A trusted startup method, device, electronic equipment and readable storage medium

A credible and block-storage technology, applied in secure communication devices, program control devices, computer security devices, etc., can solve problems such as not satisfying the reliability of equipment security, and achieve the effect of starting security

Active Publication Date: 2022-06-07
INSPUR SUZHOU INTELLIGENT TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] At present, there is no implementation scheme that meets the security and reliability requirements of such devices

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A trusted startup method, device, electronic equipment and readable storage medium
  • A trusted startup method, device, electronic equipment and readable storage medium
  • A trusted startup method, device, electronic equipment and readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0084] See figure 1 , figure 1 A flow chart of a trusted startup method provided in an embodiment of the present application includes the following steps:

[0085] S101: Extract the first key from IE FUSE;

[0086] Among them, IE FUSE only supports one-time data writing, the first key is generated based on the IE startup parameters stored in the original IE FW, IE FW supports multiple data writing, IE FUSE and IE FW are different on the same Flash. Data storage block.

[0087] Since the IE FUSE only supports one-time data writing, the first key cannot be changed after being written into the IE FUSE. This application uses this specific second key in the IE FW that actually stores the IE startup parameters. Consistency comparison is performed to determine whether the data stored in the IE FW has been tampered with.

[0088] S102: extract a first signature from the IE FW, and generate a second key according to the first signature;

[0089] The second key is generated based o...

Embodiment 2

[0101] The above-mentioned embodiment provides a scheme of how to verify whether the current IE startup parameters are credible. According to the description of the IE application mode of the background technology of the present application, it can be seen that: IE, as a simplified BMC, is integrated with BIOS in a Flash, based on the characteristics of IE, In the complete startup process of the device, IE will start before the BIOS, that is, after the IE starts, it will transfer the control to the BIOS, and the BIOS will control the startup of the operating system. Therefore, although the BIOS boot parameters are not likely to be tampered with under the condition that the IE boot parameters are credible, in order to consider the possibility and precedent, this embodiment also adds a new feature to the BIOS on the basis of the first embodiment. Trusted verification of startup parameters to ensure that the startup is safe and reliable as much as possible.

[0102] See image 3...

Embodiment 3

[0112] In this embodiment, the Figure 4 shown in the flow chart and as Figure 5 The flow chart shown in the figure provides two different ways to verify whether the current BIOS boot parameters are credible. They are distinguished by how the BIOS boot parameters are stored in the Flash, which will be introduced separately below:

[0113] See Figure 4 , Figure 4 A flowchart of a method for verifying whether a current BIOS boot parameter is credible in the trusted boot method provided by the embodiment of the present application includes the following steps:

[0114] S301: Extract the third key from IE FUSE;

[0115] The third key is generated based on the BIOS startup parameters stored in the initial BIOS startup parameter storage block, and the BIOS startup parameter storage block supports multiple data writing.

[0116] S302: Extract the second signature from the BIOS boot parameter storage block, and generate a fourth key according to the second signature;

[0117] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

This application discloses a trusted startup method. By designing an IE FUSE that supports only one data write and an IE FW that supports multiple data writes, the first key written in the IE FUSE cannot be tampered with. The second key generated by the first signature extracted in the current IE FW is different from the first key, which means that the IE startup parameters stored in the current IE FW are different from the IE startup parameters originally stored in the IE FW, That is, it has been tampered with. In most cases, the IE startup parameters stored in the IE FW should not be tampered with, so once tampered with, it is reasonable to think that there is a security risk of being maliciously attacked. The present application also discloses a trusted starting device, electronic equipment and a readable storage medium at the same time, which have the above beneficial effects.

Description

technical field [0001] The present application relates to the technical field of secure booting of portable network devices, and in particular, to a trusted booting method, apparatus, electronic device, and readable storage medium. Background technique [0002] IE (Innovation Engine, innovation engine) is an embedded core system of PCH (Platform Controller Hub, which is Intel's integrated south bridge) or SOC (System On Chip, chip-level system), based on a very small 32-bit kernel library , which is very similar to Intel's management system, but has some of its own privileges and input and output interface differences. IE is a simplified BMC (Baseboard Management Controller, baseboard management controller) monitoring and management system, with only part of IPMI (Intelligent Platform Management Interface), Redfish (a management standard for HTTPs services), LAN (network port) and other functions. [0003] With the advent of the 5G era, IoT communication is leading the wor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/51G06F9/4401H04L9/08H04L9/32
CPCG06F21/51G06F9/4416H04L9/0894H04L9/3226G06F21/575H04L9/088H04L9/3247
Inventor 张兆义
Owner INSPUR SUZHOU INTELLIGENT TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap