[go: up one dir, main page]

CN113591094B - SOC verification device and method based on dual BIOS platform and storage medium - Google Patents

SOC verification device and method based on dual BIOS platform and storage medium Download PDF

Info

Publication number
CN113591094B
CN113591094B CN202110873794.2A CN202110873794A CN113591094B CN 113591094 B CN113591094 B CN 113591094B CN 202110873794 A CN202110873794 A CN 202110873794A CN 113591094 B CN113591094 B CN 113591094B
Authority
CN
China
Prior art keywords
soc
bios
cpu
card
storage module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110873794.2A
Other languages
Chinese (zh)
Other versions
CN113591094A (en
Inventor
于治楼
刚帅
夏伟强
梁记斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chaoyue Technology Co Ltd
Original Assignee
Chaoyue Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chaoyue Technology Co Ltd filed Critical Chaoyue Technology Co Ltd
Priority to CN202110873794.2A priority Critical patent/CN113591094B/en
Publication of CN113591094A publication Critical patent/CN113591094A/en
Application granted granted Critical
Publication of CN113591094B publication Critical patent/CN113591094B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

SOC verification device, method and storage medium based on domestic dual BIOS computer platform; the SOC verification device of the invention comprises: the system comprises an SOC card, a switch module and a control module; the system comprises a CPU main board, an SOC card, a BIOS file, a program and a program, wherein an SOC verification program is preset in the SOC card and is configured to carry out SOC verification on the BIOS file in the CPU main board; the switch module is respectively connected with the SOC card, the first BIOS file storage module and the second BIOS storage module, and the control module is respectively connected with the SOC card, the first CPU and the second CPU. The SOC verification device of the invention comprises the following working processes: and the control module sends reset signals to the first CPU and the second CPU to lock, then controls gating connection of the SOC card of the switch system and the first/second BIOS file storage module respectively, and stops generating the reset signals after the SOC verification of the SOC card of the switch system and the second BIOS file storage module is passed, so that the locking of the first CPU and the second CPU is released. The invention can complete SOC verification of the dual BIOS platform by only one SOC card, has simple structure and can effectively reduce wiring difficulty of the CPU main board.

