HK40095785B - Tpcm in-place detection method, apparatus, server starting method and server - Google Patents
Tpcm in-place detection method, apparatus, server starting method and server Download PDFInfo
- Publication number
- HK40095785B HK40095785B HK42023083790.8A HK42023083790A HK40095785B HK 40095785 B HK40095785 B HK 40095785B HK 42023083790 A HK42023083790 A HK 42023083790A HK 40095785 B HK40095785 B HK 40095785B
- Authority
- HK
- Hong Kong
- Prior art keywords
- tpcm
- key
- measurement
- key information
- information
- Prior art date
Links
Description
技术领域Technical Field
本发明涉及计算机安全技术领域,特别是涉及一种TPCM在位检测方法、装置、服务器启动方法及服务器。This invention relates to the field of computer security technology, and in particular to a TPCM in-situ detection method, apparatus, server startup method, and server.
背景技术Background Technology
目前,随着信息技术与计算机科学的发展,信息安全和信息保密变得越来越重要。为了保证计算机的固件不被篡改,引入和采用了可信根认证的概念,通过经过验证的TPCM模块对BMC、BIOS进行度量,从而保证BMC、BIOS等固件不被篡改。在实际使用中,TPCM模块安装在主板上,通过主板上的TPCM接口与主板相连接,通过螺丝锁固在主板上。Currently, with the development of information technology and computer science, information security and confidentiality have become increasingly important. To ensure that computer firmware is not tampered with, the concept of Trusted Root Certification (TPCM) has been introduced and adopted. This involves using a verified TPCM module to measure the BMC and BIOS, thereby ensuring that the firmware, including the BMC and BIOS, is not altered. In practical use, the TPCM module is installed on the motherboard, connected to the motherboard via the TPCM interface, and secured to the motherboard with screws.
但是在现有的结构设计中,只是通过简单的特殊形状螺丝锁固防拆机制放置TPCM模块被替换,因此在结构上具有被替换的隐患和风险。尤其是在TPCM接口形成统一标准后,管脚定义信息以及流程更容易被获得,使得破解机会更高,安全性降低。因此,目前亟需一种能够防止TPCM被替换或篡改的方法,来提高服务器系统的安全性。However, existing structural designs rely solely on simple, specially shaped screws to prevent TPCM module replacement, thus creating a structural vulnerability and risk of substitution. Especially with the standardization of TPCM interfaces, pin definitions and procedures are more easily obtained, increasing the chances of hacking and reducing security. Therefore, a method to prevent TPCM replacement or tampering is urgently needed to improve server system security.
发明内容Summary of the Invention
为了解决上述技术问题,本发明提供了一种TPCM在位检测方法、装置、服务器启动方法及服务器,以能够解决现有技术中TPCM模块会被替换或篡改等问题,提高服务器系统的安全性。To address the aforementioned technical problems, this invention provides a TPCM in-situ detection method, apparatus, server startup method, and server, which can solve problems such as the replacement or tampering of TPCM modules in the prior art and improve the security of the server system.
为了达到上述目的,第一方面,本发明提供了一种TPCM在位检测方法,所述方法包括:To achieve the above objectives, in a first aspect, the present invention provides a method for in-situ detection of TPCM, the method comprising:
在服务器系统上电后,获取来自TPCM的第一密钥信息;After the server system is powered on, the first key information from TPCM is obtained;
根据所述第一密钥信息判断所述TPCM是否为可信在位;Determine whether the TPCM is trusted and in place based on the first key information;
若所述TPCM为可信在位,则响应来自TPCM的度量结果;If the TPCM is trusted to be in place, then the response is the measurement result from the TPCM;
若所述TPCM为不可信在位,则停止启动时序。If the TPCM is not trusted in place, then the startup sequence is stopped.
进一步地,将所述第一密钥信息与预先配置好的第二密钥信息相比对,若比对一致,则判定所述TPCM为可信在位,若比对不一致,则判定所述TPCM为不可信在位。Furthermore, the first key information is compared with the pre-configured second key information. If the comparison is consistent, the TPCM is determined to be in a trusted position; if the comparison is inconsistent, the TPCM is determined to be in an untrusted position.
进一步地,所述将所述第一密钥信息与预先配置好的第二密钥信息相比对之前,所述方法还包括:Furthermore, before comparing the first key information with the pre-configured second key information, the method further includes:
获取预存的密钥状态信息,根据所述密钥状态信息判断第二密钥信息是否配置完成;Obtain the pre-stored key status information, and determine whether the second key information has been configured based on the key status information;
若密钥已配置完成,则将所述第一密钥信息与所述第二密钥信息相比对;If the key has been configured, then compare the first key information with the second key information;
若密钥未配置完成,则根据所述第一密钥信息对所述第二密钥信息进行配置。If the key is not configured, the second key information is configured according to the first key information.
进一步地,所述根据所述第一密钥信息对所述第二密钥信息进行配置的步骤包括:Further, the step of configuring the second key information based on the first key information includes:
根据所述密钥状态信息判断所述第二密钥信息的配置状态,若所述密钥状态信息为未配置状态,则将所述第一密钥信息作为第二密钥信息进行存储,并将所述密钥状态信息设置为配置中状态;The configuration status of the second key information is determined based on the key status information. If the key status information is in an unconfigured state, the first key information is stored as the second key information, and the key status information is set to a configuration state.
若所述密钥状态信息为配置中状态,则将所述第一密钥信息与存储的第二密钥信息相比对,若比对一致,则将所述密钥状态信息设置为配置完成状态,若比对不一致,则将所述密钥状态信息设置为未配置状态。If the key status information is in the configuration state, the first key information is compared with the stored second key information. If the comparison matches, the key status information is set to the configuration completed state. If the comparison does not match, the key status information is set to the unconfigured state.
进一步地,所述第一密钥信息为预先存储在TPCM中的密钥信息且唯一。Furthermore, the first key information is a unique key information that is pre-stored in the TPCM.
进一步地,所述度量结果为根据TPCM对度量目标进行度量所生成的数据序列,所述数据序列包括度量目标数据和度量状态数据。Furthermore, the measurement result is a data sequence generated by measuring the measurement target according to TPCM, and the data sequence includes measurement target data and measurement status data.
进一步地,所述若所述TPCM为可信在位,则响应来自TPCM的度量结果的步骤包括:Furthermore, the step of responding to the measurement result from the TPCM if the TPCM is trusted to be in place includes:
获取来自TPCM的度量结果,根据所述度量结果,获取度量目标的度量状态,执行相应的时序控制。Obtain the measurement results from TPCM, and based on the measurement results, obtain the measurement status of the measurement target and execute the corresponding timing control.
进一步地,所述获取度量目标的度量状态,执行相应的时序控制的步骤包括:Furthermore, the step of obtaining the measurement state of the measurement target and performing corresponding timing control includes:
若所述度量状态为度量中状态,则不执行启动时序,直到所述度量状态为度量完成状态;If the measurement status is in the measurement process, the startup sequence will not be executed until the measurement status is in the measurement completion state.
若所述度量状态为度量完成状态,则根据所述度量完成状态判断度量是否通过,并根据度量通过与否,执行相应的时序控制。If the measurement status is a measurement completion status, then determine whether the measurement has passed based on the measurement completion status, and execute the corresponding timing control according to whether the measurement has passed or not.
第二方面,本发明提供了一种TPCM在位检测装置,所述装置包括:In a second aspect, the present invention provides a TPCM in-situ detection device, the device comprising:
密钥获取模块,用于在服务器系统上电后,获取来自TPCM的第一密钥信息;The key acquisition module is used to acquire the first key information from the TPCM after the server system is powered on.
可信判断模块,用于根据所述第一密钥信息判断所述TPCM是否为可信在位;The trust determination module is used to determine whether the TPCM is trusted in place based on the first key information;
时序控制模块,用于若所述TPCM为可信在位,则响应来自TPCM的度量结果;若所述TPCM为不可信在位,则停止启动时序。The timing control module is used to respond to the measurement result from the TPCM if the TPCM is trusted and in place, and to stop the startup timing if the TPCM is untrusted and in place.
进一步地,所述可信判断模块,还用于将所述第一密钥信息与预先配置好的第二密钥信息相比对,若比对一致,则判定所述TPCM为可信在位,若比对不一致,则判定所述TPCM为不可信在位。Furthermore, the trust determination module is also used to compare the first key information with the pre-configured second key information. If the comparison is consistent, the TPCM is determined to be trustworthy and in place. If the comparison is inconsistent, the TPCM is determined to be untrustworthy and in place.
进一步地,所述可信判断模块,还用于获取预存的密钥状态信息,根据所述密钥状态信息判断第二密钥信息是否配置完成;若已配置完成,则将所述第一密钥信息与所述第二密钥信息相比对;若未配置完成,则根据所述第一密钥信息对所述第二密钥信息进行配置。Furthermore, the trust determination module is also used to obtain pre-stored key status information, and determine whether the second key information has been configured successfully based on the key status information; if it has been configured successfully, the first key information is compared with the second key information; if it has not been configured successfully, the second key information is configured based on the first key information.
进一步地,所述可信判断模块还包括密钥配置模块;Furthermore, the trust determination module also includes a key configuration module;
所述密钥配置模块,用于根据所述密钥状态信息判断所述第二密钥信息的配置状态,若所述密钥状态信息为未配置状态,则将所述第一密钥信息作为第二密钥信息进行存储,并将所述密钥状态信息设置为配置中状态;The key configuration module is used to determine the configuration status of the second key information based on the key status information. If the key status information is in an unconfigured state, the first key information is stored as the second key information, and the key status information is set to a configuration state.
若所述密钥状态信息为配置中状态,则将所述第一密钥信息与存储的第二密钥信息相比对,若比对一致,则将所述密钥状态信息设置为配置完成状态,若比对不一致,则将所述密钥状态信息设置为未配置状态。If the key status information is in the configuration state, the first key information is compared with the stored second key information. If the comparison matches, the key status information is set to the configuration completed state. If the comparison does not match, the key status information is set to the unconfigured state.
进一步地,所述第一密钥信息为预先存储在TPCM中的密钥信息且唯一。Furthermore, the first key information is a unique key information that is pre-stored in the TPCM.
