[go: up one dir, main page]

CN113591094A - SOC verification device and method based on double BIOS platforms and storage medium - Google Patents

SOC verification device and method based on double BIOS platforms and storage medium Download PDF

Info

Publication number
CN113591094A
CN113591094A CN202110873794.2A CN202110873794A CN113591094A CN 113591094 A CN113591094 A CN 113591094A CN 202110873794 A CN202110873794 A CN 202110873794A CN 113591094 A CN113591094 A CN 113591094A
Authority
CN
China
Prior art keywords
soc
bios
cpu
card
storage module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110873794.2A
Other languages
Chinese (zh)
Other versions
CN113591094B (en
Inventor
于治楼
刚帅
夏伟强
梁记斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chaoyue Technology Co Ltd
Original Assignee
Chaoyue Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chaoyue Technology Co Ltd filed Critical Chaoyue Technology Co Ltd
Priority to CN202110873794.2A priority Critical patent/CN113591094B/en
Publication of CN113591094A publication Critical patent/CN113591094A/en
Application granted granted Critical
Publication of CN113591094B publication Critical patent/CN113591094B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

An SOC verification device, method and storage medium based on dual BIOS platform; the SOC verification device of the present invention includes: the system comprises an SOC card, a switch module and a control module; the SOC card is preset with an SOC verification program and is configured for performing SOC verification on a BIOS file in a CPU mainboard; the switch module is respectively connected with the SOC card, the first BIOS file storage module and the second BIOS storage module, and the control module is respectively connected with the SOC card, the first CPU and the second CPU. The working process of the SOC verification device comprises the following steps: the control module sends reset signals to the first CPU and the second CPU for locking, then controls the switch system SOC card to be in gate connection with the first BIOS file storage module and the second BIOS file storage module respectively, and stops generating the reset signals after SOC verification of the first CPU and the second CPU is passed, so that locking of the first CPU and the second CPU is released. The invention can complete SOC verification of the dual BIOS platforms by only one SOC card, has simple structure and can effectively reduce the wiring difficulty of the CPU mainboard.