Description

SOC verification device and method based on dual BIOS platform and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an SOC verification device and method based on a dual BIOS platform, and a storage medium.
Background
With the rise and development of the information industry, data security is becoming a focus of attention. To a certain extent, data security is the core of computer security.
The invention realizes the realization method of the complete safety verification process based on the dual BIOS of the domestic platform computer, and before the realization method, the SOC card can not connect 2 BIOS on one SPI path, and selects which BIOS to verify. Only one BIOS may be accessed and the BIOS verified 1 time. However, on a dual-path CPU computer, both BIOS's are at risk of tampering and require verification prior to power-up.
Therefore, the dual BIOS verification method is the key point of the present design.
Disclosure of Invention
In order to solve the above technical problems, an aspect of the present invention provides an SOC verification device based on a dual BIOS platform, including: the SOC card comprises an SOC verification program and is configured to carry out SOC verification on a BIOS file in the CPU main board; the switch module is respectively connected with the SOC card, the first BIOS file storage module and the second BIOS file storage module and is configured to gate the connection of the SOC card and the first BIOS file storage module or gate the connection of the SOC card and the second BIOS file storage module according to a control signal; the control module is respectively connected with the SOC card, the first CPU and the second CPU and is configured for: generating a reset signal and sending the reset signal to the first CPU and the second CPU to lock the first CPU and the second CPU; generating a first control signal and sending the first control signal to the switch module to gate the connection between the SOC card and the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; and receiving a first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module to gate the connection of the SOC card and the second BIOS file storage module, so that the SOC card performs SOC verification on the BIOS file in the second BIOS file storage module.
In one or more embodiments, the control module is further configured to receive a second SOC verification pass feedback for the SOC card and stop generating the reset signal based on the second SOC verification pass feedback.
In one or more embodiments, the first CPU is connected to the first BIOS file storage module, and the second CPU is connected to the second BIOS file storage module.
In one or more embodiments, a dual BIOS platform based SOC verification device further comprises: the TCM module is respectively connected with the first BIOS file storage module and the second BIOS file storage module, and is configured to store a unique TCM value of a corresponding BIOS file, calculate the TCM value of the BIOS operation after the completion of the BIOS operation, and compare the TCM value with the unique TCM value stored by the TCM module to control the login system or inhibit the login system.
In one or more embodiments, the control module includes: CPLD, ARM or MCU.
In another aspect of the present invention, a dual BIOS platform based SOC verification method is provided, the method comprising: in response to the dual-BIOS platform powering on, generating a reset signal by a control module and sending the reset signal to a first CPU and a second CPU of the dual-BIOS platform to lock the first CPU and the second CPU; generating a first control signal and sending the first control signal to the switch module to gate the connection between the SOC card and the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; and receiving a first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module so as to gate the connection of the SOC card and the second BIOS file storage module, and further performing SOC verification on the BIOS file in the second BIOS file storage module by the SOC card.
In one or more embodiments, the SOC verification method based on the dual BIOS platform further includes: and receiving second SOC verification passing feedback of the SOC card by the control module, and stopping generating the reset signal according to the second SOC verification passing feedback so as to unlock the first CPU and the second CPU.
In one or more embodiments, the SOC verification method based on the dual BIOS platform further includes: acquiring a BIOS file in the first BIOS storage module by the first CPU, and executing a first BIOS operation; and acquiring the BIOS file in the second BIOS file storage module by the second CPU, and executing a second BIOS operation.
In one or more embodiments, the SOC verification method based on the dual BIOS platform further includes: and calculating the TCM value of the BIOS operation after the corresponding BIOS operation is completed, and comparing the TCM value with the unique TCM value stored by the TCM module to control the login system or inhibit the login system.
In another aspect of the present invention, there is also provided a storage medium having stored therein an executable computer program which when executed is configured to implement the operations of a dual BIOS platform based SOC verification method as described above.
The beneficial effects of the invention include: the invention can complete SOC verification of the dual BIOS platform only through one SOC card, and after SOC verification, login verification of the system before system start is also provided to ensure the safety of the system.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are necessary for the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention and that other embodiments may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a dual BIOS platform based SOC verification device according to the present invention;
FIG. 2 is a flowchart of a dual BIOS platform based SOC verification method according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention will be described in further detail with reference to the accompanying drawings.
It should be noted that, in the embodiments of the present invention, all the expressions "first" and "second" are used to distinguish two entities with the same name but different entities or different parameters, and it is noted that the "first" and "second" are only used for convenience of expression, and should not be construed as limiting the embodiments of the present invention, and the following embodiments are not described one by one.
Fig. 1 is a schematic structural diagram of an SOC verification device based on a dual BIOS platform according to the present invention. As shown in fig. 1, an SOC verification device based on a dual BIOS platform of the present invention includes: the SOC card 1 comprises an SOC verification program and is configured to perform SOC verification on a BIOS file in a CPU main board; the switch module 2 is respectively connected with the SOC card, the first BIOS file storage module and the second BIOS file storage module and is configured to gate the connection of the SOC card and the first BIOS file storage module according to a control signal or gate the connection of the SOC card and the second BIOS file storage module; the control module 3 is respectively connected with the SOC card, the first CPU and the second CPU and is configured to: generating a reset signal and sending the reset signal to the first CPU and the second CPU to lock the first CPU and the second CPU; generating a first control signal and sending the first control signal to a switch module to gate the connection of the SOC card and a first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; and receiving a first SOC verification passing feedback of the SOC card, generating a second control signal according to the SOC verification passing feedback, and sending the second control signal to the first BIOS file storage module to be connected with the second BIOS file storage module in a gating manner, so that the SOC card performs SOC verification on the BIOS file in the second BIO file storage module. The first CPU is connected with the BIOS file storage module, and the second CPU is connected with the second BIOS file storage module.
In a further embodiment, the control module 3 is further configured to receive a second SOC verification passing feedback of the SOC-card and stop generating the reset signal in accordance with the second SOC verification passing feedback.
In a further embodiment, the SOC verification device based on the dual BIOS platform of the present invention further includes a TCM module, which is respectively connected to the first BIOS file storage module and the second BIOS file storage module, configured to store a unique TCM value of the corresponding BIOS file, calculate a TCM value of the BIOS operation after the BIOS operation is completed, and compare the TCM value with the unique TCM value stored in the TCM module to control the login system or inhibit the login system. And when the TCM value of the BIOS operation is the same as the corresponding unique TCM value stored by the TCM module, allowing the system to log in, and if the TCM value is not the same, prohibiting the system to log in.
In a further implementation the control module 3 comprises: CPLD, ARM or MCU.
According to the scheme, the system can complete SOC verification of the dual-BIOS platform only through one SOC, and after the SOC verification, login verification is carried out on the system before the system is started so as to ensure the safety of the system. And because of simple structure, it also can effectively reduce the wiring degree of difficulty of CPU mainboard.
Based on the embodiment, the invention also provides an SOC verification method based on the dual BIOS platform. FIG. 2 is a flowchart of a dual BIOS platform based SOC verification method according to the present invention. As shown in fig. 2, the SOC verification method based on the dual BIOS platform of the present invention includes: step S1, responding to the power-on of the dual BIOS platform, generating a reset signal by a control module and sending the reset signal to a first CPU and a second CPU of the dual BIOS platform so as to lock the first CPU and the second CPU; s2, generating a first control signal and sending the first control signal to the switch module to gate the connection between the SOC card and the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; and S3, receiving a first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module to gate the connection of the SOC card and the second BIOS file storage module, so that the SOC card performs SOC verification on the BIOS file in the second BIOS file storage module.
In a further implementation, the method of the present invention further comprises: and receiving second SOC verification passing feedback of the SOC card by the control module, and stopping generating the reset signal according to the second SOC verification passing feedback so as to unlock the first CPU and the second CPU.
In a further implementation, the method of the present invention further comprises: acquiring a BIOS file in a first BIOS storage module by a first CPU, and executing a first BIOS operation; and acquiring the BIOS file in the second BIOS file storage module by the second CPU, and executing the second BIOS operation.
In a further embodiment, the method of the present invention further comprises: calculating the TCM value of the BIOS operation after the corresponding BIOS operation is completed, and comparing the TCM value with the unique TCM value stored in the TCM module to control or inhibit the login system
According to the scheme, the method can complete SOC verification of the dual-BIOS platform through only one SOC, and after the SOC verification, login verification is carried out on the system before the system is started so as to ensure the safety of the system.
On the basis of the above embodiments, the present invention also proposes a storage medium storing an executable computer program for implementing the operations in each of the above embodiments of the SOC verification method based on the dual BIOS platform when the computer program is executed.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that as used herein, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.
The foregoing embodiment of the present invention has been disclosed with reference to the number of embodiments for the purpose of description only, and does not represent the advantages or disadvantages of the embodiments.
Those of ordinary skill in the art will appreciate that: the above discussion of any embodiment is merely exemplary and is not intended to imply that the scope of the disclosure of embodiments of the invention, including the claims, is limited to such examples; combinations of features of the above embodiments or in different embodiments are also possible within the idea of an embodiment of the invention, and many other variations of the different aspects of the embodiments of the invention as described above exist, which are not provided in detail for the sake of brevity. Therefore, any omission, modification, equivalent replacement, improvement, etc. of the embodiments should be included in the protection scope of the embodiments of the present invention.

Claims (10)

1. An SOC verification device based on a dual BIOS platform, comprising:
the SOC card comprises an SOC verification program and is configured to carry out SOC verification on a BIOS file in the CPU main board;
the switch module is respectively connected with the SOC card, the first BIOS file storage module and the second BIOS file storage module and is configured to gate the connection of the SOC card and the first BIOS file storage module or gate the connection of the SOC card and the second BIOS file storage module according to a control signal;
the control module is respectively connected with the SOC card, the first CPU and the second CPU and is configured for:
generating a reset signal and sending the reset signal to the first CPU and the second CPU to lock the first CPU and the second CPU;
generating a first control signal and sending the first control signal to the switch module to gate the connection between the SOC card and the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card; and
and receiving a first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module so as to gate the connection of the SOC card and the second BIOS file storage module, and further performing SOC verification on the BIOS file in the second BIOS file storage module by the SOC card.
2. The dual BIOS platform based SOC verification device of claim 1, wherein the control module is further configured to receive a second SOC verification pass feedback for the SOC card and to cease generating the reset signal based on the second SOC verification pass feedback.
3. The dual BIOS platform based SOC verification device of claim 1 or 2, wherein the first CPU is coupled to the first BIOS file storage module and the second CPU is coupled to the second BIOS file storage module.
4. The dual BIOS platform based SOC verification device of claim 1, further comprising: the TCM module is respectively connected with the first BIOS file storage module and the second BIOS file storage module, and is configured to store a unique TCM value of a corresponding BIOS file, calculate the TCM value of the BIOS operation after the completion of the BIOS operation, and compare the TCM value with the unique TCM value stored by the TCM module to control the login system or inhibit the login system.
5. The dual BIOS platform based SOC verification device of claim 1, wherein the control module comprises: CPLD, ARM or MCU.
6. A dual BIOS platform based SOC verification method, the method comprising the following steps performed by a dual BIOS platform based SOC verification device as claimed in any of claims 1-5:
in response to powering on the dual-BIOS platform, generating a reset signal by a control module and sending the reset signal to a first CPU and a second CPU of the dual-BIOS platform so as to lock the first CPU and the second CPU;
generating a first control signal and sending the first control signal to the switch module to gate the connection between the SOC card and the first BIOS file storage module, and further performing SOC verification on the BIOS file of the first BIOS file storage module by the SOC card;
and receiving a first SOC verification passing feedback of the SOC card, generating a second control signal according to the first SOC verification passing feedback, and sending the second control signal to the switch module so as to gate the connection of the SOC card and the second BIOS file storage module, and further performing SOC verification on the BIOS file in the second BIOS file storage module by the SOC card.
7. The dual BIOS platform based SOC verification method as recited in claim 6, further comprising:
and receiving second SOC verification passing feedback of the SOC card by the control module, and stopping generating the reset signal according to the second SOC verification passing feedback so as to unlock the first CPU and the second CPU.
8. The dual BIOS platform based SOC verification method of claim 7, further comprising:
acquiring a BIOS file in the first BIOS file storage module by the first CPU, and executing a first BIOS operation; and
and acquiring the BIOS file in the second BIOS file storage module by the second CPU, and executing a second BIOS operation.
9. The dual BIOS platform based SOC verification method of claim 8, further comprising:
and calculating the TCM value of the BIOS operation after the corresponding BIOS operation is completed, and comparing the TCM value with the unique TCM value stored by the TCM module to control the login system or inhibit the login system.
10. A storage medium having stored therein an executable computer program which when executed is adapted to implement the operations of a dual BIOS platform based SOC verification method as claimed in any of claims 6 to 9.
CN202110873794.2A 2021-07-30 2021-07-30 SOC verification device and method based on dual BIOS platform and storage medium Active CN113591094B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110873794.2A CN113591094B (en) 2021-07-30 2021-07-30 SOC verification device and method based on dual BIOS platform and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110873794.2A CN113591094B (en) 2021-07-30 2021-07-30 SOC verification device and method based on dual BIOS platform and storage medium

Publications (2)

Publication Number Publication Date
CN113591094A CN113591094A (en) 2021-11-02
CN113591094B true CN113591094B (en) 2023-11-14

