Unlock instant, AI-driven research and patent intelligence for your innovation.

PCIe Switch firmware safety execution method, device, terminal and storage medium

An execution method and firmware technology, applied in the field of PCIeSwitch firmware execution, can solve the problems of firmware security risks, lack of security mechanisms, and server system security threats, and achieve the effects of avoiding data tampering, preventing attacks, and protecting security.

Active Publication Date: 2021-11-09
SUZHOU LANGCHAO INTELLIGENT TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The PCIe Switch is connected upstream to the CPU and downstream to PCIe devices. Once the firmware of the PCIe Switch is tampered with or attacked, it will pose an immeasurable threat to the security of the entire server system.
[0004] However, there is no security mechanism for the startup and upgrade of PCIe Switch in the existing technical solution, which makes the system vulnerable to malicious firmware attacks, and cannot prevent malicious firmware from tampering with the data of PCIe hosts and PCIe devices; Verify and authenticate, thus bringing hidden dangers to firmware security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • PCIe Switch firmware safety execution method, device, terminal and storage medium
  • PCIe Switch firmware safety execution method, device, terminal and storage medium
  • PCIe Switch firmware safety execution method, device, terminal and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] With the development of modern processor technology, PCIe bus, as a standard high-speed bus, has the characteristics of high speed, reliability, high bandwidth, and automatic configuration, and has been widely used in the server field. At the same time, with the increase of PCIe devices in the server system, server developers are faced with the problem of insufficient number of CPU PCIe buses. In order to solve this problem, more and more developers add PCIe Switches to the server system to realize the expansion of the number of PCIe. The PCIeSwitch connects to the CPU upstream and PCIe devices downstream. Once the firmware of the PCIe Switch is tampered with or attacked, it will pose an immeasurable threat to the security of the entire server system.

[0057]However, there is no security mechanism for the startup and upgrade of PCIe Switch in the existing technical solution, which makes the system vulnerable to malicious firmware attacks, and cannot prevent malicious fi...

Embodiment 2

[0080] Considering that in some operating scenarios, the operator can ensure the security of the firmware, in order to improve the execution efficiency, this embodiment provides a PCIe Switch firmware security execution method. After the PCIe Switch is powered on, the execution environment is first configured for the Choose to enable or disable Safe Execution Mode. When the secure boot mode is enabled, it is executed by the secure boot mechanism, and when the secure boot mode is disabled, it is executed directly on the firmware.

[0081] Such as figure 2 As shown, the PCIe Switch firmware security execution method provided in this embodiment specifically includes the following steps:

[0082] S1, the PCIe Switch is powered on;

[0083] S2, configure the execution environment; if the configured execution environment is to enable the safe execution mode, enter step S3; if the configured execution environment is to disable the safe execution mode, directly execute the firmware...

Embodiment 3

[0107] When the firmware is started or upgraded, there may be extreme situations where it cannot be started and upgraded normally. In order to deal with this situation, this embodiment provides a PCIe Switch firmware security execution method, and enter the key again after the firmware execution fails. , re-upgrade the firmware.

[0108]In order to deal with the failure of firmware execution, this embodiment configures TWI (Two-Wire Interface, two-wire interface) address configuration pins and firmware recovery pins on the PCIe Switch. After the PCIe Switch is powered on, determine the TWI address. If the firmware execution fails, based on the TWI address, enter the backup key and the correct firmware to be executed through the firmware recovery pin to re-execute. It should be noted that, for the firmware upgrade process, re-execution means re-upgrade; for the firmware startup process fails, re-execution also needs to upgrade the firmware, and restart after the upgrade.

[01...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The technical scheme of the invention provides a PCIe Switch firmware safety execution method, a device, a terminal and a storage medium. The PCIe Switch firmware safety execution method comprises the following steps: firstly, electrifying a PCIe Switch; performing redundancy check calculation on the firmware to be executed to obtain a redundancy check code; wherein the firmware to be executed is any one of firmware to be started and firmware to be upgraded; comparing the obtained redundancy check code with a redundancy check code pre-stored in the firmware to be executed, if the obtained redundancy check code is consistent with the redundancy check code pre-stored in the firmware to be executed, continuing the next step; if the obtained redundancy check code is not consistent with the redundancy check code pre-stored in the firmware to be executed, stopping firmware execution; and finally, comparing the secret key stored in the firmware to be executed with a pre-stored secret key, if the secret key is consistent with the pre-stored secret key, allowing the firmware to be executed, and if the secret key is not consistent with the pre-stored secret key, stopping the firmware from being executed. According to the method, attack of malicious firmware can be effectively prevented, data tampering of the malicious firmware to the host and the equipment is avoided, and the safety of the system is effectively protected.

Description

technical field [0001] The invention relates to the field of PCIe Switch firmware execution, in particular to a PCIe Switch firmware safe execution method, device, terminal and storage medium. Background technique [0002] With the development of modern processor technology, PCIe bus, as a standard high-speed bus, has the characteristics of high speed, reliability, high bandwidth, and automatic configuration, and has been widely used in the server field. [0003] At the same time, with the increase of PCIe devices in server systems, server developers are faced with the problem of insufficient number of CPU PCIe buses. In order to solve this problem, developers are increasingly adding PCIe Switches (chips that can expand the number of PCIe) to In the server system, the expansion of the number of PCIe is realized. The PCIe Switch is connected upstream to the CPU and downstream to PCIe devices. Once the firmware of the PCIe Switch is tampered with or attacked, it will pose an ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/44G06F21/57G06F21/60
CPCG06F21/44G06F21/572G06F21/602Y02D10/00
Inventor 付水论张敏于泉泉
Owner SUZHOU LANGCHAO INTELLIGENT TECH CO LTD