[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN115033933A - BIOS-based port management and control method and system - Google Patents

BIOS-based port management and control method and system Download PDF

Info

Publication number
CN115033933A
CN115033933A CN202210523819.0A CN202210523819A CN115033933A CN 115033933 A CN115033933 A CN 115033933A CN 202210523819 A CN202210523819 A CN 202210523819A CN 115033933 A CN115033933 A CN 115033933A
Authority
CN
China
Prior art keywords
layer
port
bios
control
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210523819.0A
Other languages
Chinese (zh)
Inventor
陈小春
张超
朱立森
孙亮
樊晨
张家定
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kunlun Taike Beijing Technology Co ltd
Original Assignee
Kunlun Taike Beijing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kunlun Taike Beijing Technology Co ltd filed Critical Kunlun Taike Beijing Technology Co ltd
Priority to CN202210523819.0A priority Critical patent/CN115033933A/en
Publication of CN115033933A publication Critical patent/CN115033933A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a port management and control method and a system based on a BIOS (basic input output System). the port management and control at a BIOS layer is realized by a double-layer management and control method of the BIOS layer and an OS layer under the condition of lacking hardware or other mechanism support. The system of the invention only has the administrator to open or close the port in the BIOS layer, and the ordinary user can not change the port state under the unauthorized condition. After the BIOS layer closes the port, even an operating system administrator cannot open the port under the operating system, the BIOS layer is still required to open the port. When the hardware layer supports, directly pulling the corresponding GPIO control port through the hardware layer; when the hardware layer does not support, the BIOS layer port information transmission module collects the port information of the BIOS layer port control module, and reports the port information to the OS layer information receiving module through a unified communication interface between the BIOS and the operating system, so that the synchronization of the OS layer to the port control is realized.

Description

一种基于BIOS的端口管控方法及系统A BIOS-based port management and control method and system

技术领域technical field

本发明涉及计算机固件技术领域,具体涉及一种基于BIOS的端口管控方法及系统。The invention relates to the technical field of computer firmware, in particular to a BIOS-based port management and control method and system.

背景技术Background technique

BIOS(Basic Input Output System),即基础输入输出系统,是部署在主板ROM芯片上的启动程序。BIOS负责计算系统自检程序(POST,Power On Self Test)和系统自启动程序,是计算机系统启动后的第一道程式。BIOS存储在ROM(只读内存)芯片中,并且在断电后,依然可以维持原有设置。BIOS (Basic Input Output System), the basic input and output system, is a startup program deployed on the motherboard ROM chip. The BIOS is responsible for the system self-checking program (POST, Power On Self Test) and the system self-starting program. It is the first program after the computer system is started. The BIOS is stored in the ROM (Read Only Memory) chip and can maintain the original settings even after a power failure.

目前,端口管控是数据防泄漏的重要手段,利用BIOS非易失的特性在BIOS层关闭端口,能够有效地在计算机底层封闭数据外泄传输的渠道。但是,目前部分国产计算机不支持BIOS端口管控,即使在BIOS层关闭端口,在OS(操作系统)层中仍然会被打开,即在BIOS下需要对板载USB、SATA、网络等端口进行控制,控制其在BIOS和OS下的功能使用,因此端口管控存在漏洞。At present, port control is an important means of preventing data leakage. Using the non-volatile feature of BIOS to close ports at the BIOS layer can effectively close the channel for data leakage and transmission at the bottom layer of the computer. However, at present, some domestic computers do not support BIOS port control. Even if the port is closed at the BIOS layer, it will still be opened at the OS (operating system) layer, that is, the onboard USB, SATA, network and other ports need to be controlled under the BIOS. Controls its function usage under the BIOS and OS, so there are loopholes in port management.

现有的BIOS端口管控方法,存在两个问题:一,部分计算机存在设备控制器不支持通过配置寄存器进行实现端口控制;二,硬件环境对于BIOS控制端口未做相关支持。因此,目前亟需一种端口控制方法,可以不受寄存器和硬件环境的影响。The existing BIOS port control method has two problems: first, some computers have device controllers that do not support port control through configuration registers; second, the hardware environment does not support BIOS control ports. Therefore, there is an urgent need for a port control method that is not affected by registers and hardware environments.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明提供了一种基于BIOS的端口管控方法及系统,能够不受寄存器和硬件环境的影响,通过BIOS层的配置实现端口控制,在不存在寄存器的情况下,依旧可以通过BIOS层进行端口控制。In view of this, the present invention provides a BIOS-based port control method and system, which is not affected by registers and hardware environment, and can realize port control through the configuration of the BIOS layer. In the absence of registers, the BIOS can still be used layer for port control.

