Substrate management controller test system and method based on automated exception injection
By using intelligent control and a multi-dimensional automated testing system, the problem of insufficient human experience in BMC testing has been solved, and comprehensive and effective reliability verification of BMC has been achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- NINGCHANG INFORMATION TECH (HANGZHOU) CO LTD
- Filing Date
- 2026-04-23
- Publication Date
- 2026-06-09
AI Technical Summary
Existing BMC testing methods rely on human experience, making it difficult to dynamically adjust testing strategies. This results in insufficient test coverage and targeting, and an inability to effectively address complex hardware failures, communication protocol anomalies, and environmental changes.
The system employs an intelligent control subsystem to dynamically generate test rules, combined with an anomaly injection subsystem to perform automated testing across multiple dimensions of hardware, protocols, and environment, and an evaluation and analysis subsystem to conduct quantitative result evaluation.
It improves the comprehensiveness and efficiency of BMC reliability verification, increases the defect detection rate, reduces the subjective bias of human judgment, and supports the simulation and evaluation of complex fault scenarios in multiple dimensions.
Smart Images

Figure CN122172767A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of server technology, and in particular to a test system and method for a baseboard management controller based on automated anomaly injection. Background Technology
[0002] The Baseboard Management Controller (BMC), as the core management unit of the server, is responsible for critical functions such as system health monitoring, remote management, logging, and fault recovery. Its stability and reliability directly affect the overall operational quality of the server. With the increasing complexity of data centers, cloud computing, and edge computing scenarios, the BMC needs to cope with extreme conditions such as various hardware failures, communication protocol anomalies, and environmental changes. Therefore, conducting thorough and systematic abnormal scenario testing on the BMC has become a necessary step to ensure the high availability of the server.
[0003] In existing technologies, testing of BMCs is typically done manually, with technicians observing the BMC's response behavior by simulating single types of abnormal conditions (such as disconnecting hardware, sending erroneous commands, or changing temperature and humidity parameters). This approach relies heavily on human experience for test rule development, making it difficult to dynamically adjust test strategies based on the BMC's real-time operating status, resulting in insufficient test coverage and relevance. Summary of the Invention
[0004] In view of this, embodiments of this application provide a test system and method for a baseboard management controller based on automated anomaly injection.
[0005] According to one aspect of this application, a test system for a baseboard management controller based on automated anomaly injection is provided, comprising: an intelligent control subsystem, an anomaly injection subsystem, and an evaluation and analysis subsystem; The intelligent control subsystem is used to collect the status information of the baseboard management controller, determine the test rule information based on the status information, generate test instructions based on the test rule information, and send the test instructions to the anomaly injection subsystem. The anomaly injection subsystem is used to perform anomaly injection tests on the server in at least one anomaly dimension according to the test instructions, wherein the anomaly dimension includes hardware anomaly dimension, protocol anomaly dimension and environment anomaly dimension. The evaluation and analysis subsystem is used to obtain the response information of the substrate management controller to the abnormal injection test, and to evaluate the result of the abnormal injection test based on the response information.
[0006] The beneficial effects are as follows: the intelligent control subsystem dynamically adjusts test rules based on real-time status, avoiding the one-sidedness and lag of manually formulated test cases; the anomaly injection subsystem supports independent or combined injection of hardware, protocols, and environments, improving coverage of complex real-world fault scenarios; and the evaluation and analysis subsystem performs quantitative result evaluation based on objective response information, eliminating subjective biases from manual judgment. Ultimately, this system can improve the comprehensiveness, testing efficiency, and defect detection rate of the baseboard management controller reliability verification, providing an efficient and reusable technical means for quality assurance of server management firmware. Optionally, the anomaly injection subsystem includes a hardware anomaly module; the hardware anomaly dimension includes at least one of clock stretching dimension, data signal flipping dimension, and injected power glitches dimension. The hardware fault module is used for: Performing anomaly injection testing in the clock stretching dimension includes: intercepting the original clock signal sent by the substrate management controller; changing the duty cycle of the original clock signal to obtain an abnormal clock signal according to the instruction parameters carried in the test instruction; and sending the abnormal clock signal to the bus to send the abnormal clock signal to the server through the bus. The instruction parameters include a duty cycle modification parameter, which represents the amount of duty cycle modification of the original clock signal. And / or, Performing anomaly injection test of data signal flipping dimension includes: intercepting the original data signal sent by the substrate management controller; performing an XOR operation on the original data signal and the mask according to the instruction parameters carried in the test instruction to obtain an abnormal data signal; and sending the abnormal data signal to the bus to send the abnormal data signal to the server through the bus. The instruction parameters include a data signal bit length parameter, which characterizes the bit position determination rule for performing the XOR operation on the original data signal. And / or, Performing an abnormal injection test in the dimension of injected power glitches includes: receiving a pulse width modulation signal sent by a field-programmable gate array through the voltage recognition pin of the power management integrated circuit according to the instruction parameters carried in the test instruction, so that the power management integrated circuit first deviates from the normal value and then recovers when the substrate management controller performs a preset key operation, in order to simulate the impact of power fluctuations on the stability of the substrate management controller; wherein, the instruction parameters include glitch amplitude parameters, glitch width parameters, and trigger timing parameters, the glitch amplitude parameter represents the percentage of output voltage deviating from the normal value, the glitch width parameter represents the duration of the glitch, and the trigger timing parameter represents the internal event of the substrate management controller synchronized with the glitch injection.
[0007] The beneficial effects are as follows: By precisely manipulating clock signals, data signals, and power supply voltage through a hardware anomaly module, non-intrusive and reproducible anomaly injection is achieved into the underlying hardware of the baseboard management controller. This technical solution can simulate scenarios such as timing violations, bit flips, and power transients that are difficult to reproduce in real hardware failures, triggering the baseboard management controller's error detection and recovery mechanisms at the physical layer, thus compensating for the shortcomings of pure software or protocol layer testing. Furthermore, based on the flexible configuration of programmable parameters, testers can cover various combinations of anomaly intensity and timing without modifying the hardware, improving the automation level and defect detection efficiency of hardware reliability testing.
[0008] Optionally, the anomaly injection subsystem includes a protocol anomaly module; the protocol anomaly dimension includes a malformed IPMI packet injection dimension and / or an abnormal Redfish API call dimension; The protocol exception module is used for: Performing anomaly injection testing on the dimension of malformed IPMI packet injection includes: automatically generating malformed packets that do not conform to the protocol specification based on the instruction parameters carried in the test instruction, and sending the malformed packets to the baseboard management controller via the bus. The instruction parameters include mutation policy parameters and packet transmission rate parameters. The mutation policy parameters represent the field selection rules and field mutation rules of the malformed packets, and the packet transmission rate parameters represent the number of malformed packets sent per unit time. And / or, Performing anomaly injection testing on the dimension of abnormal Redfish API calls includes: constructing a Redfish request containing illegal parameters according to the instruction parameters carried in the test instruction, and sending it to the baseboard management controller; wherein, the instruction parameters include API resource path parameters and abnormal payload template parameters, the API resource path parameters represent the location of the target Redfish resource, and the abnormal payload template parameters represent the illegal data type to be injected.
[0009] The beneficial effects are as follows: The protocol anomaly module enables automated fuzzing and illegal call injection of the baseboard management controller's management interface, efficiently triggering various defects at the protocol parsing layer, including insufficient input validation, missing anomaly handling, resource leaks, and denial-of-service vulnerabilities. This technical solution eliminates the need for manually constructing numerous boundary test cases, lowering the threshold and workload of protocol robustness testing. Furthermore, through configurable mutation strategies and transmission rates, it supports multi-level verification from lightweight probing to high-intensity stress testing, improving the baseboard management controller's protocol security and service reliability detection capabilities.
[0010] Optionally, the anomaly injection subsystem includes an environmental anomaly module; the environmental anomaly dimension includes at least one of the following: simulated sensor anomaly data dimension and / or interference flash memory read / write operation dimension; The environmental anomaly module is used for: Performing anomaly injection tests simulating abnormal sensor data includes: according to the instruction parameters carried in the test instruction, when the baseboard management controller queries the target sensor through the bus, returning false sensor data instead of the real sensor; wherein, the instruction parameters include sensor address parameters, abnormal data type parameters, and return value parameters, the sensor address parameters represent the bus address of the target sensor, the abnormal data type parameters represent the type of fault to be simulated, and the return value parameters represent the specific returned value or error code; And / or, Performing anomaly injection tests on the dimensions of flash memory read / write operations includes: intercepting the serial peripheral interface signal between the substrate management controller and the external flash memory through a field-programmable gate array according to the instruction parameters carried in the test instruction; and injecting interference when the substrate management controller performs a target operation according to the serial peripheral interface signal; wherein, the instruction parameters include interference type parameters and target operation parameters, the interference type parameters characterize the type of error to be injected, the error type includes at least one of remapping the write address to a bad block region, returning a read error state, and bit flipping, and the target operation parameters characterize the type of the target operation, the target operation type includes at least one of erasing, programming, and reading.
[0011] The beneficial effects are as follows: The environmental anomaly module enables non-intrusive and highly controllable anomaly simulation of the external sensing and storage environment of the baseboard management controller. Simulating sensor anomaly data allows for the exploration of various sensor failure modes without disassembling or replacing real sensors, verifying the baseboard management controller's data processing and alarm logic. Interfering with flash memory read / write operations triggers storage anomalies during firmware updates and boot loading processes without destructive writing to the real flash memory, verifying the baseboard management controller's error detection, bad block management, and rollback mechanisms. This technical solution reduces the hardware dependence and operational complexity of environmental fault testing, improves test repeatability and coverage, and provides an efficient and flexible technical means for evaluating the environmental adaptability and firmware robustness of the baseboard management controller.
[0012] Optionally, it also includes: A test control terminal is used to provide a human-computer interaction interface to provide various test functions and output test results through the human-computer interaction interface, wherein the test function is associated with at least one corresponding tested anomaly dimension; The test control terminal is also used to send a test signal to the intelligent control subsystem in response to the triggering operation of any test function, wherein the test signal carries the abnormal dimension being tested; The intelligent control subsystem is specifically used to generate test instructions based on the abnormal dimension being tested carried by the test signal and the test rule information.
[0013] The beneficial effects are as follows: By introducing a test control terminal and its human-machine interface, the complex low-level anomaly injection logic is encapsulated into intuitive test function buttons bound to the anomaly dimension. Users can efficiently perform multi-dimensional anomaly injection tests without needing in-depth knowledge of FPGA configuration, message construction, or bus protocol details. This design lowers the barrier to entry for the test system, shortens test preparation time, and supports one-click combined testing and result visualization output, thereby improving the engineering sophistication of the board management controller verification process and the user experience.
[0014] Optionally, the testing function includes a single-anomaly dimension testing function and a multi-anomaly dimension testing function. The single-anomaly dimension testing function corresponds to one tested anomaly dimension, and the multi-anomaly dimension testing function corresponds to multiple tested anomaly dimensions. The multi-anomaly dimension testing function includes a power supply glitch-induced firmware damage test, which corresponds to the injected power supply glitch dimension and the interference flash memory read / write operation dimension.
[0015] The beneficial effects are as follows: By introducing single-anomaly and multi-anomaly testing functions, especially composite scenarios such as power supply glitches causing firmware corruption, the testing system can realistically simulate hardware failure chains caused by multiple concurrent factors in real data centers. Compared to single-dimensional testing, multi-dimensional combined testing significantly improves the verification depth of the baseboard management controller's fault tolerance and recovery mechanism under complex abnormal environments. It helps to discover latent timing-related, resource contention, and state coupling defects in the firmware, providing a more comprehensive and realistic testing method for the reliability assessment of server management systems.
[0016] Optionally, the intelligent control subsystem includes a status monitoring unit and a dynamic adjustment unit; The status monitoring unit is used to read the CPU utilization of the baseboard management controller via IPMI commands; obtain memory usage by parsing the kernel logs of the operating system of the baseboard management controller; and measure the network service response latency of the baseboard management controller by sending ping packets; the status information includes CPU utilization, memory usage, and network service response latency. The dynamic adjustment unit is used to determine the current load level of the baseboard management controller based on the status information, and query the test rule information corresponding to the current load level in a preset load level and preset test rule information mapping table, wherein the test rule information includes test intensity; The dynamic adjustment unit is further configured to generate a test instruction based on the abnormal dimension being tested carried by the test signal and the test intensity, wherein the test instruction includes test timing information corresponding to the abnormal dimension being tested, determined based on the test intensity and the abnormal dimension being tested.
[0017] The beneficial effects are as follows: Through a closed-loop feedback mechanism of status monitoring and dynamic adjustment, the test system is able to sense the real-time load of the managed controller of the board under test and adaptively adjust the test intensity. This avoids the drawbacks of traditional fixed-intensity testing, such as false alarms or damage caused by high equipment load and insufficient testing under low load, thus improving the reliability of test results and the protection of the equipment.
[0018] Optionally, the evaluation and analysis subsystem includes a multi-dimensional evaluation module; The multi-dimensional evaluation module is specifically used to divide the response information into service availability information, security isolation information, and recovery reliability information, and to perform multi-dimensional evaluation based on the service availability information, security isolation information, and recovery reliability information. The multi-dimensional evaluation results are then fused to obtain the evaluation result of the anomaly injection test. The multi-dimensional evaluation includes service availability, security isolation, and recovery reliability.
[0019] The beneficial effects are as follows: By introducing an independent and integrated evaluation mechanism encompassing service availability, security isolation, and recovery reliability, it is possible not only to determine whether the baseboard management controller has "passed the test," but also to accurately pinpoint its specific weaknesses under abnormal operating conditions—whether it is slow response, fault propagation, or incomplete recovery—thus providing a clear direction for firmware optimization. Simultaneously, the multi-dimensional integrated evaluation avoids the misjudgment or masking effects that may arise from a single indicator (for example, if an anomaly causes the baseboard management controller to rapidly deadlock without propagating to the host, focusing solely on availability would result in a failure, but good isolation indicates an effective security mechanism), making the test conclusions more comprehensive and objective.
[0020] Optionally, the evaluation and analysis subsystem further includes a fault diagnosis engine; The fault diagnosis engine is configured to: connect events in the time series after the anomaly injection test into a causal chain based on the response information, construct a fault propagation graph based on the causal chain; and perform fuzzy matching in a preset vulnerability database based on the causal chain to predict the affected vulnerabilities corresponding to the baseboard management controller.
[0021] The beneficial effects are as follows: the fault diagnosis engine intuitively displays the propagation path of anomalies within the baseboard management controller through causal chains and fault propagation graphs, helping engineers understand the root causes of vulnerabilities; the vulnerability prediction function based on fuzzy matching enables the testing system to also have security audit capabilities, and can provide early warnings of potential risks without triggering actual vulnerability exploitation.
[0022] According to another aspect of this application, a test method for a substrate management controller based on automated anomaly injection is provided. The method involves testing the substrate management controller using the aforementioned test system based on automated anomaly injection, and includes: The intelligent control subsystem collects the status information of the baseboard management controller, determines the test rule information based on the status information, generates test instructions based on the test rule information, and sends the test instructions to the anomaly injection subsystem. The anomaly injection subsystem performs anomaly injection tests on the server in at least one anomaly dimension according to the test instructions, wherein the anomaly dimension includes hardware anomaly dimension, protocol anomaly dimension and environment anomaly dimension; The evaluation and analysis subsystem obtains the response information of the baseboard management controller to the abnormal injection test, and evaluates the results of the abnormal injection test based on the response information.
[0023] By employing the above technical solutions, this application provides a test system and method for a baseboard management controller based on automated anomaly injection. The intelligent control subsystem dynamically adjusts test rules according to real-time status, avoiding the bias and lag inherent in manually formulated test cases. The anomaly injection subsystem supports independent or combined injection from multiple dimensions, including hardware, protocols, and environment, improving coverage of complex real-world fault scenarios. The evaluation and analysis subsystem performs quantitative result evaluation based on objective response information, eliminating subjective biases from manual judgment. Ultimately, this system enhances the comprehensiveness, testing efficiency, and defect detection rate of baseboard management controller reliability verification, providing an efficient and reusable technical means for quality assurance of server management firmware.
[0024] The above description is only an overview of the technical solution of this application. In order to better understand the technical means of this application and to implement it in accordance with the contents of the specification, and to make the above and other objects, features and advantages of this application more obvious and understandable, the following are specific embodiments of this application. Attached Figure Description
[0025] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings: Figure 1 This illustration shows a schematic diagram of a substrate management controller test system based on automated anomaly injection, according to an embodiment of this application. Figure 2 This paper shows a schematic diagram of another substrate management controller test system based on automated anomaly injection provided in an embodiment of this application; Figure 3 The diagram shows a flowchart of a test method for a baseboard management controller based on automated anomaly injection, provided in an embodiment of this application. Detailed Implementation
[0026] The present application will be described in detail below with reference to the accompanying drawings and embodiments. It should be noted that, unless otherwise specified, the embodiments and features described in the embodiments of the present application can be combined with each other.
[0027] This embodiment provides a test system for a baseboard management controller based on automated anomaly injection, such as... Figure 1 As shown, it includes: an intelligent control subsystem, an anomaly injection subsystem, and an evaluation and analysis subsystem; The intelligent control subsystem is used to collect the status information of the baseboard management controller, determine the test rule information based on the status information, generate test instructions based on the test rule information, and send the test instructions to the anomaly injection subsystem. The anomaly injection subsystem is used to perform anomaly injection tests on the server in at least one anomaly dimension according to the test instructions, wherein the anomaly dimension includes hardware anomaly dimension, protocol anomaly dimension and environment anomaly dimension. The evaluation and analysis subsystem is used to obtain the response information of the substrate management controller to the abnormal injection test, and to evaluate the result of the abnormal injection test based on the response information.
[0028] In the above embodiments, the system dynamically generates test instructions through the intelligent control subsystem, injects anomalies into the server from multiple dimensions such as hardware, protocol, and environment through the anomaly injection subsystem, and automatically evaluates the response of the baseboard management controller using the evaluation and analysis subsystem. This realizes the intelligence and automation of the test process and improves the comprehensiveness and efficiency of reliability verification.
[0029] Among them, the baseboard management controller refers to an embedded management unit that runs independently of the main processor on the server motherboard. It is used to monitor hardware status such as system temperature, voltage, and fan speed, and supports management functions such as remote power-on, restart, log collection, and fault alarm. Anomaly injection testing refers to a test method that actively triggers the tested object (i.e., the baseboard management controller) to enter an anomaly handling process by simulating abnormal conditions such as hardware failure, communication protocol errors, or deviations in environmental parameters. Hardware anomaly dimensions can include simulating failures, short circuits, disconnections, or voltage fluctuations in physical components such as power supply, clock, storage media, and interface circuits on the server motherboard. Protocol anomaly dimensions can include interference such as injecting error frames, timeout responses, illegal commands, or checksum errors into buses or management protocols such as the Intelligent Platform Management Interface (IPMI), I²C, LPC, and PCIe. Environmental anomaly dimensions can include adjusting or simulating sudden changes in external physical conditions such as temperature, humidity, airflow, and vibration beyond the normal operating range. Response information refers to the observable outputs of the baseboard management controller after being subjected to anomaly injection, such as log records, alarm signals, status register changes, reset behavior, or external communication messages.
[0030] Specifically, when implementing the baseboard management controller testing system provided in this embodiment, the intelligent control subsystem first collects the status information of the baseboard management controller in the server under test in real time, including the current operating temperature, voltage reading, firmware version, existing event logs, and network connection status. Based on this status information and a preset test strategy library, the intelligent control subsystem automatically determines the test rules applicable to the current operating conditions. For example, if a high temperature is detected, a temperature surge test in the environmental anomaly dimension is prioritized; if a low communication load is detected, an IPMI command with excessive delay is injected in the protocol anomaly dimension. Based on the above test rules, the intelligent control subsystem generates structured test instructions and sends them to the anomaly injection subsystem. After receiving the test instructions, the anomaly injection subsystem performs at least one anomaly injection test on the server according to the anomaly dimension and injection parameters specified in the instructions: for example, in the hardware anomaly dimension, clock signal stretching and duty cycle adjustment are performed; in the protocol anomaly dimension, the verification field in the IPMI response packet is tampered with; in the environmental anomaly dimension, the server's air inlet temperature sensor data is modified from 25°C to 45°C using a programmable temperature chamber. During the anomaly injection process, the evaluation and analysis subsystem continuously captures the response information of the baseboard management controller, such as whether the system event log records corresponding sensor over-limit alarms, whether the management network can still respond to ping commands, and whether an unexpected reset or hang has occurred. After the test, the evaluation and analysis subsystem calculates quantitative indicators based on the captured response information and generates a test report. This system can chain or superimpose multiple anomaly dimensions within the same test cycle. For example, it can first inject a protocol anomaly to cause the BMC to freeze, and then inject a hardware anomaly to trigger a watchdog reset, to simulate a complex fault scenario.
[0031] By applying the technical solution of this embodiment, the entire process of testing the baseboard management controller is automated and intelligent: the intelligent control subsystem dynamically adjusts test rules based on real-time status, avoiding the one-sidedness and lag of manually formulated test cases; the anomaly injection subsystem supports independent or combined injection of hardware, protocol, and environment from multiple dimensions, improving the coverage of complex real-world fault scenarios; the evaluation and analysis subsystem performs quantitative result evaluation based on objective response information, eliminating the subjective bias of manual judgment. Ultimately, this system can improve the comprehensiveness, testing efficiency, and defect detection rate of baseboard management controller reliability verification, providing an efficient and reusable technical means for quality assurance of server management firmware.
[0032] In the embodiments of this application, such as Figure 2 As shown, optionally, the anomaly injection subsystem includes a hardware anomaly module; the hardware anomaly dimension includes at least one of clock stretching dimension, data signal flipping dimension, and injected power glitches dimension; The hardware fault module is used for: Performing anomaly injection testing in the clock stretching dimension includes: intercepting the original clock signal sent by the substrate management controller; changing the duty cycle of the original clock signal to obtain an abnormal clock signal according to the instruction parameters carried in the test instruction; and sending the abnormal clock signal to the bus to send the abnormal clock signal to the server through the bus. The instruction parameters include a duty cycle modification parameter, which represents the amount of duty cycle modification of the original clock signal. And / or, Performing anomaly injection test of data signal flipping dimension includes: intercepting the original data signal sent by the substrate management controller; performing an XOR operation on the original data signal and the mask according to the instruction parameters carried in the test instruction to obtain an abnormal data signal; and sending the abnormal data signal to the bus to send the abnormal data signal to the server through the bus. The instruction parameters include a data signal bit length parameter, which characterizes the bit position determination rule for performing the XOR operation on the original data signal. And / or, Performing an abnormal injection test in the dimension of injected power glitches includes: receiving a pulse width modulation signal sent by a field-programmable gate array through the voltage recognition pin of the power management integrated circuit according to the instruction parameters carried in the test instruction, so that the power management integrated circuit first deviates from the normal value and then recovers when the substrate management controller performs a preset key operation, in order to simulate the impact of power fluctuations on the stability of the substrate management controller; wherein, the instruction parameters include glitch amplitude parameters, glitch width parameters, and trigger timing parameters, the glitch amplitude parameter represents the percentage of output voltage deviating from the normal value, the glitch width parameter represents the duration of the glitch, and the trigger timing parameter represents the internal event of the substrate management controller synchronized with the glitch injection.
[0033] In this embodiment, the anomaly injection subsystem specifically includes a hardware anomaly module. This module supports three hardware-level anomaly injection methods: clock stretching, data signal toggling, and power supply glitches. It can simulate underlying physical faults such as bus timing violations, data transmission errors, and power fluctuations. Through the above hardware anomaly injection mechanism, the system achieves fine-grained, programmable fault simulation of the board management controller hardware interface, improving the depth of test coverage, flexibility, and automation, and helping to detect hardware-related reliability defects earlier.
[0034] Among them, the clock stretching dimension refers to disrupting the original timing constraints by changing the duty cycle of the clock signal, simulating abnormal scenarios such as failure of slave devices to respond in time or bus contention; the data signal flipping dimension refers to logically flipping specified bits of the original data signal (0 to 1 or 1 to 0), simulating bit errors or electromagnetic interference during transmission; the power injection glitch dimension refers to briefly changing and quickly restoring the power supply voltage of the baseboard management controller when it performs critical operations (such as firmware writing or state switching), simulating the impact of power instability or load sudden changes; the original clock signal refers to the standard period clock output by the baseboard management controller when it is working normally; the abnormal clock signal refers to the non-standard clock after the duty cycle has been modified; the mask is used to specify the bits in the data signal that need to be flipped, and the flipping of specific bits is achieved by performing an XOR operation with the original data; the pulse width modulation signal is used to control the timing and amplitude of the output voltage adjustment of the power management integrated circuit; the power management integrated circuit is responsible for dynamically adjusting the output voltage according to the control signal received by the voltage identification pin.
[0035] Specifically, the hardware anomaly module executes anomaly injection tests in one or more dimensions according to the instruction parameters in the test commands issued by the intelligent control subsystem. For clock stretching tests, the hardware anomaly module intercepts the original clock signal sent by the baseboard management controller and modifies the parameters according to the duty cycle carried in the test command (e.g., changing the duty cycle from 50% to 10% or 90%). It then uses a programmable logic device to change the duty cycle of the original clock signal, generating an abnormal clock signal. This abnormal clock signal is then sent to the bus, causing the server to receive a clock edge with a timing error, thus simulating a response timeout or data sampling error caused by the slave device's clock being too fast or too slow. For data signal flipping tests, the hardware anomaly module intercepts the original data signal sent by the baseboard management controller and, according to the data signal bit length parameters in the test command (e.g., specifying to flip the 3rd and 7th bits), performs an XOR operation between the original data signal and the corresponding mask to obtain a specific flipped abnormal data signal. This signal is then sent to the bus, causing the server to receive a data frame containing bit errors, simulating a bit error scenario caused by communication line interference or insufficient drive capability. For power glitch injection testing, the hardware anomaly module generates a corresponding pulse width modulation signal via a field-programmable gate array (FPGA) based on the glitch amplitude parameters (e.g., deviation from normal value ±10%), glitch width parameters (e.g., duration 100 microseconds), and trigger timing parameters (e.g., synchronization with the baseboard management controller to perform flash memory erase / write operations) in the test command. This signal is then sent to the voltage recognition pin of the power management integrated circuit (BIC). The BIC then deviates its output voltage from the normal value at a specified time (e.g., from 3.3V to 2.9V or up to 3.6V), and recovers after the glitch width duration. This simulates the impact of power fluctuations on the stability of the baseboard management controller, allowing observation of whether resets, deadlocks, or configuration errors occur. These three hardware anomaly injection methods can be executed individually or combined in a test sequence. For example, a clock stretching anomaly can be injected first to induce bus communication chaos, followed by superimposed power glitch injection to test the baseboard management controller's fault tolerance under multiple faults.
[0036] This embodiment achieves non-intrusive and reproducible anomaly injection into the underlying hardware of the baseboard management controller (BMDC) through precise manipulation of clock signals, data signals, and power supply voltage via a hardware anomaly module. This technical solution can simulate scenarios such as timing violations, bit flips, and power transients that are difficult to reproduce in real hardware failures, triggering the BMDC's error detection and recovery mechanisms at the physical layer, thus compensating for the shortcomings of pure software or protocol layer testing. Furthermore, based on the flexible configuration of programmable parameters, testers can cover various combinations of anomaly intensity and timing without modifying the hardware, improving the automation level and defect detection efficiency of hardware reliability testing.
[0037] Optionally, in this embodiment, the anomaly injection subsystem includes a protocol anomaly module; the protocol anomaly dimension includes a malformed IPMI packet injection dimension and / or an abnormal Redfish API call dimension; The protocol exception module is used for: Performing anomaly injection testing on the dimension of malformed IPMI packet injection includes: automatically generating malformed packets that do not conform to the protocol specification based on the instruction parameters carried in the test instruction, and sending the malformed packets to the baseboard management controller via the bus. The instruction parameters include mutation policy parameters and packet transmission rate parameters. The mutation policy parameters represent the field selection rules and field mutation rules of the malformed packets, and the packet transmission rate parameters represent the number of malformed packets sent per unit time. And / or, Performing anomaly injection testing on the dimension of abnormal Redfish API calls includes: constructing a Redfish request containing illegal parameters according to the instruction parameters carried in the test instruction, and sending it to the baseboard management controller; wherein, the instruction parameters include API resource path parameters and abnormal payload template parameters, the API resource path parameters represent the location of the target Redfish resource, and the abnormal payload template parameters represent the illegal data type to be injected.
[0038] In this embodiment, the anomaly injection subsystem further includes a protocol anomaly module. This module supports two protocol-level anomaly injection methods: malformed IPMI (Intelligent Platform Management Interface), message injection, and abnormal Redfish API calls. It can automatically generate malformed messages that do not conform to protocol specifications or construct Redfish requests containing illegal parameters to stress test and discover vulnerabilities in the protocol parsing and processing capabilities of the baseboard management controller. Redfish, often translated as "red fish," is a modern server management standard based on RESTful APIs. It uses JSON (JavaScript Object Notation, a lightweight data exchange format) to replace the traditional IPMI command set, providing a simpler and more extensible management interface. REST (Representational State Transfer) and RESTful APIs refer to application programming interfaces that conform to the REST architectural design style, commonly found in web services, using the HTTP protocol for CRUD operations on resources. API (Application Programming Interface) defines the specifications for how different software components interact; in this system, it specifically refers to the Redfish management interface provided by the baseboard management controller. Through the aforementioned protocol anomaly injection mechanism, the system achieves automated and configurable fuzz testing of the management protocol interface, improving the verification efficiency and coverage of the baseboard management controller in terms of protocol security and robustness.
[0039] IPMI, or Intelligent Platform Management Interface, is the core protocol for communication between the baseboard management controller and external management software. Malformed IPMI messages refer to abnormal network data packets that violate constraints such as field length, type, value range, or command order in the IPMI protocol specification. The mutation policy parameter defines which fields to modify and how to modify them based on normal IPMI messages, such as replacing command fields with undefined values, setting data lengths to values that do not match the actual values, or inserting additional invalid fields. The message sending rate parameter controls the number of malformed messages sent to the baseboard management controller per unit time to test its processing capability under sudden abnormal traffic. Abnormal Redfish API calls refer to HTTP requests sent to the baseboard management controller that contain illegal parameters, incorrect data types, out-of-bounds values, or malicious payloads, such as passing negative values or non-numeric strings in the temperature threshold setting interface.
[0040] Specifically, the protocol anomaly module performs one or more anomaly injection tests based on the test instructions issued by the intelligent control subsystem and the test parameters carried in the test instructions. For the malformed IPMI message injection test, the protocol anomaly module first constructs a baseline message conforming to the protocol specification based on the IPMI protocol syntax tree. Then, according to the mutation strategy parameters in the test instructions (e.g., specifying to perform replacement mutation on the "command code" field, length overflow mutation on the "data field," and random mutation on the "checksum" field), it automatically generates malformed messages. Then, according to the message sending rate parameters (e.g., 100 messages per second), it sends the messages to the baseboard management controller via the bus to observe whether it experiences crashes, unresponsiveness, memory leaks, or error log explosions. For testing the abnormal Redfish API call dimension, the protocol anomaly module constructs a corresponding HTTP request and sends it to the baseboard management controller based on the API resource path parameters (such as " / redfish / v1 / Chassis / 1 / Thermal") and abnormal payload template parameters in the test command (for example, filling the "speed value" field with the string "ABC" or an excessively large integer, or adding an undefined illegal field in a JSON request for fan speed setting). The module then checks whether the controller correctly rejects illegal requests, returns compliant error codes, and whether service hangs due to parsing anomalies. These two protocol anomaly injection methods can be executed individually or combined with hardware or environmental anomalies for composite testing. For example, while injecting power glitches, malformed IPMI messages can be continuously sent to evaluate the stability and fault tolerance of the baseboard management controller's protocol stack under power supply disturbances.
[0041] This embodiment achieves automated fuzz testing and illegal call injection of the baseboard management controller's management interface through a protocol anomaly module. It can efficiently trigger various defects at the protocol parsing layer, including insufficient input validation, missing anomaly handling, resource leaks, and denial-of-service vulnerabilities. This technical solution eliminates the need for manually constructing numerous boundary test cases, lowering the threshold and workload of protocol robustness testing. Furthermore, through configurable mutation strategies and transmission rates, it supports multi-level verification from lightweight probing to high-intensity stress testing, improving the detection capability of the baseboard management controller's protocol security and service reliability.
[0042] Optionally, in this embodiment, the anomaly injection subsystem includes an environmental anomaly module; the environmental anomaly dimension includes at least one of the following: simulated sensor anomaly data dimension and / or interference flash memory read / write operation dimension. The environmental anomaly module is used for: Performing anomaly injection tests simulating abnormal sensor data includes: according to the instruction parameters carried in the test instruction, when the baseboard management controller queries the target sensor through the bus, returning false sensor data instead of the real sensor; wherein, the instruction parameters include sensor address parameters, abnormal data type parameters, and return value parameters, the sensor address parameters represent the bus address of the target sensor, the abnormal data type parameters represent the type of fault to be simulated, and the return value parameters represent the specific returned value or error code; And / or, Performing anomaly injection tests on the dimensions of flash memory read / write operations includes: intercepting the serial peripheral interface signal between the substrate management controller and the external flash memory through a field-programmable gate array according to the instruction parameters carried in the test instruction; and injecting interference when the substrate management controller performs a target operation according to the serial peripheral interface signal; wherein, the instruction parameters include interference type parameters and target operation parameters, the interference type parameters characterize the type of error to be injected, the error type includes at least one of remapping the write address to a bad block region, returning a read error state, and bit flipping, and the target operation parameters characterize the type of the target operation, the target operation type includes at least one of erasing, programming, and reading.
[0043] In this embodiment, the anomaly injection subsystem further includes an environmental anomaly module. This module supports two environmental anomaly injection methods: simulating abnormal sensor data and interfering with flash memory read / write operations. It can implement virtual slave device logic through a field-programmable gate array to replace real sensors returning false data, or intercept and tamper with the serial peripheral interface signal between the board management controller and the external flash memory to simulate storage failures. Through the above-mentioned environmental anomaly injection mechanism, the system can realistically simulate complex scenarios such as sensor failure, abnormal data acquisition, bad flash memory blocks, read errors, and bit flips without modifying the actual hardware, thereby improving the test coverage and automation level of the board management controller in terms of environmental awareness and firmware storage reliability.
[0044] Among them, Field Programmable Gate Array (FPGA) is a configurable logic gate array hardware. In this embodiment, its high-speed signal processing and flexible logic implementation capabilities are utilized to perform virtual slave device simulation and bus signal interception and tampering. Virtual slave device logic refers to simulating the bus response behavior of real sensors (such as temperature sensors and voltage sensors) inside the FPGA, so that the board management controller thinks it is interacting with real hardware when querying. Serial Peripheral Interface (SPI) is a commonly used synchronous serial communication interface. In this embodiment, it is used for firmware read and write communication between the board management controller and external flash memory. Flash memory is a non-volatile memory used to store the firmware program and configuration data of the board management controller. The reliability of its read and write operations directly affects the startup and function of the controller. Bad blocks refer to the storage areas in flash memory that cannot reliably store data due to wear or manufacturing defects. Writing to bad blocks may lead to data loss or firmware corruption. Bit flipping refers to a bit in the memory cell changing from 0 to 1 or from 1 to 0, which is usually caused by environmental radiation or device aging.
[0045] Specifically, the environmental anomaly module executes anomaly injection tests in one or more dimensions based on the test instructions issued by the intelligent control subsystem and the test parameters in the test instructions. For tests simulating abnormal sensor data, the environmental anomaly module, based on the virtual slave device logic implemented inside the FPGA, uses the sensor address parameters (e.g., specifying a temperature sensor with address 0x4A), abnormal data type parameters (e.g., simulating "sensor open circuit" or "out of range" faults), and return value parameters (e.g., returning an abnormal temperature value of -40°C or 150°C, or returning a specific error code) in the test instructions. When the baseboard management controller queries the target sensor via the I²C or SMBus bus, the FPGA actively returns false data instead of the real sensor. This allows the module to observe whether the baseboard management controller incorrectly accepts the data and triggers inappropriate control actions (such as false high temperature alarms or incorrect fan speed adjustments), and whether it has a reasonable verification or redundancy removal mechanism. For anomaly injection testing targeting flash memory read / write operations, the environmental anomaly module intercepts the SPI bus signals (including chip select, clock, data input / output, etc.) between the FPGA and the external flash memory. Based on the target operation parameters (such as specifying a "firmware erase" operation) and interference type parameters (such as selecting "remap write address to bad block region," "return read error status," or "insertion bit toggle") in the test command, it injects interference at precise timing when the FPGA performs the corresponding operation. For example, when the FPGA sends a programming command to the flash memory, the FPGA dynamically remaps the write address to a pre-marked bad block address, causing actual data to be written to an unreliable region; or after the FPGA issues a read command, the FPGA tampers with the data returned by the flash memory, inserting a bit toggle in a key block; or it directly returns an "erase error" or "programming error" status code. The two environmental anomaly injection methods mentioned above can be executed individually or superimposed on anomalies of other dimensions (such as power glitches in hardware anomalies and malformed messages in protocol anomalies) to simulate more complex composite fault scenarios. For example, power glitches can be injected simultaneously during flash memory programming to interfere with address mapping and test the firmware damage recovery capability of the baseboard management controller.
[0046] This embodiment achieves non-intrusive and highly controllable anomaly simulation of the external sensing and storage environment of the baseboard management controller through an environmental anomaly module. Simulating sensor anomaly data allows for the exploration of various sensor failure modes without disassembling or replacing real sensors, verifying the baseboard management controller's data processing and alarm logic. Interfering with flash memory read / write operations triggers storage anomalies during firmware updates and boot loading processes without destructive writing to the real flash memory, verifying the baseboard management controller's error detection, bad block management, and rollback mechanisms. This technical solution reduces the hardware dependence and operational complexity of environmental fault testing, improves test repeatability and coverage, and provides an efficient and flexible technical means for evaluating the environmental adaptability and firmware robustness of the baseboard management controller.
[0047] Optionally, in this application embodiment, it also includes: A test control terminal is used to provide a human-computer interaction interface to provide various test functions and output test results through the human-computer interaction interface, wherein the test function is associated with at least one corresponding tested anomaly dimension; The test control terminal is also used to send a test signal to the intelligent control subsystem in response to the triggering operation of any test function, wherein the test signal carries the abnormal dimension being tested; The intelligent control subsystem is specifically used to generate test instructions based on the abnormal dimension being tested carried by the test signal and the test rule information.
[0048] In this embodiment, the substrate management controller test system also includes a test control terminal. This terminal provides users with various test functions associated with anomaly dimensions through a human-machine interface, and can respond to triggers to generate test signals to instruct the intelligent control subsystem to generate test instructions for specified anomaly dimensions, while simultaneously visualizing the test results. Users can flexibly select single or combined anomaly dimensions in hardware, protocols, and environments for testing without writing complex scripts, thus lowering the operational threshold.
[0049] The test control terminal refers to the computer equipment running test management software, which provides users with a graphical or command-line human-computer interaction interface. The human-computer interaction interface is the operation interface between the user and the test system, and may include controls such as buttons, menus, parameter input boxes, test progress bars, and result display areas. The test function refers to a pre-set standardized test task associated with at least one tested anomaly dimension, such as "power supply glitch test", "malformed IPMI message injection test", or "sensor anomaly simulation test". The test signal is a trigger instruction sent by the test control terminal to the intelligent control subsystem, which carries the tested anomaly dimension information selected by the user, and is used to inform the system which type or types of anomaly injection need to be performed.
[0050] Specifically, the test control terminal first starts and loads the human-machine interface, which displays various preset test functions. Each test function is associated with at least one corresponding anomaly dimension being tested. For example, "Hardware Reliability Comprehensive Test" is associated with three dimensions: clock stretching, data flipping, and power glitches; "Protocol Robustness Test" is associated with malformed IPMI message injection and abnormal Redfish API calls; and "Environmental Adaptability Test" is associated with simulated sensor anomalies and interference with flash memory read / write operations. Users can click any test function button using a mouse or touchscreen and adjust optional parameters such as test intensity and duration in the parameter configuration area. After the user completes the configuration and clicks "Start Test," the test control terminal responds to this trigger operation by sending a test signal to the intelligent control subsystem. This test signal carries the anomaly dimension being tested (e.g., "Anomaly Dimension = Hardware Anomaly: Power Glitches"). After receiving the test signal, the intelligent control subsystem combines its own collected real-time status information from the baseboard management controller (such as current voltage, temperature, firmware version, etc.) and its internally preset test rule library to determine specific test rule information (e.g., determining the glitch amplitude parameter as ±5% deviation, lasting 50 microseconds, triggered by firmware flash erase operation based on the current voltage stability state). It then generates structured test instructions and sends them to the corresponding modules in the anomaly injection subsystem (e.g., the power glitch injection function of the hardware anomaly module). After the anomaly injection subsystem executes the test, the evaluation and analysis subsystem feeds back the results to the test control terminal. The test control terminal outputs the test results on the interface in the form of charts, logs, or scores, including pass / fail status, quantitative scores for each dimension, and detailed anomaly logs.
[0051] This embodiment introduces a test control terminal and its human-machine interface, encapsulating complex low-level anomaly injection logic into intuitive test function buttons bound to anomaly dimensions. Users can efficiently perform multi-dimensional anomaly injection tests without needing in-depth knowledge of FPGA configuration, message construction, or bus protocol details. This design lowers the barrier to entry for the test system, shortens test preparation time, and supports one-click combined testing and result visualization output, improving the engineering sophistication of the board management controller verification process and the user experience.
[0052] Optionally, in this embodiment of the application, the testing function includes a single-anomaly dimension testing function and a multi-anomaly dimension testing function. The single-anomaly dimension testing function corresponds to one tested anomaly dimension, and the multi-anomaly dimension testing function corresponds to multiple tested anomaly dimensions. The multi-anomaly dimension testing function includes a power supply glitch-induced firmware damage test, which corresponds to the injected power supply glitch dimension and the interference flash memory read / write operation dimension.
[0053] In this embodiment, the testing functions provided by the test control terminal are further divided into single-anomaly dimension testing functions and multi-anomaly dimension testing functions. The multi-anomaly dimension testing function can simultaneously associate multiple tested anomaly dimensions. For example, "power supply glitches causing firmware corruption test" simultaneously corresponds to injecting power supply glitches and interfering with flash memory read / write operations. This enables the system to simulate a real fault chain where power supply disturbances and storage operations occur concurrently, improving the test's ability to cover complex faults and the realism of the scenario. This helps to discover collaborative defects that are difficult to trigger with single-dimensional testing.
[0054] Among them, the single-anomaly dimension test function refers to a test task that injects an anomaly independently into only one anomaly dimension (such as clock stretching in hardware anomalies, malformed IPMI messages in protocol anomalies, or simulated sensor anomalies in environmental anomalies); the multi-anomaly dimension test function refers to a test task that injects multiple different anomaly dimensions simultaneously or sequentially according to a preset timing or logical relationship within the same test cycle; the power supply glitches leading to firmware corruption test is a typical example of the multi-anomaly dimension test function. This test includes both the injection of power supply glitches in the hardware anomaly dimension and the interference of flash memory read / write operations in the environmental anomaly dimension. It is used to simulate whether the baseboard management controller can avoid firmware corruption or achieve reliable recovery when firmware erasure or programming operations happen to occur during server power fluctuations.
[0055] Specifically, the human-machine interface of the test control terminal displays a list of single-anomaly dimension test functions (such as "Single Power Glitch Test" and "Single Flash Read / Write Interference Test") and a list of multi-anomaly dimension test functions (such as "Power Glitch + Flash Interference Composite Test"). After the user selects "Power Glitch Causes Firmware Damage Test", the test control terminal sends a test signal carrying two tested anomaly dimensions to the intelligent control subsystem: the injected power glitch dimension in hardware anomalies and the interfering flash read / write operation dimension in environmental anomalies. After receiving the signal, the intelligent control subsystem, combined with the current state of the baseboard management controller (e.g., detecting that a firmware update or periodic flash erase / write operation is being performed), generates a composite test instruction, which includes two sub-instructions: a power glitch injection instruction (carrying a glitch amplitude of ±10%, a glitch width of 200 microseconds, and a trigger time of "flash programming start moment") and a flash read / write interference instruction (carrying an interference type of "remapping the write address to a bad block area" and a target operation of "programming operation"). After the composite test command is issued to the anomaly injection subsystem, the hardware anomaly module performs power glitch injection, while the environmental anomaly module intercepts the SPI signal in the FPGA. When the baseboard management controller writes firmware data to the flash memory, it dynamically remaps the target address to a pre-marked bad block region. The two anomalies can be triggered in a strict timing sequence: for example, address remapping interference can be initiated simultaneously with the falling edge of the power glitch. The evaluation and analysis subsystem captures the baseboard management controller's response information under this composite anomaly, including whether firmware verification failed, whether the bad block management mechanism was triggered, whether the system automatically rolled back to the backup firmware, and whether the correct error log was recorded. After the test is completed, the evaluation results are sent back to the test control terminal. The interface can display the differences between the results of single-dimensional and multi-dimensional tests through comparison. For example, a single power glitch test may pass, but firmware corruption occurs under the composite test, thus accurately locating the collaborative defect.
[0056] This embodiment introduces single-anomaly and multi-anomaly testing functions, particularly for complex scenarios such as firmware corruption testing caused by power supply glitches. This enables the testing system to realistically simulate hardware failure chains caused by multiple concurrent factors in real-world data centers. Compared to single-dimensional testing, multi-dimensional combined testing significantly improves the verification depth of the baseboard management controller's fault tolerance and recovery mechanisms under complex abnormal environments. It helps to discover latent timing-related, resource contention, and state coupling defects in the firmware, providing a more comprehensive and realistic testing method for the reliability assessment of server management systems.
[0057] Optionally, in this embodiment, the intelligent control subsystem includes a status monitoring unit and a dynamic adjustment unit; The status monitoring unit is used to read the CPU utilization of the baseboard management controller via IPMI commands; obtain memory usage by parsing the kernel logs of the operating system of the baseboard management controller; and measure the network service response latency of the baseboard management controller by sending ping packets; the status information includes CPU utilization, memory usage, and network service response latency. The dynamic adjustment unit is used to determine the current load level of the baseboard management controller based on the status information, and query the test rule information corresponding to the current load level in a preset load level and preset test rule information mapping table, wherein the test rule information includes test intensity; The dynamic adjustment unit is further configured to generate a test instruction based on the abnormal dimension being tested carried by the test signal and the test intensity, wherein the test instruction includes test timing information corresponding to the abnormal dimension being tested, determined based on the test intensity and the abnormal dimension being tested.
[0058] In this embodiment, the intelligent control subsystem specifically includes a status monitoring unit and a dynamic adjustment unit. The status monitoring unit collects the CPU utilization, memory usage, and network service response latency of the baseboard management controller in real time through IPMI commands, kernel log parsing, and network probing. The dynamic adjustment unit determines the current load level based on this status information, queries the corresponding test intensity in a preset mapping table, and then generates test instructions containing test timing information based on the dimensions of the anomaly being tested. This achieves adaptive matching between the test intensity and the real-time load of the object under test, avoiding the application of excessively strong anomalies to the baseboard management controller when it is under high load, which could lead to unrealistic faults, and also avoiding the omission of defects due to insufficient test intensity when the load is low.
[0059] Among them, IPMI commands refer to management instructions sent through the intelligent platform management interface protocol, which in this embodiment are used to actively read the CPU utilization rate inside the baseboard management controller; kernel logs refer to system log files in the baseboard management controller operating system that record kernel-level events (such as memory allocation, process scheduling, and error information), and memory usage can be obtained by parsing the logs; ping packets are network connectivity probe packets based on the ICMP protocol (Internet Control Message Protocol), and network service response latency can be obtained by measuring the time difference between sending and responding; the current load level is a quantitative classification of the real-time busy level of the baseboard management controller, for example, divided into three levels: low load, medium load, and high load; the preset load level and preset test rule information mapping table is a pre-configured table that associates corresponding test rule information with each load level, where the test rule information includes at least the test intensity, which can be expressed as parameters such as the frequency, amplitude, duration, or number of concurrent anomaly injections; test timing information is used to specify the execution order, interval, overlap, or triggering conditions of different anomaly dimensions on the time axis, such as sequential execution, alternating execution, or precise synchronous execution.
[0060] Specifically, the status monitoring unit in the intelligent control subsystem operates continuously according to a configurable sampling period (e.g., once every 500 milliseconds). The status monitoring unit obtains the CPU utilization value of the baseboard management controller by sending standard IPMI commands (e.g., "GetSensor Reading" or OEM-customized CPU utilization query commands) to the controller. Simultaneously, it remotely accesses the baseboard management controller's operating system (usually embedded Linux) to read kernel logs such as / var / log / messages or dmesg, extracting memory usage information using regular expressions or keyword matching, for example, calculating the percentage of used memory from the "MemTotal" and "MemFree" fields. Furthermore, the status monitoring unit sends ping packets to the baseboard management controller's management network interface (e.g., sending three consecutive packets, each one second apart), taking the average round-trip time as the network service response latency. These three status information items are aggregated in real time and transmitted to the dynamic adjustment unit. The dynamic adjustment unit comprehensively evaluates the current status information as the current load level based on a preset threshold or fuzzy membership function. For example, the rules can be set as follows: low load is defined when CPU utilization is <30%, memory usage is <40%, and ping latency is <10ms; medium load is defined when CPU utilization is between 30% and 70%, memory usage is between 40% and 80%, and latency is between 10 and 50ms; and high load is defined when the threshold is exceeded. The dynamic adjustment unit then queries a preset mapping table for the test rule information corresponding to the load level. This mapping table can be designed as follows: low load corresponds to high-intensity testing (e.g., power glitches ±15%, malformed packet transmission rate 200 packets / second, multiple abnormal dimensions enabled simultaneously); medium load corresponds to medium-intensity testing (e.g., glitches ±8%, packet rate 80 packets / second, selectively enabling some dimensions); and high load corresponds to low-intensity testing (e.g., glitches ±3%, packet rate 20 packets / second, enabling only a single dimension or reducing concurrency). The dynamic adjustment unit further receives test signals from the test control terminal, which carry the user-selected abnormal dimension to be tested (e.g., power glitches in hardware anomalies). The dynamic adjustment unit combines the queried test intensity with the user-specified anomaly dimension to generate specific test instructions. These instructions include parameters for anomaly injection (such as glitch amplitude, width, and trigger timing) and also generate test timing information. For example, when simultaneously testing power supply glitches and flash memory interference, the timing information can specify: first, wait for the board management controller to enter a low-load idle state, then initiate the flash memory programming operation; trigger the power supply glitch 100 microseconds after programming begins; and trigger the address remapping interference 50 microseconds after the glitch ends.The dynamic adjustment unit can also dynamically adjust unexecuted test commands based on real-time changes in load levels. If a sudden increase in the load of the baseboard management controller is detected during testing (e.g., due to other background tasks), the system can automatically reduce the intensity of subsequent anomaly injections or postpone high-intensity test cases, restoring them only after the load decreases. Furthermore, the historical curves of CPU, memory, and network latency recorded by the status monitoring unit can be correlated with test results for analysis to determine whether a test failure was caused by overload of the tested object itself rather than a direct result of injected anomalies. Multiple sampling methods can also be supported during implementation: for example, when measuring network response latency, in addition to ICMP ping, the time taken for TCP connect or HTTP GET requests can be used as a supplement; when acquiring memory usage, if kernel logs are unavailable, IPMI OEM commands or SNMP queries can be used as a fallback.
[0061] This embodiment utilizes a closed-loop feedback mechanism of state monitoring and dynamic adjustment, enabling the testing system to sense the real-time load of the managed controller of the board under test and adaptively adjust the test intensity. This avoids the drawbacks of traditional fixed-intensity testing, such as false alarms or damage caused by high equipment load and insufficient testing under low load, thus improving the reliability of test results and the protective capabilities of the equipment.
[0062] Optionally, in this embodiment of the application, the evaluation and analysis subsystem includes a multi-dimensional evaluation module; The multi-dimensional evaluation module is specifically used to divide the response information into service availability information, security isolation information, and recovery reliability information, and to perform multi-dimensional evaluation based on the service availability information, security isolation information, and recovery reliability information. The multi-dimensional evaluation results are then fused to obtain the evaluation result of the anomaly injection test. The multi-dimensional evaluation includes service availability, security isolation, and recovery reliability.
[0063] In this embodiment, the evaluation and analysis subsystem further includes a multi-dimensional evaluation module. This module divides the response information of the baseboard management controller to the anomaly injection test into three independent dimensions: service availability, security isolation, and recovery reliability. The modules are then quantitatively evaluated separately and integrated into a comprehensive evaluation result, which improves the precision of the test evaluation and the interpretability of the results.
[0064] Service availability information refers to the extent to which the baseboard management controller can still provide core services such as remote management, sensor query, and log access normally during and after anomaly injection. Specifically, it can be quantified as indicators such as command response time, request success rate, and session persistence capability. Security isolation information refers to whether the abnormal behavior of the baseboard management controller (such as illegal memory access, error interruption, protocol stack crash, etc.) is effectively restricted within its own management domain and does not spread to the host system, other management controllers, or shared resources. Relevant evidence includes whether abnormal packets cause host interruption, whether unauthorized access occurs in the management network, and whether the shared bus is abnormally occupied. Recovery reliability information refers to the ability of the baseboard management controller to automatically or through reset after the abnormal conditions are resolved or the test is completed. This includes fault self-healing time, configuration integrity after reset, whether historical logs are lost, and whether alarms are correctly cleared. Multi-dimensional evaluation refers to the comprehensive evaluation of the same anomaly injection test from three independent perspectives: service availability, security isolation, and recovery reliability. The evaluation results of the three dimensions are then quantified into scores or levels.
[0065] Specifically, the evaluation and analysis subsystem first continuously captures various response information from the baseboard management controller during the anomaly injection test, including but not limited to system event logs, sensor reading changes, network response messages, serial port output, GPIO status changes, and interrupt records on the host side. After receiving this raw response information, the multi-dimensional evaluation module categorizes it into three types according to predefined classification rules. For example, when performing a power glitch injection test, the module records the average response time and number of timeouts of the baseboard management controller's IPMI commands during this period, as service availability information; it also monitors whether the baseboard management controller sends false interrupt signals or erroneous SCIs to the host system, and whether it illegally writes host data through the shared memory channel, as security isolation information; after the power supply stabilizes, the module detects whether the baseboard management controller automatically reinitializes sensor scans, whether the network stack is rebuilt, whether the original configuration (such as IP addresses and user accounts) is completely maintained, and the time elapsed from glitch injection to restoration of normal service, as recovery reliability information. For malformed IPMI packet injection tests, service availability information is reflected in whether the baseboard management controller can continue to respond to normal, legitimate commands (e.g., while continuously receiving malformed packets, sending a standard Get Sensor Reading command every 5 seconds and calculating the success rate); security isolation information is reflected in whether the malformed packets cause the baseboard management controller to consume a large amount of host system resources (e.g., whether the interrupt load of the host CPU increases abnormally by monitoring through the side channel), or whether a memory leak causes the management interface to be completely locked but the host service is not affected (this situation has good isolation but poor availability and needs to be recorded separately); recovery reliability information is reflected in whether the baseboard management controller needs a hard reset to recover after stopping the injection of malformed packets, or whether it can automatically clean up the parsing error state and re-enter normal listening mode. When implementing multi-dimensional assessments, the system supports multiple classification methods: it can be based on automatic classification by the rule engine, for example, classifying "Sensor scan timeout" in the logs as a service availability issue, "Unaligned memory access to host space" as an isolation issue, and "Config lost after warm reset" as a recovery reliability issue; it can also be based on time windows, for example, data collected during the duration of the anomaly injection is classified as service availability and security isolation information, and data collected within a specified observation window (such as 30 seconds) after the anomaly injection stops is classified as recovery reliability information.Subsequently, the multi-dimensional evaluation module quantifies and scores each dimension: Service availability is scored based on command success rate (60% weight) and average response latency (40% weight), for example, a success rate of 100% and latency <10ms earns 100 points, while a success rate below 50% earns 0 points; Security isolation uses a deduction system, with 20 points deducted for each unauthorized access or abnormal interruption on the host side, and 0 points for a single severe cascading event (such as a host reset); Recovery reliability is scored by combining self-healing time (e.g., full marks for recovery within 5 seconds, 0 marks for recovery exceeding 60 seconds) and configuration integrity (50 points deducted for complete configuration loss, 20 points deducted for partial loss). After completing the independent scoring of the three dimensions, the module performs a fusion evaluation. The fusion method can employ weighted summation, such as assigning weights of 40%, 30%, and 30% to service availability, security isolation, and recovery reliability respectively, to obtain a comprehensive score. Alternatively, fuzzy comprehensive evaluation can be used, mapping the scores of each dimension to a membership matrix of "Excellent / Good / Average / Poor" before synthesizing the final grade. Weights can also be dynamically adjusted according to the testing objective; for example, increasing the weight of security isolation for scenarios with stringent security requirements, and increasing the weight of recovery reliability for operational scenarios. The fused evaluation results are output in a structured report format, including the comprehensive score, detailed scores for each dimension, timestamps of typical anomalies, and improvement suggestions (e.g., "Recovery reliability score is low; it is recommended to optimize the flash memory configuration backup mechanism"). During implementation, historical comparative evaluation can be supported, plotting the multi-dimensional scores of the same baseboard management controller under different firmware versions into a radar chart to visually demonstrate the capability changes brought about by version iterations. Furthermore, the multi-dimensional evaluation module can form a closed loop with the intelligent control subsystem: when the score of a certain dimension continuously falls below a threshold, the system can automatically trigger targeted supplementary tests; for example, if security isolation is poor, more boundary violation anomaly injections can be added to further expose vulnerability boundaries.
[0066] This embodiment introduces an independent and integrated evaluation mechanism encompassing service availability, security isolation, and recovery reliability. This not only determines whether the baseboard management controller has "passed the test," but also precisely identifies its specific weaknesses under abnormal operating conditions—whether it's slow response, fault propagation, or incomplete recovery—providing clear direction for firmware optimization. Simultaneously, the multi-dimensional integrated evaluation avoids misjudgments or masking effects that might arise from a single indicator (for example, if an anomaly causes the baseboard management controller to rapidly deadlock without propagating to the host, focusing solely on availability would result in a failure, but good isolation indicates an effective security mechanism), making the test conclusions more comprehensive and objective.
[0067] Optionally, in this embodiment of the application, the evaluation and analysis subsystem further includes a fault diagnosis engine; The fault diagnosis engine is configured to: connect events in the time series after the anomaly injection test into a causal chain based on the response information, construct a fault propagation graph based on the causal chain; and perform fuzzy matching in a preset vulnerability database based on the causal chain to predict the affected vulnerabilities corresponding to the baseboard management controller.
[0068] In this embodiment, the evaluation and analysis subsystem also includes a fault diagnosis engine. Based on the response information generated after the anomaly injection test, this engine connects events in a time series into a causal chain, constructs a fault propagation graph, and performs fuzzy matching in a preset vulnerability database based on the causal chain to predict vulnerabilities that may affect the baseboard management controller. Through this mechanism, the system can not only determine whether the test passes or fails, but also automatically trace the root cause of the anomaly, reveal the propagation path of the fault within the system, and provide security risk warnings by associating with a known vulnerability database, thus improving the security assessment capability of the test results.
[0069] Among them, the causal chain refers to a directed sequence that connects a series of events (such as log entries, state transitions, alarm signals, reset actions, etc.) generated inside and outside the baseboard management controller after the anomaly injection is triggered, according to the chronological order and logical dependencies. It is used to depict the complete process of the fault from occurrence to propagation to final manifestation. The fault propagation graph is a graph structure with nodes representing system components or events and directed edges representing causal relationships. It intuitively shows how the anomaly spreads between different modules of the baseboard management controller (such as sensor acquisition, IPMI protocol stack, flash drive, watchdog timer, etc.). The preset vulnerability database is a database of known security vulnerabilities and vulnerability characteristics related to the baseboard management controller that are collected in advance. Each vulnerability record contains information such as triggering conditions, abnormal behavior patterns and scope of impact. Fuzzy matching refers to the imprecise comparison of the causal chain features (such as specific event sequences, error code combinations, resource access patterns) extracted from actual testing with the patterns in the vulnerability database, sorting them according to similarity and predicting possible matching vulnerabilities.
[0070] Specifically, the fault diagnosis engine first receives complete response information from the anomaly injection test, including system event logs, kernel messages, network packet capture data, sensor reading change curves, and hardware status register snapshots output by the baseboard management controller. The engine performs time alignment and normalization on this information, and then performs causal chain construction. For example, when performing the "power glitch causing firmware corruption test", the engine extracts the following time sequence events: a power glitch is injected at time T0; an abnormal write enable signal is detected on the flash SPI bus at T0+10ms; the baseboard management controller logs "Flash programming error" at T0+25ms; a "BMC watchdog timeout" event occurs at T0+35ms; the baseboard management controller performs a hardware reset at T0+40ms; after the reset, sensor readings recover but IPMI configuration is lost at T0+500ms. The engine connects these events into a causal chain through rule-based reasoning (such as the temporal proximity and logical correlation between "programming error" and "write enable anomaly"): power glitch → SPI write enable anomaly → flash programming error → watchdog timeout → hardware reset → configuration loss. Based on this causal chain, the engine further constructs a fault propagation graph, where nodes include "power glitch injection point," "SPI controller," "flash drive module," "file system layer," "watchdog timer," "reset logic," and "configuration storage area," with propagation delays and triggering conditions labeled along the edges. After completing the causal chain and fault propagation graph, the fault diagnosis engine transforms the causal chain into feature vectors (e.g., event type sequence, time interval distribution, error code set) and performs fuzzy matching in a preset vulnerability database. The preset vulnerability database is either a general CVE / NVD vulnerability database or a custom vulnerability database built based on historical test results. The vulnerability database pre-stores the feature patterns of various known BMC vulnerabilities. For example, the feature of "CVE-2021-Baseboard Management Controller Test X Based on Automated Anomaly Injection: Malformed IPMI Messages Lead to Remote Denial of Service" is "malformed message → IPMI message parser crash → management network unresponsive → hard reset required for recovery"; the feature of "CVE-2022-YYYY: Power glitch during flash programming can lead to firmware signature bypass" is "power glitch + flash programming → verification skipped → firmware tampering → abnormal startup." Fuzzy matching uses edit distance, cosine similarity, or deep learning models to calculate the similarity between causal chain features and vulnerability patterns, outputting the most matching vulnerabilities and their confidence levels. For example, for the aforementioned causal chain of power glitch + flash memory error, the engine might predict a 92% match for "CVE-2022-YYYY" and a 65% match for "CVE-2019-ZZZZ (flash memory data corruption leading to information leakage)". The prediction results, along with the causal chain and fault propagation graph, are presented on the test control terminal, allowing engineers to verify the existence of unpatched vulnerabilities or assess the effectiveness of firmware mitigation measures.
[0071] The fault diagnosis engine in this embodiment visually demonstrates the propagation path of anomalies within the baseboard management controller through causal chains and fault propagation graphs, helping engineers understand the root causes of vulnerabilities. The vulnerability prediction function based on fuzzy matching enables the testing system to also have security audit capabilities, providing early warnings of potential risks without triggering actual vulnerability exploitation.
[0072] Furthermore, as a refinement and extension of the specific implementation of the above embodiments, and to fully illustrate the specific implementation process of this embodiment, another test method for a substrate management controller based on automated anomaly injection is provided, such as... Figure 3 As shown, the method includes: Step 301: The intelligent control subsystem collects the status information of the baseboard management controller, determines the test rule information based on the status information, generates test instructions based on the test rule information, and sends the test instructions to the anomaly injection subsystem. Step 302: The anomaly injection subsystem performs anomaly injection tests on the server in at least one anomaly dimension according to the test instructions, wherein the anomaly dimension includes hardware anomaly dimension, protocol anomaly dimension and environment anomaly dimension. Step 303: The evaluation and analysis subsystem obtains the response information of the baseboard management controller to the anomaly injection test, and evaluates the results of the anomaly injection test based on the response information.
[0073] By applying the technical solution of this embodiment, the intelligent control subsystem dynamically adjusts test rules based on real-time status, avoiding the one-sidedness and lag of manually formulated test cases; the anomaly injection subsystem supports independent or combined injection of hardware, protocol, and environment dimensions, improving the coverage of complex real-world fault scenarios; the evaluation and analysis subsystem performs quantitative result evaluation based on objective response information, eliminating the subjective bias of manual judgment. Ultimately, this system can improve the comprehensiveness, testing efficiency, and defect detection rate of the board management controller reliability verification, providing an efficient and reusable technical means for quality assurance of server management firmware.
[0074] Optionally, in this embodiment, the anomaly injection subsystem includes a hardware anomaly module; the hardware anomaly dimension includes at least one of clock stretching dimension, data signal flipping dimension, and injected power glitches dimension; the anomaly injection subsystem performs anomaly injection testing on the server according to the test instruction for at least one anomaly dimension, including: Performing anomaly injection testing in the clock stretching dimension includes: intercepting the original clock signal sent by the substrate management controller; changing the duty cycle of the original clock signal to obtain an abnormal clock signal according to the instruction parameters carried in the test instruction; and sending the abnormal clock signal to the bus to send the abnormal clock signal to the server through the bus. The instruction parameters include a duty cycle modification parameter, which represents the amount of duty cycle modification of the original clock signal. And / or, Performing anomaly injection test of data signal flipping dimension includes: intercepting the original data signal sent by the substrate management controller; performing an XOR operation on the original data signal and the mask according to the instruction parameters carried in the test instruction to obtain an abnormal data signal; and sending the abnormal data signal to the bus to send the abnormal data signal to the server through the bus. The instruction parameters include a data signal bit length parameter, which characterizes the bit position determination rule for performing the XOR operation on the original data signal. And / or, Performing an abnormal injection test in the dimension of injected power glitches includes: receiving a pulse width modulation signal sent by a field-programmable gate array through the voltage recognition pin of the power management integrated circuit according to the instruction parameters carried in the test instruction, so that the power management integrated circuit first deviates from the normal value and then recovers when the substrate management controller performs a preset key operation, in order to simulate the impact of power fluctuations on the stability of the substrate management controller; wherein, the instruction parameters include glitch amplitude parameters, glitch width parameters, and trigger timing parameters, the glitch amplitude parameter represents the percentage of output voltage deviating from the normal value, the glitch width parameter represents the duration of the glitch, and the trigger timing parameter represents the internal event of the substrate management controller synchronized with the glitch injection.
[0075] Optionally, in this embodiment of the application, the anomaly injection subsystem includes a protocol anomaly module; the protocol anomaly dimension includes a malformed IPMI packet injection dimension and / or an abnormal Redfish API call dimension; the anomaly injection subsystem performs anomaly injection testing on the server in at least one anomaly dimension according to the test instructions, including: Performing anomaly injection testing on the dimension of malformed IPMI packet injection includes: automatically generating malformed packets that do not conform to the protocol specification based on the instruction parameters carried in the test instruction, and sending the malformed packets to the baseboard management controller via the bus. The instruction parameters include mutation policy parameters and packet transmission rate parameters. The mutation policy parameters represent the field selection rules and field mutation rules of the malformed packets, and the packet transmission rate parameters represent the number of malformed packets sent per unit time. And / or, Performing anomaly injection testing on the dimension of abnormal Redfish API calls includes: constructing a Redfish request containing illegal parameters according to the instruction parameters carried in the test instruction, and sending it to the baseboard management controller; wherein, the instruction parameters include API resource path parameters and abnormal payload template parameters, the API resource path parameters represent the location of the target Redfish resource, and the abnormal payload template parameters represent the illegal data type to be injected.
[0076] Optionally, in this embodiment of the application, the anomaly injection subsystem includes an environmental anomaly module; the environmental anomaly dimension includes at least one of simulated sensor abnormal data dimension and / or interference flash memory read / write operation dimension; the anomaly injection subsystem performs anomaly injection testing on the server in at least one anomaly dimension according to the test instruction, including: Performing anomaly injection tests simulating abnormal sensor data includes: according to the instruction parameters carried in the test instruction, when the baseboard management controller queries the target sensor through the bus, returning false sensor data instead of the real sensor; wherein, the instruction parameters include sensor address parameters, abnormal data type parameters, and return value parameters, the sensor address parameters represent the bus address of the target sensor, the abnormal data type parameters represent the type of fault to be simulated, and the return value parameters represent the specific returned value or error code; And / or, Performing anomaly injection tests on the dimensions of flash memory read / write operations includes: intercepting the serial peripheral interface signal between the substrate management controller and the external flash memory through a field-programmable gate array according to the instruction parameters carried in the test instruction; and injecting interference when the substrate management controller performs a target operation according to the serial peripheral interface signal; wherein, the instruction parameters include interference type parameters and target operation parameters, the interference type parameters characterize the type of error to be injected, the error type includes at least one of remapping the write address to a bad block region, returning a read error state, and bit flipping, and the target operation parameters characterize the type of the target operation, the target operation type includes at least one of erasing, programming, and reading.
[0077] Optionally, in this application embodiment, it also includes: The test control terminal provides a human-computer interaction interface to provide various test functions and output test results through the human-computer interaction interface, wherein the test function is associated with at least one corresponding tested anomaly dimension; In response to the triggering operation of any test function, the test control terminal sends a test signal to the intelligent control subsystem, wherein the test signal carries the abnormal dimension being tested; The intelligent control subsystem generates test instructions based on the anomaly dimension being tested carried by the test signal and the test rule information.
[0078] Optionally, in this embodiment of the application, the testing function includes a single-anomaly dimension testing function and a multi-anomaly dimension testing function. The single-anomaly dimension testing function corresponds to one tested anomaly dimension, and the multi-anomaly dimension testing function corresponds to multiple tested anomaly dimensions. The multi-anomaly dimension testing function includes a power supply glitch-induced firmware damage test, which corresponds to the injected power supply glitch dimension and the interference flash memory read / write operation dimension.
[0079] Optionally, in this embodiment, the intelligent control subsystem includes a status monitoring unit and a dynamic adjustment unit; the intelligent control subsystem collects status information from the baseboard management controller, determines test rule information based on the status information, and generates test instructions based on the test rule information, including: The status monitoring unit reads the CPU utilization of the baseboard management controller via IPMI commands; obtains the memory usage by parsing the kernel logs of the operating system of the baseboard management controller; and measures the network service response latency of the baseboard management controller by sending ping packets; the status information includes CPU utilization, memory usage, and network service response latency. The dynamic adjustment unit determines the current load level of the baseboard management controller based on the status information, and queries the test rule information corresponding to the current load level in the preset load level and preset test rule information mapping table, wherein the test rule information includes test intensity; The dynamic adjustment unit generates a test instruction based on the anomaly dimension being tested carried by the test signal and the test intensity, wherein the test instruction includes test timing information corresponding to the anomaly dimension being tested, determined based on the test intensity and the anomaly dimension being tested.
[0080] Optionally, in this embodiment of the application, the evaluation and analysis subsystem includes a multi-dimensional evaluation module; the step of evaluating the result of the anomaly injection test based on the response information includes: dividing the response information into service availability information, security isolation information, and recovery reliability information, and performing a multi-dimensional evaluation based on the service availability information, the security isolation information, and the recovery reliability information, and fusing the multi-dimensional evaluation results to obtain the evaluation result of the anomaly injection test, wherein the multi-dimensional aspects include service availability, security isolation, and recovery reliability.
[0081] Optionally, in this embodiment, the evaluation and analysis subsystem further includes a fault diagnosis engine; the step of evaluating the result of the anomaly injection test based on the response information includes: connecting the events in the time series after the anomaly injection test into a causal chain based on the response information, constructing a fault propagation graph based on the causal chain; and performing fuzzy matching in a preset vulnerability database based on the causal chain to predict the affected vulnerabilities corresponding to the baseboard management controller.
[0082] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
[0083] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.
Claims
1. A test system for a baseboard management controller based on automated anomaly injection, characterized in that, include: Intelligent control subsystem, anomaly injection subsystem, and evaluation and analysis subsystem; The intelligent control subsystem is used to collect the status information of the baseboard management controller, determine the test rule information based on the status information, generate test instructions based on the test rule information, and send the test instructions to the anomaly injection subsystem. The anomaly injection subsystem is used to perform anomaly injection tests on the server in at least one anomaly dimension according to the test instructions, wherein the anomaly dimension includes hardware anomaly dimension, protocol anomaly dimension and environment anomaly dimension. The evaluation and analysis subsystem is used to obtain the response information of the substrate management controller to the abnormal injection test, and to evaluate the result of the abnormal injection test based on the response information.
2. The test system for a baseboard management controller based on automated anomaly injection according to claim 1, characterized in that, The anomaly injection subsystem includes a hardware anomaly module; the hardware anomaly dimension includes at least one of clock stretching dimension, data signal flipping dimension, and injected power glitches dimension. The hardware fault module is used for: Performing anomaly injection testing in the clock stretching dimension includes: intercepting the original clock signal sent by the substrate management controller; changing the duty cycle of the original clock signal to obtain an abnormal clock signal according to the instruction parameters carried in the test instruction; and sending the abnormal clock signal to the bus to send the abnormal clock signal to the server through the bus. The instruction parameters include a duty cycle modification parameter, which represents the amount of duty cycle modification of the original clock signal. And / or, Performing anomaly injection test of data signal flipping dimension includes: intercepting the original data signal sent by the substrate management controller; performing an XOR operation on the original data signal and the mask according to the instruction parameters carried in the test instruction to obtain an abnormal data signal; and sending the abnormal data signal to the bus to send the abnormal data signal to the server through the bus. The instruction parameters include a data signal bit length parameter, which characterizes the bit position determination rule for performing the XOR operation on the original data signal. And / or, Performing an abnormal injection test in the dimension of injected power glitches includes: receiving a pulse width modulation signal sent by a field-programmable gate array through the voltage recognition pin of the power management integrated circuit according to the instruction parameters carried in the test instruction, so that the power management integrated circuit first deviates from the normal value and then recovers when the substrate management controller performs a preset key operation, in order to simulate the impact of power fluctuations on the stability of the substrate management controller; wherein, the instruction parameters include glitch amplitude parameters, glitch width parameters, and trigger timing parameters, the glitch amplitude parameter represents the percentage of output voltage deviating from the normal value, the glitch width parameter represents the duration of the glitch, and the trigger timing parameter represents the internal event of the substrate management controller synchronized with the glitch injection.
3. The test system for a baseboard management controller based on automated anomaly injection according to claim 1, characterized in that, The anomaly injection subsystem includes a protocol anomaly module; the protocol anomaly dimensions include malformed IPMI packet injection dimension and / or abnormal Redfish API call dimension. The protocol exception module is used for: Performing anomaly injection testing on the dimension of malformed IPMI packet injection includes: automatically generating malformed packets that do not conform to the protocol specification based on the instruction parameters carried in the test instruction, and sending the malformed packets to the baseboard management controller via the bus. The instruction parameters include mutation policy parameters and packet transmission rate parameters. The mutation policy parameters represent the field selection rules and field mutation rules of the malformed packets, and the packet transmission rate parameters represent the number of malformed packets sent per unit time. And / or, Performing anomaly injection testing on the dimension of abnormal Redfish API calls includes: constructing a Redfish request containing illegal parameters according to the instruction parameters carried in the test instruction, and sending it to the baseboard management controller; wherein, the instruction parameters include API resource path parameters and abnormal payload template parameters, the API resource path parameters represent the location of the target Redfish resource, and the abnormal payload template parameters represent the illegal data type to be injected.
4. The substrate management controller test system based on automated anomaly injection according to claim 1, characterized in that, The anomaly injection subsystem includes an environmental anomaly module; the environmental anomaly dimension includes at least one of the following: simulated sensor anomaly data dimension and / or interference flash memory read / write operation dimension. The environmental anomaly module is used for: Performing anomaly injection tests simulating abnormal sensor data includes: according to the instruction parameters carried in the test instruction, when the baseboard management controller queries the target sensor through the bus, returning false sensor data instead of the real sensor; wherein, the instruction parameters include sensor address parameters, abnormal data type parameters, and return value parameters, the sensor address parameters represent the bus address of the target sensor, the abnormal data type parameters represent the type of fault to be simulated, and the return value parameters represent the specific returned value or error code; And / or, Performing anomaly injection tests on the dimensions of flash memory read / write operations includes: intercepting the serial peripheral interface signal between the substrate management controller and the external flash memory through a field-programmable gate array according to the instruction parameters carried in the test instruction; and injecting interference when the substrate management controller performs a target operation according to the serial peripheral interface signal; wherein, the instruction parameters include interference type parameters and target operation parameters, the interference type parameters characterize the type of error to be injected, the error type includes at least one of remapping the write address to a bad block region, returning a read error state, and bit flipping, and the target operation parameters characterize the type of the target operation, the target operation type includes at least one of erasing, programming, and reading.
5. The substrate management controller test system based on automated anomaly injection according to any one of claims 1 to 4, characterized in that, Also includes: A test control terminal is used to provide a human-computer interaction interface to provide various test functions and output test results through the human-computer interaction interface, wherein the test function is associated with at least one corresponding tested anomaly dimension; The test control terminal is also used to send a test signal to the intelligent control subsystem in response to the triggering operation of any test function, wherein the test signal carries the abnormal dimension being tested; The intelligent control subsystem is specifically used to generate test instructions based on the abnormal dimension being tested carried by the test signal and the test rule information.
6. The test system for a baseboard management controller based on automated anomaly injection according to claim 5, characterized in that, The testing functions include single-anomaly dimension testing and multi-anomaly dimension testing. The single-anomaly dimension testing corresponds to one tested anomaly dimension, and the multi-anomaly dimension testing corresponds to multiple tested anomaly dimensions. The multi-anomaly dimension testing includes power supply glitches causing firmware damage testing, which corresponds to the injected power supply glitches dimension and the interference with flash memory read / write operations dimension.
7. The test system for a baseboard management controller based on automated anomaly injection according to claim 5, characterized in that, The intelligent control subsystem includes a status monitoring unit and a dynamic adjustment unit; The status monitoring unit is used to read the CPU utilization of the baseboard management controller via IPMI commands; obtain memory usage by parsing the kernel logs of the operating system of the baseboard management controller; and measure the network service response latency of the baseboard management controller by sending ping packets; the status information includes CPU utilization, memory usage, and network service response latency. The dynamic adjustment unit is used to determine the current load level of the baseboard management controller based on the status information, and query the test rule information corresponding to the current load level in a preset load level and preset test rule information mapping table, wherein the test rule information includes test intensity; The dynamic adjustment unit is further configured to generate a test instruction based on the abnormal dimension being tested carried by the test signal and the test intensity, wherein the test instruction includes test timing information corresponding to the abnormal dimension being tested, determined based on the test intensity and the abnormal dimension being tested.
8. The test system for a baseboard management controller based on automated anomaly injection according to claim 1, characterized in that, The evaluation and analysis subsystem includes a multi-dimensional evaluation module; The multi-dimensional evaluation module is specifically used to divide the response information into service availability information, security isolation information, and recovery reliability information, and to perform multi-dimensional evaluation based on the service availability information, security isolation information, and recovery reliability information. The multi-dimensional evaluation results are then fused to obtain the evaluation result of the anomaly injection test. The multi-dimensional evaluation includes service availability, security isolation, and recovery reliability.
9. The test system for a baseboard management controller based on automated anomaly injection according to claim 8, characterized in that, The evaluation and analysis subsystem also includes a fault diagnosis engine; The fault diagnosis engine is configured to: connect events in the time series after the anomaly injection test into a causal chain based on the response information, construct a fault propagation graph based on the causal chain; and perform fuzzy matching in a preset vulnerability database based on the causal chain to predict the affected vulnerabilities corresponding to the baseboard management controller.
10. A test method for a baseboard management controller based on automated anomaly injection, characterized in that, Testing the baseboard management controller using the baseboard management controller test system based on automated anomaly injection as described in any one of claims 1 to 9 includes: The intelligent control subsystem collects the status information of the baseboard management controller, determines the test rule information based on the status information, generates test instructions based on the test rule information, and sends the test instructions to the anomaly injection subsystem. The anomaly injection subsystem performs anomaly injection tests on the server in at least one anomaly dimension according to the test instructions, wherein the anomaly dimension includes hardware anomaly dimension, protocol anomaly dimension and environment anomaly dimension; The evaluation and analysis subsystem obtains the response information of the baseboard management controller to the abnormal injection test, and evaluates the results of the abnormal injection test based on the response information.