Description

SOC verification device and method based on double BIOS platforms and storage medium
Technical Field
The invention relates to the technical field of computers, in particular to an SOC verification device and method based on a dual BIOS platform and a storage medium.
Background
With the rise and development of the information industry, data security becomes the focus of people's attention. To some extent, data security is the core of computer security.
The invention realizes the realization method of the complete safety verification process based on the double BIOS of the domestic platform computer, and before, an SOC card can not connect 2 BIOS on one SPI passage to select which BIOS to verify. Only one BIOS can be accessed to verify the BIOS 1 time. However, on a two-way CPU computer, both BIOS's are at risk of tampering, requiring verification before power-up.
Therefore, the method of dual BIOS verification is the focus of this design.
Disclosure of Invention
To solve the above technical problem, in one aspect of the present invention, an SOC verification apparatus based on a dual BIOS platform is provided, including: the SOC card comprises an SOC verification program and is configured for performing SOC verification on a BIOS file in the CPU mainboard; the switch module is respectively connected with the SOC card, the first BIOS file storage module and the second BIOS storage module and is configured for gating the SOC card to be connected with the first BIOS file storage module or gating the SOC card to be connected with the second BIOS file storage module according to a control signal; a control module, connected to the SOC card, the first CPU and the second CPU, respectively, and configured to: generating a reset signal and sending the reset signal to the first CPU and the second CPU to lock the first CPU and the second CPU; generating a first control signal and sending the first control signal to the switch module to gate the SOC card to be connected with the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; and receiving a first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module to gate the SOC card to be connected with the second BIOS file storage module, so that the SOC card carries out SOC verification on the BIOS file in the second BIOS file storage module.
In one or more embodiments, the control module is further configured to receive a second SOC verification pass feedback of the SOC card, and stop generating the reset signal according to the second SOC verification pass feedback.
In one or more embodiments, the first CPU is connected to the first BIOS file storage module, and the second CPU is connected to the second BIOS file storage module.
In one or more embodiments, a dual BIOS platform based SOC verification apparatus further comprises: the TCM module is respectively connected with the first BIOS file storage module and the second BIOS file storage module, is configured to store a unique TCM value of a corresponding BIOS file, calculates the TCM value of the BIOS operation after the BIOS operation is finished, and compares the TCM value with the unique TCM value stored in the TCM module to control or prohibit the login of a system.
In one or more embodiments, the control module comprises: CPLD, ARM or MCU.
In another aspect of the present invention, a method for SOC verification based on dual BIOS platforms is provided, the method comprising: generating a reset signal by a control module and sending the reset signal to a first CPU and a second CPU of the dual BIOS platform to lock the first CPU and the second CPU in response to the dual BIOS platform being powered on; generating a first control signal and sending the first control signal to the switch module to gate the SOC card to be connected with the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; receiving first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module to gate the SOC card to be connected with the second BIOS file storage module, so that the SOC card carries out SOC verification on BIOS files in the second BIOS file storage module.
In one or more embodiments, the method for SOC verification based on dual BIOS platforms further comprises: and receiving second SOC verification passing feedback of the SOC card by the control module, and stopping generating the reset signal according to the second SOC verification passing feedback so as to unlock the first CPU and the second CPU.
In one or more embodiments, the method for SOC verification based on dual BIOS platforms further comprises: the first CPU obtains the BIOS file in the first BIOS storage module and executes a first BIOS operation; and the second CPU acquires the BIOS file in the second BIOS storage module and executes the second BIOS operation.
In one or more embodiments, the method for SOC verification based on dual BIOS platforms further comprises: and calculating the TCM value of the BIOS operation after the corresponding BIOS operation is finished, and comparing the TCM value with the unique TCM value stored in the TCM module to control the login system or prohibit the login system.
In another aspect of the present invention, a storage medium is also presented, in which an executable computer program is stored, and the computer program is used for implementing the operation of the dual BIOS platform based SOC verification method as described above when executed.
The beneficial effects of the invention include: the invention can complete SOC verification of the dual BIOS platforms by only one SOC card, and after the SOC verification, the invention also provides login verification of the system before the system is started so as to ensure the safety of the system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a schematic structural diagram of an SOC verification apparatus based on dual BIOS platforms according to the present invention;
fig. 2 is a flowchart of the SOC verification method based on dual BIOS platforms according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
Fig. 1 is a schematic structural diagram of an SOC verification apparatus based on a dual BIOS platform according to the present invention. As shown in fig. 1, an SOC verification apparatus based on dual BIOS platforms according to the present invention includes: the SOC card 1 comprises an SOC verification program and is configured for performing SOC verification on a BIOS file in a CPU mainboard; the switch module 2 is respectively connected with the SOC card, the first BIOS file storage module and the second BIOS storage module, and is configured to gate the SOC card to be connected with the first BIOS file storage module or gate the SOC card to be connected with the second BIOS file storage module according to a control signal; a control module 3, connected to the SOC card, the first CPU and the second CPU, respectively, and configured to: generating a reset signal and sending the reset signal to the first CPU and the second CPU to lock the first CPU and the second CPU; generating a first control signal and sending the first control signal to the switch module to gate the connection of the SOC card and the first BIOS file storage module, and further carrying out SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; and receiving a first SOC verification passing feedback of the SOC card, generating a second control signal according to the SOC verification passing feedback, sending the second control signal to the first SOC card to be connected with the second BIOS file storage module in a gating mode, and further carrying out SOC verification on the BIOS file in the second BIO file storage module by the SOC card. The first CPU is connected with the BIOS file storage module, and the second CPU is connected with the second BIOS file storage module.
In a further embodiment, the control module 3 is further configured to receive a second SOC verification pass feedback of the SOC card, and stop generating the reset signal according to the second SOC verification pass feedback.
In a further embodiment, the SOC verification apparatus based on dual BIOS platforms further includes a TCM module, which is respectively connected to the first BIOS file storage module and the second BIOS file storage module, and is configured to store a unique TCM value of the corresponding BIOS file, calculate a TCM value of the BIOS operation after the BIOS operation is completed, and compare the calculated TCM value with the unique TCM value stored in the TCM module to control or prohibit the system from logging in. And when the TCM value operated by the BIOS is the same as the corresponding unique TCM value stored in the TCM module, the system is allowed to be logged in, and if the TCM value operated by the BIOS is not the same as the corresponding unique TCM value stored in the TCM module, the system is prohibited to be logged in.
In a further implementation the control module 3 comprises: CPLD, ARM or MCU.
According to the scheme, the system can complete SOC verification of the dual BIOS platform through only one SOC, and after the SOC verification, login verification is carried out on the system before the system is started, so that the safety of the system is guaranteed. And because simple structure, it also can effectively reduce the wiring degree of difficulty of CPU mainboard.
On the basis of the above embodiment, the invention also provides an SOC verification method based on the dual BIOS platforms. Fig. 2 is a flowchart of the SOC verification method based on dual BIOS platforms according to the present invention. As shown in fig. 2, the SOC verification method based on dual BIOS platforms of the present invention includes: step S1, responding to the power-on of the dual BIOS platform, generating a reset signal by a control module and sending the reset signal to a first CPU and a second CPU of the dual BIOS platform to lock the first CPU and the second CPU; step S2, generating a first control signal and sending the first control signal to the switch module to gate the connection of the SOC card and the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; step S3, receiving a first SOC verification pass feedback of the SOC card, generating a second control signal according to the first SOC verification pass feedback, and sending the second control signal to the switch module to gate the SOC card to connect with the second BIOS file storage module, so that the SOC card performs SOC verification on the BIOS file in the second BIOS file storage module.
In a further implementation, the method of the invention further comprises: and receiving second SOC verification passing feedback of the SOC card by the control module, and stopping generating the reset signal according to the second SOC verification passing feedback so as to unlock the first CPU and the second CPU.
In a further implementation, the method of the invention further comprises: acquiring a BIOS file in a first BIOS storage module by a first CPU, and executing a first BIOS operation; and the second CPU acquires the BIOS file in the second BIOS storage module and executes the second BIOS operation.
In a further embodiment, the method of the present invention further comprises: calculating the TCM value of the BIOS operation after the corresponding BIOS operation is finished, and comparing the TCM value with the unique TCM value stored in the TCM module to control the login system or inhibit the login system
According to the scheme, the method can complete SOC verification of the dual BIOS platform through only one SOC, and after the SOC verification, login verification is carried out on the system before the system is started so as to ensure the safety of the system.
On the basis of the above embodiments, the present invention further provides a storage medium, in which an executable computer program is stored, and the computer program is used to implement the operations in the above respective embodiments of the dual BIOS platform based SOC verification method.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.

Claims (10)

1. An SOC verification device based on a dual BIOS platform, comprising:
the SOC card comprises an SOC verification program and is configured for performing SOC verification on a BIOS file in the CPU mainboard;
the switch module is respectively connected with the SOC card, the first BIOS file storage module and the second BIOS storage module and is configured for gating the SOC card to be connected with the first BIOS file storage module or gating the SOC card to be connected with the second BIOS file storage module according to a control signal;
a control module, connected to the SOC card, the first CPU and the second CPU, respectively, and configured to:
generating a reset signal and sending the reset signal to the first CPU and the second CPU to lock the first CPU and the second CPU;
generating a first control signal and sending the first control signal to the switch module to gate the SOC card to be connected with the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; and
receiving first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module to gate the SOC card to be connected with the second BIOS file storage module, so that the SOC card carries out SOC verification on BIOS files in the second BIOS file storage module.
2. The dual BIOS platform based SOC verification apparatus of claim 1, wherein the control module is further configured to receive a second SOC verification pass feedback of the SOC card and stop generating the reset signal according to the second SOC verification pass feedback.
3. The dual BIOS platform based SOC verification apparatus of claim 1 or 2, wherein the first CPU is connected to the first BIOS file storage module, and the second CPU is connected to the second BIOS file storage module.
4. The dual BIOS platform based SOC verification apparatus of claim 1, further comprising: the TCM module is respectively connected with the first BIOS file storage module and the second BIOS file storage module, is configured to store a unique TCM value of a corresponding BIOS file, calculates the TCM value of the BIOS operation after the BIOS operation is finished, and compares the TCM value with the unique TCM value stored in the TCM module to control or prohibit the login of a system.
5. The dual BIOS platform based SOC validation apparatus of claim 1, wherein the control module comprises: CPLD, ARM or MCU.
6. A SOC verification method based on a dual BIOS platform is characterized by comprising the following steps:
generating a reset signal by a control module and sending the reset signal to a first CPU and a second CPU of the dual BIOS platform to lock the first CPU and the second CPU in response to the dual BIOS platform being powered on;
generating a first control signal and sending the first control signal to the switch module to gate the SOC card to be connected with the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card;
receiving first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module to gate the SOC card to be connected with the second BIOS file storage module, so that the SOC card carries out SOC verification on BIOS files in the second BIOS file storage module.
7. The dual BIOS platform based SOC verification method of claim 6, further comprising:
and receiving second SOC verification passing feedback of the SOC card by the control module, and stopping generating the reset signal according to the second SOC verification passing feedback so as to unlock the first CPU and the second CPU.
8. The dual BIOS platform based SOC verification method of claim 7, further comprising:
the first CPU obtains the BIOS file in the first BIOS storage module and executes a first BIOS operation; and
and the second CPU acquires the BIOS file in the second BIOS storage module and executes the second BIOS operation.
9. The dual BIOS platform based SOC verification method of claim 8, further comprising:
and calculating the TCM value of the BIOS operation after the corresponding BIOS operation is finished, and comparing the TCM value with the unique TCM value stored in the TCM module to control the login system or prohibit the login system.
10. A storage medium having stored therein an executable computer program for implementing the operations of a dual BIOS platform based SOC verification method according to any one of claims 6 to 9.
CN202110873794.2A 2021-07-30 2021-07-30 SOC verification device and method based on dual BIOS platform and storage medium Active CN113591094B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110873794.2A CN113591094B (en) 2021-07-30 2021-07-30 SOC verification device and method based on dual BIOS platform and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110873794.2A CN113591094B (en) 2021-07-30 2021-07-30 SOC verification device and method based on dual BIOS platform and storage medium

Publications (2)

Publication Number Publication Date
CN113591094A true CN113591094A (en) 2021-11-02
CN113591094B CN113591094B (en) 2023-11-14

Family

ID=78252899

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110873794.2A Active CN113591094B (en) 2021-07-30 2021-07-30 SOC verification device and method based on dual BIOS platform and storage medium

Country Status (1)

Country Link
CN (1) CN113591094B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711675B1 (en) * 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
CN107408090A (en) * 2015-03-27 2017-11-28 英特尔公司 The dynamic configuration of i/o controller access path
CN208210006U (en) * 2018-06-11 2018-12-07 山东超越数控电子股份有限公司 A kind of high safety trusted servers based on domestic TPM
CN111723376A (en) * 2020-06-10 2020-09-29 苏州浪潮智能科技有限公司 A monitoring and control method, circuit and device for an in-board trusted platform
CN111859398A (en) * 2020-07-24 2020-10-30 苏州浪潮智能科技有限公司 A TPCM-based dual BIOS security verification device and method
CN112817643A (en) * 2021-01-15 2021-05-18 浪潮电子信息产业股份有限公司 Dual-BIOS measurement method, device and equipment for multi-path server
CN112989362A (en) * 2021-05-06 2021-06-18 北京乐研科技有限公司 CPU trusted starting system and method based on safety chip monitoring

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711675B1 (en) * 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
CN107408090A (en) * 2015-03-27 2017-11-28 英特尔公司 The dynamic configuration of i/o controller access path
CN208210006U (en) * 2018-06-11 2018-12-07 山东超越数控电子股份有限公司 A kind of high safety trusted servers based on domestic TPM
CN111723376A (en) * 2020-06-10 2020-09-29 苏州浪潮智能科技有限公司 A monitoring and control method, circuit and device for an in-board trusted platform
CN111859398A (en) * 2020-07-24 2020-10-30 苏州浪潮智能科技有限公司 A TPCM-based dual BIOS security verification device and method
CN112817643A (en) * 2021-01-15 2021-05-18 浪潮电子信息产业股份有限公司 Dual-BIOS measurement method, device and equipment for multi-path server
CN112989362A (en) * 2021-05-06 2021-06-18 北京乐研科技有限公司 CPU trusted starting system and method based on safety chip monitoring

Also Published As

Publication number Publication date
CN113591094B (en) 2023-11-14

Similar Documents

Publication Publication Date Title
US9805200B2 (en) System and method for firmware verification
CN103455352B (en) The method of application deployment software and application software dispose device
CN112558946A (en) Method, device and equipment for generating code and computer readable storage medium
CN103761078A (en) Unlocking method and system for intelligent terminal
WO2016018390A1 (en) Secure bios password method in server computer
US10599848B1 (en) Use of security key to enable firmware features
CN103975567B (en) Two-factor authentication method and virtual machine device
EP3514713A1 (en) Verification application, method, electronic device and computer program
CN112468301A (en) Method, system, device and medium for cloud platform authentication based on block chain
CN104104671A (en) System for establishing unified dynamic authorization code for enterprise legal person account
CN113282490A (en) Intelligent door lock testing method and electronic equipment
CN104239762A (en) Method for realizing secure login in Windows system
CN114077740B (en) Bidirectional authentication trusted starting system and method based on TPCM chip
CN113591094A (en) SOC verification device and method based on double BIOS platforms and storage medium
US7685634B2 (en) System and method for managing access to a storage drive in a computer system
JP7276235B2 (en) Authentication system
CN109800554A (en) A kind of safety certifying method based on fail-safe computer
CN114183019A (en) Intelligent lock door lock health detection method and system and intelligent lock
CN119203088A (en) Rights management method, device, computer equipment and storage medium
CN101488177A (en) BIOS based computer security control system and method thereof
CN114625106B (en) Method, device, electronic equipment and storage medium for vehicle diagnosis
CN114357428B (en) Unbinding method and related device of Internet of things equipment
CN114491503B (en) Evidence obtaining method and device
CN108170482B (en) Information processing method and computer equipment
CN114241637A (en) Unlocking system and method and intelligent door lock

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant