[go: up one dir, main page]

CN103593622A - FPGA-based design method of safe and trusted computer - Google Patents

FPGA-based design method of safe and trusted computer Download PDF

Info

Publication number
CN103593622A
CN103593622A CN201310538128.9A CN201310538128A CN103593622A CN 103593622 A CN103593622 A CN 103593622A CN 201310538128 A CN201310538128 A CN 201310538128A CN 103593622 A CN103593622 A CN 103593622A
Authority
CN
China
Prior art keywords
fpga
safe
cpld
trusted
hard disk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310538128.9A
Other languages
Chinese (zh)
Inventor
姜凯
于治楼
沈忱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Group Co Ltd
Original Assignee
Inspur Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Group Co Ltd filed Critical Inspur Group Co Ltd
Priority to CN201310538128.9A priority Critical patent/CN103593622A/en
Publication of CN103593622A publication Critical patent/CN103593622A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供一种基于FPGA的安全可信计算机的设计方法,其具体设计步骤为:在普通计算机架构中,加入基于FPGA的安全可信模块,该安全可信模块存在于CPU、桥片、BIOS、硬盘、以太网络等核心部件和外围设备之间,所述模块包含FPGA、CPLD和存储器。该一种基于FPGA的安全可信计算机的设计方法和现有技术相比,具有安全性高、实现简便、成本低、等特点,使得计算机系统在启动,正常运行以及读写数据时,都经过安全可信模块的度量,从而达到安全可信的目的。

Figure 201310538128

The present invention provides a design method of a safe and trusted computer based on FPGA. The specific design steps are: adding a safe and trusted module based on FPGA to the common computer architecture, and the safe and trusted module exists in CPU, bridge chip, BIOS , hard disk, Ethernet and other core components and peripheral devices, the module includes FPGA, CPLD and memory. Compared with the prior art, the design method of this FPGA-based safe and trusted computer has the characteristics of high security, simple implementation, low cost, etc., so that the computer system can be started, run normally, and read and write data. The measurement of safe and trusted modules, so as to achieve the purpose of safe and trusted.

Figure 201310538128

Description

A kind of method for designing of the secure and trusted computing machine based on FPGA
Technical field
The present invention relates to field of computer technology, specifically a kind of method for designing of the secure and trusted computing machine based on FPGA.
Background technology
In the common computer framework of prior art, when starting, normally move and read and write data, there is larger potential safety hazard in computer system, and its information encryption is that the Encryption Design cost of a very complicated process, especially ASIC hardware is higher.
Along with the development of production technology, FPGA(field programmable gate array) cost is more and more lower, and because of himself configurable feature, makes, in a lot of application, to replace gradually ASIC, based on this, the invention provides a kind of method for designing of secure and trusted computing machine.
Summary of the invention
Technical assignment of the present invention is to solve the deficiencies in the prior art, and a kind of method for designing of the secure and trusted computing machine based on FPGA is provided.
Technical scheme of the present invention realizes in the following manner, the method for designing of this kind of secure and trusted computing machine based on FPGA, and its specific design step is:
One, common computer framework is installed;
Two, between CPU, bridge sheet, BIOS, hard disk, Ethernet, secure and trusted module is installed, this secure and trusted module comprises FPGA, CPLD and storer, wherein FPGA is connected with above-mentioned CPU, bridge sheet, BIOS, hard disk, Ethernet, CPLD connects this FPGA, and storer connects this CPLD; Wherein CPLD completes the control to FPGA configuration: i.e. the selection to the safety encipher of configuration data and configuration data; The configuration information and the encryption key that in storer, comprise FPGA;
Three, for system powers on, the information configuration FPGA in CPLD read memory, this FPGA completes the control to the tolerance of BIOS and system electrifying timing sequence, startup system;
Four, after system starts, the data that FPGA reads in or exports computing machine are carried out safety encipher.
Described FPGA is provided with two, and wherein one is connected with CPU, BIOS, and another piece is connected with bridge sheet, Ethernet and hard disk.
The detailed process of described step 3 is: after system powers on, and by the configuration information configuration FPGA mono-in CPLD storer, this FPGA mono-tolerance BIOS, after success, by cpu reset, system starts; By configuration information configuration FPGA bis-in CPLD read memory, system is by bridge sheet and FPGA bis-, the peripherals such as initialization network and hard disk; Last computing machine normally starts.
The detailed process of described step 4 is: during system operation, the reading and writing data of network and hard disc apparatus, all, by the tolerance logic metric of FPGA bis-, guarantees data security.
The beneficial effect that the present invention compared with prior art produced is:
The method for designing of a kind of secure and trusted computing machine based on FPGA of the present invention is in common computer framework, add the secure and trusted module based on FPGA, make computer system when starting, normally move and read and write data, all pass through the tolerance of secure and trusted module, thereby reach safe and reliable object, safe, practical, monitoring management cost is low, is easy to promote.
Accompanying drawing explanation
Accompanying drawing 1 is structural representation of the present invention.
Mark in accompanying drawing represents respectively:
1, CPU, 2, bridge sheet, 3, BIOS, 4, secure and trusted module, 4.1, storer, 4.2, CPLD, 4.3, FPGA mono-, 4.4, FPGA bis-, 5, hard disk, 6, network.
Embodiment
Below in conjunction with accompanying drawing, the method for designing of a kind of secure and trusted computing machine based on FPGA of the present invention is described in detail below.
As shown in Figure 1, the method for designing of this kind of secure and trusted computing machine based on FPGA, its specific design step is:
One, common computer framework is installed;
Two, between the core components such as CPU1, bridge sheet 2, BIOS3, hard disk 5, Ethernet 6 and peripherals, secure and trusted module 4 is installed, the Ethernet 6 here refers to network interface card hardware device, this secure and trusted module 4 comprises FPGA, CPLD4.2 and storer 4.1, wherein FPGA is connected with above-mentioned CPU1, bridge sheet 2, BIOS3, hard disk 5, Ethernet 6, CPLD4.2 connects this FPGA, and storer 4.1 connects this CPLD4.2; Wherein CPLD4.2 completes the control to FPGA configuration: i.e. the selection to the safety encipher of configuration data and configuration data; The configuration information and the encryption key that in storer 4.1, comprise FPGA;
Three, for system powers on, the information configuration FPGA in CPLD4.2 read memory 4.1, this FPGA completes the control to the tolerance of BIOS3 and system electrifying timing sequence, startup system;
Four, after system starts, the data that FPGA reads in or exports computing machine are carried out safety encipher.
Described FPGA is provided with two, and wherein one is connected with CPU1, BIOS3, and another piece is connected with bridge sheet 2, Ethernet 6 and hard disk 5.
The detailed process of described step 3 is: after system powers on, by the configuration information configuration FPGA 1 in CPLD4.2 storer 4.1, these FPGA mono-4.3 tolerance BIOS3, after success reset CPU1, and system starts; By configuration information configuration FPGA 2 4.4 in CPLD4.2 read memory 4.1, system is by bridge sheet 2 and FPGA 2 4.4, the peripherals such as initialization network 6 and hard disk 5; Last computing machine normally starts.
The detailed process of described step 4 is: during system operation, the reading and writing data of network 6 and hard disk 5 equipment, all, by the tolerance logic metric of FPGA 2 4.4, guarantees data security.
Computer system, when starting, normally move and read and write data, is all passed through the tolerance of secure and trusted module 4, thereby is reached safe and reliable object like this.
Except technical characterictic described in instructions, be the known technology of those skilled in the art.

Claims (4)

1.一种基于FPGA的安全可信计算机的设计方法,其特征在于:其具体设计步骤为: 1. A method for designing a safe and trusted computer based on FPGA, characterized in that: its concrete design steps are: 一、安装普通计算机构架; 1. Install an ordinary computer frame; 二、在CPU、桥片、BIOS、硬盘、以太网络之间安装安全可信模块,该安全可信模块包括FPGA、CPLD和存储器,其中FPGA与上述CPU、桥片、BIOS、硬盘、以太网络相连接,CPLD连接该FPGA,存储器连接该CPLD;其中CPLD完成对FPGA配置的控制:即对配置数据的安全加密以及配置数据的选择;存储器内包含FPGA的配置信息和加密密钥; 2. Install a safe and trusted module between the CPU, bridge, BIOS, hard disk, and Ethernet. The safe and trusted module includes FPGA, CPLD and memory, wherein the FPGA is connected to the above-mentioned CPU, bridge, BIOS, hard disk, and Ethernet. Connection, the CPLD is connected to the FPGA, and the memory is connected to the CPLD; the CPLD completes the control of the FPGA configuration: that is, the security encryption of the configuration data and the selection of the configuration data; the memory contains the configuration information and encryption key of the FPGA; 三、为系统上电,CPLD读取存储器中的信息配置FPGA,该FPGA完成对BIOS的度量和系统上电时序的控制,启动系统; 3. Power on the system, the CPLD reads the information in the memory and configures the FPGA, the FPGA completes the measurement of the BIOS and the control of the power-on sequence of the system, and starts the system; 四、系统启动后,FPGA对计算机读入或输出的数据进行安全加密。 4. After the system is started, the FPGA will securely encrypt the data read or output by the computer. 2.根据权利要求1所述的基于FPGA的安全可信计算机的设计方法,其特征在于:所述FPGA设置有两块,其中一块连接有CPU、BIOS,另一块连接有桥片、以太网络和硬盘。 2. the design method of the safe and credible computer based on FPGA according to claim 1, it is characterized in that: described FPGA is provided with two, wherein one is connected with CPU, BIOS, and another piece is connected with bridge chip, Ethernet and hard disk. 3.根据权利要求2所述的基于FPGA的安全可信计算机的设计方法,其特征在于:所述步骤三的详细过程为:系统上电后,通过CPLD存储器中的配置信息配置FPGA一,该FPGA一度量BIOS,成功后将CPU复位,系统启动;通过CPLD读取存储器中配置信息配置FPGA二,系统通过桥片和FPGA二,初始化网络和硬盘等外围设备;最后计算机正常启动。 3. the design method of the safe and credible computer based on FPGA according to claim 2, it is characterized in that: the detailed process of described step 3 is: after system is powered on, configure FPGA 1 by the configuration information in CPLD memory, the FPGA 1 measures the BIOS, resets the CPU after success, and starts the system; reads the configuration information in the memory through the CPLD to configure FPGA 2, and the system initializes peripheral devices such as the network and hard disk through the bridge chip and FPGA 2; finally, the computer starts normally. 4.根据权利要求2所述的基于FPGA的安全可信计算机的设计方法,其特征在于:所述步骤四的详细过程为:系统运行时,网络和硬盘设备的数据读写,均通过FPGA二的度量逻辑度量,保证数据安全。 4. the design method of the safe and credible computer based on FPGA according to claim 2, it is characterized in that: the detailed process of described step 4 is: when system is running, the data reading and writing of network and hard disk equipment, all pass FPGA two The measurement logic measurement ensures data security.
CN201310538128.9A 2013-11-05 2013-11-05 FPGA-based design method of safe and trusted computer Pending CN103593622A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310538128.9A CN103593622A (en) 2013-11-05 2013-11-05 FPGA-based design method of safe and trusted computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310538128.9A CN103593622A (en) 2013-11-05 2013-11-05 FPGA-based design method of safe and trusted computer

Publications (1)

Publication Number Publication Date
CN103593622A true CN103593622A (en) 2014-02-19

Family

ID=50083754

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310538128.9A Pending CN103593622A (en) 2013-11-05 2013-11-05 FPGA-based design method of safe and trusted computer

Country Status (1)

Country Link
CN (1) CN103593622A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104035890A (en) * 2014-06-11 2014-09-10 丽水博远科技有限公司 Static random access memory based programmable gate array chip encryption method and system
CN104239760A (en) * 2014-09-03 2014-12-24 山东超越数控电子有限公司 Method for implementing computer with configurable security level
CN104298936A (en) * 2014-10-31 2015-01-21 成都朗锐芯科技发展有限公司 FPGA encryption and parameter configuration system based on CPLD chip
CN104346584A (en) * 2014-10-31 2015-02-11 成都朗锐芯科技发展有限公司 Encryption and parameter configuration method for FPGA (Field Programmable Gate Array) system
CN106971110A (en) * 2017-03-31 2017-07-21 山东超越数控电子有限公司 A kind of computer motherboard framework and operation method based on domestic safe processor
CN108268286A (en) * 2016-12-29 2018-07-10 联想(上海)信息技术有限公司 Computer system starting method and computer system
CN108874714A (en) * 2018-06-06 2018-11-23 山东超越数控电子股份有限公司 A kind of secure communication device based on chip
CN109308414A (en) * 2018-08-27 2019-02-05 山东超越数控电子股份有限公司 A kind of mainboard clean boot realization system and method based on Domestic Platform
CN109491716A (en) * 2018-10-19 2019-03-19 北京行易道科技有限公司 Start method and device, program storage method and device
CN110472421A (en) * 2019-07-22 2019-11-19 深圳中电长城信息安全系统有限公司 Mainboard, firmware safety detection method and terminal device
CN111045744A (en) * 2019-12-17 2020-04-21 全球能源互联网研究院有限公司 Trusted verification starting method and device of system
WO2020163977A1 (en) * 2019-02-11 2020-08-20 Intel Corporation Virtual flash
US11379125B1 (en) 2021-03-31 2022-07-05 International Business Machines Corporation Trusted field programmable gate array

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070208926A1 (en) * 2006-03-03 2007-09-06 Alcatel Implementing a microprocessor boot configuration prom within an FPGA
CN101980235A (en) * 2010-10-27 2011-02-23 中国航天科工集团第二研究院七○六所 Safe computing platform
CN201765585U (en) * 2010-07-26 2011-03-16 四川九洲电器集团有限责任公司 Dynamic loading system for processor application program
CN102662645A (en) * 2012-03-01 2012-09-12 福建星网锐捷网络有限公司 System-on-a-chip and configuration method of hardware programmable devices of system-on-a-chip
CN203057169U (en) * 2012-12-21 2013-07-10 无锡市同威科技有限公司 Network cipher machine based on FPGA (Field Programmable Gate Array)

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070208926A1 (en) * 2006-03-03 2007-09-06 Alcatel Implementing a microprocessor boot configuration prom within an FPGA
CN201765585U (en) * 2010-07-26 2011-03-16 四川九洲电器集团有限责任公司 Dynamic loading system for processor application program
CN101980235A (en) * 2010-10-27 2011-02-23 中国航天科工集团第二研究院七○六所 Safe computing platform
CN102662645A (en) * 2012-03-01 2012-09-12 福建星网锐捷网络有限公司 System-on-a-chip and configuration method of hardware programmable devices of system-on-a-chip
CN203057169U (en) * 2012-12-21 2013-07-10 无锡市同威科技有限公司 Network cipher machine based on FPGA (Field Programmable Gate Array)

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
彭阳 等: "《基于FPGA的高速加密卡设计与实现》", 《电子科技》 *
王冠 等: "《一种基于NiosⅡ软核嵌入式系统的完整性度量机制》", 《PROCEEDINGS OF THE 2011 INTERNATIONAL CONFERENCE ON FUTURE COMPUTER SCIENCE AND APPLICATION》 *
董晖 等: "《基于单片机和FPGA的网络数据加密实现》", 《电子设计工程》 *
黄建华 等: "《基于FPGA的嵌入式平台中TPM的扩展实现》", 《信息工程大学学报》 *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104035890A (en) * 2014-06-11 2014-09-10 丽水博远科技有限公司 Static random access memory based programmable gate array chip encryption method and system
CN104035890B (en) * 2014-06-11 2017-02-15 丽水博远科技有限公司 Static random access memory based programmable gate array chip encryption method and system
CN104239760A (en) * 2014-09-03 2014-12-24 山东超越数控电子有限公司 Method for implementing computer with configurable security level
CN104298936A (en) * 2014-10-31 2015-01-21 成都朗锐芯科技发展有限公司 FPGA encryption and parameter configuration system based on CPLD chip
CN104346584A (en) * 2014-10-31 2015-02-11 成都朗锐芯科技发展有限公司 Encryption and parameter configuration method for FPGA (Field Programmable Gate Array) system
CN104346584B (en) * 2014-10-31 2017-07-14 成都朗锐芯科技发展有限公司 A kind of FPGA system encryption and method for parameter configuration
CN108268286A (en) * 2016-12-29 2018-07-10 联想(上海)信息技术有限公司 Computer system starting method and computer system
CN106971110A (en) * 2017-03-31 2017-07-21 山东超越数控电子有限公司 A kind of computer motherboard framework and operation method based on domestic safe processor
CN108874714A (en) * 2018-06-06 2018-11-23 山东超越数控电子股份有限公司 A kind of secure communication device based on chip
CN109308414A (en) * 2018-08-27 2019-02-05 山东超越数控电子股份有限公司 A kind of mainboard clean boot realization system and method based on Domestic Platform
CN109491716A (en) * 2018-10-19 2019-03-19 北京行易道科技有限公司 Start method and device, program storage method and device
CN109491716B (en) * 2018-10-19 2021-11-16 北京行易道科技有限公司 Starting method and device, program storage method and device
WO2020163977A1 (en) * 2019-02-11 2020-08-20 Intel Corporation Virtual flash
KR20210125477A (en) * 2019-02-11 2021-10-18 인텔 코포레이션 virtual flash
KR102757133B1 (en) 2019-02-11 2025-01-21 인텔 코포레이션 Virtual Flash
CN110472421A (en) * 2019-07-22 2019-11-19 深圳中电长城信息安全系统有限公司 Mainboard, firmware safety detection method and terminal device
CN110472421B (en) * 2019-07-22 2021-08-20 深圳中电长城信息安全系统有限公司 Mainboard and firmware safety detection method and terminal equipment
CN111045744A (en) * 2019-12-17 2020-04-21 全球能源互联网研究院有限公司 Trusted verification starting method and device of system
CN111045744B (en) * 2019-12-17 2024-03-08 全球能源互联网研究院有限公司 A system trusted verification startup method and device
US11379125B1 (en) 2021-03-31 2022-07-05 International Business Machines Corporation Trusted field programmable gate array

Similar Documents

Publication Publication Date Title
CN103593622A (en) FPGA-based design method of safe and trusted computer
CN107194257B (en) Trusted system based on domestic TCM chip
CN107506290B (en) A non-volatile memory standard solid state drive status indicator control system
CN205507751U (en) Storage mainboard
CN106774698A (en) A kind of outband management server and control method based on FPGA
WO2018218954A1 (en) Verification platform and verification method, and computer storage medium
CN204347834U (en) A kind of server cluster storage system based on FPGA
CN107357408A (en) A kind of NVMe JOBF power-economizing methods, system and data center
CN204203971U (en) A kind of credible accounting system
CN104142723A (en) Intelligent fan speed regulating method for server
CN204272169U (en) Power communication protocol massages based on FPGA resolves card
CN206147605U (en) Do you realize xilinx of BMC chip function FPGA
CN105161132A (en) NVMe SSD read-only protection method based on FPGA
CN106599677A (en) Password control system and control method used for baseboard management controller
CN103164357B (en) The remove strategies establishing method of electronic installation and USB device
CN102110066B (en) Tax-control encryption card control method
CN103279412A (en) Method for solving problem of normally-off state of SATA (serial advanced technology attachment) hard disk power supply indicator lamp of SAS backboard
CN204316517U (en) A kind of SAS interface encryption apparatus
CN205318283U (en) Special isolation equipment mainboard based on explain 410 majestic treaters and shen wei nest plate
CN104392187A (en) Mobile encrypted hard disk
CN104331352B (en) Detection method and device are read outside cache uniformity chip address band
CN102981588A (en) System and method capable of starting up through universal sequence bus device
CN102768633A (en) Method for testing start and stop of server mainboard based on time series monitoring
CN206178529U (en) Main control board based on explain 411 majestic treaters and shen wei nest plate
CN203535638U (en) Computer with hard disk information safety device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20140219

WD01 Invention patent application deemed withdrawn after publication