CN115577346B - Computer trusted starting method - Google Patents

Computer trusted starting method

Info

Publication number
CN115577346B
CN115577346B CN202211273185.4A CN202211273185A CN115577346B CN 115577346 B CN115577346 B CN 115577346B CN 202211273185 A CN202211273185 A CN 202211273185A CN 115577346 B CN115577346 B CN 115577346B
Authority
CN
China
Prior art keywords
mcu
computer
system firmware
starting
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211273185.4A
Other languages
Chinese (zh)
Other versions
CN115577346A (en
Inventor
王慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei Zhuoyi Hengtong Information Security Co Ltd
Original Assignee
Hefei Zhuoyi Hengtong Information Security Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei Zhuoyi Hengtong Information Security Co Ltd filed Critical Hefei Zhuoyi Hengtong Information Security Co Ltd
Priority to CN202211273185.4A priority Critical patent/CN115577346B/en
Publication of CN115577346A publication Critical patent/CN115577346A/en
Application granted granted Critical
Publication of CN115577346B publication Critical patent/CN115577346B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

本发明涉及一种计算机可信启动方法。该方法包括:步骤10、开机,MCU禁止CPU访问系统固件;判断系统固件是否篡改,否则禁止开机;步骤20、发送暗语和内存信息给MCU;如果在规定时间内没有收到,禁止开机;如果未超时且MCU收到正确的暗语和内存信息,继续开机,否则禁止;步骤30、发送暗语和设备信息给MCU;如果在规定时间内没有收到,禁止开机;如果未超时且MCU收到正确的暗语和设备信息,继续开机,否则禁止;步骤40、发送暗语和系统文件信息给MCU;如果在规定时间内没有收到暗语,禁止开机;如果未超时且收到正确的暗语和系统文件信息,可信验证通过,启动操作系统。本发明能够实现低成本的可信启动方案。

This invention relates to a trusted boot method for a computer. The method includes: Step 10: Powering on the computer, the MCU prevents the CPU from accessing the system firmware; determining whether the system firmware has been tampered with, otherwise powering on is prohibited; Step 20: Sending a coded message and memory information to the MCU; if not received within a specified time, powering on is prohibited; if the timeout does not occur and the MCU receives the correct coded message and memory information, powering on continues, otherwise powering on is prohibited; Step 30: Sending a coded message and device information to the MCU; if not received within a specified time, powering on is prohibited; if the timeout does not occur and the MCU receives the correct coded message and device information, powering on continues, otherwise powering on is prohibited; Step 40: Sending a coded message and system file information to the MCU; if the coded message is not received within a specified time, powering on is prohibited; if the timeout does not occur and the correct coded message and system file information are received, the trusted verification passes, and the operating system starts. This invention enables a low-cost trusted boot scheme.

Description

Computer trusted starting method
Technical Field
The invention relates to the technical field of computers, in particular to a computer trusted starting method.
Background
With the continuous development of computer technology, various electronic devices are increasingly used in the work of users and in daily life. With the development of information technology, security threat layers faced by computers are endless. As computers bear a great deal of important information, their security is increasingly being appreciated by various aspects. Various divulgence events indicate that various computer platforms need to adopt a trusted starting scheme, so as to avoid the influence on the starting, normal running and information safety of the computer platforms caused by malicious tampering of system firmware, namely BIOS (basic input output system) and various hardware of the computer platforms.
Currently, most of the trusted starting schemes of domestic computer platforms are implemented by using an SOC (System on Chip) card or a TCM (trusted cryptography module ) card in combination with a dedicated firmware. However, the SOC card and TCM card are expensive, and the special firmware authorizes Fei Gaoang, so that the prior art scheme has high cost and great development difficulty.
Disclosure of Invention
It is therefore an object of the present invention to provide a method for trusted booting of a computer, which enables a trusted booting at a low cost.
In order to achieve the above object, the present invention provides a method for trusted starting of a computer, comprising:
Step 10, starting the computer, wherein an MCU on a computer main board prohibits a CPU from accessing system firmware in a ROM (read only memory), the MCU verifies the content of the system firmware in the ROM, if the system firmware is not tampered, the authentication is passed, the MCU allows the CPU to access the system firmware in the ROM, the CPU executes a system firmware code in the ROM to continue starting, otherwise, the starting is prohibited;
step 20, starting running and initializing a memory by the system firmware, and sending a secret word and memory information to the MCU, starting a first watchdog of the MCU, waiting for the secret word and memory information sent by the system firmware, and if the MCU does not receive a correct secret word within a set time, starting the MCU is forbidden to overtime, if the first watchdog does not overtime, and the MCU receives the correct secret word and memory information, starting the MCU continuously, otherwise starting the MCU is forbidden;
step 30, the system firmware checks the equipment information on the main board and sends the darkness and the equipment information to the MCU, and starts a second watchdog of the MCU to wait for the darkness and the equipment information sent by the system firmware, if the MCU does not receive the correct darkness within a set time, the second watchdog overturns, the starting is forbidden, if the second watchdog does not overtime, and the MCU receives the correct darkness and the equipment information, the second watchdog is closed, the starting is continued, and otherwise the starting is forbidden;
And step 40, the system firmware checks the system file information on the hard disk and sends the dark language and the system file information to the MCU, and starts a third watchdog of the MCU to wait for the dark language and the system file information sent by the system firmware, if the MCU does not receive the correct dark language within a set time, the third watchdog overturns to prohibit starting, and if the third watchdog does not overtime and the MCU receives the correct dark language and the system file information, the third watchdog is closed, the trusted verification is passed, and the operating system is started.
The computer trusted starting method further comprises the following steps:
Step 12, after the CPU executes the system firmware code in the ROM to continue to boot, judging whether the system firmware code is first boot, if so, collecting the device information on the motherboard and the information of the system file on the hard disk and sending the information to the MCU through a whistle to serve as original reference data;
and 14, judging whether the system firmware needs to be updated when the first power-on is judged in the step 12, if so, updating the system firmware, informing the MCU to recalculate the check value of the system firmware content in the ROM, and if not, turning to the step 20.
The device information is a hash value of the device information.
The system file information is a hash value of the system file information.
The ROM is a flash memory.
The computer includes a desktop computer, a notebook computer, a tablet computer, and a vehicle-mounted computer.
The CPU and MCU are connected via the same channel selector to a ROM storing system firmware.
The CPU and MCU are connected to the channel selector via an SPI bus, and the channel selector is connected to the ROM via an SPI bus.
In summary, the computer trusted starting method of the invention can realize a low-cost trusted starting scheme.
Drawings
The technical solution and other advantageous effects of the present invention will be made apparent by the following detailed description of the specific embodiments of the present invention with reference to the accompanying drawings.
In the drawings of which there are shown,
FIG. 1 is a hardware schematic block diagram of a computer trusted boot method according to a preferred embodiment of the present invention;
FIG. 2 is a flow chart of a computer trusted boot method of the present invention;
FIG. 3 is a flowchart of a computer trusted boot method according to a preferred embodiment of the present invention.
Detailed Description
Referring to FIG. 1, a schematic block diagram of a computer trusted boot method according to a preferred embodiment of the present invention is shown. The invention provides a new computer trusted starting method which can be implemented by proper modification based on the existing software and hardware, thereby realizing a low-cost trusted starting scheme. As shown in fig. 1, in principle, the hardware and/or software modules related to the trusted starting method of the computer mainly include a CPU (central processing unit) disposed on a motherboard of the computer, an MCU (micro control unit), a motherboard power control logic module, a channel selector, a ROM (read only memory) storing system firmware, i.e. a BIOS, in this embodiment, the ROM may be specifically Flash (Flash memory), the motherboard power control logic module, and other components (devices or hardware) on the motherboard, and further, a watchdog (not shown), and those skilled in the art will understand that the watchdog may be implemented by hardware or software and will not be described herein. Wherein the CPU and the MCU are connected to the ROM storing the system firmware via the same channel selector, in this preferred embodiment the connection is specifically chosen to be realized by an SPI (serial peripheral interface) bus, i.e. the CPU and the MCU are connected to said channel selector via an SPI bus, said channel selector being connected to said ROM via an SPI bus. In the preferred embodiment, the motherboard power control logic module is electrically connected to the CPU and other components on the motherboard, respectively, to provide CPU power and device power, respectively. In this preferred embodiment, the MCU is in communication connection with the ROM on the one hand, and in communication with the motherboard power control logic module on the other hand, so that the MCU can provide firmware access control and power control signals, and therefore, when the system firmware gathers system firmware and/or hardware information during the start-up process and sends the information to the MCU for verification, when the information is not matched, for example, a memory bank replacement is encountered, an external device replacement on the motherboard, and an operating system replacement on the hard disk, the MCU can implement an endpoint to the corresponding device by sending a power control signal, so that the system start-up can be disabled. In the preferred embodiment, the computer includes, but is not limited to, desktop computers, notebook computers, tablet computers, and car computers.
Those skilled in the art will appreciate that the hardware and/or software modules involved in the computer trusted starting method of the present invention are implemented based on the existing computer platform, especially the existing domestic computer platform, and the MCU is used in combination with the system firmware to implement the trusted starting, so as to implement a low-cost trusted starting scheme.
Referring to fig. 2 and 3, the computer trusted boot method of the present invention can be further understood by referring to fig. 1, wherein fig. 2 is a flowchart of the computer trusted boot method of the present invention, and fig. 3 is a flowchart of a preferred embodiment of the computer trusted boot method of the present invention. The method mainly comprises the following steps:
Step 10, starting the computer, wherein an MCU on a computer main board prohibits a CPU from accessing system firmware in a ROM (read only memory), the MCU verifies the content of the system firmware in the ROM, if the system firmware is not tampered, the authentication is passed, the MCU allows the CPU to access the system firmware in the ROM, the CPU executes a system firmware code in the ROM to continue starting, otherwise, the starting is prohibited;
In the preferred implementation, specifically, before the computer is started, the MCU takes over the signal of the SPI bus of the FLASH storing the system firmware through the channel selector, reads the content of the system firmware and checks, and after the check value is correct, the CPU is controlled to be electrified through the main board power supply control logic module and the signal on the SPI bus is released to the CPU through the channel selector. The CPU starts to execute the system firmware codes stored in the FLASH to start after the system firmware codes are started continuously. By checking the content of the system firmware in the ROM, the information security and other problems caused by the tampering of the system firmware can be avoided.
Step 20, starting running and initializing a memory by the system firmware, and sending a secret word and memory information to the MCU, starting a first watchdog of the MCU, waiting for the secret word and memory information sent by the system firmware, and if the MCU does not receive a correct secret word within a set time, starting the MCU is forbidden to overtime, if the first watchdog does not overtime, and the MCU receives the correct secret word and memory information, starting the MCU continuously, otherwise starting the MCU is forbidden;
in this preferred implementation, specifically, the system firmware starts running and initializes the memory, and the system firmware sends the dark language plus the memory information to the MCU. At this time, the first watchdog of the MCU is started, and the MCU waits for receiving the whisper and the memory information sent by the system firmware. If the correct whisper is not received within the prescribed time, the first watchdog times out and prohibits starting. If the MCU receives the correct whisper and memory information, the first watchdog is closed, and the system firmware is allowed to continue to run for starting. By checking the memory information, information security and other problems caused by memory change can be avoided.
Step 30, the system firmware checks the equipment information on the main board and sends the darkness and the equipment information to the MCU, and starts a second watchdog of the MCU to wait for the darkness and the equipment information sent by the system firmware, if the MCU does not receive the correct darkness within a set time, the second watchdog overturns, the starting is forbidden, if the second watchdog does not overtime, and the MCU receives the correct darkness and the equipment information, the second watchdog is closed, the starting is continued, and otherwise the starting is forbidden;
In this preferred embodiment, specifically, the system firmware continues to run to boot up and verify other critical information on the motherboard, i.e., device information, including but not limited to device list, optionROM (option ROM) information, hard disk SN (serial number), and send the whisper and device information to the MCU. Specifically, the device information may be a hash value of the device information, and the comparison speed may be increased during the comparison. At this time, the second watchdog of the MCU is turned on, waiting for the whisper and the device hash value sent by the system firmware. If the correct whisper is not received within the prescribed time, the second watchdog times out and prohibits the continuous start. If the MCU receives the correct hash value of the whisper and the device information, the second watchdog is closed, and the system firmware is allowed to continue to run for starting. By checking the device information, information security and other problems caused by the change of the device on the main board can be avoided.
And step 40, the system firmware checks the system file information on the hard disk and sends the dark language and the system file information to the MCU, and starts a third watchdog of the MCU to wait for the dark language and the system file information sent by the system firmware, if the MCU does not receive the correct dark language within a set time, the third watchdog overturns to prohibit starting, and if the third watchdog does not overtime and the MCU receives the correct dark language and the system file information, the third watchdog is closed, the trusted verification is passed, and the operating system is started.
In this preferred implementation, specifically, the system firmware continues to run to start, and starts to verify the system file information on the hard disk, where the system file information may specifically be a hash value of the system file information, so that the verification speed may be increased, and then sends the hash values of the system file information and the whistle to the MCU. At this time, the third watchdog of the MCU is started to wait for the hash value of the system file and the whisper sent by the system firmware. If the correct whisper is not received within the prescribed time, the third watchdog times out and prohibits the continuous start. If the MCU receives the correct hash value of the whisper and the system file information, the third watchdog is closed, and the system firmware is allowed to continue to run for starting.
Further, the computer trusted boot method of the preferred embodiment may further include:
And 12, after the CPU executes the system firmware codes in the ROM to continue starting up in the step 10, judging whether the starting up is the first time, if so, collecting the equipment information on the main board and the information of the system files on the hard disk and sending the information to the MCU through a secret word to serve as original reference data.
Through this step, when the system firmware performs the boot for the first time, the system firmware will transfer the original memory information, the device hash value, the system file hash value, etc. to the MCU. The values can be stored in the MCU, the original data can not be obtained by the outside, and the MCU is only allowed to use when the information verification is carried out.
Further, the computer trusted boot method of the preferred embodiment may further include:
And 14, judging whether the system firmware needs to be updated when the first power-on is judged in the step 12, if so, updating the system firmware, informing the MCU to recalculate the check value of the system firmware content in the ROM, and if not, turning to the step 20. Through the step, the computer trusted starting method can support the updating of the system firmware at the same time.
In summary, the computer trusted starting method of the invention can realize a low-cost trusted starting scheme.
In the above, it is obvious to those skilled in the art that various other corresponding changes and modifications can be made according to the technical scheme and the technical idea of the present invention, and all such changes and modifications are intended to fall within the scope of the appended claims.

Claims (9)

1. A method for trusted boot-up of a computer, comprising:
Step 10, starting the computer, wherein an MCU on a computer main board prohibits a CPU from accessing system firmware in a ROM (read only memory), the MCU verifies the content of the system firmware in the ROM, if the system firmware is not tampered, the authentication is passed, the MCU allows the CPU to access the system firmware in the ROM, the CPU executes a system firmware code in the ROM to continue starting, otherwise, the starting is prohibited;
step 20, starting running and initializing a memory by the system firmware, and sending a secret word and memory information to the MCU, starting a first watchdog of the MCU, waiting for the secret word and memory information sent by the system firmware, and if the MCU does not receive a correct secret word within a set time, starting the MCU is forbidden to overtime, if the first watchdog does not overtime, and the MCU receives the correct secret word and memory information, starting the MCU continuously, otherwise starting the MCU is forbidden;
step 30, the system firmware checks the equipment information on the main board and sends the darkness and the equipment information to the MCU, and starts a second watchdog of the MCU to wait for the darkness and the equipment information sent by the system firmware, if the MCU does not receive the correct darkness within a set time, the second watchdog overturns, the starting is forbidden, if the second watchdog does not overtime, and the MCU receives the correct darkness and the equipment information, the second watchdog is closed, the starting is continued, and otherwise the starting is forbidden;
And step 40, the system firmware checks the system file information on the hard disk and sends the dark language and the system file information to the MCU, and starts a third watchdog of the MCU to wait for the dark language and the system file information sent by the system firmware, if the MCU does not receive the correct dark language within a set time, the third watchdog overturns to prohibit starting, and if the third watchdog does not overtime and the MCU receives the correct dark language and the system file information, the third watchdog is closed, the trusted verification is passed, and the operating system is started.
2. The computer trusted boot method of claim 1, further comprising:
and 12, after the CPU executes the system firmware code in the ROM to continue starting up in the step 10, judging whether the system firmware code is started up for the first time, if so, collecting the equipment information on the main board and the information of the system file on the hard disk and sending the information to the MCU through a secret word to serve as original reference data.
3. The computer trusted boot method of claim 2, further comprising:
and 14, judging whether the system firmware needs to be updated when the first power-on is judged in the step 12, if so, updating the system firmware, informing the MCU to recalculate the check value of the system firmware content in the ROM, and if not, turning to the step 20.
4. The computer trusted boot method of claim 1, wherein the device information is a hash value of the device information.
5. The computer trusted boot method of claim 1, wherein the system file information is a hash value of the system file information.
6. The computer trusted boot method of claim 1, wherein said ROM is flash memory.
7. The method for trusted computing power-up of claim 1, wherein said computer comprises a desktop computer, a notebook computer, a tablet computer, and a vehicle computer.
8. The computer trusted boot method of claim 1, wherein said CPU and MCU are connected to a ROM storing system firmware via a same channel selector.
9. The computer trusted boot method of claim 8, wherein said CPU and MCU are connected to said channel selector via an SPI bus, said channel selector being connected to said ROM via an SPI bus.
CN202211273185.4A 2022-10-18 2022-10-18 Computer trusted starting method Active CN115577346B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211273185.4A CN115577346B (en) 2022-10-18 2022-10-18 Computer trusted starting method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211273185.4A CN115577346B (en) 2022-10-18 2022-10-18 Computer trusted starting method

Publications (2)

Publication Number Publication Date
CN115577346A CN115577346A (en) 2023-01-06
CN115577346B true CN115577346B (en) 2025-12-16

Family

ID=84585903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211273185.4A Active CN115577346B (en) 2022-10-18 2022-10-18 Computer trusted starting method

Country Status (1)

Country Link
CN (1) CN115577346B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112114908A (en) * 2020-11-20 2020-12-22 支付宝(杭州)信息技术有限公司 Hardware platform, starting method and device thereof, and electronic equipment
CN112632562A (en) * 2020-12-28 2021-04-09 四川虹微技术有限公司 Equipment starting method, equipment management method and embedded equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106484578A (en) * 2016-10-14 2017-03-08 苏州国芯科技有限公司 A kind of check system based on trusted computer hardware
US20180152307A1 (en) * 2016-11-29 2018-05-31 Qualcomm Incorporated Device to provide trusted time assurance
CN113190853A (en) * 2021-03-24 2021-07-30 中国电力科学研究院有限公司 Computer credibility authentication system, method, equipment and readable storage medium
CN114185606B (en) * 2021-12-14 2023-11-28 上海华信长安网络科技有限公司 Method and device for improving system operation reliability based on embedded system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112114908A (en) * 2020-11-20 2020-12-22 支付宝(杭州)信息技术有限公司 Hardware platform, starting method and device thereof, and electronic equipment
CN112632562A (en) * 2020-12-28 2021-04-09 四川虹微技术有限公司 Equipment starting method, equipment management method and embedded equipment

Also Published As

Publication number Publication date
CN115577346A (en) 2023-01-06

Similar Documents

Publication Publication Date Title
CN112445537B (en) Trusted starting method and device of operating system, mobile terminal and storage medium
TWI643130B (en) SYSTEM AND METHOD FOR AUTO-ENROLLING OPTION ROMs IN A UEFI SECURE BOOT DATABASE
JP4545378B2 (en) Pre-boot authentication system
CN101438241B (en) Platform boot with bridge support
CN104205045B (en) Method, device and system for providing operating system payload
CN113168474A (en) Secure verification of firmware
US9582262B2 (en) Systems and methods for installing upgraded software on electronic devices
CN106462711B (en) verified boot
US20060224878A1 (en) System and method for trusted early boot flow
CN109583212B (en) A firmware file protection method and system based on Intel Whitley platform
US10831897B2 (en) Selective enforcement of secure boot database entries in an information handling system
KR101280048B1 (en) Anti-hack protection to restrict installation of operating systems and other software
CN109948310B (en) A locking method and related electronic equipment
CN113127879A (en) Trusted firmware starting method, electronic equipment and readable storage medium
CN114969713A (en) Equipment verification method, equipment and system
CN111198832A (en) Processing method and electronic equipment
US7949874B2 (en) Secure firmware execution environment for systems employing option read-only memories
CN116954708A (en) System mirror image data processing method, device, equipment and medium
CN115577346B (en) Computer trusted starting method
CN118568743B (en) Data encryption and decryption methods, devices, media, and equipment based on hardware encryption cards
CN114756905B (en) Method and device for realizing mainboard anti-counterfeiting and BIOS protection and control mainboard
CN120234807B (en) Secure startup methods, devices, and storage media for applications
US12481763B2 (en) System and method for regulating access to secure functions
US12367299B2 (en) Methods, systems, and program products for securely blocking access to system operations and data
US20250356016A1 (en) Bios verification as part of hrot in bmc firmware in a secured server system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant