[go: up one dir, main page]

CN118713816B - Server system, firmware processing method, device, equipment, medium and product - Google Patents

Server system, firmware processing method, device, equipment, medium and product Download PDF

Info

Publication number
CN118713816B
CN118713816B CN202411195095.7A CN202411195095A CN118713816B CN 118713816 B CN118713816 B CN 118713816B CN 202411195095 A CN202411195095 A CN 202411195095A CN 118713816 B CN118713816 B CN 118713816B
Authority
CN
China
Prior art keywords
node
information
target
server
blockchain network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411195095.7A
Other languages
Chinese (zh)
Other versions
CN118713816A (en
Inventor
汉阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Metabrain Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Metabrain Intelligent Technology Co Ltd filed Critical Suzhou Metabrain Intelligent Technology Co Ltd
Priority to CN202411195095.7A priority Critical patent/CN118713816B/en
Publication of CN118713816A publication Critical patent/CN118713816A/en
Application granted granted Critical
Publication of CN118713816B publication Critical patent/CN118713816B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1042Peer-to-peer [P2P] networks using topology management mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • H04L67/1065Discovery involving distributed pre-established resource-based relationships among peers, e.g. based on distributed hash tables [DHT] 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a server system, a firmware processing method, a device, equipment, a medium and a product, wherein the server system comprises a plurality of server nodes, the server nodes comprise server network ports, baseboard management controller nodes and controller nodes, the server network ports are bound with a first Internet protocol address and a second Internet protocol address, the first Internet protocol address is used for being distributed to the baseboard management controller nodes, the second Internet protocol address is used for being distributed to the controller nodes, the plurality of baseboard management controller nodes form a server service network, the plurality of controller nodes form a block chain network, and the controller nodes are used for transmitting target information in the block chain network. The invention realizes the architecture design of the target information block chain of the server in a mode of not changing the main body network of the server, wherein the target information is the key information in the block chain network, and the information security protection isolation is realized by dividing the key information and the service information.

Description

Server system, firmware processing method, device, equipment, medium and product
Technical Field
The present invention relates to the field of server technologies, and in particular, to a server system, a firmware processing method, a device, equipment, a medium, and a product.
Background
Server messaging is critical to maintaining the security and integrity of data transmissions within a network. It ensures reliable and secure transfer of messages between servers, services and clients. Especially for firmware version updating and running log of the server, if security and traceability cannot be guaranteed, the whole server network has a great hidden trouble. At present, key information is transmitted through a common centralized network among servers, and the risks of single-point faults, lack of transparency, data tampering and the like exist.
Blockchain technology has been attracting attention in recent years as a decentralised, secure and trusted distributed ledger technology, and has revolutionized revolution in a number of areas. Compared with the traditional centralized database system, each node in the blockchain contains a complete account book copy, and any modification of the account book requires the consensus of a plurality of nodes in the network, so that the safety and the non-tamper property of data are ensured.
Currently, a server centralized network is generally used in a conventional enterprise environment, wherein a central server manages network traffic, data storage and application services, processes all data transactions, and clients request services from the central server and communicate with each other, and such data processing only through the centralized network has a problem of single point of failure, that is, the centralized system is controlled by one single point, and once the target of attack is destroyed, the security of the whole system is at risk.
Disclosure of Invention
The embodiment of the invention aims to provide a server system, a firmware processing method, a device, equipment, a medium and a product, and the specific technical scheme is as follows:
In a first aspect of the present invention, there is provided a server system, the server system including a plurality of server nodes, the server nodes including a server portal, a baseboard management controller node, and a controller node;
the server portal binds a first internet protocol address and a second internet protocol address;
The first internet protocol address is used for being distributed to a baseboard management controller node, the second internet protocol address is used for being distributed to the controller node, a plurality of baseboard management controller nodes form a server service network, a plurality of controller nodes form a blockchain network, and the controller nodes are used for transmitting target information in the blockchain network.
Optionally, a plurality of the baseboard management controller nodes are connected through a central node to form a star topology.
Optionally, a plurality of the controller nodes are distributed and interconnected.
Optionally, the blockchain network includes a creation node, an accounting node, and a check node, wherein the creation node, the accounting node, and the check node respectively correspond to the controller nodes in the blockchain network.
Optionally, the creating node is configured to upload the controller node of the target information.
Optionally, the accounting node is configured to record the controller node of the target information.
Optionally, the checking node is configured to check validity of the target information.
Optionally, the blocks in the blockchain network are linked by hash values.
Optionally, the block comprises a head and a body;
The header comprises a hash value of a current block, a hash value of a previous block corresponding to the current block in a connection sequence, and timestamp information, wherein the timestamp information is used for recording creation time corresponding to the current block;
the body includes the target information.
Optionally, the controller node is used for firmware processing and logging.
Optionally, the server portal is configured as a single portal, and the server system is linked to an external network through the single portal.
Optionally, the first internet protocol address is a dynamic IP, the second internet protocol address is a static IP, and the baseboard management controller node performs service transmission through the dynamic IP.
In a second aspect of the present invention, there is also provided a firmware processing method applied to the server system in the first aspect, where the method includes:
determining a first edge computing node in a blockchain network in the server system, and taking the first edge computing node as a creation node;
transmitting firmware processing information to the blockchain network through the creation node, wherein the firmware processing information is determined based on the target server vendor requirements;
Carrying out private key encryption packaging on the firmware processing information through the creating node to obtain target firmware processing information, sending the target firmware processing information to a blockchain network, and creating a target block in the blockchain network;
Broadcasting the target block to a checking node through a point-to-point topology, so that the checking node can verify the target block, wherein the checking node is a second edge computing node in the blockchain network;
if the verification is successful, adding the target block into the blockchain network;
Capturing the target firmware processing information in the target block through a third edge computing node in the blockchain network, and analyzing the firmware processing information;
And processing the target firmware based on the analyzed firmware processing information.
Optionally, before the step of broadcasting to the checking node over the point-to-point topology, the method comprises:
confirming whether the target encryption information is in a valid state or not through the checking node;
if yes, the target encryption information is placed in a memory pool corresponding to the check node;
and determining block creation information in the memory pool through the check node, and compiling and generating a target block based on the block creation information.
Optionally, after the step of processing the target firmware based on the parsed firmware processing information, the method includes:
Uploading log information corresponding to the controller node where the controller is located according to a preset time interval.
Optionally, after the step of processing the target firmware based on the parsed firmware processing information, the method includes:
when the controller monitors that the server system is in an abnormal power-down state, uploading log information corresponding to a controller node where the controller is located.
In a third aspect of the implementation of the present invention, there is also provided a firmware processing apparatus applied to the server system in the first aspect, where the apparatus includes:
a determining module, configured to determine a first edge computing node in a blockchain network in the server system, and take the first edge computing node as a creating node;
a sending module, configured to send firmware processing information to the blockchain network through the creation node, where the firmware processing information is determined based on the target server vendor requirements;
the creation module is used for carrying out private key encryption packaging on the firmware processing information through the creation node to obtain target firmware processing information, sending the target firmware processing information to a blockchain network and creating a target block in the blockchain network;
The verification module is used for broadcasting the target block to a verification node through a point-to-point topology so as to verify the target block through the verification node, wherein the verification node is a second edge computing node in the blockchain network;
the adding module is used for adding the target block into the blockchain network if verification is successful;
the grabbing module is used for grabbing the target firmware processing information in the target block through a third edge computing node in the blockchain network and analyzing the firmware processing information;
and the processing module is used for processing the target firmware based on the analyzed firmware processing information.
In a fourth aspect of the invention, there is also provided a communication device comprising a transceiver, a memory, a processor and a program stored on the memory and executable on the processor;
The processor is configured to read a program in the memory to implement the power backup method of the memory resource integrated machine according to any one of the first aspect.
In a fifth aspect of the present invention, there is also provided a computer readable storage medium having instructions stored therein, which when run on a computer, cause the computer to implement the memory resource integrated machine power up method according to any one of the first aspects.
In a sixth aspect of the present invention, there is also provided a computer program product comprising a computer program/instruction which, when executed by a processor, implements a memory resource integrated machine power method as in any of the first aspects.
The server system provided by the embodiment of the invention comprises a plurality of server nodes, wherein each server node comprises a server network port, a baseboard management controller node and a controller node, the server network port is bound with a first Internet protocol address and a second Internet protocol address, the first Internet protocol address is used for being distributed to the baseboard management controller node, the second Internet protocol address is used for being distributed to the controller node, the baseboard management controller nodes form a server service network, the controller nodes form a blockchain network, and the controller nodes are used for transmitting target information in the blockchain network. In the embodiment of the invention, the CPLD is used in the server to realize the blockchain network, the dual-IP is configured on the basis of the current single network port of the server and is connected to the BMC and the CPLD on the main board, wherein the BMC realizes the main body communication function, the service is unchanged, and the CPLD forms the blockchain network, namely, the invention can realize the architecture design of the target information blockchain of the server in a mode of not changing the main body network of the server, and the target information is essentially the key information in the blockchain network, and can well realize the information security protection isolation by dividing the key information and the service information into two networks. In addition, by parallel processing of the CPLD, data from a large number of sensors can be processed in real time, and the power consumption is relatively low, and the CPLD is suitable for building a blockchain technology.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a schematic diagram of a server system according to an embodiment of the present invention;
FIG. 2 is a block diagram of an exemplary blockchain network provided by embodiments of the present invention;
FIG. 3 is a flowchart illustrating steps of a firmware processing method according to an embodiment of the present invention;
FIG. 4 is a flowchart of another firmware processing method provided by an embodiment of the present invention;
FIG. 5 is a schematic diagram of an exemplary server system provided by an embodiment of the present invention;
FIG. 6 is a block diagram of a firmware processing device according to an embodiment of the present invention;
Fig. 7 is a schematic diagram of a communication device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the following detailed description of the embodiments of the present application will be given with reference to the accompanying drawings. However, those of ordinary skill in the art will understand that in various embodiments of the present application, numerous technical details have been set forth in order to provide a better understanding of the present application. The claimed application may be practiced without these specific details and with various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not be construed as limiting the specific implementation of the present application, and the embodiments can be mutually combined and referred to without contradiction.
Referring to fig. 1, an architecture diagram of a server system provided by an embodiment of the present invention is shown, where the server system includes a plurality of server nodes, where the server nodes include a server portal, a baseboard management controller node, and a controller node;
the server portal binds a first internet protocol address and a second internet protocol address;
The first internet protocol address is used for being distributed to a baseboard management controller node, the second internet protocol address is used for being distributed to the controller node, a plurality of baseboard management controller nodes form a server service network, a plurality of controller nodes form a blockchain network, and the controller nodes are used for transmitting target information in the blockchain network.
It should be noted that, in the embodiment of the present application, the IP address is an IP address.
It should be noted that, in the embodiment of the present application, the CPLD (Complex Programmable Logic Device, i.e., the complex programmable logic device) may be responsible for firmware FW upgrade such as BMC/BIOS, control and record the power state of the server, and other important tasks in the server, and in addition, the CPLD may implement a protocol (such as PoW) with high computing power, encryption functions such as encryption, hash and digital signature, and network functions, and may process multiple sets of data in parallel, and the power consumption is low and the cost is low.
The invention distributes double IP to a single network port of the server, and distributes two IP to BMC and CPLD respectively. The BMC network is used for normal service work of the server, can be used for mass information transfer, and does not change the original service logic. CPLDs then form blockchain networks with each other through additional IPs (which may be set to static IPs in advance) and act as controllers or gateways for delivering critical information such as firmware information, system logs, and the like.
Further, a plurality of baseboard management controller nodes are connected through a central node to form a star topology.
Further, a plurality of the controller nodes are in distributed interconnection.
Further, the blockchain network comprises a creation node, an accounting node and a checking node, wherein the creation node, the accounting node and the checking node respectively correspond to the controller nodes in the blockchain network.
Further, the creation node is configured to upload the target information to a controller node.
Further, the accounting node is configured to record the controller node of the target information.
Further, the checking node is used for checking the validity of the target information.
It should be noted that, in the embodiment of the present application, in one transmission, the key information in the blockchain is transmitted by using the CPLD, and there are three roles of a creation node, an accounting node and a checking node, where the creation node, the accounting node and the checking node respectively correspond to the controller node in the blockchain network.