进一步地,所述度量结果为根据TPCM对度量目标进行度量所生成的数据序列,所述数据序列包括度量目标数据和度量状态数据。Furthermore, the measurement result is a data sequence generated by measuring the measurement target according to TPCM, and the data sequence includes measurement target data and measurement status data.
进一步地,所述时序控制模块,还用于若所述度量状态为度量中状态,则不执行启动时序,直到所述度量状态为度量完成状态;若所述度量状态为度量完成状态,则根据所述度量完成状态判断度量是否通过,并根据度量通过与否,执行相应的时序控制。Furthermore, the timing control module is also configured to: if the measurement state is in the measurement process state, not execute the startup timing until the measurement state is in the measurement completion state; if the measurement state is in the measurement completion state, determine whether the measurement has passed based on the measurement completion state, and execute the corresponding timing control based on whether the measurement has passed or not.
第三方面,本发明提供了一种服务器启动方法,采用如上所述的TPCM在位检测方法对TPCM进行可信在位检测,并在检测通过时启动服务器。Thirdly, the present invention provides a server startup method, which uses the TPCM presence detection method described above to perform trusted presence detection on the TPCM, and starts the server when the detection passes.
第四方面,本发明提供了一种服务器,所述服务器包括通过串行通信单向连接的TPCM和CPLD,所述TPCM预置有第一密钥信息,所述CPLD采用如权利要求1至8任一项所述的TPCM在位检测方法对TPCM进行可信在位检测。Fourthly, the present invention provides a server comprising a TPCM and a CPLD connected unidirectionally via serial communication, wherein the TPCM is pre-configured with first key information, and the CPLD performs trusted presence detection on the TPCM using the TPCM presence detection method as described in any one of claims 1 to 8.
进一步地,所述CPLD外接有EEPROM,所述EEPROM用于存储配置好的第二密钥信息。Furthermore, the CPLD is externally connected to an EEPROM, which is used to store the configured second key information.
本发明提供了一种TPCM在位检测方法、装置、服务器启动方法及服务器。本发明增加了CPLD对TPCM进行主动认证的机制,丰富了TPCM的状态传输信息方式,通过双重控制方式避免了TPCM实体被短接、以及物理替换等缺陷和风险,有效提高了服务器系统的安全性和稳定性。This invention provides a method, apparatus, server startup method, and server for TPCM presence detection. This invention adds a mechanism for CPLD to actively authenticate the TPCM, enriches the ways in which TPCM status information is transmitted, and avoids defects and risks such as short-circuiting and physical replacement of the TPCM entity through a dual control method, effectively improving the security and stability of the server system.
附图说明Attached Figure Description
图1是现有技术中CPLD与TPCM互联的结构示意图;Figure 1 is a schematic diagram of the interconnection between CPLD and TPCM in the prior art;
图2是现有技术中基于TPCM的服务器启动流程示意图;Figure 2 is a schematic diagram of the server startup process based on TPCM in the prior art;
图3是本发明实施例中TPCM在位检测方法的流程示意图;Figure 3 is a flowchart illustrating the TPCM in-situ detection method in an embodiment of the present invention;
图4是本发明实施例中密钥配置方法的流程示意图;Figure 4 is a flowchart illustrating the key configuration method in an embodiment of the present invention;
图5是本发明实施例中TPCM在位检测装置的结构示意图;Figure 5 is a schematic diagram of the TPCM in-situ detection device in an embodiment of the present invention;
图6是本发明实施例中服务器启动方法的流程示意图;Figure 6 is a flowchart illustrating the server startup method in an embodiment of the present invention;
图7是本发明实施例中服务器的结构示意图。Figure 7 is a schematic diagram of the server structure in an embodiment of the present invention.
具体实施方式Detailed Implementation
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
在对本发明的技术方案进行说明之前,先对本发明涉及到的技术关键词进行解释:TPCM(Trusted Platform Control Module):可信平台控制模块、或可信认证启动流程;BIOS(Basic Input Output System):基本输入输出系统;BMC(Baseboard ManagementController):基板管理控制器;CPLD(Complex Programmable Logic Device):复杂可编程逻辑器件;FW(FirmWare):固件版本;OD(Open Drain):漏极开路输出。Before describing the technical solution of this invention, the technical keywords involved in this invention will be explained: TPCM (Trusted Platform Control Module): Trusted Platform Control Module, or Trusted Authentication Boot Process; BIOS (Basic Input Output System): Basic Input Output System; BMC (Baseboard Management Controller): Baseboard Management Controller; CPLD (Complex Programmable Logic Device): Complex Programmable Logic Device; FW (Firmware): Firmware Version; OD (Open Drain): Open Drain Output.
请参阅图1,在现有的TPCM模块的工作机制中,TPCM安装在服务器主板上,通过CPLD上的TPCM接口与主板相连接,通过螺丝锁固定在主板上,TPCM与CPLD之间传输的主要信号包括TPCM_PRESENT_N信号、BMC_CHECK_PASS_N信号和BIOS_CHECK_PASS_N信号,这三种信号通过高低电平来表示不同的含义,并且三个连接线路与电源VCC之间均设置有上拉电阻,其中,TPCM_PRESENT_N信号用于表示是否安装了TPCM,BMC_CHECK_PASS_N信号用于表示TPCM对BMC的度量是否通过,BIOS_CHECK_PASS_N信号则用于表示TPCM对BIOS的度量是否通过。Please refer to Figure 1. In the existing TPCM module's working mechanism, the TPCM is installed on the server motherboard and connected to the motherboard through the TPCM interface on the CPLD. It is fixed to the motherboard with screws. The main signals transmitted between the TPCM and the CPLD include the TPCM_PRESENT_N signal, the BMC_CHECK_PASS_N signal, and the BIOS_CHECK_PASS_N signal. These three signals represent different meanings through high and low levels, and pull-up resistors are set between the three connection lines and the power supply VCC. The TPCM_PRESENT_N signal is used to indicate whether the TPCM is installed, the BMC_CHECK_PASS_N signal is used to indicate whether the TPCM's measurement of the BMC passes, and the BIOS_CHECK_PASS_N signal is used to indicate whether the TPCM's measurement of the BIOS passes.
结合图1所示的结构拓扑,请参阅图2,现有的基于TPCM的服务器启动的工作流程为:系统上电,主板上的CPLD和TPCM最先启动。CPLD通过TPCM_PRESENT_N信号判断TPCM模块是否安装在位。如果TPCM接口没有安装TPCM模块,TPCM_PRESENT_N信号由于主板上的上拉电阻呈现高电平,则判断TPCM未安装;CPLD停止启动时序,保持BMC处于复位状态,系统MAIN域电源不上电。如果安装了TPCM,则TPCM_PRESENT_N信号被TPCM上的对地电阻强拉低,TPCM_PRESENT_N信号呈现低电平,CPLD判断TPCM_PRESENT_N信号为低后,就按照预定流程进行启动。Referring to the topology shown in Figure 1 and Figure 2, the existing TPCM-based server startup workflow is as follows: Upon system power-up, the CPLD and TPCM on the motherboard start first. The CPLD uses the TPCM_PRESENT_N signal to determine if the TPCM module is installed. If no TPCM module is installed, the TPCM_PRESENT_N signal is high due to the pull-up resistor on the motherboard, indicating that the TPCM is not installed; the CPLD stops the startup sequence, keeps the BMC in a reset state, and the system MAIN domain power is not powered on. If the TPCM is installed, the TPCM_PRESENT_N signal is strongly pulled low by the ground resistor on the TPCM, resulting in a low level. Once the CPLD determines that the TPCM_PRESENT_N signal is low, it proceeds with the predetermined startup process.
按照预定流程,TPCM首先对BMC FLASH中的固件进行校验。如果BMC固件校验失败,则TPCM不对BMC_CHECK_PASS_N信号做处理,BMC_CHECK_PASS_N信号仍为高电平;CPLD在一定时间后没有收到BMC_CHECK_PASS_N信号变低,则说明BMC固件度量失败,CPLD停止启动时序,保持BMC处于复位状态,系统MAIN域电源不上电。如果BMC度量通过,TPCM会拉低BMC_CHECK_PASS_N信号,CPLD判断BMC_CHECK_PASS_N信号为低后,就按照预定流程进行启动。According to the predetermined procedure, the TPCM first verifies the firmware in the BMC FLASH. If the BMC firmware verification fails, the TPCM does not process the BMC_CHECK_PASS_N signal, and the BMC_CHECK_PASS_N signal remains high. If the CPLD does not receive the BMC_CHECK_PASS_N signal going low after a certain period of time, it indicates that the BMC firmware measurement has failed. The CPLD stops the startup timing, keeps the BMC in a reset state, and the system MAIN domain power is not powered on. If the BMC measurement passes, the TPCM pulls the BMC_CHECK_PASS_N signal low. After the CPLD determines that the BMC_CHECK_PASS_N signal is low, it starts up according to the predetermined procedure.
当系统收到开机指令后,按照预定流程,TPCM对BIOS FLASH中的固件进行校验。如果BIOS固件校验失败,则TPCM不对BIOS_CHECK_PASS_N信号做处理,BIOS_CHECK_PASS_N仍为高电平;CPLD在一定时间后没有收到BIOS_CHECK_PASS_N信号变低,则说明BIOS固件度量失败,CPLD停止启动时序,系统MAIN域电源不上电。如果BIOS度量通过,TPCM会拉低BIOS_CHECK_PASS_N信号,CPLD收到BIOS_CHECK_PASS_N信号为高后,就按照预定流程进行启动。至此,传统方式基于TPCM启动流程完成。Upon receiving the power-on command, the TPCM verifies the firmware in the BIOS FLASH according to the predetermined procedure. If the BIOS firmware verification fails, the TPCM does not process the BIOS_CHECK_PASS_N signal, and BIOS_CHECK_PASS_N remains high. If the CPLD does not receive a low BIOS_CHECK_PASS_N signal after a certain period, it indicates that the BIOS firmware measurement has failed, the CPLD stops the boot sequence, and the system MAIN domain power is not powered on. If the BIOS measurement passes, the TPCM pulls the BIOS_CHECK_PASS_N signal low. After the CPLD receives a high BIOS_CHECK_PASS_N signal, it proceeds with the boot process according to the predetermined procedure. Thus, the traditional TPCM-based boot process is complete.
传统方式虽然利用了TPCM对BMC和BIOS进行度量提高了服务器系统的安全性,但是仍存在一些问题,一方面是TPCM并没有被验证,而使用未被验证过的TPCM进行度量实际上并不能完全保证度量结果的安全性和准确性,会存在TPCM被替换或篡改而导致的系统不可信,比如使用被篡改过的TPCM进行替换,无论度量通过与否,都会发出度量通过信号,欺骗CPLD绕过TPCM的校验而完成系统启动;While traditional methods utilize TPCM to measure BMC and BIOS to improve server system security, some problems still exist. On the one hand, TPCM is not verified, and using an unverified TPCM for measurement cannot completely guarantee the security and accuracy of the measurement results. There is a risk that the TPCM may be replaced or tampered with, leading to untrustworthy systems. For example, if a tampered TPCM is used, regardless of whether the measurement passes or fails, a measurement pass signal will be sent, deceiving the CPLD to bypass TPCM verification and complete system startup.
另一方面,针对现有结构,也可以通过短接等方式绕过TPCM的验证,比如通过短接TPCM_PRESENT_N对地,以欺骗CPLD误以为TPCM在位,或者在一定时间内,短接BMC_CHECK_PASS_N对地,以欺骗CPLD误以为BMC度量通过,或者在一定时间内,短接BIOS_CHECK_PASS_N对地,以欺骗CPLD误以为BIOS度量通过,通过这种简单的硬件短接方式,同样可以欺骗CPLD绕过TPCM的校验,从而完成系统启动。而通过短接或者物理替换等方式进行的系统启动必然会导致服务器系统的不可信。On the other hand, for the existing structure, TPCM verification can also be bypassed through methods such as shorting. For example, shorting TPCM_PRESENT_N to ground can deceive the CPLD into believing that TPCM is in place. Similarly, shorting BMC_CHECK_PASS_N to ground for a certain period of time can deceive the CPLD into believing that BMC measurement has passed. Or, shorting BIOS_CHECK_PASS_N to ground for a certain period of time can deceive the CPLD into believing that BIOS measurement has passed. Through these simple hardware shorting methods, the CPLD can be tricked into bypassing TPCM verification, thereby completing the system boot. However, system booting through shorting or physical replacement will inevitably lead to the server system becoming untrustworthy.
为了解决上述现有的基于TPCM的启动方式,请参阅图3,本发明第一实施例提出的一种TPCM在位检测方法,包括步骤S10~S20:To address the aforementioned issues with existing TPCM-based startup methods, please refer to Figure 3. The first embodiment of this invention proposes a TPCM in-situ detection method, comprising steps S10 to S20:
步骤S10,在服务器系统上电后,获取来自TPCM的第一密钥信息;Step S10: After the server system is powered on, obtain the first key information from TPCM;
步骤S20,根据所述第一密钥信息判断所述TPCM是否为可信在位。Step S20: Determine whether the TPCM is trusted and in place based on the first key information.
在现有的TPCM启动方式中,是通过传统的GPIO高低电平侦测TPCM模块是否在位,并不会对TPCM进行可信验证,而这种高低电平信号又可以通过短接等方式来欺骗CPLD误以为TPCM在位,因此会存在TPCM被替换或者篡改的风险,为此,本发明设计了一种检测方式来验证TPCM是否可信,在本实施例中,采用了串行数据的方式进行在位检验,即为TPCM设置一个密钥信息,将该密钥信息作为TPCM的身份证明,通过对TPCM的密钥信息的验证,来判断TPCM是否是可信在位的,从而实现了对TPCM的可信验证,避免了被引脚短接欺骗CPLD TPCM在位的情况发生。In existing TPCM startup methods, the presence of the TPCM module is detected by traditional GPIO high and low levels, without performing trusted verification of the TPCM. Furthermore, these high and low level signals can be tricked into believing the CPLD is present by shorting them, posing a risk of TPCM replacement or tampering. Therefore, this invention designs a detection method to verify the trustworthiness of the TPCM. In this embodiment, a serial data method is used for presence verification. A key is assigned to the TPCM, serving as its identity verification. By verifying the key information, the TPCM's trustworthiness is determined, thus achieving trusted verification of the TPCM and preventing the CPLD from being tricked into believing the TPCM is present by pin shorting.
在一个优选的实施例中,TPCM的密钥信息可以采用在外部通过预设方式生成后,预先存储在TPCM内部,该密钥信息作为TPCM的身份信息,应该是有且仅有一个的,即该密钥信息应当具有唯一性,是与TPCM一一对应的,这种唯一性能够保证验证结果的准确性。当然,该密钥信息也可以是通过在TPCM内置密钥生成装置,由该密钥生成装置随机或者按照预设方式只生成一次密钥,并将该唯一的密钥信息并存储在TPCM内部,此外,本发明还提供了另一个优选的实施例,即在TPCM首次安装时,由验证方比如由CPLD发送一个密钥信息到TPCM,作为该TPCM的密钥信息进行存储,再后续对TPCM进行验证时,可以使用该密钥信息作为TPCM的身份信息进行验证,该密钥信息既可以在外部安装预设方式生成并提前存储在CPLD内部,也可以在CPLD内部安装密钥生成装置来生成该密钥信息,在该实施例中,由于TPCM并不知晓该密钥信息的生成方式,因此也能够保证密钥信息的安全性。In a preferred embodiment, the TPCM's key information can be generated externally using a preset method and pre-stored within the TPCM. This key information, serving as the TPCM's identity information, should be unique and correspond one-to-one with the TPCM. This uniqueness ensures the accuracy of the verification results. Alternatively, the key information can be generated once randomly or according to a preset method by a key generation device built into the TPCM, and this unique key information is stored within the TPCM. Furthermore, this invention provides another preferred embodiment: during the initial installation of the TPCM, the authenticator, such as a CPLD, sends a key information to the TPCM, which is then stored as the TPCM's key information. Subsequent verification of the TPCM can then use this key information as its identity information. This key information can either be generated externally using a preset method and pre-stored within the CPLD, or it can be generated by a key generation device installed within the CPLD. In this embodiment, since the TPCM is unaware of the key information generation method, the security of the key information is also guaranteed.
在现有的启动流程中,是由CPLD来判断TPCM是否在位,本发明利用这一特性,同样采用CPLD来验证TPCM的密钥信息是否正确,因此在系统上电后TPCM的密钥信息需要传输给CPLD以进行可信在位的验证,对于密钥信息的传输,可以采用明文或者加密传输,如果采用明文传输,当收到该密钥信息时可以直接对密钥信息进行读取并判断该密钥是否正确,从而能够快速的确认TPCM是否可信;如果采用加密传输,则还需要在发送方和接收方配置加解密装置,这种加密传输的方式则可以提高传输的安全性。应当理解的是,其他的密钥信息生成方法和传输方法都可以应用于本发明中,在此不再一一赘述。In existing startup procedures, the CPLD determines whether the TPCM is present. This invention utilizes this characteristic, also employing the CPLD to verify the correctness of the TPCM's key information. Therefore, after system power-on, the TPCM's key information needs to be transmitted to the CPLD for trusted presence verification. Key information transmission can be in plaintext or encrypted form. If plaintext transmission is used, the key information can be directly read and its correctness determined upon receipt, thus quickly confirming the TPCM's trustworthiness. If encrypted transmission is used, encryption/decryption devices need to be configured on both the sender and receiver, which improves transmission security. It should be understood that other key information generation and transmission methods can also be applied to this invention, and will not be elaborated upon here.
在接收到密钥信息之后,对密钥信息的验证也可以有多种验证方法,比如该密钥信息是以预设的规则生成的,因此可以通过判定该密钥信息是否符合预设规则的方式来验证密钥信息是否正确,当然还可以采用如本发明所使用的验证方式,即将第一密钥信息与预先配置好的第二密钥信息相比对,若比对一致,则判定TPCM为可信在位,若比对不一致,则判定TPCM为不可信在位。After receiving the key information, there are multiple ways to verify it. For example, if the key information is generated according to preset rules, the key information can be verified to be correct by determining whether it conforms to the preset rules. Alternatively, the verification method used in this invention can be adopted, which compares the first key information with the pre-configured second key information. If the comparison is consistent, the TPCM is determined to be trustworthy and in place; if the comparison is inconsistent, the TPCM is determined to be untrustworthy and in place.
其中,第二密钥信息与第一密钥信息相同,通过对两个密钥信息的比对,就可以验证该第一密钥信息是否正确,从而确认TPCM在位且未被篡改或者替换,这种验证方式不仅简单便捷,并且具有极高的准确度。The second key information is the same as the first key information. By comparing the two key information, it is possible to verify whether the first key information is correct, thereby confirming that the TPCM is in place and has not been tampered with or replaced. This verification method is not only simple and convenient, but also has extremely high accuracy.
在本实施例中,第二密钥信息是预先配置好的密钥信息,该密钥信息被预存在CPLD一侧,由于在本实施例中第二密钥信息是需要提前配置的,为了避免在第二密钥信息尚未配置成功就进行密钥比对而导致的无效检验的情况发生,本发明还提供了一个优选的实施例,在该实施例中,在将第一密钥信息与第二密钥信息进行比对之前,还需要执行的步骤为:In this embodiment, the second key information is pre-configured key information, which is pre-stored on the CPLD side. Since the second key information needs to be configured in advance in this embodiment, to avoid invalid verification caused by performing key comparison before the second key information is successfully configured, the present invention also provides a preferred embodiment. In this embodiment, before comparing the first key information with the second key information, the following steps need to be performed:
获取预存的密钥状态信息,根据所述密钥状态信息判断第二密钥信息是否配置完成;Obtain the pre-stored key status information, and determine whether the second key information has been configured based on the key status information;
若密钥已配置完成,则将所述第一密钥信息与所述第二密钥信息相比对;If the key has been configured, then compare the first key information with the second key information;
若密钥未配置完成,则根据所述第一密钥信息对所述第二密钥信息进行配置。If the key is not configured, the second key information is configured according to the first key information.
其中,本实施例中的密钥状态信息是用来表示第二密钥信息的配置状态,比如配置未完成或者配置已完成,只有配置已完成的密钥信息才可以被用来验证TPCM的第一密钥信息,而在配置未完成的情况下,对于第一密钥信息的验证结果是无效的或者不会进行验证,通过这种方式可以进一步地的确保密钥对比结果的准确性,避免了在第二密钥信息尚未配置完成的情况进行了无效验证等情况的出现,其中,密钥状态信息可以为预设的字符串,通过设置不同的字符数据来表示不同的状态。In this embodiment, the key status information is used to indicate the configuration status of the second key information, such as configuration incomplete or configuration complete. Only key information with complete configuration can be used to verify the first key information of TPCM. If the configuration is incomplete, the verification result of the first key information is invalid or will not be verified. In this way, the accuracy of the key comparison result can be further ensured, and invalid verification is avoided when the second key information has not been configured. The key status information can be a preset string, and different character data can be set to represent different statuses.
在对TPCM进行可信验证之前,首先要确认第二密钥信息是否已经配置完成,只有在密钥状态信息为配置完成的情况下,后续对第一密钥信息的验证才是有效的,否则,就需要先对第二密钥信息进行配置。对第二密钥信息进行配置也可以采用多种方法,比如在TCPM中预存第一密钥信息时,同时将第一密钥信息作为第二密钥信息预存在CPLD中,并在第二密钥信息预存完成后将密钥状态信息设置为配置完成状态,但是在该方法中,TPCM和CPLD需要为一一对应,即二者需要一一对应的安装,如果安装错误就会引起TPCM无法验证且无法第二密钥信息无法修改的情况,因此该配置方法虽然简单不会增加过多额外的成本,但是对于生产安装要求很高,不利于生产效率的提升;另一种配置方法则是在第一密钥信息为CPLD生成并发送至TPCM的情况下,在对第一密钥信息进行发送的同时,将生成的密钥信息作为第二密钥信息进行存储,并在第一密钥信息发送成功后,将密钥状态信息设置为配置完成状态,该方法能够极大的提高密钥信息的安全,从而提高验证结果的准确性,但是该方法存在问题是需要在CPLD中设置密钥生成装置,并且为了保证密钥的唯一性,该密钥生成装置在主板安装成功后只需要生成一次密钥信息即可,因此不可避免的会提高生产成本并且造成了资源浪费,为了解决上述问题,能够在不提高生产成本的情况下既保证了密钥的安全性和唯一性,又便于工厂流水线的生产安装,不会给生产过程带来额外的负担,本发明针对第二密钥信息的配置方法提供了一种优选的实施例,其配置步骤如下所示:Before performing trusted verification on the TPCM, it is essential to confirm that the second key information has been configured correctly. Verification of the first key information is only valid if the key status information indicates configuration is complete; otherwise, the second key information must be configured first. There are several methods for configuring the second key information. One method is to pre-store the first key information in the CPLD as the second key information while pre-storing it in the TPCM, and then set the key status information to "configuration complete" after the second key information is pre-stored. However, this method requires a one-to-one correspondence between the TPCM and CPLD; incorrect installation will result in the TPCM being unable to verify and the second key information being unmodifiable. Therefore, while this configuration method is simple and doesn't add much extra cost, it has high requirements for production installation and is not conducive to improving production efficiency. Another configuration method involves sending the generated key information simultaneously with the first key information, provided the first key information is generated by the CPLD and sent to the TPCM. The first key information is stored as the second key information, and after the first key information is successfully sent, the key status information is set to the configuration complete state. This method can greatly improve the security of the key information, thereby improving the accuracy of the verification results. However, this method has the problem that a key generation device needs to be set in the CPLD, and in order to ensure the uniqueness of the key, the key generation device only needs to generate the key information once after the motherboard is successfully installed. Therefore, it inevitably increases the production cost and causes a waste of resources. In order to solve the above problems, and to ensure the security and uniqueness of the key without increasing the production cost, and to facilitate the production and installation of the factory assembly line without bringing additional burden to the production process, the present invention provides a preferred embodiment of the configuration method for the second key information, the configuration steps of which are as follows:
根据所述密钥状态信息判断所述第二密钥信息的配置状态,若所述密钥状态信息为未配置状态,则将所述第一密钥信息作为第二密钥信息进行存储,并将所述密钥状态信息设置为配置中状态;The configuration status of the second key information is determined based on the key status information. If the key status information is in an unconfigured state, the first key information is stored as the second key information, and the key status information is set to a configuration state.
若所述密钥状态信息为配置中状态,则将所述第一密钥信息与存储的第二密钥信息相比对,若比对一致,则将所述密钥状态信息设置为配置完成状态,若比对不一致,则将所述密钥状态信息设置为未配置状态。If the key status information is in the configuration state, the first key information is compared with the stored second key information. If the comparison matches, the key status information is set to the configuration completed state. If the comparison does not match, the key status information is set to the unconfigured state.
在该实施例中,第二密钥信息根据第一密钥信息配置而成,而第一密钥信息可以为预存在TPCM中也可以采用由在TPCM内部生成的方式,当然后一种方法虽然具有极高的密钥安全性,但是如上所述,该方法也需要增加额外的密钥生成装置且该装置只需要生成一次密钥,因此,本发明优选的采用将第一密钥信息提取存储在TPCM中的方式,然后在主板安装成功第一次上电时,将第一密钥信息发送给CPLD作为第二密钥信息进行存储,并且为了保证数据传输的准确性,请参阅图4,本发明采用的密钥配置流程为:In this embodiment, the second key information is configured based on the first key information. The first key information can be pre-stored in the TPCM or generated internally within the TPCM. While the latter method offers extremely high key security, as mentioned above, it requires an additional key generation device that only needs to generate the key once. Therefore, this invention preferably extracts and stores the first key information in the TPCM. Then, upon successful motherboard installation and first power-on, the first key information is sent to the CPLD as the second key information for storage. To ensure the accuracy of data transmission, please refer to Figure 4. The key configuration process used in this invention is as follows:
在系统上电后,首先接收来自TPCM的第一密钥信息,然后判断密钥状态信息,在本实施例中使用了两个字节作为密钥状态位,通过密钥状态位来判断密钥的配置状态,密钥状态位可以存储在EEPROM中,其中00表示未配置状态,01表示配置中状态,10表示配置完成状态。如果密钥状态信息为00即未配置状态,那么就将第一密钥信息作为第二密钥信息进行存储,并且将密钥状态信息由00修改为01,表示配置中状态。为了保证配置结果是准确的,本实施例中不是直接将未配置状态变为配置完成状态,而是设置了配置中状态,通过两次配置比对来确保配置结果的准确有效,即,在系统再次上电,再次接收到第一密钥信息后,如果密钥状态信息为配置中状态即为01时,需要将第一密钥信息与存储的第二密钥信息进行比对,如果一致,就认为存储的第二密钥信息为有效信息,此时就可以将密钥状态信息修改为配置完成状态即改为10,如果不一致,则认为第一次传输发生了错误,第一次存储的密钥信息是不可信的,此时就将密钥状态信息修改为00未配置状态,并将存储的第二密钥信息丢弃,等待下次启动时重新记录密钥信息,直到密钥配置完成,密钥状态信息为10即配置完成状态。系统再次上电后,如果判断密钥状态信息为配置完成状态,就说明CPLD已经完成了第二密钥信息的配置,此时可以按照预定流程进行后续的启动。After the system powers on, it first receives the first key information from the TPCM, and then determines the key status information. In this embodiment, two bytes are used as the key status bit to determine the key configuration status. The key status bit can be stored in the EEPROM, where 00 indicates an unconfigured state, 01 indicates a configuration in progress state, and 10 indicates a configuration complete state. If the key status information is 00, i.e., an unconfigured state, then the first key information is stored as the second key information, and the key status information is changed from 00 to 01, indicating a configuration in progress state. To ensure accurate configuration results, this embodiment does not directly change the unconfigured state to the configuration completed state. Instead, it sets a configuration in progress state and ensures the accuracy and validity of the configuration result through two configuration comparisons. That is, after the system powers on again and receives the first key information again, if the key status information is in the configuration in progress state (01), it needs to be compared with the stored second key information. If they match, the stored second key information is considered valid, and the key status information can be changed to the configuration completed state (10). If they do not match, it is considered that an error occurred in the first transmission, and the first stored key information is unreliable. In this case, the key status information is changed to 00 (unconfigured state), and the stored second key information is discarded, waiting to be re-recorded on the next startup, until the key configuration is complete, and the key status information is 10 (configuration completed state). After the system powers on again, if the key status information is determined to be in the configuration completed state, it means that the CPLD has completed the configuration of the second key information, and the subsequent startup can proceed according to the predetermined process.
本发明通过二次配置的方式保证了密钥配置流程的完整性和配置结果是准确性,从而保证了后续对TPCM进行可信验证的结果是有效的,本发明提供的配置方法不需要在TPCM或者CPLD侧增加额外的如密钥生成器等复杂装置,只需要在TPCM内预存一个密钥信息即可,也不需要对CPLD进行对应设置,该密钥配置方法不仅简单高效,并且不会给生产安装带来额外的负担。This invention ensures the integrity of the key configuration process and the accuracy of the configuration results through secondary configuration, thereby guaranteeing the validity of the subsequent trusted verification results of the TPCM. The configuration method provided by this invention does not require the addition of additional complex devices such as key generators on the TPCM or CPLD side. It only requires pre-storing a key information in the TPCM and does not require corresponding settings on the CPLD. This key configuration method is not only simple and efficient, but also does not bring any additional burden to production and installation.
本发明通过首次上电记录TPC的密钥信息,并在后期上电时对TPCM的密钥信息做比对,通过对TPCM的可信在位检测,避免了后期被恶意更换TPCM的情况发生,提高了服务器系统的安全性。This invention records the key information of the TPC upon initial power-on and compares it with the key information of the TPCM upon subsequent power-on. By verifying the trusted presence of the TPCM, it prevents the TPCM from being maliciously replaced later, thereby improving the security of the server system.
步骤S30,若所述TPCM为可信在位,则响应来自TPCM的度量结果;若所述TPCM为不可信在位,则停止启动时序。Step S30: If the TPCM is trusted and in place, respond with the measurement result from the TPCM; if the TPCM is untrusted and in place, stop the startup sequence.
通过对上述现有技术的说明可知,由于TPCM对BMC或者BIOS等的固件度量结果是通过高低电平信号的方式来告知CPLD的,并且是由不同的引脚信号来表示不同的度量结果,而在TPCM被移除后,可以通过短接相关Pin脚的方式绕过可行根认证,从而恶意篡改系统,为了解决现有技术存在的这一问题,本发明将现有技术中采用高低电平信息表示度量结果的方式替换为以数据序列的方式表示度量结果,从而避免了通过短接方式来欺骗CPLD度量通过的情况发生。As can be seen from the above description of the prior art, since the TPCM informs the CPLD of the firmware measurement results of BMC or BIOS by means of high and low level signals, and different measurement results are represented by different pin signals, after the TPCM is removed, the feasible root authentication can be bypassed by shorting the relevant pins, thereby maliciously tampering with the system. In order to solve this problem of the prior art, the present invention replaces the method of using high and low level information to represent the measurement results in the prior art with the method of representing the measurement results by means of data sequence, thereby avoiding the situation where the CPLD is deceived by shorting the connection to pass the measurement.
本发明将由不同引脚的高低电平信息表示的度量结果表示为一串数据序列,即通过数据序列的不同bit位的值就能够表示对于BMC或者BIOS等不同装置进行度量的度量结果,比如度量的目标是BMC还是BIOS,度量的结果是通过还是不通过,当CPLD收到该度量结果时,通过对数据序列的读取就能够知晓TPCM的度量目标和度量结果,从而根据读取到的信息执行相应的时序控制,比如时序启动或者停止启动等。在该实施例中,由于度量结果由数据序列来表示,该数据序列中不仅有度量结果同时还有度量目标,因此该数据序列并不需要如现有设计中需要通过多个GPIO来传输电平,而是只需要一个端口进行数据传输即可,即本发明通过数据序列表示度量结果的设计,在避免了通过Pin脚短接方式绕过可行根认证的情况发生之外,还能够有效减少TPCM的接口数量。This invention represents the measurement result, indicated by the high and low level information of different pins, as a data sequence. That is, the value of different bits in the data sequence can represent the measurement result for different devices such as the BMC or BIOS. For example, whether the target of the measurement is the BMC or the BIOS, and whether the measurement result is pass or fail. When the CPLD receives the measurement result, it can know the TPCM's measurement target and result by reading the data sequence, and then execute corresponding timing control based on the read information, such as timing start or stop startup. In this embodiment, since the measurement result is represented by a data sequence, which contains both the measurement result and the measurement target, this data sequence does not need to transmit levels through multiple GPIOs as in existing designs. Instead, only one port is needed for data transmission. Therefore, this invention's design of representing the measurement result through a data sequence not only avoids bypassing feasible root authentication by shorting pins, but also effectively reduces the number of TPCM interfaces.
进一步的,在现有设计中,CPLD只能通过在一定时间内去读取相应GIPO的电平信息来判断TPCM的固件度量是否完成,而在读取到电平信息之前CPLD并不知晓TPCM当前的状态,即TPCM是否正在进行固件度量,在这种设计下,通过引脚短接的方式来欺骗CPLD误以为TPCM度量已通过是非常容易实现的,因为CPLD只能通过高低电平来判断度量结果,并不能通过其他方式来获取TPCM是否正在度量的信息,这也是因为现有设计采用电平信号来传输度量结果所带来的弊端。Furthermore, in the existing design, the CPLD can only determine whether the firmware measurement of the TPCM is complete by reading the corresponding GIPO level information within a certain period of time. Before reading the level information, the CPLD does not know the current state of the TPCM, that is, whether the TPCM is performing firmware measurement. Under this design, it is very easy to deceive the CPLD into thinking that the TPCM measurement has passed by shorting the pins, because the CPLD can only judge the measurement result by high and low levels and cannot obtain information on whether the TPCM is measuring in other ways. This is also a drawback caused by the existing design using level signals to transmit measurement results.
为此,本发明提供了一种优选的实施例,即在使用数据序列传输度量结果的基础上,增加了数据序列的格式信息,将度量的状态信息加入了数据序列中,并且只要TPCM开始度量,就会将度量状态信息写入数据序列中,并通过不断的重复发送来时时告知CPLD TPCM的当前状态,以避免CPLD不了解TPCM的度量状态而被度量结果欺骗的情况发生。而在增加了度量状态信息后,CPLD根据度量目标的度量状态执行相应的时序控制的步骤为:Therefore, this invention provides a preferred embodiment, which, based on using data sequence to transmit measurement results, adds format information to the data sequence and incorporates measurement status information into the data sequence. Whenever the TPCM starts measurement, it writes the measurement status information into the data sequence and continuously transmits it to inform the CPLD of the current status of the TPCM, thus preventing the CPLD from being misled by the measurement results due to a lack of understanding of the TPCM's measurement status. After adding the measurement status information, the CPLD performs the corresponding timing control steps based on the measurement status of the measurement target as follows:
若所述度量状态为度量中状态,则不执行启动时序,直到所述度量状态为度量完成状态;If the measurement status is in the measurement process, the startup sequence will not be executed until the measurement status is in the measurement completion state.
若所述度量状态为度量完成状态,则根据所述度量完成状态判断度量是否通过,并根据度量通过与否,执行相应的时序控制。If the measurement status is a measurement completion status, then determine whether the measurement has passed based on the measurement completion status, and execute the corresponding timing control according to whether the measurement has passed or not.
在本实施例中,CPLD与TPCM的数据交互采用了8bit指令进行沟通,数据格式可以设置为:MSB_XX_XX_XX_XX_LBS,其中,格式与定义如下表1所示:In this embodiment, the CPLD and TPCM communicate using 8-bit instructions. The data format can be set to: MSB_XX_XX_XX_XX_LBS, where the format and definition are shown in Table 1 below:
表1数据传输格式Table 1 Data transmission format
在上表中,TPCM发送BMC度量中命令的数据为:0000_00_00,在整个度量过程中会不断重复发送以通知CPLD其度量状态;In the table above, the data that TPCM sends to the BMC measurement command is: 0000_00_00, which will be repeatedly sent throughout the measurement process to notify CPLD of its measurement status.
TPCM发送BMC度量通过的数据为:0000_00_11,度量不通过的数据为:0000_00_10,该数据序列会在BMC度量完成后发送;TPCM sends data that passed the BMC metric as: 0000_00_11, and data that failed the metric as: 0000_00_10. This data sequence will be sent after the BMC metric is completed.
TPCM发送BIOS度量中命令的数据为:0000_01_00,在整个度量过程中会不断重复发送以通知CPLD其度量状态;The TPCM sends the data for the commands in the BIOS measurement as: 0000_01_00, and will repeatedly send it throughout the measurement process to notify the CPLD of its measurement status.
TPCM发送BIOS度量通过的数据为:0000_01_11,度量不通过的数据为:0000_01_10,该数据序列会在BIOS度量完成后发送。TPCM sends the data that the BIOS measurement passed as 0000_01_11 and the data that failed as 0000_01_10. This data sequence will be sent after the BIOS measurement is completed.
当然以上只是针对度量状态的举例说明,在实际情况中,还可以设置度量错误等信息,也可以设置其他的数据格式等,在此将不在一一赘述。Of course, the above is just an example of measurement status. In actual situations, you can also set measurement error information, or set other data formats, etc., which will not be elaborated here.
本发明提出的TPCM在位检测方法,摒弃了传统的通过GPIO高低电平侦测TPCM是否在位以及度量是否完成的方式,设计了采用串行数据的方式进行验证验证以及传输度量结果,不仅可以避免TPCM被替换或恶意篡改导致的可信根失效以及通过短接绕过可信根认证导致的系统不可信,并且还可以减少GPIO数量的使用,减少了TPCM的接口数量,同时丰富了TPCM状态信息的更新,从而有效提高了服务器系统启动的安全性和运行的稳定性。The TPCM presence detection method proposed in this invention abandons the traditional method of detecting TPCM presence and measurement completion through GPIO high and low levels. Instead, it designs a serial data method for verification and transmission of measurement results. This not only avoids the failure of the root of trust due to TPCM replacement or malicious tampering, but also prevents the system from becoming untrustworthy due to bypassing root of trust authentication by shorting. Furthermore, it reduces the number of GPIOs used and the number of TPCM interfaces, while enriching the update of TPCM status information, thereby effectively improving the security of server system startup and the stability of operation.
请参阅图5,基于同一发明构思,本发明第二实施例提出的一种TPCM在位检测装置,包括:Please refer to Figure 5. Based on the same inventive concept, the second embodiment of the present invention proposes a TPCM in-situ detection device, comprising:
密钥获取模块10,用于在服务器系统上电后,获取来自TPCM的第一密钥信息;The key acquisition module 10 is used to acquire the first key information from the TPCM after the server system is powered on.
可信判断模块20,用于根据所述第一密钥信息判断所述TPCM是否为可信在位;Trust determination module 20 is used to determine whether the TPCM is trusted in place based on the first key information;
时序控制模块30,用于若所述TPCM为可信在位,则响应来自TPCM的度量结果;若所述TPCM为不可信在位,则停止启动时序。The timing control module 30 is used to respond to the measurement result from the TPCM if the TPCM is trusted and in place, and to stop the timing startup if the TPCM is untrusted and in place.
在本实施例中,采用了串行数据的方式进行在位检验,即为TPCM设置一个密钥信息,将该密钥信息作为TPCM的身份证明,通过对TPCM的密钥信息的验证,来判断TPCM是否是可信在位的,从而实现了对TPCM的可信验证,避免了被引脚短接欺骗CPLD TPCM在位的情况发生。而在一个优选的实施例中,TPCM的密钥信息可以采用在外部通过预设方式生成后,预先存储在TPCM内部,该密钥信息作为TPCM的身份信息,应该是有且仅有一个的,即该密钥信息应当具有唯一性,是与TPCM一一对应的,这种唯一性能够保证验证结果的准确性。In this embodiment, a serial data method is used for in-situ verification. A key is assigned to the TPCM, serving as its identity verification. Verification of this key determines whether the TPCM is truly in-situ, thus achieving reliable TPCM verification and preventing the CPLD TPCM from being deceived into in-situ by pin short-circuiting. In a preferred embodiment, the TPCM key can be generated externally using a preset method and pre-stored within the TPCM. This key, serving as the TPCM's identity information, should be unique and correspond one-to-one with the TPCM. This uniqueness ensures the accuracy of the verification result.
进一步地,本发明还提供了另一个优选的实施例,在该实施例中:Furthermore, the present invention also provides another preferred embodiment, in which:
可信判断模块,还用于获取预存的密钥状态信息,根据所述密钥状态信息判断第二密钥信息是否配置完成;若已配置完成,则将所述第一密钥信息与所述第二密钥信息相比对;若未配置完成,则根据所述第一密钥信息对所述第二密钥信息进行配置。The trust determination module is also used to obtain pre-stored key status information, and determine whether the second key information has been configured successfully based on the key status information; if it has been configured successfully, the first key information is compared with the second key information; if it has not been configured successfully, the second key information is configured based on the first key information.
在本实施例中,第二密钥信息与第一密钥信息相同,通过对两个密钥信息的比对,就可以验证该第一密钥信息是否正确,从而确认TPCM在位且未被篡改或者替换,这种验证方式不仅简单便捷,并且具有极高的准确度。In this embodiment, the second key information is the same as the first key information. By comparing the two key information, it can be verified whether the first key information is correct, thereby confirming that the TPCM is in place and has not been tampered with or replaced. This verification method is not only simple and convenient, but also has extremely high accuracy.
进一步地,本发明还提供了另一个优选的实施例,在该实施例中所述装置还包括:Furthermore, the present invention also provides another preferred embodiment in which the apparatus further includes:
密钥配置模块,用于根据所述密钥状态信息判断所述第二密钥信息的配置状态,若所述密钥状态信息为未配置状态,则将所述第一密钥信息作为第二密钥信息进行存储,并将所述密钥状态信息设置为配置中状态;The key configuration module is used to determine the configuration status of the second key information based on the key status information. If the key status information is in an unconfigured state, the first key information is stored as the second key information, and the key status information is set to a configuration state.
若所述密钥状态信息为配置中状态,则将所述第一密钥信息与存储的第二密钥信息相比对,若比对一致,则将所述密钥状态信息设置为配置完成状态,若比对不一致,则将所述密钥状态信息设置为未配置状态。If the key status information is in the configuration state, the first key information is compared with the stored second key information. If the comparison matches, the key status information is set to the configuration completed state. If the comparison does not match, the key status information is set to the unconfigured state.
在本实施例中,密钥状态信息用来表示第二密钥信息的配置状态,比如配置未完成或者配置已完成,只有配置已完成的密钥信息才可以被用来验证TPCM的第一密钥信息,而在配置未完成的情况下,对于第一密钥信息的验证结果是无效的或者不会进行验证,通过这种方式可以进一步地的确保密钥对比结果的准确性,避免了在第二密钥信息尚未配置完成的情况进行了无效验证等情况的出现,其中,密钥状态信息可以为预设的字符串,通过设置不同的字符数据来表示不同的状态。In this embodiment, the key status information is used to indicate the configuration status of the second key information, such as configuration incomplete or configuration complete. Only the key information that has been configured can be used to verify the first key information of TPCM. If the configuration is incomplete, the verification result of the first key information is invalid or will not be verified. In this way, the accuracy of the key comparison result can be further ensured, and invalid verification is avoided when the second key information has not been configured. The key status information can be a preset string, and different character data can be set to represent different statuses.
进一步地,本发明还提供了另一个优选的实施例,在该实施例中:Furthermore, the present invention also provides another preferred embodiment, in which:
所述度量结果为根据TPCM对度量目标进行度量所生成的数据序列,所述数据序列包括度量目标数据和度量状态数据。The measurement result is a data sequence generated by measuring the measurement target according to TPCM, and the data sequence includes measurement target data and measurement status data.
本实施例将现有技术中采用高低电平信息表示度量结果的方式替换为以数据序列的方式表示度量结果,从而避免了通过短接方式来欺骗CPLD度量通过的情况发生。在本实施例中,由于度量结果由数据序列来表示,该数据序列中不仅有度量结果同时还有度量目标,因此该数据序列并不需要如现有设计中需要通过多个GPIO来传输电平,而是只需要一个端口进行数据传输即可,即本发明通过数据序列表示度量结果的设计,在避免了通过Pin脚短接方式绕过可行根认证的情况发生之外,还能够有效减少TPCM的接口数量。This embodiment replaces the existing method of representing measurement results using high and low level information with representing measurement results using a data sequence, thereby avoiding the possibility of deceiving the CPLD to pass the measurement by shorting. In this embodiment, since the measurement result is represented by a data sequence, which contains both the measurement result and the measurement target, the data sequence does not need to transmit levels through multiple GPIOs as in existing designs. Instead, only one port is needed for data transmission. That is, the design of representing measurement results by data sequence in this invention not only avoids bypassing feasible root authentication by shorting pins, but also effectively reduces the number of TPCM interfaces.
进一步地,本发明还提供了另一个优选的实施例,在该实施例中:Furthermore, the present invention also provides another preferred embodiment, in which:
时序控制模块,还用于若所述度量状态为度量中状态,则不执行启动时序,直到所述度量状态为度量完成状态;若所述度量状态为度量完成状态,则根据所述度量完成状态判断度量是否通过,并根据度量通过与否,执行相应的时序控制。The timing control module is also used to: if the measurement status is in the measurement process state, not execute the startup timing until the measurement status is in the measurement completion state; if the measurement status is in the measurement completion state, determine whether the measurement has passed based on the measurement completion state, and execute the corresponding timing control based on whether the measurement has passed or not.
本实施例在使用数据序列传输度量结果的基础上,增加了数据序列的格式信息,将度量的状态信息加入了数据序列中,并且只要TPCM开始度量,就会将度量状态信息写入数据序列中,并通过不断的重复发送该数据序列来时时告知CPLD TPCM的当前状态,以避免CPLD不了解TPCM的度量状态而被度量结果欺骗的情况发生。This embodiment adds format information to the data sequence based on the use of data sequence to transmit measurement results. The measurement status information is added to the data sequence. As soon as the TPCM starts measurement, it writes the measurement status information into the data sequence and continuously sends the data sequence to inform the CPLD of the current status of the TPCM. This is to avoid the CPLD being deceived by the measurement results because it does not know the measurement status of the TPCM.
本发明实施例提出的TPCM在位检测装置的技术特征和技术效果与本发明实施例提出的方法相同,在此不予赘述。上述TPCM在位检测装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。The technical features and effects of the TPCM in-situ detection device proposed in this embodiment of the invention are the same as those of the method proposed in this embodiment of the invention, and will not be repeated here. Each module in the above-mentioned TPCM in-situ detection device can be implemented entirely or partially through software, hardware, or a combination thereof. Each module can be embedded in or independent of the processor in a computer device in hardware form, or it can be stored in the memory of a computer device in software form, so that the processor can call and execute the operations corresponding to each module.
本发明第三实施例提出的一种服务器启动方法,采用如上所述的TPCM在位检测方法对TPCM进行可信在位检测,并在检测通过时启动服务器。The third embodiment of the present invention proposes a server startup method, which uses the TPCM presence detection method described above to perform trusted presence detection on the TPCM, and starts the server when the detection passes.
在现有设计中,通过引脚短接等方式可以欺骗CPLD,以绕过可信根认证,从而使系统不可信,本发明为了解决现有设计所存在的问题,提出了TPCM在位检测方法对TPCM进行可信认证,而此基础上,本发明还提供了一种服务器启动方法,从服务器启动流程入手,更改现有的启动流程和方法,以提高服务器系统启动的安全性,从而确保了服务器系统运行的安全性和稳定性。In existing designs, CPLDs can be tricked by methods such as pin shorting to bypass trusted root authentication, thus rendering the system untrustworthy. To address the problems in existing designs, this invention proposes a TPCM in-situ detection method for trusted TPCM authentication. Furthermore, this invention also provides a server startup method that modifies the existing startup process and methods to improve the security of server system startup, thereby ensuring the security and stability of server system operation.
结合图2所示的基于TCPM的传统启动流程可知,在传统的启动流程中,由于是通过高低电平的方式评估TPCM是否在位,并且通过高低电平的方式来传输TPCM的度量结果,因此缺乏对TPCM的可信认证,以及可以通过短接等方式欺骗CPLD,以绕过TPCM的可信认证,从而导致系统的不可信启动。为此,本发明提供了一种新的服务器启动方法,以解决现有启动方法存在的这些问题。请参阅图6,本发明提供的服务器启动方法为:As shown in Figure 2, the traditional TCPM-based startup process suffers from several drawbacks. First, it relies on high and low voltage levels to assess the presence of the TCPM and transmit its measurement results. Second, it lacks reliable authentication of the TCPM and allows the CPLD to be bypassed through methods like short-circuiting, leading to unreliable system startup. To address these issues, this invention provides a novel server startup method. Referring to Figure 6, the server startup method provided by this invention is as follows:
在服务器系统上电后,CPLD会通过时序控制复位BMC,该步骤与传统启动方式相同,而在该步骤之后,通过TPCM发送的密钥信息来对TPCM进行可信认证,如果密钥比对成功,则认为TPCM可信在位,此时等待TPCM对BMC进行度量,而对BMC度量完成之后,根据度量结果生成数据序列并发送至CPLD,CPLD接收到对于BMC度量的数据序列后,通过该数据序列获取对BMC的度量结果,如果度量通过,则解除BMC的复位状态,并启动BMC,如果度量不通过,则停止启动时序。After the server system is powered on, the CPLD resets the BMC via timing control, a step identical to the traditional startup method. Following this step, the TPCM is authenticated using the key information sent by the TPCM. If the key comparison is successful, the TPCM is considered trustworthy and in place. At this point, the CPLD waits for the TPCM to measure the BMC. After the BMC measurement is completed, a data sequence is generated based on the measurement result and sent to the CPLD. Upon receiving the data sequence for the BMC measurement, the CPLD obtains the measurement result of the BMC through this data sequence. If the measurement passes, the BMC reset state is lifted, and the BMC is started. If the measurement fails, the startup timing is stopped.
在服务器系统收到开机指令后,TPCM对BIOS进行固件度量,并根据度量结果生成数据序列,该数据序列同样被发送至CPLD,由CPLD根据该数据序列判断BIOS是否度量通过,如果度量不通过,就停止启动时序,如果度量通过,则解除BIOS的复位状态启动BIOS,从而完成服务器系统的可信启动。需要说明的是,在对TPCM的第一密钥信息进行比对验证之前,需要完成第二密钥信息的配置,密钥信息的配置方法同样可以采用上述的TPCM在位检测方法中的配置方式,并且其度量结果的数据序列生成方式也与上述的TPCM在位检测方法中的数据序列生成方式相同,在此将不在一一赘述。After the server system receives the boot command, the TPCM performs firmware measurement on the BIOS and generates a data sequence based on the measurement result. This data sequence is also sent to the CPLD, which determines whether the BIOS measurement has passed based on the data sequence. If the measurement fails, the boot sequence is stopped; if the measurement passes, the BIOS is de-reset and booted, thus completing the trusted boot of the server system. It should be noted that before comparing and verifying the first key information of the TPCM, the configuration of the second key information needs to be completed. The configuration method for the key information can also adopt the configuration method described in the TPCM presence detection method, and the data sequence generation method of its measurement result is also the same as that in the TPCM presence detection method, which will not be elaborated further here.
本发明在服务器系统的启动过程中增加了对TPCM认证的过程,并且通过串行数据的方式进行的可信根认证和度量结果的传输,可以防止TPCM被移除后,通过短接相关Pin脚的方式绕过可信根认证,恶意篡改系统,并且可以防止TPCM被更换或恶意篡改后导致可信根失效,导致的系统不可信,进一步地,还可以减少GPIO数量的使用,减少TPCM模块接口数量,丰富TPCM状态信息的更新,从多个方面保证了服务器系统能够安全可信的启动,从而提高了服务器系统的信息安全。This invention adds a TPCM authentication process during the server system startup process. The trusted root authentication and measurement result transmission via serial data prevents malicious tampering of the system by bypassing trusted root authentication after the TPCM is removed by shorting relevant pins. It also prevents the trusted root from becoming invalid due to TPCM replacement or malicious tampering, thus preventing system untrustworthiness. Furthermore, it reduces the number of GPIOs and TPCM module interfaces, and enriches the updates of TPCM status information. These multiple aspects ensure the secure and reliable startup of the server system, thereby improving its information security.
请参阅图7,本发明第四实施例提供的一种服务器,该服务器包括通过串行通信单向连接的TPCM和CPLD,所述TPCM预置有第一密钥信息,所述CPLD采用如上所述的TPCM在位检测方法对TPCM进行可信在位检测。Please refer to Figure 7. A server provided in the fourth embodiment of the present invention includes a TPCM and a CPLD connected unidirectionally via serial communication. The TPCM is pre-set with first key information, and the CPLD uses the TPCM presence detection method described above to perform trusted presence detection on the TPCM.
在现有设计中,由于CPLD是通过不同引脚的高低电平来评估TPCM是否在位、以及TPCM对BMC和BIOS进行固件度量的度量结果,因此至少需要三对GPIO端口,同时该设计还容易通过Pin脚短接的方式来欺骗CPLD,而本发明提供了一种可以通过串行数据来进行TPCM的认证和传输度量结果的方法,该方法中所有信息都是串行数据,因此可以将TPCM与CPLD之间的连接关系从传统的GPIO电平的工作方式变更为串行通信,具体为,TPCM与CPLD之间通过TPCM_CPLD_DATA_TX信号连接,该信号为单向信号,由TPCM发送、CPLD接收。TPCM端通过OD输出的方式控制外部信号,方便与主板电平匹配。In existing designs, the CPLD evaluates the presence of the TPCM and the firmware measurement results of the TPCM by using the high and low levels of different pins. Therefore, at least three pairs of GPIO ports are required. This design is also susceptible to deceiving the CPLD by shorting pins. This invention provides a method for TPCM authentication and measurement result transmission via serial data. All information in this method is serial data, thus changing the connection between the TPCM and CPLD from the traditional GPIO level operation to serial communication. Specifically, the TPCM and CPLD are connected via the TPCM_CPLD_DATA_TX signal, a unidirectional signal sent by the TPCM and received by the CPLD. The TPCM controls external signals via OD output, facilitating level matching with the motherboard.
通过串行通信的方式,将原有的需要至少三对GPIO端口的连接结构变更为只需要一对GPIO端口进行串行通信即可,当然在GPIO的连接线路上也设置有上拉电阻,本发明的这种拓扑设计,除了可以避免通过短接或者替换等方式欺骗CPLD之外,还可以有效减少GPIO接口的数量。并且通过规定该信号为单向传输,TPCM不会有外部数据的输入,进一步保证了TPCM的密钥信息的安全性。By using serial communication, the original connection structure requiring at least three pairs of GPIO ports is changed to one pair of GPIO ports for serial communication. Pull-up resistors are also provided on the GPIO connection lines. This topology design not only avoids deceiving the CPLD through short circuits or replacements, but also effectively reduces the number of GPIO interfaces. Furthermore, by specifying that this signal is transmitted unidirectionally, the TPCM will not have any external data input, further ensuring the security of the TPCM's key information.
进一步地,由于本发明中CPLD需要对TPCM的密钥信息进行验证,因此需要配置并存储第二密钥信息,如果将该第二密钥信息存储在CPLD内置的Flash中,当CPLD升级时容易影响到密钥信息,从而导致密钥信息失效等问题出现,为此,本发明提供了一种优选的实施例,在该实施例中,将CPLD外挂EEPROM,该EERPOM的位置不受CPLD升级的影响,在系统上电后,CPLD会将TPCM发送过来的密钥信息保存在该EEPROM中,从而确保了配置好的密钥信息不会因为系统意外断电或者CPLD升级等原因被覆盖、清空或者篡改。下面结合图7的拓扑结构,对服务器的启动流程进行说明:Furthermore, since the CPLD in this invention needs to verify the key information of the TPCM, it is necessary to configure and store second key information. If this second key information is stored in the CPLD's built-in Flash, the key information may be affected when the CPLD is upgraded, leading to problems such as key information invalidation. Therefore, this invention provides a preferred embodiment in which an external EEPROM is connected to the CPLD. The location of the EEPROM is not affected by CPLD upgrades. After the system powers on, the CPLD will save the key information sent by the TPCM in the EEPROM, thereby ensuring that the configured key information will not be overwritten, cleared, or tampered with due to unexpected system power outages or CPLD upgrades. The server startup process will be described below with reference to the topology in Figure 7:
在系统上电初期,TPCM通过TPCM_CPLD_DATA_TX信号向CPLD发送TPCM的密钥信息,此密钥在TPCM内部具有唯一性。CPLD在收到密钥信息后,先判断CPLD内存储的密钥信息是否配置完成,如果配置完成,就对接收到的密钥信息进行比对验证,如果没配置完成,就根据接收到的密钥信息进行密钥配置。During the initial power-up phase of the system, the TPCM sends its key information to the CPLD via the TPCM_CPLD_DATA_TX signal. This key is unique within the TPCM. Upon receiving the key information, the CPLD first checks whether the key information stored within the CPLD has been configured. If configured, it compares and verifies the received key information. If not configured, it configures the key based on the received key information.
在密钥配置时,先判断EEPROM中的密钥状态信息,如果为未配置状态,就记录密钥信息至EEPROM,并将EEPROM中的密钥状态信息写为配置中状态,如果为配置中状态,则与EEPROM中第一次存储的密钥做比对,比对一致则写EEPROM中的密钥状态信息为配置完成状态,比对不一致则写EEPROM中的密钥状态信息为未配置状态,等待下次启动时重新记录密钥,直至密钥配置完成,密钥状态信息为配置完成状态。During key configuration, the key status information in the EEPROM is first checked. If it is in an unconfigured state, the key information is recorded to the EEPROM, and the key status information in the EEPROM is written as "configuring". If it is in a "configuring" state, it is compared with the key stored in the EEPROM for the first time. If they match, the key status information in the EEPROM is written as "configuration complete". If they do not match, the key status information in the EEPROM is written as "unconfigured". The key is then recorded again on the next startup until the key configuration is complete and the key status information is "configuration complete".
CPLD通过将存储的密钥信息与接收的密钥信息相比对,来验证密钥信息的正确与否,CPLD如果收到正确的TPCM密钥信息,则可以判断为TPCM在位且未被篡改或者替换,即为可信在位;如果没有接收到正确的TPCM密钥信息,则说明TPCM模块被篡改或者替换,CPLD停止启动时序,保持BMC处于复位状态,系统MAIN域电源不上电。The CPLD verifies the correctness of the key information by comparing the stored key information with the received key information. If the CPLD receives the correct TPCM key information, it can determine that the TPCM is in place and has not been tampered with or replaced, which means it is trusted to be in place. If the correct TPCM key information is not received, it means that the TPCM module has been tampered with or replaced. The CPLD stops the startup timing, keeps the BMC in the reset state, and the system MAIN domain power is not powered on.
按照预定流程,TPCM首先对BMC FLASH中的固件进行校验,在度量过程中,TPCM通过TPCM_CPLD_DATA_TX信号不断的向CPLD发送度量状态为度量中的数据序列直到度量完成,CPLD如果接到度量中的数据序列就进行等待,直到接收到度量完成的数据序列。如果BMC固件度量失败,则TPCM通过TPCM_CPLD_DATA_TX信号向CPLD发送BMC固件度量失败的数据序列,CPLD停止启动时序,保持BMC处于复位状态,系统MAIN域电源不上电;如果BMC固件度量成功,则TPCM通过TPCM_CPLD_DATA_TX信号向CPLD发送BMC固件度量成功的数据序列,CPLD按照预定流程进行启动。According to the predetermined procedure, the TPCM first verifies the firmware in the BMC FLASH. During the measurement process, the TPCM continuously sends a data sequence indicating measurement in progress to the CPLD via the TPCM_CPLD_DATA_TX signal until the measurement is complete. If the CPLD receives a data sequence indicating measurement in progress, it waits until it receives a data sequence indicating measurement completion. If the BMC firmware measurement fails, the TPCM sends a data sequence indicating BMC firmware measurement failure to the CPLD via the TPCM_CPLD_DATA_TX signal, the CPLD stops the startup timing, keeps the BMC in a reset state, and the system MAIN domain power is not powered on. If the BMC firmware measurement succeeds, the TPCM sends a data sequence indicating BMC firmware measurement success to the CPLD via the TPCM_CPLD_DATA_TX signal, and the CPLD starts up according to the predetermined procedure.
当系统收到开机指令后,TPCM对BIOS FLASH中的固件进行校验,在度量过程中,TPCM通过TPCM_CPLD_DATA_TX信号不断的向CPLD发送度量状态为度量中的数据序列直到度量完成,CPLD如果接到度量中的数据序列就进行等待,直到接收到度量完成的数据序列。如果BIOS固件度量失败,则TPCM通过TPCM_CPLD_DATA_TX信号向CPLD发送BIOS固件度量失败的数据序列,CPLD停止启动流程,系统MAIN域电源不上电;如果BIOS固件度量成功,则TPCM通过TPCM_CPLD_DATA_TX信号向CPLD发送BIOS固件度量成功的数据序列,CPLD按照预定流程进行启动。从而完成基于TPCM的启动流程。When the system receives the power-on command, the TPCM verifies the firmware in the BIOS FLASH. During the verification process, the TPCM continuously sends a data sequence indicating "verification in progress" to the CPLD via the TPCM_CPLD_DATA_TX signal until the verification is complete. If the CPLD receives a data sequence indicating "verification in progress," it waits until it receives a data sequence indicating "verification complete." If the BIOS firmware verification fails, the TPCM sends a data sequence indicating "BIOS firmware verification failure" to the CPLD via the TPCM_CPLD_DATA_TX signal, the CPLD stops the boot process, and the system MAIN domain power is not turned on. If the BIOS firmware verification succeeds, the TPCM sends a data sequence indicating "BIOS firmware verification success" to the CPLD via the TPCM_CPLD_DATA_TX signal, and the CPLD boots according to the predetermined procedure. This completes the TPCM-based boot process.
本发明通过单向信号的串行通信方式,减少了TPCM接口的数量,避免了外部数据输入TPCM,从结构设计上提高了TPCM内部数据的安全性,并且通过CPLD外挂EEPROM的方式,避免了存储的密钥信息受CPLD升级等情况的影响,本发明通过对服务器在拓扑结构上的改进,提高了服务器系统的数据安全性,从而使服务器系统的运行更加安全稳定。This invention reduces the number of TPCM interfaces by using a unidirectional signal serial communication method, avoids external data input to the TPCM, and improves the security of internal data in the TPCM from a structural design perspective. Furthermore, by using an external EEPROM for the CPLD, it avoids the impact of CPLD upgrades and other factors on the stored key information. Through improvements to the server topology, this invention enhances the data security of the server system, thereby making the server system operate more securely and stably.
需要说明的是,本发明提供的服务器的拓扑结构只是根据上述的服务器启动方法相匹配的一种优选的拓扑结构,在该优选实施例的基础上,还可以对服务器的拓扑结构做进一步的改进或者替换,比如对于TPCM和CPLD之间的串行通信,可以设置为双向通信,在这种设计下,除了可以采用本发明提供的密钥配置方法和密钥比对方法之外,还可以实现上述的多种优选的密钥配置方法,包括由CPLD向TPCM发送代表TPCM身份的密钥信息,并接收来自TPCM的密钥信息进行验证,或者由CPLD向TPCM发送密钥信号进行配置,CPLD会向TPMC发送密钥配置是否成功的信息等密钥配置方法;又比如在原有TPCM和CPLD的拓扑连接结构上增加串行通信,在该情况下,可以通过密钥比对和高低电平信号的双重判定的方式,来进一步确保TPCM未被替换或篡改,当然还可以采用CPLD外挂多个EEPROM的拓扑结构,将CPLD存储的密钥信息和密钥状态信息以及其他的数据都存储在不同的外挂EEPROM中,以提高CPLD存储的数据的安全性。即在不脱离本发明技术原理的前提下,可以对结构以及方法做出若干改进和替换,这些改进和替换也应视为本申请的保护范围。It should be noted that the server topology provided by this invention is only a preferred topology matching the server startup method described above. Based on this preferred embodiment, the server topology can be further improved or replaced. For example, the serial communication between the TPCM and CPLD can be set to bidirectional communication. Under this design, in addition to the key configuration method and key comparison method provided by this invention, various preferred key configuration methods can also be implemented, including the CPLD sending key information representing the TPCM's identity to the TPCM and receiving key information from the TPCM for verification, or the CPLD sending a key signal to the TPCM for configuration, and the CPLD sending information to the TPCM indicating whether the key configuration was successful. Alternatively, serial communication can be added to the existing TPCM and CPLD topology. In this case, key comparison and dual determination of high and low level signals can further ensure that the TPCM has not been replaced or tampered with. Of course, a topology with multiple external EEPROMs can also be used, storing the key information, key status information, and other data stored by the CPLD in different external EEPROMs to improve the security of the data stored by the CPLD. That is, without departing from the technical principles of this invention, several improvements and substitutions can be made to the structure and method, and these improvements and substitutions should also be considered within the scope of protection of this application.
综上,本发明实施例提出的TPCM在位检测方法、装置、服务器启动方法及服务器,所述方法通过在服务器系统上电后,获取来自TPCM的第一密钥信息;根据所述第一密钥信息判断所述TPCM是否为可信在位;若所述TPCM为可信在位,则响应来自TPCM的度量结果;若所述TPCM为不可信在位,则停止启动时序。本发明通过增加TPCM的认证动作以及通过数据流代替传统电平的方式传输状态信息,可以有效防止TPCM被移除后,通过短接相关Pin脚的方式绕过可信根认证,恶意篡改系统,以及防止TPCM被更换或恶意篡改,导致可信根失效而引起的系统不可信,同时还可以减少GPIO数量的使用,减少TPCM模块接口数量,丰富TPCM状态信息的更新。本发明通过增加了CPLD对TPCM模块主动认证的机制,丰富了TPCM模块的状态传输信息方式,双重确保了TPCM实体不被短接或不被替换篡改,本发明通过方法和结构上的改进,确保了服务器系统的信息安全。In summary, the TPCM presence detection method, apparatus, server startup method, and server proposed in this invention embodiment obtain first key information from the TPCM after the server system is powered on; determine whether the TPCM is trusted and present based on the first key information; if the TPCM is trusted and present, respond to the measurement result from the TPCM; if the TPCM is untrusted and present, stop the startup sequence. This invention, by adding TPCM authentication actions and transmitting status information via data stream instead of traditional voltage levels, effectively prevents the system from being maliciously tampered with by bypassing the root of trust authentication after the TPCM is removed by shorting relevant pins, and prevents the system from becoming untrusted due to the root of trust failure caused by the replacement or malicious tampering of the TPCM. It also reduces the number of GPIOs used, the number of TPCM module interfaces, and enriches the updates of TPCM status information. This invention, by adding a mechanism for CPLD active authentication of the TPCM module, enriches the way TPCM module status information is transmitted, doubly ensuring that the TPCM entity is not shorted or replaced/tampered with. Through methodological and structural improvements, this invention ensures the information security of the server system.
本说明书中的各个实施例均采用递进的方式描述,各个实施例直接相同或相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于装置实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。需要说明的是,上述实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The various embodiments in this specification are described in a progressive manner. For directly identical or similar parts among the embodiments, refer to each other. Each embodiment focuses on its differences from other embodiments. In particular, the device embodiments are basically similar to the method embodiments, so the description is relatively simple; refer to the description of the method embodiments for relevant details. It should be noted that the technical features of the above embodiments can be combined arbitrarily. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as the combination of these technical features does not contradict each other, it should be considered within the scope of this specification.
以上所述实施例仅表达了本申请的几种优选实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本技术领域的普通技术人员来说,在不脱离本发明技术原理的前提下,还可以做出若干改进和替换,这些改进和替换也应视为本申请的保护范围。因此,本申请专利的保护范围应以所述权利要求的保护范围为准。The embodiments described above are merely preferred embodiments of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of the invention patent. It should be noted that those skilled in the art can make various improvements and substitutions without departing from the technical principles of this invention, and these improvements and substitutions should also be considered within the scope of protection of this application. Therefore, the scope of protection of this patent application should be determined by the scope of the claims.
Claims (11)
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK40095785A HK40095785A (en) | 2024-02-09 |
| HK40095785B true HK40095785B (en) | 2024-04-26 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7558966B2 (en) | Notifying remote administrator of platform integrity determination | |
| CN112560004B (en) | Integrity determination method and system | |
| CN116628701B (en) | TPCM (thermoplastic polyurethane) in-place detection method and device, server starting method and server | |
| CN107025406B (en) | Motherboard, computer-readable storage device, and firmware verification method | |
| CN114064130B (en) | Autonomous driving system with dual safety start | |
| US20180121656A1 (en) | Validating operating firmware of a periperhal device | |
| US9582262B2 (en) | Systems and methods for installing upgraded software on electronic devices | |
| WO2020037613A1 (en) | Security upgrade method, apparatus and device for embedded program, and storage medium | |
| US11822669B2 (en) | Systems and methods for importing security credentials for use by an information handling system | |
| US11843707B2 (en) | Systems and methods for authenticating hardware of an information handling system | |
| CN113190880B (en) | Determining whether to perform an action on a computing device based on analysis of endorsement information of a security co-processor | |
| CN115329321B (en) | A firmware boot method, chip, and computing device | |
| CN115981687A (en) | Firmware upgrade method, device, equipment and storage medium | |
| US10193694B1 (en) | Method and apparatus for securely configuring parameters of a system-on-a-chip (SOC) | |
| CN112328326B (en) | Embedded operating system trusted starting method based on security chip and master control system | |
| US11216552B2 (en) | System and method for verifying first time use of an information handling system | |
| WO2022028057A1 (en) | Tpm-based apparatus and method for multi-layer protection of server asset information | |
| CN117520218A (en) | Computing system and method for protecting computing system | |
| HK40095785A (en) | Tpcm in-place detection method, apparatus, server starting method and server | |
| HK40095785B (en) | Tpcm in-place detection method, apparatus, server starting method and server | |
| CN118965367B (en) | BIOS startup method and device, storage medium and electronic device | |
| US8185941B2 (en) | System and method of tamper-resistant control | |
| CN116820528A (en) | Firmware version upgrading method and device, chip and electronic equipment | |
| CN110740041B (en) | Embedded system safe starting and credibility measuring method based on credible computing module | |
| CN114791817A (en) | Firmware update method, apparatus and electronic device |