Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Trusted startup method for BMC firmware system security

A technology of system security and file system, applied in the field of trusted startup oriented to BMC firmware system security, can solve problems such as difficult application, lack of trusted password module, and reliability cannot be guaranteed, and achieve the effect of cost saving

Pending Publication Date: 2021-04-13
BEIJING UNIV OF TECH
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The BMC trusted start-up scheme proposed in the above-mentioned patents either follows the idea of ​​measuring while starting, and cannot detect the problem in advance; or follows the idea of ​​starting first and then measuring, but compared with the idea of ​​measuring first and then starting, the credibility cannot be achieved. Guaranteed; or requires an additional trusted cryptographic module, which is difficult to apply to ordinary servers that do not have a trusted cryptographic module

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trusted startup method for BMC firmware system security
  • Trusted startup method for BMC firmware system security
  • Trusted startup method for BMC firmware system security

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The trusted startup scheme of BMC firmware system among the present invention relates to three processes:

[0038] Process 1: System Construction Initialization Process

[0039] The initialization process of this system mainly involves two objects: BMC manufacturer and BMC. The BMC needs to have a BMC processor, a non-volatile storage area a for storing BMC firmware, and a non-volatile storage area b for storing trusted computing modules and factory standard reference libraries.

[0040] Step 1: BMC manufacturers add a relocatable function program before U-Boot in the BMC development stage, responsible for loading trusted computing modules and measuring the integrity of each boot module;

[0041] Step 2: BMC manufacturers initialize the BMC firmware into non-volatile storage area a, and the trusted computing module and factory standard reference library are initialized into non-volatile storage area b during the BMC delivery stage.

[0042] Process 2: BMC firmware sys...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a trusted startup method for BMC firmware system security, belongs to the field of trusted startup, and is characterized in that trusted measurement is performed on a BMC without a trusted cryptographic module according to a file system, a bootstrap program and a kernel in sequence, and then trusted startup is performed on the BMC firmware system. The BMC processor is guided to measure and obtain an actual measurement reference value of the file system according to a trusted computing module preset in a nonvolatile storage area b and a factory file system standard reference value imported by a developer in advance by means of a repositionable function program arranged in the nonvolatile storage area a, if not, an alarm is given, and if yes, it is trustful; and verifying the bootstrap program and the kernel according to the same method, and once the bootstrap program and the kernel are credible, directly entering a starting stage of the BMC firmware. Based on the basic fact that the attack resistance of the kernel plug-in including a file system is weaker than that of a bootstrap program and a kernel, the potential safety hazard of system equipment caused by a method of starting while checking or checking after starting is overcome in advance.

Description

technical field [0001] The invention relates to the field of information security, in particular to a trusted startup method for BMC firmware system security. Background technique [0002] At present, the Baseboard Management Controller (BMC, hereinafter referred to as BMC) has become a key component of the server. It is a dedicated chip controller that does not depend on the server's processor, basic input and output The system (Basic Input Output System, BIOS, hereinafter referred to as BIOS) or operating system works. It has its own firmware, power supply, hardware address and network interface. It is an agentless management subsystem that runs independently in the server. As a platform management system, BMC has a series of monitoring and control functions, mainly by monitoring the server's temperature, voltage, fan, power supply, etc., and making corresponding adjustments to ensure that the server is in a healthy state. [0003] During the server startup process, the B...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F21/60G06F9/445
CPCG06F21/572G06F21/602G06F9/44542Y02D10/00
Inventor 张建标赵东浩张璐韩利唐治中张申
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products