Supercharge Your Innovation With Domain-Expert AI Agents!

Trusted BMC (Baseboard Management Controller)-based server safe-starting method

A server security and server technology, applied in the field of server security startup based on trusted BMC, can solve problems such as inability to guarantee BMC security interface call capability, high system overhead, lack of security function support, etc.

Inactive Publication Date: 2017-12-22
中电科技(北京)股份有限公司
View PDF0 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

(3) The integrity measurement module is only deployed in the boot program of the BMC, ignoring the protection of the boot program itself, and there are still potential security risks
(4) The BMC is regarded as an embedded system, and a relatively complex software stack is deployed in the boot program and system layer. The system complexity is too high and the system overhead is too large
(5) The trusted cryptographic module deployed on the motherboard cannot be invoked by the BMC firmware, and lacks support for security functions such as trusted measurement and encryption for the BMC
It can be seen that due to the different interfaces of trusted cryptographic modules on the motherboard, it is impossible to guarantee that the BMC can have the ability to call secure interfaces for different types of trusted cryptographic modules.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trusted BMC (Baseboard Management Controller)-based server safe-starting method
  • Trusted BMC (Baseboard Management Controller)-based server safe-starting method
  • Trusted BMC (Baseboard Management Controller)-based server safe-starting method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The trusted BMC-based server secure startup method will be further described in detail below with reference to the implementation manner and the accompanying drawings.

[0035] see figure 1 , a trusted BMC-based server secure startup method of an embodiment, comprising steps:

[0036] S110. After the server is powered on, measure the reliability of the CPLD. If the CPLD is correct, proceed to the next step; otherwise, restore the CPLD.

[0037] see figure 2 and 3 , in one embodiment, the trusted cryptographic module is used to measure the integrity of the code in the CPLD to determine whether the CPLD is correct, and the CPLD measurement result is stored in the trusted cryptographic module. If the CPLD is correct, go to step S120, otherwise restore the CPLD.

[0038] Specifically, the trusted cryptographic module includes TPM, TCM, TPCM and other software / hardware modules with trusted computing functions. The module can complete trusted computing tasks in at least...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for securely starting a server based on a trusted BMC, comprising: after the server is powered on, the CPLD is trusted to measure, if the CPLD is correct, then enter the next step, otherwise the CPLD is restored; after confirming that the CPLD is correct, Power on the BMC, and measure the reliability of the BMC boot program. If the boot program is correct, go to the next step, otherwise restore the BMC boot program; after confirming that the BMC boot program is correct, image the BMC operating system Perform credible measurement, if the operating system image of the BMC is correct, start the internal operating system of the BMC; after the BMC runs normally, perform credible measurement on the BIOS, if the BIOS is correct, enter the next step, otherwise restore the BIOS; Perform trust measurement on the server; conduct trust measurement on the core software, establish a chain of trust after confirmation, and complete the server security startup. The above trusted BMC-based server secure startup method can improve security performance.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method for safely starting a server based on a trusted BMC. Background technique [0002] There is a dedicated programmable logic device (Complex Programmable Logic Device, CPLD for short) in the server, which is used to control the power-on sequence of the server. The Basic Input / Output System (BIOS) is used to initialize hardware, manage hardware resources, shield platform features, and boot the operating system. It is a bridge connecting basic computer hardware and system software. BIOS also has the ability to access and control computer hardware, once it is damaged or tampered with, it will bring great security threats. Normally, in the power-on sequence of CPLD, the BMC is started first, and after the BMC runs normally, the BIOS is powered on to complete the operating system startup. If the firmware of the CPLD is damaged or rewritten, the BMC can be bypassed a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/64G06F9/44G06F21/56
CPCG06F21/64G06F9/4401G06F21/563
Inventor 陈小春孙亮钟阳张超朱立森
Owner 中电科技(北京)股份有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com