CN100353275C - A method for implementing safety chip BIOS drive design - Google Patents
A method for implementing safety chip BIOS drive design Download PDFInfo
- Publication number
- CN100353275C CN100353275C CNB200510036945XA CN200510036945A CN100353275C CN 100353275 C CN100353275 C CN 100353275C CN B200510036945X A CNB200510036945X A CN B200510036945XA CN 200510036945 A CN200510036945 A CN 200510036945A CN 100353275 C CN100353275 C CN 100353275C
- Authority
- CN
- China
- Prior art keywords
- safety chip
- bios
- module
- system bios
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The present invention relates to a method for realizing the drive design of BIOS of a safety chip. The method comprises that: an input-output parameter module of the BIOS of the safety chip obtains an information which needs to be operated by the system BIOS; the input-output parameter module of the BIOS of the safety chip decides the operation of the type which needs to be carried out by the system BIOS, and determines to invoke a corresponding subfunction module; an invoking request of a sub module is executed; the input-output parameter module of the BIOS of the safety chip obtains a corresponding subfunction module number, and the corresponding subfunction module is invoked; the input-output parameter module of the BIOS of the safety chip returns the executed result to the system BIOS; communication of the system BIOS and the safety chip ends. The method of the present invention reduces the safety hazard of the system, can unify interfaces between safety chips and various systems BIOS, and reduces the workload for combining and debugging codes between safety chip manufacturers and a plurality of mainboard manufacturers.
Description
Technical field
The present invention relates to a kind of field of information security technology, particularly relate to the implementation method of BIOS safety driving design in a kind of safety chip.
Background technology
Now, along with popularizing day by day and the continuous reinforcement and the widespread use of function of computing machine, the safety of computer system is also more and more important, in October, 1999, by Intel, Microsoft, Compaq, HP and IBM have set up the tissue of a trusted computer platform TCPA of alliance (Trusted ComputingPlatform Alliance is hereinafter to be referred as TCPA), defined the unified standard of TCPA and products thereof, its objective is and be devoted to facilitate hardware platform trusty of new generation.Have based on trusted computation platform module TPM (Trusted Platform Module is hereinafter to be referred as the TPM) safety chip of this standard and to encrypt and software and hardware information that the safe storage function also can be monitored PC is changed the safety of the system of assurance.
This safety chip is by LPC (Low Pin Count, a kind of computer bus of a small amount of pin) bus links to each other with the computing machine south bridge, carry out communication with BIOS (Basic Input/Output System Basic Input or Output System (BIOS)), the checking of start security information by after could continue startup and start shooting and enter operating system.
The chip with security property of general type only possesses certain safety verification function in certain field, and the TPM safety chip is a kind of safety chip of brand-new type at home, the solution that the safety of whole computer system is had a whole set of, comprise hardware, system bios, OS (Operating System operating system) drives, and application program is all carried out the security that information interaction guarantees whole platform with safety chip.
Purpose for the design of the bottom layer driving of this safety chip is to utilize the BIOS of safety chip to drive the passage of setting up communication between main board system BIOS and the safety chip.The foundation of this passage is the inlet outlet parameter table according to TCG standard established standards, and system bios obtains the data of safety chip inside according to this suction parameter table, and carries out communication with safety chip.It is open that prior art does not still have corresponding technical implementation way.
Summary of the invention
The object of the present invention is to provide a kind of safety chip BIOS to drive the implementation method of design, by designing a BIOS driver module, allow system bios (Basic Input/Output System, Basic Input or Output System (BIOS)) is included in wherein, system bios can carry out communication according to the interface and the TPM of this driver module, described mainboard system BIOS can send a series of orders to safety chip by the interface structure of a standard, to reach the purpose of setting various states of safety chip and access information.
Technical scheme of the present invention is as follows:
A kind of safety chip BIOS drives the implementation method of design, the safety chip BIOS driver module is set in advance in system bios, and carry out following steps:
The transmission communication of A, described safety chip and system bios begins;
The safety chip BIOS input module of B, described safety chip BIOS driver module obtains the information that described system bios need be operated;
The type operations that C, described safety chip BIOS input module decision-making system BIOS need carry out, and the sub-function module of corresponding described safety chip BIOS driver module is called in decision;
D, implementation sub-module call request: the module No. that obtains described sub-function module by described safety chip BIOS input module, and call described sub-function module, if what described safety chip BIOS input module obtained is wrong submodule call request, can preserve error message;
E, described safety chip BIOS input module return to described system bios to the result who carries out;
F, described system bios and safety chip communication finish.
Described implementation method, wherein, described sub-function module comprises the safety chip initialization module, safety chip enable module, safety chip status checking module and safety chip data transmission module.
Described implementation method, wherein, described safety chip BIOS drive module setting and is carried out communication with described safety chip before system start-up in described system bios.
A kind of safety chip BIOS provided by the present invention drives the implementation method of design, because employing comprises earlier in system bios and is burnt among the FLASH of system bios, and system bios can't directly be operated safety chip, so safety chip manufacturer need not provide essential register of maintaining secrecy of institute and the operation that some are secret to the external world, just can realize the communication of system bios and safety chip, so just significantly reduce the potential safety hazard of system; And the implementation method of the inventive method can unify the interface between safety chip and the various system bios, significantly reduced the workload of carrying out the code combined debugging between safety chip manufacturer and the numerous motherboard manufacturer.
Description of drawings
Further specify the technical scheme of the inventive method below in conjunction with accompanying drawing.
Fig. 1 is safety chip BIOS driver module of the present invention and mainboard architecture graph of a relation;
Fig. 2 is module architectures and the data transmission scheme that safety chip BIOS of the present invention drives;
Fig. 3 is safety chip BIOS driver module internal logic realization figure of the present invention.
Embodiment
For making purpose of the present invention, technical scheme and advantage thereof clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is described in further detail.
Be safety chip BIOS driver module of the present invention and mainboard architecture graph of a relation as shown in Figure 1, wherein the South Bridge chip 101 of motherboard, safety chip 103, system bios 104 are by LPC (Low PinCount, low pin position bus) bus 102 connects, and this lpc bus is a general bus of main frame; Described system bios 104 is arranged in a FLASH (flash memory) chip, all hangs over above the lpc bus, carries out communication by described lpc bus 102.The safety chip BIOS driver module 105 of the inventive method is arranged on the binary file in the system bios, and it is comprised among the system bios.
Be the module architectures and the data transmission scheme of the safety chip BIOS driving of the inventive method as shown in Figure 2; The system bios 104 of described motherboard is before system start-up, at first by 202 pairs of safety chip equipment 103 initialization of safety chip input module, in described safety chip BIOS driver module 105, be provided with each functional module 203, comprise the safety chip initialization module, the safety chip enable module, safety chip status checking module and safety chip data transmission module etc., wherein said safety chip data transmission module is connected with a safety chip data memory module 204 communications, the ingredient that described safety chip input module and described safety chip data memory module all are the safety chip BIOS driver modules.
Finishing by the safety chip BIOS driver module alternately between described system bios and the safety chip equipment.Described safety chip BIOS driver module is a bridge of communication between mainboard system BIOS and the safety chip, in described safety chip input module 202, define the BIOS driver module and got header file information and input table, system bios 104 sends the functional module numbering that needs call to this safety chip input module 202, notify each functional module 203 by this safe input module 202 then, and carry out the subfunction program of reference numeral.Described safety chip data memory module 204 is used for depositing the information of chip internal and the data in some programs.
Be safety chip BIOS driver module internal logic realization figure of the present invention as shown in Figure 3, described system bios 104 is when carrying out the safety chip operation or initialized the time, can asking chip drives module safe in utilization.The inventive method may further comprise the steps:
The inventive method can be made a binary file that offers BIOS manufacturer, and it is included in advance by system bios manufacturer, and is burnt among the FLASH of system bios.System bios can't directly be operated safety chip, like this safety chip manufacturer need not to the external world provide essential register of maintaining secrecy and operation that some are maintained secrecy, just can realize the communication of system bios and safety chip, so just significantly reduce potential safety hazard.
The method of the described safety chip BIOS drive module setting of employing of the present invention can be unified the interface between safety chip and the various system bios, has significantly reduced the workload of carrying out the code combined debugging between safety chip manufacturer and the numerous motherboard manufacturer.
But should be understood that above-mentioned description at specific embodiment is comparatively concrete, can not therefore think the restriction to scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with claims.
Claims (3)
1, a kind of safety chip BIOS drives the implementation method of design, the safety chip BIOS driver module is set in advance in system bios, and carry out following steps:
The transmission communication of A, described safety chip and system bios begins;
The safety chip BIOS input module of B, described safety chip BIOS driver module obtains the information that described system bios need be operated;
The type operations that C, described safety chip BIOS input module decision-making system BIOS need carry out, and the sub-function module of corresponding described safety chip BIOS driver module is called in decision;
D, obtain the module No. of described sub-function module by described safety chip BIOS input module, and call described sub-function module, if what described safety chip BIOS input module obtained is wrong submodule call request, can preserve error message;
E, described safety chip BIOS input module return to described system bios to the result who carries out;
F, described system bios and safety chip communication finish.
2, implementation method according to claim 1 is characterized in that, described sub-function module comprises the safety chip initialization module, safety chip enable module, safety chip status checking module and safety chip data transmission module.
3, implementation method according to claim 2 is characterized in that, described safety chip BIOS drive module setting and is carried out communication with described safety chip before system start-up in described system bios.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510036945XA CN100353275C (en) | 2005-09-02 | 2005-09-02 | A method for implementing safety chip BIOS drive design |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510036945XA CN100353275C (en) | 2005-09-02 | 2005-09-02 | A method for implementing safety chip BIOS drive design |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1731309A CN1731309A (en) | 2006-02-08 |
| CN100353275C true CN100353275C (en) | 2007-12-05 |
Family
ID=35963681
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200510036945XA Active CN100353275C (en) | 2005-09-02 | 2005-09-02 | A method for implementing safety chip BIOS drive design |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100353275C (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1519714A (en) * | 2003-01-21 | 2004-08-11 | 英业达股份有限公司 | Driving execution method of coordinated basic input and output system |
| US6904497B1 (en) * | 2001-09-21 | 2005-06-07 | Adaptec, Inc. | Method and apparatus for extending storage functionality at the bios level |
| CN1690909A (en) * | 2004-04-30 | 2005-11-02 | 联想(北京)有限公司 | Safety computer and method for implementing same |
-
2005
- 2005-09-02 CN CNB200510036945XA patent/CN100353275C/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6904497B1 (en) * | 2001-09-21 | 2005-06-07 | Adaptec, Inc. | Method and apparatus for extending storage functionality at the bios level |
| CN1519714A (en) * | 2003-01-21 | 2004-08-11 | 英业达股份有限公司 | Driving execution method of coordinated basic input and output system |
| CN1690909A (en) * | 2004-04-30 | 2005-11-02 | 联想(北京)有限公司 | Safety computer and method for implementing same |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1731309A (en) | 2006-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8838948B2 (en) | Remote management of UEFI BIOS settings and configuration | |
| US20050289646A1 (en) | Virtual firmware smart card | |
| CN103309792B (en) | A kind of control method of log information and system | |
| JP2014525105A (en) | Firmware-based Trusted Platform Module (TPM) for ARM® Trust Zone implementation | |
| CN102236621A (en) | Computer interface information configuration system and method | |
| CN105718171B (en) | A kind of data processing method and terminal | |
| CN113064697A (en) | Method for accelerating communication between microkernel processes by using multiple hardware characteristics | |
| JP2015524128A5 (en) | ||
| US20220237144A1 (en) | Baseboard management controller and construction method thereof | |
| CN105224403B (en) | A kind of interruption processing method and device | |
| CN105701406A (en) | Method of Android platform for running traditional payment application | |
| US20030149967A1 (en) | Information processing method and system | |
| CN100353275C (en) | A method for implementing safety chip BIOS drive design | |
| CN112231056B (en) | Container security isolation method for virtual network function | |
| CN101281473B (en) | Method and device for allocating pipe foot | |
| CN101739246A (en) | Smart card and application data processing method | |
| CN107025388A (en) | It is a kind of that the method that system disk is bound with machine is realized based on TPM chips | |
| CN105138378A (en) | BIOS flash method and electronic device | |
| CN101488175A (en) | Method for preventing credible client virtual domain starting crash based on polling mechanism | |
| CN115827522A (en) | BIOS setting method, BIOS chip and electronic equipment | |
| CN110851140B (en) | System and method for realizing dynamic library of single chip microcomputer | |
| CN102682243A (en) | Method for building dependable JAVA virtual machine platform | |
| CN115390986A (en) | A parallel execution system of smart contracts based on national secret chips | |
| CN102681898B (en) | Method for increasing transportability of AUTOSAR (AUTomotive Open System Architecture) OS MCAL driving code | |
| CN115859225A (en) | Reinforcement method, registration method, operation method, electronic device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN ZHAORI TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: ZHAORI SCIENCE AND TECHNOLOGY CO. LTD., BEIJING Effective date: 20061110 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20061110 Address after: Nine road 518040 Shenzhen city Futian District Tairan 213 building 6 floor C-3 block Applicant after: Zhaori Tech Co., Ltd., Shenzhen Address before: 100088 Beijing City, Haidian District Zhichun Road Jinqiu International Building No. 6 B block 4 layer Applicant before: Zhaori Science and Technology Co., Ltd., Beijing |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: Zhaori Science & Technology (Shenzhen) Co., Ltd. Assignor: Zhaori Tech Co., Ltd., Shenzhen Contract fulfillment period: 2009.2.28 to 2027.9.11 contract change Contract record no.: 2009990000224 Denomination of invention: A method for implementing safety chip BIOS drive design Granted publication date: 20071205 License type: Exclusive license Record date: 2009.3.26 |
|
| LIC | Patent licence contract for exploitation submitted for record |
Free format text: EXCLUSIVE LICENSE; TIME LIMIT OF IMPLEMENTING CONTACT: 2009.2.28 TO 2027.9.11; CHANGE OF CONTRACT Name of requester: ZHAORI SCIENCE + TECHNOLOGY (SHENZHEN) CO., LTD. Effective date: 20090326 |
|
| ASS | Succession or assignment of patent right |
Owner name: SINOSUN TECHNOLOGY (SHENZHEN) CO., LTD. Free format text: FORMER OWNER: SHENZHEN SINOSUN TECH CO., LTD. Effective date: 20100622 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518040 TOWER C-3, 6/F, BUILDING 213, TAIRANJIU ROAD, FUTIAN DISTRICT, SHENZHEN CITY TO: 518040 TOWER C, 6/F, BUILDING 213, TAIRAN INDUSTRY DISTRICT, CHEGONGMIAO, FUTIAN DISTRICT, SHENZHEN CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100622 Address after: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee after: Sinosun Technology (Shenzhen) Co., Ltd. Address before: Nine road 518040 Shenzhen city Futian District Tairan 213 building 6 floor C-3 block Patentee before: Zhaori Tech Co., Ltd., Shenzhen |
|
| C56 | Change in the name or address of the patentee |
Owner name: SHENZHEN ZHAORI TECHNOLOGY CO., LTD. Free format text: FORMER NAME: ZHAORI SCIENCE + TECHNOLOGY (SHENZHEN) CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee after: Shenzhen Sinosun Technology Co., Ltd. Address before: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee before: Sinosun Technology (Shenzhen) Co., Ltd. |