为实现上述发明目的,本发明的技术方案为:In order to realize the above-mentioned purpose of the invention, the technical scheme of the present invention is:

一种基于BIOS的端口管控方法,应用于包括OS层信息接收模块、OS层端口控制模块、BIOS层端口信息传输模块、BIOS层端口控制模块、BIOS层身份认证模块和硬件层的端口管控系统,具体步骤包括:A BIOS-based port control method is applied to a port control system comprising an OS layer information receiving module, an OS layer port control module, a BIOS layer port information transmission module, a BIOS layer port control module, a BIOS layer identity authentication module and a hardware layer, Specific steps include:

步骤一、计算机上电,进入BIOS配置界面。Step 1. Power on the computer and enter the BIOS configuration interface.

步骤二、BIOS身份认证模块对操作者的身份权限进行识别,决定是否给予管理员权限。Step 2: The BIOS identity authentication module identifies the operator's identity authority and decides whether to grant the administrator authority.

步骤三、管理员输入端口管控请求,BIOS端口控制模块接收并判断是否存在相应寄存器。Step 3: The administrator inputs a port control request, and the BIOS port control module receives and judges whether there is a corresponding register.

步骤四、BIOS端口信息传输模块利用BIOS与操作系统间统一的通讯接口将端口信息上报给OS层信息接收模块。Step 4: The BIOS port information transmission module uses the unified communication interface between the BIOS and the operating system to report the port information to the OS layer information receiving module.

步骤五、OS层信息接收模块接收BIOS层端口信息传输模块上报的端口信息,将端口信息传输给OS层端口控制模块。Step 5: The OS layer information receiving module receives the port information reported by the BIOS layer port information transmission module, and transmits the port information to the OS layer port control module.

步骤六、OS层端口控制模块依据端口信息,通过硬件层对相应端口进行控制。Step 6: The OS layer port control module controls the corresponding port through the hardware layer according to the port information.

进一步的,端口管控系统还包括OS层身份认证模块。Further, the port management and control system further includes an OS layer identity authentication module.

进一步的,管理员权限具体为:Further, the administrator privileges are specifically:

当为第一层管理员操作时,打开相应端口管控权限,随后可在配置界面进行对端口开关控制的选择;当不是第一层管理员操作时,不给予端口管控权限;OS层身份认证模块通过识别第二层管理员身份,赋予第二层管理员相应端口的管控权限,第二层管理员的优先级高于第一层管理员。When operating for the first-layer administrator, open the corresponding port control authority, and then select the port switch control in the configuration interface; when it is not the first-layer administrator, no port control authority is given; OS layer identity authentication module By identifying the identity of the second-level administrator, the second-level administrator is given the corresponding port management and control authority, and the second-level administrator has a higher priority than the first-level administrator.

进一步的,步骤三还包括:Further, step 3 also includes:

存在相应寄存器时,直接配置寄存器来实现对端口的管控;当不存在相应寄存器时,判断硬件层是否存在硬件支持;若存在硬件支持,BIOS端口控制模块直接拉取或通知硬件层拉取相应GPIO对端口进行控制;若不存在硬件支持,进入步骤四。When there is a corresponding register, directly configure the register to control the port; when there is no corresponding register, determine whether the hardware layer has hardware support; if there is hardware support, the BIOS port control module directly pulls or notifies the hardware layer to pull the corresponding GPIO Control the port; if there is no hardware support, go to step 4.

一种基于BIOS的端口管控系统,针对上述的方法,包括OS层、BIOS层和硬件层。A BIOS-based port management and control system, aiming at the above method, includes an OS layer, a BIOS layer and a hardware layer.

OS层包括OS层信息接收模块、OS层端口控制模块和OS层身份认证模块;BIOS层包括BIOS层端口信息传输模块、BIOS层端口控制模块和BIOS层身份认证模块;硬件层包括CPU、端口控制器和端口拉取设备。OS layer includes OS layer information receiving module, OS layer port control module and OS layer identity authentication module; BIOS layer includes BIOS layer port information transmission module, BIOS layer port control module and BIOS layer identity authentication module; hardware layer includes CPU, port control module and port pull devices.

在硬件层中:In the hardware layer:

端口控制器用于直接对端口进行控制;端口拉取设备和CPU共同构成对端口的硬件支持,在BIOS层端口控制模块的控制下,拉取相应的GPIO对端口进行控制。The port controller is used to directly control the port; the port pulling device and the CPU together constitute the hardware support for the port, and under the control of the BIOS layer port control module, the corresponding GPIO is pulled to control the port.

在BIOS层中:In the BIOS layer:

BIOS层端口控制模块和OS层端口控制模块连接,两者与硬件层的CPU和端口控制器连接;BIOS层身份认证模块通过识别第一层管理员身份,赋予第一层管理员相应端口的管控权限,同时其他用户无法管控端口;BIOS层端口控制模块通过为端口配置相应寄存器,以控制端口状态;BIOS层端口信息传输模块获取BIOS层端口控制模块收集的端口信息,通过BIOS与操作系统间统一的通讯接口将信息上报给OS层信息接收模块;BIOS端口控制模块对端口施加控制权限,以设置OS层对端口的控制权限范围。The BIOS layer port control module is connected to the OS layer port control module, and the two are connected to the CPU and port controller of the hardware layer; the BIOS layer identity authentication module gives the first layer administrator the control of the corresponding port by identifying the first layer administrator identity At the same time, other users cannot control the port; the BIOS layer port control module configures the corresponding register for the port to control the port status; the BIOS layer port information transmission module obtains the port information collected by the BIOS layer port control module, and unifies it between the BIOS and the operating system The communication interface of the BIOS reports the information to the OS layer information receiving module; the BIOS port control module imposes control authority on the port to set the control authority scope of the OS layer on the port.

在OS层中:In the OS layer:

OS层信息接收模块接收BIOS层上报的端口信息,根据端口信息下达指令给OS层端口控制模块;OS层端口控制模块根据所下达指令,对端口进行打开或关闭操作;OS层身份认证模块通过识别第二层管理员身份,赋予第二层管理员相应端口的管控权限,第二层管理员的优先级高于第一层管理员。The OS layer information receiving module receives the port information reported by the BIOS layer, and issues instructions to the OS layer port control module according to the port information; the OS layer port control module opens or closes the port according to the issued instructions; the OS layer identity authentication module passes the identification The second-level administrator status is given to the second-level administrator to control the corresponding port. The second-level administrator has a higher priority than the first-level administrator.

有益效果:Beneficial effects:

1、本发明通过BIOS层和OS层的双层管控的方法,在缺乏硬件或其他机制支持的情况下,实现在BIOS层的端口管控。1. The present invention implements port management and control at the BIOS layer in the absence of hardware or other mechanism support through the double-layer management and control method of the BIOS layer and the OS layer.

2、本发明系统在BIOS层只有管理员可以打开或关闭端口,普通用户无法在非授权的情况下改变端口状态。BIOS层关闭端口后,即使是由操作系统管理员也无法在操作系统下打开端口,仍然需要BIOS层进行端口开启。2. In the system of the present invention, only the administrator can open or close the port at the BIOS layer, and ordinary users cannot change the state of the port without authorization. After the BIOS layer closes the port, even the operating system administrator cannot open the port under the operating system, and the BIOS layer still needs to open the port.

3、本发明系统在硬件层支持时通过硬件层直接拉取相应的GPIO控制端口;在硬件层不支持时,BIOS层端口信息传输模块收集BIOS层端口控制模块的端口信息,通过BIOS与操作系统间统一的通讯接口将信息上报给OS层信息接收模块,实现OS层对端口控制的同步。一旦BIOS端口关闭,将同步立即关闭或锁死端口状态,实现普通用户无法打开端口,保持端口的关闭状态与BIOS层设置统一。3. The system of the present invention directly pulls the corresponding GPIO control port through the hardware layer when the hardware layer supports it; when the hardware layer does not support it, the BIOS layer port information transmission module collects the port information of the BIOS layer port control module, and passes the BIOS and the operating system. The unified communication interface between them reports the information to the information receiving module of the OS layer, so as to realize the synchronization of the port control by the OS layer. Once the BIOS port is closed, it will immediately close or lock the port state synchronously, so that ordinary users cannot open the port and keep the port closed state consistent with the BIOS layer settings.

附图说明Description of drawings

图1为BIOS层、OS层和硬件层的连接框架图。FIG. 1 is a connection frame diagram of the BIOS layer, the OS layer and the hardware layer.

图2为本发明方法流程图。Figure 2 is a flow chart of the method of the present invention.

具体实施方式Detailed ways

下面结合附图并举实施例,对本发明进行详细描述。The present invention will be described in detail below with reference to the accompanying drawings and embodiments.

如图2所示,本发明提出一种基于BIOS的端口管控方法,具体步骤包括:As shown in FIG. 2 , the present invention proposes a BIOS-based port management and control method, and the specific steps include:

步骤一、计算机上电,进入BIOS配置界面;Step 1. Power on the computer and enter the BIOS configuration interface;

步骤二、BIOS身份认证模块对操作者的身份权限进行识别,当为第一层管理员操作时,打开相应端口管控权限,随后可在配置界面进行对端口开关控制的选择;当不是第一层管理员操作时,不给予端口管控权限;OS层身份认证模块通过识别第二层管理员身份,赋予第二层管理员相应端口的管控权限,第二层管理员的优先级高于第一层管理员;Step 2: The BIOS identity authentication module identifies the operator's identity authority. When it is operated by the first-layer administrator, the corresponding port control authority is opened, and then the port switch control can be selected in the configuration interface; when it is not the first-layer administrator When the administrator operates, the port management and control authority is not given; the OS layer identity authentication module grants the second-layer administrator the corresponding port control authority by identifying the second-layer administrator, and the second-layer administrator has a higher priority than the first-layer administrator;

步骤三、管理员输入端口管控请求,BIOS端口控制模块接收并判断是否存在相应寄存器;存在时,直接配置寄存器来实现对端口的管控;当不存在相应寄存器时,判断硬件层是否存在硬件支持;若存在硬件支持,BIOS端口控制模块直接拉取或通知硬件层拉取相应GPIO对端口进行控制;若不存在硬件支持,进入步骤四;Step 3: The administrator inputs a port control request, and the BIOS port control module receives and judges whether there is a corresponding register; when it exists, directly configure the register to realize the control of the port; when there is no corresponding register, judge whether the hardware layer has hardware support; If there is hardware support, the BIOS port control module directly pulls or notifies the hardware layer to pull the corresponding GPIO to control the port; if there is no hardware support, go to step 4;

步骤四、BIOS端口信息传输模块利用BIOS与操作系统间统一的通讯接口规范,如SMBIOS,将端口信息上报给OS层信息接收模块;端口控制器中网络的状态通过特定网络状态标志位来描述,不需要管控到Port;端口控制器中SATA控制器需要管控到PORT,Port状态由特定的Port状态标志位来表征,当整个控制器Disable时,则忽略Port Status的值;端口控制器中USB需要管控到PORT,Port状态由特定的Port状态标志位来表征,当整个控制器Disable时,则忽略Port Status的值;Step 4, the BIOS port information transmission module uses the unified communication interface specification between the BIOS and the operating system, such as SMBIOS, to report the port information to the OS layer information receiving module; the state of the network in the port controller is described by a specific network state flag bit, There is no need to control the Port; the SATA controller in the port controller needs to control the PORT, and the Port status is represented by a specific Port status flag bit. When the entire controller is Disabled, the value of the Port Status is ignored; the USB in the port controller needs to Controlled to the PORT, the Port status is represented by a specific Port status flag bit, when the entire controller is Disabled, the value of the Port Status is ignored;

步骤五、重启计算机,使步骤一至步骤四的配置生效;Step 5. Restart the computer to make the configurations from step 1 to step 4 take effect;

步骤六、OS层信息接收模块接收BIOS层端口信息传输模块上报的端口信息,将端口信息传输给OS层端口控制模块;Step 6, the OS layer information receiving module receives the port information reported by the BIOS layer port information transmission module, and transmits the port information to the OS layer port control module;

步骤七、OS层端口控制模块依据端口信息,通过硬件层对相应端口进行控制。Step 7: The OS layer port control module controls the corresponding port through the hardware layer according to the port information.

如图1所示,本发明提供了一种基于BIOS的端口管控系统,在BIOS配置界面利用开关选项来控制USB、SATA、网络等端口时,通过配置其控制器的寄存器来实现,当不存在这类寄存器时,提供了硬件和软件两套解决方案。As shown in FIG. 1 , the present invention provides a BIOS-based port management and control system. When using switch options in the BIOS configuration interface to control ports such as USB, SATA, and network, it is realized by configuring the registers of its controller. For this type of register, both hardware and software solutions are provided.

硬件方案中,BIOS层通过GPIO信号线来控制端口的电信号或者时钟信号,直接拉取GPIO或者BIOS层通过相应的接口告知端口拉取设备(如TPCM卡、EC和CPLD等)拉取相应的GPIO来对接口的访问进行控制。信号发送之后,对机器进行重启即可生效。In the hardware solution, the BIOS layer controls the electrical signal or clock signal of the port through the GPIO signal line, and directly pulls the GPIO or the BIOS layer tells the port to pull the device (such as TPCM card, EC and CPLD, etc.) through the corresponding interface to pull the corresponding port. GPIO to control access to the interface. After the signal is sent, restart the machine to take effect.

软件方式实现端口管控,在没有硬件环境支持下,无法通过寄存器或GPIO等其他硬件方式对端口进行控制时,BIOS层需要通过软件方式,如不枚举和扫描相应的端口。在此情况下需要BIOS层将相应端口状态通过BIOS与操作系统间统一的通讯接口传给OS层,同一种类型的控制器通过具体设备号,功能号等标识来区分,不同类型控制器通过控制器设备类型来区分。通讯过程块遵循通讯接口规范,如SMBIOS(SMBIOS是主板或系统制造者以标准格式显示产品管理信息所需遵循的统一规范)。OS层接收到数据后对端口状态进行判断随后对端口进行相应控制。BIOS层对相关设备施加端口控制权限,以防在OS层下私自对端口进行控制。The software method implements port control. Without the support of the hardware environment, when the port cannot be controlled by other hardware methods such as registers or GPIO, the BIOS layer needs to use software methods, such as not enumerating and scanning the corresponding ports. In this case, the BIOS layer needs to transmit the corresponding port status to the OS layer through the unified communication interface between the BIOS and the operating system. The same type of controller is distinguished by the specific device number, function number and other identifiers, and different types of controllers are controlled by device type to distinguish. The communication process block follows a communication interface specification, such as SMBIOS (SMBIOS is a unified specification that motherboard or system manufacturers need to follow to display product management information in a standard format). After the OS layer receives the data, it judges the port state and then controls the port accordingly. The BIOS layer imposes port control authority on related devices to prevent the port from being controlled privately under the OS layer.

如图1所示,一种基于BIOS的端口管控系统,系统包括OS层、BIOS层和硬件层;端口控制器包括USB、SATA和网络。其中,OS层信息接收模块、OS层端口控制模块和OS层身份认证模块设置在OS的内核空间。As shown in Figure 1, a BIOS-based port management and control system includes an OS layer, a BIOS layer and a hardware layer; the port controller includes USB, SATA and a network. The OS layer information receiving module, the OS layer port control module and the OS layer identity authentication module are set in the kernel space of the OS.

OS层包括OS层信息接收模块、OS层端口控制模块和OS层身份认证模块;BIOS层包括BIOS层端口信息传输模块、BIOS层端口控制模块和BIOS层身份认证模块;硬件层包括CPU、端口控制器和端口拉取设备;OS layer includes OS layer information receiving module, OS layer port control module and OS layer identity authentication module; BIOS layer includes BIOS layer port information transmission module, BIOS layer port control module and BIOS layer identity authentication module; hardware layer includes CPU, port control module server and port pull devices;

在硬件层中:In the hardware layer:

端口控制器用于直接对端口进行控制;端口拉取设备和CPU共同构成对端口的硬件支持,在BIOS层端口控制模块的控制下,拉取相应的GPIO对端口进行控制;The port controller is used to directly control the port; the port pulling device and the CPU together constitute the hardware support for the port, and under the control of the BIOS layer port control module, the corresponding GPIO is pulled to control the port;

在BIOS层中:In the BIOS layer:

BIOS层端口控制模块和OS层端口控制模块连接,两者与硬件层的CPU和端口控制器连接;BIOS层身份认证模块通过识别第一层管理员身份,赋予第一层管理员相应端口的管控权限,同时其他用户无法管控端口;BIOS层端口控制模块通过为端口配置相应寄存器,以控制端口状态;BIOS层端口信息传输模块获取BIOS层端口控制模块收集的端口信息,通过BIOS与操作系统间统一的通讯接口规范,如SMBIOS,将信息上报给OS层信息接收模块;BIOS端口控制模块对端口施加控制权限,以设置OS层对端口的控制权限范围;The BIOS layer port control module is connected to the OS layer port control module, and the two are connected to the CPU and port controller of the hardware layer; the BIOS layer identity authentication module gives the first layer administrator the control of the corresponding port by identifying the first layer administrator identity At the same time, other users cannot control the port; the BIOS layer port control module configures the corresponding register for the port to control the port status; the BIOS layer port information transmission module obtains the port information collected by the BIOS layer port control module, and unifies it between the BIOS and the operating system The communication interface specification, such as SMBIOS, reports the information to the OS layer information receiving module; the BIOS port control module imposes control authority on the port to set the control authority scope of the OS layer on the port;

在OS层中:In the OS layer:

OS层信息接收模块接收BIOS层上报的端口信息,根据端口信息下达指令给OS层端口控制模块;OS层端口控制模块根据所下达指令,对端口进行打开或关闭操作;OS层身份认证模块通过识别第二层管理员身份,赋予第二层管理员相应端口的管控权限,第二层管理员的优先级高于第一层管理员。The OS layer information receiving module receives the port information reported by the BIOS layer, and issues instructions to the OS layer port control module according to the port information; the OS layer port control module opens or closes the port according to the issued instructions; the OS layer identity authentication module passes the identification The second-level administrator status is given to the second-level administrator to control the corresponding port. The second-level administrator has a higher priority than the first-level administrator.

综上所述,以上仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。To sum up, the above are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.

Claims (5)