Family

ID=78252899

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110873794.2A Active CN113591094B (en) 2021-07-30 2021-07-30 SOC verification device and method based on dual BIOS platform and storage medium

Country Status (1)

Country Link
CN (1) CN113591094B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711675B1 (en) * 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
CN107408090A (en) * 2015-03-27 2017-11-28 英特尔公司 The dynamic configuration of i/o controller access path
CN208210006U (en) * 2018-06-11 2018-12-07 山东超越数控电子股份有限公司 A kind of high safety trusted servers based on domestic TPM
CN111723376A (en) * 2020-06-10 2020-09-29 苏州浪潮智能科技有限公司 A monitoring and control method, circuit and device for an in-board trusted platform
CN111859398A (en) * 2020-07-24 2020-10-30 苏州浪潮智能科技有限公司 A TPCM-based dual BIOS security verification device and method
CN112817643A (en) * 2021-01-15 2021-05-18 浪潮电子信息产业股份有限公司 Dual-BIOS measurement method, device and equipment for multi-path server
CN112989362A (en) * 2021-05-06 2021-06-18 北京乐研科技有限公司 CPU trusted starting system and method based on safety chip monitoring

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711675B1 (en) * 2000-02-11 2004-03-23 Intel Corporation Protected boot flow
CN107408090A (en) * 2015-03-27 2017-11-28 英特尔公司 The dynamic configuration of i/o controller access path
CN208210006U (en) * 2018-06-11 2018-12-07 山东超越数控电子股份有限公司 A kind of high safety trusted servers based on domestic TPM
CN111723376A (en) * 2020-06-10 2020-09-29 苏州浪潮智能科技有限公司 A monitoring and control method, circuit and device for an in-board trusted platform
CN111859398A (en) * 2020-07-24 2020-10-30 苏州浪潮智能科技有限公司 A TPCM-based dual BIOS security verification device and method
CN112817643A (en) * 2021-01-15 2021-05-18 浪潮电子信息产业股份有限公司 Dual-BIOS measurement method, device and equipment for multi-path server
CN112989362A (en) * 2021-05-06 2021-06-18 北京乐研科技有限公司 CPU trusted starting system and method based on safety chip monitoring

Also Published As

Publication number Publication date
CN113591094A (en) 2021-11-02

Similar Documents

Publication Publication Date Title
US7424611B2 (en) Authentication system and method
CN101281577B (en) Dependable computing system capable of protecting BIOS and method of use thereof
CN106909848A (en) A kind of computer security strengthening system and its method based on BIOS extensions
CN111176734A (en) Startup control method and equipment of server and storage medium
CN118363667B (en) Lock step core circuit supporting unlocking
EP3923168B1 (en) Secure boot at shutdown
CN109918887A (en) Firmware layer fingerprint identification method and computer system based on UEFI
US10599848B1 (en) Use of security key to enable firmware features
CN114077740B (en) Bidirectional authentication trusted starting system and method based on TPCM chip
CN111340987A (en) Internet of things door lock communication method, device and system and computer storage medium
CN113591094B (en) SOC verification device and method based on dual BIOS platform and storage medium
CN113282490A (en) Intelligent door lock testing method and electronic equipment
US7685634B2 (en) System and method for managing access to a storage drive in a computer system
CN107657170A (en) The Trusted Loading for supporting intelligently to repair starts control system and method
CN201203868Y (en) A Trusted Platform Module
CN101488177A (en) BIOS based computer security control system and method thereof
CN118244866A (en) Method and device for locking power key
CN114625106B (en) Method, device, electronic equipment and storage medium for vehicle diagnosis
CN114491503B (en) Evidence obtaining method and device
CN115964721A (en) Program verification method and electronic equipment
CN112732486A (en) Redundant firmware switching method, device, equipment and storage medium
CN107330318A (en) A kind of binding encryption method of digital signal panel card and its debugging system
JP2000298529A (en) Personal computer system
CN111783162A (en) Data protection implementation method and device and computer equipment
CN222914204U (en) A trusted startup circuit based on analog switch

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant