200931315 九、發明說明: 【發明所屬之技術領域】 本發明係關於-種電腦系統中播案内容更新之安全驗證方 法,尤其係關於-種對電腦系、統中腦§#案内容之更新進行=全 校驗的BIOS刷新内容之驗證方法。 王 【先前技術】 目前,在鎌器管理中,由於舰器需要使㈣都是最新的 硬體,以出廠時的肋s (BasicInpui〇utputSystem,基本輪入 輸出系統)㈣_的硬體在—段時間之後就已經不能對最新的 硬體進行識觀躺,所以f要將伺服器的臓更新為最新版的 BIOS以支援新硬體的識別和使用,而刷新腦以種操作是非常 危險的’-但刷新了錯誤的BI〇s樓案會造成機器不能啟動,嚴重 日τ可此會造成伺服ϋ上的BI〇s晶片損壞。同時,由於bi〇s槽案 的發佈過錄長,彳林可能域職受_情獅紐bi〇s播案 不能啟動。 因此’如果能夠在刷新BI〇s之前,在實際機器上進行測試後 再更新到BIOS的可電氣拭除式可改寫唯讀記籠㈣血化卿200931315 IX. Description of the invention: [Technical field to which the invention pertains] The present invention relates to a method for verifying the security of a content in a computer system, in particular, regarding the update of the content of the computer system and the system = Fully verified BIOS refresh content verification method. Wang [Prior Art] At present, in the management of the device, because the ship needs to make (4) the latest hardware, the ribs (BasicInpui〇utputSystem, basic wheel-in output system) (4) _ the hardware in the factory After a period of time, I can't read the latest hardware, so I need to update the server's port to the latest version of the BIOS to support the identification and use of new hardware. It is very dangerous to refresh the brain. '-But refreshing the wrong BI〇s building will cause the machine to fail to start, and the severe day τ can cause damage to the BI〇s chip on the servo. At the same time, due to the publication of the bi〇s trough case, Yulin may be a domain affiliation. Therefore, if you can refresh the BI〇s before the test on the actual machine, then update to the BIOS can be electrically erased can be rewritten only read the record cage (four) blood Huaqing
Erasable Programmable Read-〇nly Memory,簡稱 EEPR0M)中, 就可以保證綱作業的正確性,減少恤器可能出現的問題。因 而’目前業界逐待提供—種BI〇s刷新内容之驗證方法,藉以克服 上述習知技術中的問題或缺陷。 200931315 【發明内容】 曰為了解決上述習吨術中的問題與缺陷,本發明之目的在於 提供種麵刷新内容之驗證方法,係用以在對電腦⑽ 更新之前’對新❹咖檔翻容進行安全驗證。 本發明所提供之—_QS刷新内容之驗證方法,係包含 步驟: 卜 使用半虛擬化技術在進㈣統腸s更新之電腦主機中 建立-個虛娜啟動此虛擬機,·將新的励s難内容拷貝至電 腦主機之記憶體中由〇_··〇_開始的i兆位元組⑽心卿) 的位址空間内;使用此新的刪槽案中的内容來執行電。腦主機之 啟動進程’ JE使半虛擬的作㈣統基於與電腦主機相同的硬體平 台運行;以及驗證應用此新韻〇s檔案内容之虛擬作業系統是否 運行正常,如果運行正常’職運行韓之資朗餽給用戶並結 束驗證,如果運行不正常,則將運料正常之資朗餽給用戶並 結束驗證。 综上所述,本發明之優點在於: 本發騎提供之-種BIOS刷㈣容之驗證方法,係透過半虛 擬化技術所虛擬㈣作業純之運行,實現了在對電腦腦s進行 刷新之前,對新的BI0S檔案内容進行安全驗證,進而避免了習知 技術中由於錯誤的BIOS檔案内容被更新到實際機器後所造成的 機器不能啟動以及BIOS晶片受損等問題。 200931315 【實施方式】 、下將ν’。S圖式部份對本發明之較佳實施方式作詳細說明。 清麥考「笛1 Θ Ο 乐1圖」,圖中表示了本發明之一種BIOS刷新内容 之驗也方去中的BI0S啟動原理,如「第1圖」所示,本發明之方 法的車乂^貫施方式’係由電駐機(例如-舰H)在開機(指開 啟電源)後先將BI0S槽案拷貝到記憶體中之指定範圍的位址*門 内,然後電腦會跳到此—記憶體之指定範圍中的-開始執行^ (般為OxFFFFO處)開始執行代瑪,這個位址就是Βι〇§的開妒執 行位址,而更新到機器的BI〇s檔案中的内容與其一致,因林發 方法就疋將新的Bl〇s檔案的内容拷貝到前述記憶體中之指 定範圍的位址空間内,以便使用新的刪標案中的内容來執料 $主板的啟動輕,便娜職_來進行更新的咖檔案的内 容是否正確'安全。 Ο 依據本發明所揭露之職刷新内容之驗證方法,還包括利用 虛擬技術來運賴的挪S _,以韻_ bi〇s内容進行驗 證。目前,虛擬化技術可以概分為全虛擬化和半虛擬化兩種。使 用全虛擬化時,在虛擬化的作業系統和硬體之間存在一靜,係 用於歧關。這㈣統㈣程式或顧魅視哭 ’簡稱_)。半座擬化與全虛擬化類 似,但是系統官理程式會以—種更具協作性的方式進行作業。這 是因為每個客戶作鈴統都瞭解自身正在虛擬化模式中運行,因 200931315 此每個客戶作業系統都會與系統管理程式協作,來實現底層硬體 的虛擬化。 習知技術中,全虛擬化的實例包含商業虛擬化解決方案 VMware (-種電腦虛擬化軟體,係可以使_台機器上同時運行兩 個或更多的作㈣統),前IBM z㈣電腦上使㈣舰系統 z9虛擬機(Z/VM,vm英文全稱為virtualMachine)作㈣統,Erasable Programmable Read-〇nly Memory (referred to as EEPR0M) can guarantee the correctness of the work and reduce the problems that may occur in the software. Therefore, the current industry is going to provide a verification method for BI刷新s refreshing content, thereby overcoming the problems or defects in the above-mentioned prior art. 200931315 SUMMARY OF THE INVENTION In order to solve the problems and defects in the above-mentioned operations, the object of the present invention is to provide a method for verifying the content of the face refreshing, which is used to safely rewind the new coffee file before updating the computer (10). verification. The method for verifying the content of the _QS refreshing content provided by the present invention comprises the steps of: using the paravirtualization technology to establish in the computer host of the (four) unified intestinal s update - a virtual virtual machine to start the virtual machine, the new excitation s The hard content is copied into the address space of the i megabyte (10) of the memory of the host computer starting from 〇_··〇_; the content in this new deleted case is used to execute the power. The startup process of the brain host 'JE makes the semi-virtual work (four) run on the same hardware platform as the computer host; and verifies whether the virtual operating system that applies the new rhyme file content is running normally, if it runs normally The funds are fed to the user and the verification is ended. If the operation is not normal, the normal materials will be fed to the user and the verification will be ended. In summary, the advantages of the present invention are as follows: The verification method of the BIOS brush (four) capacity provided by the rider is implemented by the virtual (four) job running through the paravirtualization technology, and before the computer brain s is refreshed. The security verification of the new BI0S file content is carried out, thereby avoiding problems such as the failure of the machine to start and the damage of the BIOS chip caused by the wrong BIOS file content being updated to the actual machine in the prior art. 200931315 [Embodiment] Next, ν'. The preferred embodiment of the present invention is described in detail in the drawings. The clear wheat test "Flute 1 Θ Ο music 1 map", the figure shows the BIOS startup content of the present invention, the BI0S startup principle, as shown in "1", the method of the present invention乂 贯 贯 方式 ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' - Start execution in the specified range of memory ^ (usually OxFFFFO) to start executing 玛玛, this address is the opening address of Βι〇§, and the content of the BI〇s file updated to the machine is Consistently, the Linfa method copies the contents of the new Bl〇s file into the specified address space in the aforementioned memory, so as to use the contents of the new deletion to control the startup of the motherboard. , will be the job _ to update the contents of the coffee file is correct 'safe.验证 According to the verification method for refreshing content disclosed in the present invention, the method further includes verifying the content of the _ _ bi 〇 s using the virtual technology. At present, virtualization technology can be divided into two types: full virtualization and paravirtualization. When using full virtualization, there is a static between the virtualized operating system and the hardware that is used for disambiguation. This (four) system (four) program or Gu Meiguan cry ‘abbreviation _). Half-seat is similar to full-virtualization, but the system manager will work in a more collaborative way. This is because each customer knows that they are running in virtualized mode, because 200931315 each customer operating system will work with the system management program to virtualize the underlying hardware. In the conventional technology, the example of full virtualization includes the commercial virtualization solution VMware (a kind of computer virtualization software, which can make two or more (four) systems run simultaneously on the machine), on the former IBM z (four) computer. Make (4) ship system z9 virtual machine (Z/VM, vm English full name virtualMachine) for (four) system,
〇 以及内核虛擬機(KVM),另外還有其他_些實例,例如B〇chs (-麵擬X86環境的虛擬機軟體)、QEMU(一種可以在施如奶 作業系統中仿真出另-套作業系統的仿真軟體)、virt祕〇χ(係 -款功能強大的遍虛擬機軟體)等。半虛擬化的實例有為和〇 and the kernel virtual machine (KVM), there are other examples, such as B〇chs (the virtual machine software of the X86 environment), QEMU (a kind of simulation that can be simulated in the Shilu milk system) System simulation software), virt secret (system - powerful virtual machine software). Paravirtualized instances have and
User-M〇de-Linux (UML),其中:乂沈是一種半虛擬化 /OWirtuaUzat-)虛擬機監視器(γΜΜ),這表示,為了調用 系統管理程式,其需要有選擇地修改作㈣統膽(k_D,然 而卻不需雜改作㈣統上運行的翻程式。_谓贈e等其 他虛擬化緖,、現了完全的虛擬化,即它們不必修改使用中的作 業系統’但它們仍f要進行即時的機器代碼翻譯,這會影響系統 性能,而Xen是-種特殊的虛擬硬體虛擬機,其具有虛擬硬體虛 擬機的大部分躲,並且能夠翻戶像在現有環境卜樣安裝並 測試新的升錄體,而不必擔心破壞騎齡統·版 (UML),是—種安全的虛擬機,其可以讓〆個Linux系統作為— 個獨立的進程運行在另—個m,因此可以像執行—般 10 200931315 程式般地在現有的硬碟上啟動多個Linux作業系統,使用UML, 用戶可以在主機的Linux系統内核中以用戶態方式運行另一個 Linux内核,還可以在單個電腦上運行多個獨立的虛擬電腦。 虛擬化解決方案的底層是要進行虛擬化的機器硬體 (Hardware)。這台機器可能直接支持虛擬化,也可能不會直接支 '持虛擬化。那麼就需要系統管理程式層的支援。系統管理程式 ❹(Hyperviso小或稱為虛擬機監視器(Vi細丨Machine m触。r, 簡稱VMM),可以看作是硬體平台與作業系統的抽象化。在某些 情況中,此系統管理程式就是一個作業系統, 祕 主機纖統,請參考「第2圖」。 雜為 系統管理程式之上是客戶機作㈣統⑻,也稱為虛 «KVirtualMaehine’簡稱_以及用戶空間(即應用程式二 -虛擬機叙—些相互隨的作業系統,其將底層硬體平台視 ◎的=所有。但貫際上,是系統管理程式為它們製造了這種虛擬 之驗圖」,關林剌之—種鹏s刷新内溶 容之驗證麵純;騎示,本㈣之-㈣必刷新内 建立励s嫩電腦主機中 〇驟100),其中,半虛擬化技術係可採用上述 200931315 習知技術中的Xen技術或UML (USer-M〇de-Linux)技術建立一 個虛擬機; 啟動上述虛擬機(步驟200 ); 將新的BIOS檔案内容拷貝(copy)至電腦主機之記憶體中由 0000:0000開始的!兆位元組(Mega bytes)的位址空間内(步驟 300); 使用上述新的BI〇S槽針的内容來執行電腦主機之啟動進 程,亚使半虛擬的作業系統基於與電腦主機相同的硬體平台運行 (步驟400);以及 驗證應訂賴的則S儲邮之虛擬賴純是否運行 正常(步驟5G0),如果運行正常,則將運行正常之資訊回餘給用 1 (步驟6G0),而後結束驗證;如親行不正f,則將運行不正 常之資訊回餽給用戶(步驟),而後結束驗證。 〇 —軸本發明贿述之較佳實施方式揭露如上,然其並非用以 限定夺發明。本領域之技術人員應當意識到在不脫離本發明所附 之申请專利範U所揭示之本發明之範圍和精神之情況下,所為 更動與潤飾,本發明之翻保護範圍之内1於本發明所 定之保護範圍請參考所附之申請專利範圍。1 【圖式簡單說明】User-M〇de-Linux (UML), where: Shen is a paravirtualized/OWirtuaUzat-) virtual machine monitor (γΜΜ), which means that in order to invoke the system management program, it needs to be selectively modified (4) Bold (k_D, however, it does not need to be modified (4) to run the program on the system. _ said to give e and other virtualizations, and now fully virtualized, that is, they do not have to modify the operating system in use' but they are still f For instant machine code translation, which affects system performance, Xen is a special kind of virtual hardware virtual machine that has most of the virtual hardware virtual machine hiding and can be turned over like an existing environment. Test a new upswing without worrying about breaking the UML, which is a secure virtual machine that allows a single Linux system to run as a separate process on another m, so Like Execution 10 200931315 Programmatically launch multiple Linux operating systems on an existing hard drive. With UML, users can run another Linux kernel in user mode on the host's Linux system kernel. Run multiple independent virtual machines on your computer. The bottom layer of the virtualization solution is the hardware to be virtualized. This machine may directly support virtualization, or it may not directly support virtualization. It requires the support of the system management program layer. The system management program (Hyperviso small or virtual machine monitor (Vi-Machine m touch. r, referred to as VMM) can be regarded as the abstraction of the hardware platform and the operating system. In some cases, this system management program is an operating system, the secret host is the system, please refer to "Figure 2." Miscellaneous system management program is the client (4) system (8), also known as virtual «KVirtualMaehine 'Abbreviation _ and user space (that is, application two - virtual machine narration - some interoperable operating systems, which will regard the underlying hardware platform as ◎ = all. But basically, the system management program created this for them) Virtual inspection map", Guan Linyizhi - Seed Peng s refreshing the verification of pure internal cavity; riding, this (four) - (four) must refresh within the establishment of the incentive s tender computer host in the step 100), which, semi-virtual The technology system can use the Xen technology or UML (USer-M〇de-Linux) technology in the above-mentioned 200931315 conventional technology to establish a virtual machine; start the above virtual machine (step 200); copy the new BIOS file content to In the memory of the host computer, starting from 0000:0000! Within the address space of Megabyte (step 300); using the content of the new BI〇S slot to execute the boot process of the host computer, The sub-virtualized operating system is based on the same hardware platform as the computer host (step 400); and verifies that the virtual zipper of the S-mail is running normally (step 5G0), if it is normal, then The normal operation information is returned to the use 1 (step 6G0), and then the verification is ended; if the pro is not correct, the abnormal operation information is returned to the user (step), and then the verification is ended. The preferred embodiment of the present invention is disclosed above, but it is not intended to limit the invention. It will be appreciated by those skilled in the art that the present invention may be modified and modified without departing from the scope and spirit of the invention as disclosed in the appended claims. Please refer to the attached patent application scope for the scope of protection. 1 [Simple description of the diagram]
證方法中的BIOS 第1圖為本發明之-種BIOS刷新内容之驗 啟動原理圖; 200931315 解:=:rwos,—-的虛- 第3圖為本發明之一種BIOS刷新内容: 圖 -之驗證方法的方法流程 【主要元件符號說明】 Ο 步驟100使科虛減技触特進行系統 電腦主機中建立—個虛擬機 BIOS更新之 步驟200啟動虛擬機 步驟300將新的BIOS檔案内容拷貝至電 掩 駟主機之記憬體 肀由0000:0000開始的丨兆位元組的位址空間内 〜 步驟400使賴的BI〇S標針_容來執行電腦主機之 敗動進程,並使半虛擬的作«統基於與電腦主機相同的硬體平 合運行The BIOS in the method of the first method is the schematic diagram of the startup of the BIOS refresh content of the present invention; 200931315 Solution: =: rwos, --- virtual - Figure 3 is a BIOS refresh content of the present invention: Figure - Method flow of verification method [Key component symbol description] Ο Step 100 enables the virtual mode to be established in the system computer host - a virtual machine BIOS update step 200 starts the virtual machine step 300 to copy the new BIOS file content to electricity驷 驷 驷 肀 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 步骤 步骤 步骤 步骤 步骤 步骤The work «based on the same hardware running as the computer mainframe
步驟500驗證應用新的BIOS檔案内容之虛擬作業系統是 杳運行正常 步驟600 將運行正常之資訊回餽給用戶 步驟700 將運行不正常之資訊回餽給用戶 13Step 500: Verify that the virtual operating system that applies the new BIOS file content is 杳 normal operation. Step 600: Feed the normal running information back to the user. Step 700 Return the abnormally running information to the user.