The creating node is a server node for initiating accounting, namely uploading key information, the checking node is all nodes except the uploading node and is responsible for checking the validity of the key information, and the accounting node is a node for finally recording the key information, namely, a node which is qualified to register the bill recorded by the accounting node on an account book.
Further, blocks in the blockchain network are linked by hash values.
Further, the block includes a head and a body;
The header comprises a hash value of a current block, a hash value of a previous block corresponding to the current block in a connection sequence, and timestamp information, wherein the timestamp information is used for recording creation time corresponding to the current block;
the body includes the target information.
It should be noted that, in the embodiment of the present application, the blockchain is composed of blockchains called ledgers. As shown in fig. 2. The blocks are linked by hash values. Each block contains the hash value of the previous block. The blocks are thus linked in the form of a list. The block is divided into two parts, a head and a body. In addition to the hash value of the last chunk, the header also contains a timestamp showing the time of release of the chunk and the hash value.
It should be noted that, in the embodiment of the present application, the Merkle root in fig. 2 is a Merkle root, and refers to a root node of a Merkle tree (MERKLE TREE). Merkle trees are a special binary tree data structure that is used to effectively verify the integrity of large amounts of data, in which each non-leaf node is a hash of its child node data, and the leaf node contains the hash of the data block.
In this way, the integrity of the entire data set may be verified by verifying the hash value of the root node. If any one of the data blocks changes, the hash value of the root node will also change accordingly, so that tampering of the data can be detected. In blockchain technology, merkle trees are widely used for validation of transaction data. Each chunk contains a Merkle tree, where the leaf node is the hash value of all transactions in the chunk. The block header contains a root node hash value (Merkle root) of the Merkle tree, and the hash value is a summary of the transaction data of the whole block. By verifying the Merkle root, the node can quickly confirm whether all transactions in the block have been tampered without verifying each transaction one by one.
Further, the controller node is used for firmware processing and logging.
Further, the server portal is configured as a single portal, and the server system is linked to an external network through the single portal.
Further, the first internet protocol address is a dynamic IP, the second internet protocol address is a static IP, and the baseboard management controller node performs service transmission through the dynamic IP.
It should be noted that, in the embodiment of the present application, dual IP is configured on a single server node, and is connected to a Baseboard Management Controller (BMC) and a Complex Programmable Logic Device (CPLD) on a motherboard. The BMC will use dynamic IP for traffic transport and other major elements, while the CPLD will use static IP for firmware upgrades, logging, and blockchain-based functions.
Specifically, two IPs are assigned to a single network port using VLAN tags. VLAN ID 1 (dynamic IP) of the BMC and VLAN ID 2 (static IP) of the CPLD. DHCP is configured on VLAN ID 1 to assign dynamic IP to BMC. A static IP is assigned manually or by script to VLAN ID 2 of the CPLD.
In the embodiment of the application, the block chain technology is integrated in a server network, so that the following benefits can be brought:
first, the traditional centralized system controls data and transactions from a single entity, while the blockchain is different, running on a decentralized network of computers (nodes). Each node has a copy of the entire blockchain, ensuring that no single entity has full control. In addition, the problem of the central node is not worried about, so that the whole server network is influenced;
second, the invariance, i.e., all blockchain transactions are stored in an immutable ledger. Meaning that it cannot be modified or easily deleted. To change one of them, an attacker must control most nodes in the network. The correctness of the key information in the network can be well protected.
Third, the resiliency, i.e., one ledger copy per node, is such that the information transaction is owned by all nodes. Thus, they are not easily destroyed and can be audited at any time. These features also ensure transparency and audibility, increasing trust between server nodes.
Fourth, encryption support, namely blockchain technology, enables powerful encryption functions that can ensure confidentiality, integrity and authentication. Each user holds a pair of public keys that are generated at registration. The integrity and authenticity of the transaction is ensured by signing the transaction. In addition, the transaction is divided into a plurality of chunks, each chunk containing the encrypted hash of the previous chunk. This makes it extremely difficult to alter past transactions without altering all subsequent blocks, which is computationally infeasible.
Referring to fig. 3, a flowchart illustrating steps of a firmware processing method according to an embodiment of the present invention may include:
First, referring to fig. 4, a CPLD is used to communicate critical information in the blockchain. In one pass, there are three roles, creation node, accounting node and audit node. The creation role is a role of initiating accounting, namely a server node for uploading key information, the checking nodes are all nodes except the uploading node and are responsible for checking the validity of the key information, and the accounting node is a node for finally recording the key information, namely a node which is qualified to register the bill recorded by the accounting node on an account book.
Assuming that the CPLD node a needs to upload firmware information in the blockchain network and propagate the firmware information to all nodes in the network, the transfer steps are as follows:
S1, creating a node A to start a new information uploading instance, uploading key information content, encrypting according to the situation, signing and packaging through a private key of the node A, transmitting to a blockchain network, and broadcasting to each check node in the network by using a point-to-point topology. The private key signature will serve as a proof that server a authorizes the information.
S2, the check node monitors where the latest block records are, and ensures that the records of the check node are latest. When the latest transaction is received, the validity of the latest transaction is verified (whether the information is generated by the node A or not is verified, whether the node A has uploading authority or not and whether the random number is repeatedly prevented from being repeatedly recorded or not) and the latest transaction is further propagated, so that redundant transmission is ensured.
S3, the checking node decrypts the signature of the node A by using the public key of the server and compares the signature with the hash value of the transaction data, so that the transaction is independently verified. After a period of time (e.g., ten minutes), the check node transmits the information generated in this period to form a block. This block is first of all the information of the last block, proving that it is actually written after the last block, and also all the transactions recorded by the node in this period. The block is then distributed to the network for consensus verification.
S4, after the block is verified, the block is added into a blockchain transaction pool, which is a temporary storage area for storing transactions waiting to be included in the block. The check node selects transactions from the memory pool, and recommends transactions that preferentially select more critical information (e.g., firmware upgrade information, downtime information). The verifying node needs to verify the transaction (solve the challenge) according to the consensus strategy, and the verification process is shown in fig. 4.
S5, after the verification node solves the encryption challenge according to the consensus mechanism, broadcasting the solution and the signature of the verification node to other nodes together with the new area block. The other nodes verify the solution of the new block based on the signature and check if all contained transactions are still valid and contained in another block. After verification is successful, each node adds the new block to its own blockchain ledger copy.
S6, once the transaction is stored in the ledger, the transaction cannot be changed. To change a transaction, the ledger must be changed. As subsequent blocks are added to the top of the included blocks (validation), it becomes more and more difficult to alter the transaction, thereby ensuring invariance. In addition, it is necessary to wait for a standard number of acknowledgements (e.g., wait for 51% of the number of nodes to be validated before storing the transaction in the ledger) before considering the transaction as a complete acknowledgement and irreversible.
Through the steps, the decentralization system running on the CPLD node-based server network is realized. The blockchain network makes all information transmissions visible to the participants, thereby improving transparency, enhancing trust, and eliminating the need for a central server. Security is achieved by advanced encryption techniques (private key and hash value) that create a non-tamperable blockchain. The non-tamper-ability ensures that transactions are not tampered with or deleted, which is critical to the integrity of important data in server applications.
Step 101, determining a first edge computing node in a blockchain network in the server system, and taking the first edge computing node as a creation node;
it should be noted that, in the embodiment of the present application, a first edge computing node in a blockchain network accessed by a target server vendor in the blockchain server system is determined, and the first edge computing node is used as a creation node.
Step 102, sending firmware processing information to the blockchain network through the creation node, wherein the firmware processing information is determined based on the target server vendor requirements;
Step 103, carrying out private key encryption packaging on the firmware processing information through the creating node to obtain target firmware processing information, sending the target firmware processing information to a blockchain network, and creating a target block in the blockchain network;
Step 104, broadcasting the target block to a checking node through a point-to-point topology so that the checking node can verify the target block, wherein the checking node is a second edge computing node in the blockchain network;
step 105, if the verification is successful, adding the target block to the blockchain network;
Step 106, capturing the target firmware processing information in the target block by a third edge computing node in the blockchain network, and analyzing the firmware processing information;
And step 107, processing the target firmware based on the parsed firmware processing information.
Further, before the step of broadcasting to the checking node over the point-to-point topology, the method comprises:
confirming whether the target encryption information is in a valid state or not through the checking node;
if yes, the target encryption information is placed in a memory pool corresponding to the check node;
and determining block creation information in the memory pool through the check node, and compiling and generating a target block based on the block creation information.
It should be noted that, the memory pool corresponding to the check node, specifically, the block after verification, is added to the blockchain transaction pool, which is a temporary storage area for storing the transactions waiting to be included in the block. The check node selects transactions from the memory pool, and recommends transactions that preferentially select more critical information (e.g., firmware upgrade information, downtime information). The verifying node needs to verify the transaction according to the consensus strategy (to solve the challenge).
It should be noted that, in the embodiment of the present application, in the above 101-107, the specific process of the server network to upgrade the firmware FW may include the following:
Firstly, a server manufacturer accesses a CPLD blockchain node, signs firmware FW upgrade information (BMC/BIOS/CPLD FW and the like) by using a private key of the server manufacturer, and sends the firmware FW upgrade information to a network, other servers in the network serve as check nodes, receive the information and verify the validity of the information, including authenticity, random value and the like of a signature, put valid transactions into a transaction pool of the check nodes, select the information from a memory pool of the check nodes when the check nodes create a block, compile the information into a new block, a verifier signs the new block by using the private key of the verifier, authority of the new block and broadcasts the newly created block to the network, and other verifiers on the network verify the signature of the block by using the known public key of the signer, and once the verification is completed, the new block is added into the blockchain. This addition is done synchronously on all nodes in the network. Once the subsequent blocks are added, the transactions within the blocks are considered to be confirmed, so that invariance is further ensured, all nodes grasp the latest block information in real time, and the firmware version information in the latest block information is analyzed. If the current node firmware version is different from the version in the latest block, firmware upgrading is carried out according to the firmware version in the block information. The upgrade is received and dominated by the CPLD and can be used with Intel PFR upgrades. And may upload the upgrade log to the blockchain network.
The embodiment can well meet the requirements of the server network on the safety, the integrity and the traceability of firmware upgrading, and prevent the risk of maliciously damaging the server firmware after the central node in the central network invades. In addition, the manufacturer side of the server is limited to CPLD blockchain network connection, so that a client service network can be well protected, and the concern of clients on the access network of the manufacturer side is reduced.
Dual IP is configured on a single server node, a Baseboard Management Controller (BMC) and a Complex Programmable Logic Device (CPLD) connected to a motherboard. The BMC will use dynamic IP for traffic transport and other major elements, while the CPLD will use static IP for firmware upgrades, logging, and blockchain-based functions.
Two IPs are assigned to a single network port using VLAN tags. VLAN ID 1 (dynamic IP) of the BMC and VLAN ID 2 (static IP) of the CPLD. DHCP is configured on VLAN ID 1 to assign dynamic IP to BMC. A static IP is assigned manually or by script to VLAN ID 2 of the CPLD.
The CPLD is used for simulating the situations that after a client builds a server network, a server manufacturer needs to carry out firmware security upgrading, log and error reporting information read-back by using the CPLD block chain network.
As shown in fig. 5, in the service scenario of the server, the service network formed by the BMC nodes is connected to the client side host for the client to process the client service, and the server manufacturer side does not access the client service network, so as to avoid any influence on the client service.
The block chain network composed of CPLD is connected to the side of server manufacturer, and can be connected to the server manufacturer by single node or multiple nodes in two directions, so as to ensure redundancy and robustness. The blockchain network may also be connected to the client network in one or both directions. Both the client side and the server vendor side can obtain the same important information according to the blockchain characteristics.
The blockchain consensus in this case may employ a proof of authority (PoA) mode. According to the selected scheme, one or more validation machines are responsible for generating each new transaction block to be included in the blockchain. The new block may be accepted directly without verification, either by the block generator voting in unison, or only by the majority, depending on the configuration selected for the blockchain.
In PoA, each newly created chunk must be signed and approved by the verifier before being added to the blockchain. The verifier agrees by digitally signing the block to prove their authority over the network. In this mode, transactions and blocks are verified by a recognized account called a verifier. The verifier is a preselected trusted entity that has the right to create new blocks and process transactions. PoA allows for faster block creation time and higher throughput than proof of work (PoW).
Further, after the step of processing the target firmware based on the parsed firmware processing information, the method includes:
Uploading log information corresponding to the controller node where the controller is located according to a preset time interval.
After the step of processing the target firmware based on the parsed firmware processing information, the method includes:
when the controller monitors that the server system is in an abnormal power-down state, uploading log information corresponding to a controller node where the controller is located.
It should be noted that, in the embodiment of the present application, the server node may automatically report the log, specifically, each server node automatically uploads the log to the network and verifies the log, where the log is sent in two cases, that the CPLD monitors that the power is abnormally lost, or uploads the log of the current node at intervals of a set time (for example, 1 hour). And after uploading to a network and performing blockchain authentication, distributing to each node for storage. The connected nodes are then read by the server vendor side and the client side.
The embodiment can store the node key log of the whole network on each node of the server, can greatly prevent a single node from being maliciously tampered with the log after being subjected to hacking, and also meets the requirements of safety, integrity and traceability.
Referring to fig. 6, a schematic structural diagram of a firmware processing apparatus according to an embodiment of the present invention is shown, where the apparatus includes:
A determining module 201, configured to determine a first edge computing node in a blockchain network in the server system, and take the first edge computing node as a creating node;
A sending module 202, configured to send firmware processing information to the blockchain network through the creation node, where the firmware processing information is determined based on the target server vendor requirements;
the creation module 203 is configured to perform private key encryption packaging on the firmware processing information through the creation node to obtain target firmware processing information, send the target firmware processing information to a blockchain network, and create a target block in the blockchain network;
A verification module 204, configured to broadcast the target block to a verification node through a point-to-point topology, so that the verification node verifies the target block, where the verification node is a second edge computing node in the blockchain network;
An adding module 205, configured to add the target block to the blockchain network if verification is successful;
A grabbing module 206, configured to grab the target firmware processing information in the target block through a third edge computing node in the blockchain network, and parse the firmware processing information;
and the processing module 207 is configured to process the target firmware based on the parsed firmware processing information.
The embodiment of the present invention also provides a communication device, as shown in fig. 7, including a processor 701, a communication interface 702, a memory 703 and a communication bus 704, where the processor 701, the communication interface 702, the memory 703 complete communication with each other through the communication bus 704,
A memory 703 for storing a computer program;
the processor 701, when executing the program stored in the memory 703, may implement the following steps:
determining a first edge computing node in a blockchain network in the server system, and taking the first edge computing node as a creation node;
transmitting firmware processing information to the blockchain network through the creation node, wherein the firmware processing information is determined based on the target server vendor requirements;
Carrying out private key encryption packaging on the firmware processing information through the creating node to obtain target firmware processing information, sending the target firmware processing information to a blockchain network, and creating a target block in the blockchain network;
Broadcasting the target block to a checking node through a point-to-point topology, so that the checking node can verify the target block, wherein the checking node is a second edge computing node in the blockchain network;
if the verification is successful, adding the target block into the blockchain network;
Capturing the target firmware processing information in the target block through a third edge computing node in the blockchain network, and analyzing the firmware processing information;
And processing the target firmware based on the analyzed firmware processing information.
Where the memory and the processor are connected by a bus, the bus may comprise any number of interconnected buses and bridges, the buses connecting the various circuits of the one or more processors and the memory together. The bus may also connect various other circuits such as peripherals, voltage regulators, and power management circuits, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or may be a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor may be transmitted over a wired medium or through an antenna on a wireless medium, and the antenna further receives and transmits data to the processor. The processor is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory may be used to store data used by the processor in performing operations.
The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (PERIPHERAL COMPONENT INTERCONNECT, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the terminal and other devices.
The memory may include random access memory (Random Access Memory, RAM) or may include non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central Processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), a digital signal processor (DIGITAL SIGNAL Processing, DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable gate array (FPGA) or other Programmable logic device, discrete gate or transistor logic device, or discrete hardware components.
In yet another embodiment of the present invention, a computer readable storage medium is provided, where instructions are stored, when the computer readable storage medium runs on a computer, to cause the computer to execute the memory resource integrated machine power-up method of any one of the foregoing embodiments.
In yet another embodiment of the present invention, a computer program product containing instructions that, when executed on a computer, cause the computer to perform the memory resource all-in-one power-on method of any of the above embodiments is also provided.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk Solid STATE DISK (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (20)

1. The server system is characterized by comprising a plurality of server nodes, wherein each server node comprises a server network port, a baseboard management controller node and a controller node;
the server portal binds a first internet protocol address and a second internet protocol address;
The first internet protocol address is used for being distributed to a baseboard management controller node, the second internet protocol address is used for being distributed to the controller node, a plurality of baseboard management controller nodes form a server service network, a plurality of controller nodes form a blockchain network, the controller nodes are used for transmitting target information in the blockchain network, and the target information in the blockchain network comprises firmware information and a system log.
2. The server system according to claim 1, wherein a number of said baseboard management controller nodes are connected by a central node to form a star topology.
3. The server system according to claim 1, wherein a plurality of said controller nodes are distributed interconnected.
4. The server system of claim 1, wherein the blockchain network includes a creation node, an accounting node, and a check node, wherein the creation node, the accounting node, and the check node respectively correspond to the controller nodes in the blockchain network.
5. The server system according to claim 4, wherein the creation node is a controller node for uploading the target information.
6. The server system according to claim 4, wherein the accounting node is a controller node for recording the target information.
7. The server system according to claim 4, wherein the check node is configured to check validity of the target information.
8. The server system of claim 1, wherein blocks in the blockchain network are linked by hash values.
9. The server system of claim 8, wherein the block comprises a header and a body;
The header comprises a hash value of a current block, a hash value of a previous block corresponding to the current block in a connection sequence, and timestamp information, wherein the timestamp information is used for recording creation time corresponding to the current block;
the body includes the target information.
10. The server system of claim 1, wherein the controller node is configured for firmware processing and logging.
11. The server system of claim 1, wherein the server portal is a single portal configuration, the server system being linked to an external network through a single portal.
12. The server system of claim 1, wherein the first internet protocol address is a dynamic IP and the second internet protocol address is a static IP, and wherein the baseboard management controller node performs traffic transmission through the dynamic IP.
13. A firmware processing method applied to the server system of any one of claims 1 to 11, the method comprising:
determining a first edge computing node in a blockchain network in the server system, and taking the first edge computing node as a creation node;
Transmitting firmware processing information to the blockchain network through the creation node, wherein the firmware processing information is determined based on target server vendor requirements;
Carrying out private key encryption packaging on the firmware processing information through the creating node to obtain target firmware processing information, sending the target firmware processing information to a blockchain network, and creating a target block in the blockchain network;
Broadcasting the target block to a checking node through a point-to-point topology, so that the checking node can verify the target block, wherein the checking node is a second edge computing node in the blockchain network;
if the verification is successful, adding the target block into the blockchain network;
Capturing the target firmware processing information in the target block through a third edge computing node in the blockchain network, and analyzing the firmware processing information;
And processing the target firmware based on the analyzed firmware processing information.
14. The method of claim 13, wherein prior to the step of broadcasting to the checking nodes via the point-to-point topology, the method comprises:
Confirming whether the target encryption information is in a valid state or not through the check node;
if yes, the target encryption information is placed in a memory pool corresponding to the check node;
and determining block creation information in the memory pool through the check node, and compiling and generating a target block based on the block creation information.
15. The method of claim 13, wherein after the step of processing the target firmware based on the parsed firmware processing information, the method comprises:
Uploading log information corresponding to the controller node where the controller is located according to a preset time interval.
16. The method of claim 13, wherein after the step of processing the target firmware based on the parsed firmware processing information, the method comprises:
when the controller monitors that the server system is in an abnormal power-down state, uploading log information corresponding to a controller node where the controller is located.
17. A firmware processing apparatus for application to the server system of any one of claims 1-11, said apparatus comprising:
a determining module, configured to determine a first edge computing node in a blockchain network in the server system, and take the first edge computing node as a creating node;
a sending module, configured to send firmware processing information to the blockchain network through the creation node, where the firmware processing information is determined based on target server vendor requirements;
the creation module is used for carrying out private key encryption packaging on the firmware processing information through the creation node to obtain target firmware processing information, sending the target firmware processing information to a blockchain network and creating a target block in the blockchain network;
The verification module is used for broadcasting the target block to a verification node through a point-to-point topology so as to verify the target block through the verification node, wherein the verification node is a second edge computing node in the blockchain network;
the adding module is used for adding the target block into the blockchain network if verification is successful;
the grabbing module is used for grabbing the target firmware processing information in the target block through a third edge computing node in the blockchain network and analyzing the firmware processing information;
and the processing module is used for processing the target firmware based on the analyzed firmware processing information.
18. A communication device comprising a transceiver, a memory, a processor, and a program stored on the memory and executable on the processor;
The processor is configured to read a program in a memory to implement a firmware processing method according to any one of claims 13-16.
19. A readable storage medium storing a program, wherein the program, when executed by a processor, implements a firmware processing method as claimed in any one of claims 13-16.
20. A computer program product comprising computer programs/instructions which when executed by a processor implement a firmware processing method as claimed in any one of claims 13 to 16.
CN202411195095.7A 2024-08-28 2024-08-28 Server system, firmware processing method, device, equipment, medium and product Active CN118713816B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411195095.7A CN118713816B (en) 2024-08-28 2024-08-28 Server system, firmware processing method, device, equipment, medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411195095.7A CN118713816B (en) 2024-08-28 2024-08-28 Server system, firmware processing method, device, equipment, medium and product

Publications (2)

Publication Number Publication Date
CN118713816A CN118713816A (en) 2024-09-27
CN118713816B true CN118713816B (en) 2024-12-24

Family

ID=92816694

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411195095.7A Active CN118713816B (en) 2024-08-28 2024-08-28 Server system, firmware processing method, device, equipment, medium and product

Country Status (1)

Country Link
CN (1) CN118713816B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889589A (en) * 2019-02-18 2019-06-14 闪联信息技术工程中心有限公司 One kind realizing embedded hardware OTA upgrade-system and method based on block chain
CN114443439A (en) * 2022-01-29 2022-05-06 北京百度网讯科技有限公司 Control method, device and equipment based on ARM server and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018119892A1 (en) * 2016-12-29 2018-07-05 深圳前海达闼云端智能科技有限公司 Method and device for publishing and validating software application program
CN115412565A (en) * 2022-08-31 2022-11-29 云南电网有限责任公司信息中心 A blockchain-based edge node ad hoc network method, device and equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889589A (en) * 2019-02-18 2019-06-14 闪联信息技术工程中心有限公司 One kind realizing embedded hardware OTA upgrade-system and method based on block chain
CN114443439A (en) * 2022-01-29 2022-05-06 北京百度网讯科技有限公司 Control method, device and equipment based on ARM server and storage medium

Also Published As

Publication number Publication date
CN118713816A (en) 2024-09-27

Similar Documents

Publication Publication Date Title
CN110620810B (en) Non-linked ownership of continuous asset transfer over blockchain
CN115210741B (en) partially ordered blockchain
KR102618665B1 (en) Version history management using blockchain
Nikitin et al. {CHAINIAC}: Proactive {Software-Update} transparency via collectively signed skipchains and verified builds
TWI724391B (en) Node management method and device based on blockchain
US10523526B2 (en) System and method for managing services and licenses using a blockchain network
CN111144881A (en) Selective access to asset transfer data
US20200218815A1 (en) Systems and methods for distributed ledger management
CN112970020A (en) Monitoring device components using distributed ledger
CN111798233A (en) Linking of tokens
CN112036876B (en) Endorsement based on metadata
US12373246B2 (en) Automatic update management in a computing infrastructure
CN110968899B (en) Data blocking confirmation method, device, equipment and medium based on block chain
Chinthamu et al. Self-Secure firmware model for Blockchain-Enabled IOT environment to Embedded system
CN118484219A (en) Baseboard management controller cluster firmware upgrade method, product, equipment and medium
WO2022082360A1 (en) Digital asset transfer system
Cappos et al. Package management security
CN111176677A (en) Server system reinforcement updating method and device
CN109960512B (en) Software deployment method and system
CN112163917B (en) Bill processing method and device based on blockchain, medium and electronic equipment
CN115001707A (en) Blockchain-based device authentication method and related devices
CN118713816B (en) Server system, firmware processing method, device, equipment, medium and product
US12225124B2 (en) Data center asset onboarding authentication for a data center asset via an onboarding operation
CN118381613A (en) Communication security management method and system based on blockchain node
CN111342970A (en) Digital certificate management method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant