU powers on, and the BIOS starts.
In step S1307, if the BIOS firmware verification passes but the Raid card firmware verification fails, the Raid card is shielded, and an alarm log is generated, without the Raid card, the CPU powers up, and the BIOS starts.
In step S1308, if the verification of the BIOS firmware passes but the verification of the FC card firmware fails, the FC card is shielded, and an alarm log is generated, without the FC card, the CPU powers up, and the BIOS starts.
In the embodiment of the disclosure, the BMC firstly verifies the BIOS firmware, if the BIOS firmware is verified, the BMC continues to verify the network card firmware, and if the network card firmware is not verified, a) a predefined handling policy may be selected to shield the network card, generate an alarm, and continue the BIOS startup process; b) the network card is not shielded, an alarm is generated, and the BIOS is continuously started; whether the network card firmware passes the verification or not, the BMC continuously verifies the Raid card firmware in the next step, if the Raid card firmware fails to pass the verification, a) a predefined handling strategy can be selected to shield the Raid card, an alarm is generated, and the BIOS starting process is continued; b) shielding the Raid card, generating an alarm, and continuing the BIOS starting; whether the Raid card firmware passes the verification or not, the BMC may continue to verify the FC card firmware in the next step, and if the FC card firmware fails to pass the verification, a predefined handling policy may be selected, for example, the following 2-type policy: a) shielding the FC card, generating an alarm, and continuing the BIOS starting process; b) and (4) not shielding the FC card, generating an alarm and continuing the BIOS starting.
In step S1309, if the firmware of the BIOS, the network card, the Raid card, and the FC card is verified, the CPU powers up, and the BIOS is normally started.
In the embodiment of the present disclosure, if all platform firmware such as BIOS firmware is not abnormal, the CPU is normally powered on, that is, the BIOS is started until the normal flow of loading the operating system.
Due to the characteristics of high authority and high concealment, the firmware back door of the server platform cannot be directly discovered through traditional safety software. The existing industry security scheme cannot completely cover all components of the external firmware of the server. The embodiment of the disclosure provides a security detection scheme for the server platform firmware based on a flattened trusted chain by establishing a trusted BMC as a security detection main body of the server platform firmware, wherein a trusted starting process of the BMC is a first firmware verification process after a power supply of a server is electrified, and establishment of a trusted root of the flattened trusted chain is determined. After the trusted BMC is started, the BMC serves as a trusted root to initiate a subsequent server platform firmware verification process, and the firmware safety state detection of the whole platform is completed. The method solves the problem of security detection of the firmware of the server platform without interaction, greatly improves the bottom layer security of the computer system, and ensures that sensitive data on the server cannot be threatened by non-traditional means such as a firmware backdoor and the like.
Fig. 14 schematically shows a block diagram of a firmware security detection apparatus of an electronic device according to an embodiment of the present disclosure. In the embodiment of the present disclosure, the electronic device may include a basic input/output system and a substrate management controller, and is installed with a board card device.
As shown in fig. 14, the firmware safety detection apparatus 1400 of the electronic device according to the embodiment of the present disclosure may include: a baseboard management control starting module 1410, a target board device confirming module 1420, a basic system firmware detecting module 1430, and a board device firmware detecting module 1440.
The baseboard management control starting module 1410 may be configured to start the baseboard management controller. The target board card device validation module 1420 may be configured to validate the target board card device whose firmware is to be verified from the board card devices. The bios firmware detection module 1430 may be configured to detect the validity of the bios firmware using the bmc. The board device firmware detection module 1440 may be configured to detect validity of the firmware of the target board device using the baseboard management controller.
In an exemplary embodiment, the firmware of the baseboard management controller can include a boot program, a firmware verification program, and a baseboard management controller firmware certificate public key/hash, as well as a baseboard management controller core firmware program, a baseboard management controller feature pack, and a basic input output system and board device certificate/hash. The baseboard management control starting module 1410 may include: the preferential power-up unit can be configured to power up the substrate management controller and the board card device after the power supply of the electronic device is powered on; a boot program loading unit that may be configured to load the boot program; a firmware verification program loading unit, configured to load the firmware verification program, and verify the baseboard management controller core firmware program, the baseboard management controller function package, and the certificate/hash of the bios and the board device according to the baseboard management controller firmware certificate public key/hash; the baseboard management control trusted boot unit may be configured to load the baseboard management controller core firmware program and the baseboard management controller function package if the baseboard management controller core firmware program, the baseboard management controller function package, and the certificate/hash of the bios and the board device pass verification.
In an exemplary embodiment, the firmware security detection apparatus 1400 of the electronic device may further include: a baseboard management control termination module configured to terminate the starting of the baseboard management controller if the certification/hash verification of the baseboard management controller core firmware program, the baseboard management controller function package, and the bios and board device is not passed; the first alarm module may be configured to generate and transmit first alarm information.
In an exemplary embodiment, the boot program, the firmware verification program, and the baseboard management controller firmware certificate public key/hash may be stored in a first memory; the baseboard management controller core firmware program, the baseboard management controller function package and the certificate/hash of the basic input/output system and the board card device can be stored in a second memory; the baseboard management controller core firmware program, the baseboard management controller function package, and the certificates/hashes of the bios and the board card device may be signed by baseboard management controller certificate private keys, respectively.
In an exemplary embodiment, the basic system firmware detection module may include: a first instruction sending unit, which may be configured to send a first control instruction to a first multiplexer through a first bus by the baseboard management controller; a first firmware image file reading unit, configured to read, by the first multiplexer according to the first control instruction, a firmware image file of the bios through the first bus and return the firmware image file to the bmc, where the firmware image file of the bios is stored in a first storage chip based on a first bus protocol; the first firmware verification unit may be configured to verify, by the baseboard management controller, validity of the firmware of the bios according to the firmware image file of the bios and the certificate/hash of the bios.
In an exemplary embodiment, the firmware security detection apparatus 1400 of the electronic device may further include: a bios starting module configured to start the bios if the firmware of the bios passes verification; the basic input output system forbidding module can be configured to forbid the basic input output system from starting and generate and send second alarm information if the firmware of the basic input output system is not verified.
In an exemplary embodiment, the board device firmware detection module may include: the board card firmware verification unit may be configured to poll the target board card device one by one through the baseboard management controller, and verify whether the firmware of the target board card device conforms to the certificate/hash of the board card device; a non-secure device recording unit, which may be configured to record, if the firmware of the target board card device is not verified, the target board card device that is not verified as a non-secure device; an automated processing unit may be configured to automate processing of the non-safety device.
In an exemplary embodiment, the target board device may include a first board device. The board firmware verification unit may include: a second instruction transmitting subunit, which may be configured to transmit a second control instruction to the first multiplexer through the first bus by the baseboard management controller; a first firmware image file reading subunit, configured to read, by the first multiplexer according to the second control instruction, a firmware image file of the first board card device through the first bus, and return the firmware image file to the baseboard management controller, where the firmware image file of the first board card device is stored in a second storage chip based on a first bus protocol; the first firmware verification subunit may be configured to verify, by the baseboard management controller, validity of the firmware of the first board card device according to the firmware image file of the first board card device and the certificate/hash of the board card device.
In an exemplary embodiment, the target board card device further includes a second board card device. The board firmware verification unit may further include: a third instruction transmitting subunit that can be configured to transmit, by the baseboard management controller, a third control instruction to the first multiplexer through the first bus; a third instruction forwarding subunit configurable to send the third control instruction to the second bus-to-first bus protocol translator through the first bus by the first multiplexer; a third instruction translation subunit configurable to send the third control instruction to a second multiplexer by the second bus-to-first bus protocol translator; a second firmware image reading subunit, configured to read, by the second multiplexer according to the third control instruction, a firmware image of the second board device through a second bus and return the firmware image to the baseboard management controller, where the firmware image of the second board device is stored in a third storage chip based on a second bus protocol; the second firmware verification subunit may be configured to verify, by the baseboard management controller, validity of the firmware of the second board card device according to the firmware image file of the second board card device and the certificate/hash of the board card device.
In an exemplary embodiment, the automated processing unit may include: a first execution subunit, a second execution subunit, a third execution subunit, or a fourth execution subunit. The first execution subunit may be configured to execute the bios initialization process to start an operating system of the electronic device. The second execution subunit may be configured to shield or power off the non-secure device, generate third warning information, execute the bios initialization process, and start an operating system of the electronic device. The third execution subunit may be configured to generate third warning information, execute the bios initialization process, and start an operating system of the electronic device. The fourth execution subunit may be configured to prohibit the bios initialization process and the operating system boot of the electronic device.
In an exemplary embodiment, the firmware security detection apparatus 1400 of the electronic device may further include: the normal starting module can be configured to execute the initialization process of the basic input and output system and start the operating system of the electronic device if the firmware of the basic input and output system and the firmware of the target board card device are verified; the real-time detection module may be configured to detect validity of the firmware of the target board card device by using the baseboard management controller again in an operation process of the operating system.
In an exemplary embodiment, the firmware security detection apparatus 1400 of the electronic device may further include: the hot plug module may be configured to trigger a hot plug event of the bus where the target board card device is located if the target board card device fails to be verified again.
The specific implementation of each module, unit and subunit in the firmware safety detection apparatus for an electronic device provided in the embodiment of the present disclosure may refer to the content in the firmware safety detection method for an electronic device, and is not described herein again.
It should be noted that although several modules, units and sub-units of the apparatus for action execution are mentioned in the above detailed description, such division is not mandatory. Indeed, the features and functionality of two or more modules, units and sub-units described above may be embodied in one module, unit and sub-unit, in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module, unit and sub-unit described above may be further divided into embodiments by a plurality of modules, units and sub-units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (15)

1. The firmware safety detection method of the electronic equipment is characterized in that the electronic equipment comprises a basic input and output system and a substrate management controller and is provided with a board card device; wherein the method comprises the following steps:
starting the baseboard management controller;
confirming target board card equipment of which the firmware is to be verified from the board card equipment;
detecting the validity of the firmware of the basic input output system by using the baseboard management controller;
and detecting the legality of the firmware of the target board card equipment by using the baseboard management controller.
2. The method of claim 1, wherein the baseboard management controller firmware comprises a boot program, a firmware verification program, a baseboard management controller firmware certificate public key/hash, a baseboard management controller core firmware program, a baseboard management controller feature pack, and a basic input output system and board device certificate/hash; wherein starting the baseboard management controller comprises:
after the power supply of the electronic equipment is electrified, powering up the substrate management controller and the board card equipment;
loading the starting program;
loading the firmware verification program, and verifying the baseboard management controller core firmware program, the baseboard management controller function package and the certificates/hashes of the basic input/output system and the board card equipment according to the baseboard management controller firmware certificate public key/hash;
and if the certificate/hash verification of the baseboard management controller core firmware program, the baseboard management controller function package and the BIOS and board card equipment passes, loading the baseboard management controller core firmware program and the baseboard management controller function package.
3. The method of claim 2, further comprising:
if the certificate/hash verification of the baseboard management controller core firmware program, the baseboard management controller function package and the basic input/output system and board card equipment is not passed, terminating the starting of the baseboard management controller;
and generating and sending first alarm information.
4. The method of claim 2, wherein the boot program, the firmware verification program, and the baseboard management controller firmware certificate public key/hash are stored in a first memory; the baseboard management controller core firmware program, the baseboard management controller function package and the certificate/hash of the basic input/output system and the board card equipment are stored in a second memory; and respectively signing the certificate/hash of the baseboard management controller core firmware program, the baseboard management controller function package and the basic input/output system and the board card equipment by adopting a baseboard management controller certificate private key.
5. The method of any of claims 2 to 4, wherein detecting the validity of the firmware of the BIOS using the baseboard management controller comprises:
the baseboard management controller sends a first control instruction to the first multiplexer through the first bus;
the first multiplexer reads the firmware image file of the basic input and output system through the first bus according to the first control instruction and returns the firmware image file to the baseboard management controller, wherein the firmware image file of the basic input and output system is stored in a first storage chip based on a first bus protocol;
and the baseboard management controller verifies the validity of the firmware of the basic input and output system according to the firmware image file of the basic input and output system and the certificate/hash of the basic input and output system.
6. The method of claim 5, further comprising:
if the firmware of the basic input and output system passes verification, starting the basic input and output system;
and if the firmware of the basic input and output system is not verified, forbidding the basic input and output system to start, and generating and sending second alarm information.
7. The method of any of claims 2 to 4, wherein detecting the validity of the firmware of the target board card device with the baseboard management controller comprises:
polling the target board card equipment one by one through the baseboard management controller, and verifying whether the firmware of the target board card equipment conforms to the certificate/hash of the board card equipment;
if the firmware of the target board card equipment is not verified, recording the target board card equipment which is not verified as non-safety equipment;
and carrying out automatic processing on the non-safety equipment.
8. The method of claim 7, wherein the target board card device comprises a first board card device; wherein, through the baseboard management controller polls each target board card equipment one by one, verify whether its firmware accords with the certificate/hash of board card equipment, include:
the baseboard management controller sends a second control instruction to the first multiplexer through the first bus;
the first multiplexer reads the firmware image file of the first board card equipment through the first bus according to the second control instruction and returns the firmware image file to the baseboard management controller, wherein the firmware image file of the first board card equipment is stored in a second storage chip based on a first bus protocol;
and the baseboard management controller verifies the validity of the firmware of the first board card device according to the firmware image file of the first board card device and the certificate/hash of the board card device.
9. The method of claim 8, wherein the target board card device further comprises a second board card device; wherein, through each target board card equipment of baseboard management controller polling one by one, verify whether its firmware accords with the certificate/hash of board card equipment, still include:
the baseboard management controller sends a third control instruction to the first multiplexer through the first bus;
the first multiplexer sends the third control instruction to the second bus to the first bus protocol translator through the first bus;
the second bus-to-first bus protocol translator sends the third control instruction to a second multiplexer;
the second multiplexer reads the firmware image file of the second board card device through a second bus according to the third control instruction and returns the firmware image file to the baseboard management controller, wherein the firmware image file of the second board card device is stored in a third storage chip based on a second bus protocol;
and the baseboard management controller verifies the validity of the firmware of the second board card device according to the firmware image file of the second board card device and the certificate/hash of the board card device.
10. The method of claim 7, wherein automating the non-secure device comprises:
executing the initialization process of the basic input and output system, and starting an operating system of the electronic equipment; or
Shielding or powering off the non-safety equipment, generating third alarm information, executing the initialization process of the basic input and output system, and starting an operating system of the electronic equipment; or
Generating third alarm information, executing the initialization process of the basic input and output system, and starting an operating system of the electronic equipment; or
And forbidding the initialization process of the basic input and output system and the startup of the operating system of the electronic equipment.
11. The method of claim 1, further comprising:
if the firmware of the basic input and output system and the firmware of the target board card device are verified to be passed, executing an initialization process of the basic input and output system, and starting an operating system of the electronic device;
and in the running process of the operating system, detecting the legality of the firmware of the target board card equipment by using the baseboard management controller again.
12. The method of claim 11, further comprising:
and if the target board card equipment does not pass the verification again, triggering a hot plug event of a bus where the target board card equipment is located.
13. A firmware safety detection device of electronic equipment is characterized in that the electronic equipment comprises a basic input and output system and a substrate management controller and is provided with a board card device; the device comprises:
a baseboard management control starting module configured to start the baseboard management controller;
the target board card equipment confirmation module is configured to confirm target board card equipment of which the firmware is to be verified from the board card equipment;
a basic system firmware detection module configured to detect validity of firmware of the basic input output system using the baseboard management controller;
and the board card equipment firmware detection module is configured to detect the legality of the firmware of the target board card equipment by using the baseboard management controller.
14. An electronic device, comprising:
one or more processors;
a storage configured to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the firmware security detection method of the electronic device of any of claims 1 to 12.
15. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements the firmware security detection method of an electronic device according to any one of claims 1 to 12.
HK42020012540.9A 2020-07-27 Method and related device for firmware safety detection for electronic device HK40022245B (en)

Publications (2)

Publication Number Publication Date
HK40022245A true HK40022245A (en) 2020-11-13
HK40022245B HK40022245B (en) 2023-04-21

Family

ID=

Similar Documents

Publication Publication Date Title
CN111008379B (en) Firmware safety detection method of electronic equipment and related equipment
EP3877883B1 (en) Secure verification of firmware
US10169589B2 (en) Securely booting a computer from a user trusted device
CN100339782C (en) Method and system for encapsulating functions of TCPA trusted platform module
EP3582129B1 (en) Technologies for secure hardware and software attestation for trusted i/o
US9455955B2 (en) Customizable storage controller with integrated F+ storage firewall protection
US11206141B2 (en) Merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates
US10083045B2 (en) Booting computer from user trusted device with an operating system loader stored thereon
CN103119560A (en) Demand based usb proxy for data stores in service processor complex
US20230342472A1 (en) Computer System, Trusted Function Component, and Running Method
US20210243030A1 (en) Systems And Methods To Cryptographically Verify An Identity Of An Information Handling System
US12210659B2 (en) Real-time management of delta inventory certificates for component validation using eventing and cloud infrastructures
JP2010182196A (en) Information processing apparatus and file verification system
CN112955888A (en) Protecting a group of nodes
US11675908B2 (en) Unattended deployment of information handling systems
WO2025139716A1 (en) Firmware execution method, device and system, storage medium, and electronic device
US20230342467A1 (en) Storage identity validation for a supply chain
HK40022245A (en) Method and related device for firmware safety detection for electronic device
HK40022245B (en) Method and related device for firmware safety detection for electronic device
US10003463B2 (en) Systems and methods for revoking and replacing signing keys
Cutler et al. Trusted disk loading in the Emulab network testbed
US20250247212A1 (en) Secure migration of delta inventory across control planes
US20240430082A1 (en) Systems and methods for validating the authenticity of devices used in information handling systems
US20240171392A1 (en) Systems and methods for digital retirement of information handling systems
US20240281515A1 (en) Context information management system and method for spdm-enabled devices