1. A port management and control method based on BIOS is characterized in that the method is applied to a port management and control system comprising an OS layer information receiving module, an OS layer port control module, a BIOS layer port information transmission module, a BIOS layer port control module, a BIOS layer identity authentication module and a hardware layer, and the specific steps comprise:
step one, electrifying a computer and entering a BIOS configuration interface;
step two, the BIOS identity authentication module identifies the identity authority of the operator and determines whether to give the administrator authority;
thirdly, an administrator inputs a port management and control request, and a BIOS port control module receives and judges whether a corresponding register exists or not;
fourthly, the BIOS port information transmission module reports the port information to an OS layer information receiving module by utilizing a unified communication interface between the BIOS and the operating system;
fifthly, the OS layer information receiving module receives the port information reported by the BIOS layer port information transmission module and transmits the port information to the OS layer port control module;
and step six, the port control module of the OS layer controls the corresponding port through the hardware layer according to the port information.
2. The method of claim 1, wherein the port management system further comprises an OS-level identity authentication module.
3. The method according to claims 1-2, wherein the administrator privileges are specifically:
when the operation is performed by a first-layer administrator, the corresponding port control authority is opened, and then the selection of port switch control can be performed on a configuration interface; when the operation is not performed by the first-layer administrator, the port management and control authority is not given; and the OS layer identity authentication module gives the control authority to a corresponding port of a second layer administrator by identifying the identity of the second layer administrator, wherein the priority of the second layer administrator is higher than that of the first layer administrator.
4. The method of claim 1, wherein step three further comprises:
when a corresponding register exists, the register is directly configured to realize the control of the port; when the corresponding register does not exist, judging whether the hardware layer has hardware support or not; if the hardware support exists, the BIOS port control module directly pulls or informs a hardware layer to pull a corresponding GPIO to control the port; and if the hardware support does not exist, entering the step four.
5. A BIOS based port management system comprising an OS layer, a BIOS layer and a hardware layer for the method of claims 1-4;
the OS layer comprises an OS layer information receiving module, an OS layer port control module and an OS layer identity authentication module; the BIOS layer comprises a BIOS layer port information transmission module, a BIOS layer port control module and a BIOS layer identity authentication module; the hardware layer comprises a CPU, a port controller and a port pulling device;
in the hardware layer:
the port controller is used for directly controlling the ports; the port pulling device and the CPU together form hardware support for the port, and pull the corresponding GPIO to control the port under the control of the port control module of the BIOS layer;
in the BIOS layer:
the BIOS layer port control module is connected with the OS layer port control module, and the BIOS layer port control module and the OS layer port control module are connected with a CPU and a port controller of a hardware layer; the BIOS layer identity authentication module gives control authority to a corresponding port of a first layer administrator by identifying the identity of the first layer administrator, and meanwhile, other users cannot control the port; the BIOS layer port control module controls the port state by configuring a corresponding register for the port; the BIOS layer port information transmission module acquires the port information collected by the BIOS layer port control module and reports the information to the OS layer information receiving module through a unified communication interface between the BIOS and the operating system; the BIOS port control module applies control authority to the port to set the control authority range of the OS layer to the port;
in the OS layer:
the OS layer information receiving module receives the port information reported by the BIOS layer and issues an instruction to the OS layer port control module according to the port information; the OS layer port control module performs opening or closing operation on the port according to the issued instruction; the OS layer identity authentication module gives the management and control authority of a corresponding port to a second layer administrator by identifying the identity of the second layer administrator, and the priority of the second layer administrator is higher than that of the first layer administrator.
CN202210523819.0A 2022-05-13 2022-05-13 BIOS-based port management and control method and system Pending CN115033933A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210523819.0A CN115033933A (en) 2022-05-13 2022-05-13 BIOS-based port management and control method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210523819.0A CN115033933A (en) 2022-05-13 2022-05-13 BIOS-based port management and control method and system

Publications (1)

Publication Number Publication Date
CN115033933A true CN115033933A (en) 2022-09-09

Family

ID=83121695

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210523819.0A Pending CN115033933A (en) 2022-05-13 2022-05-13 BIOS-based port management and control method and system

Country Status (1)

Country Link
CN (1) CN115033933A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101324912A (en) * 2008-07-30 2008-12-17 中国航天科工集团第二研究院七○六所 Credible safety computer
CN102279914A (en) * 2011-07-13 2011-12-14 中国人民解放军海军计算技术研究所 Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same
CN106909848A (en) * 2015-12-22 2017-06-30 中电科技(北京)有限公司 A kind of computer security strengthening system and its method based on BIOS extensions
CN111625875A (en) * 2020-05-27 2020-09-04 湖南长城银河科技有限公司 Multi-level cooperative control method for shutdown and recovery of computer peripheral interface
CN114328332A (en) * 2021-11-30 2022-04-12 浪潮(山东)计算机科技有限公司 USB interface control method, device, equipment and readable storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101324912A (en) * 2008-07-30 2008-12-17 中国航天科工集团第二研究院七○六所 Credible safety computer
CN102279914A (en) * 2011-07-13 2011-12-14 中国人民解放军海军计算技术研究所 Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same
CN106909848A (en) * 2015-12-22 2017-06-30 中电科技(北京)有限公司 A kind of computer security strengthening system and its method based on BIOS extensions
CN111625875A (en) * 2020-05-27 2020-09-04 湖南长城银河科技有限公司 Multi-level cooperative control method for shutdown and recovery of computer peripheral interface
CN114328332A (en) * 2021-11-30 2022-04-12 浪潮(山东)计算机科技有限公司 USB interface control method, device, equipment and readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵小桐: "基于固件的终端控制系统的研究", 中国优秀硕士论文学位论文全文数据库 信息科技辑, no. 2, 15 March 2017 (2017-03-15), pages 140 - 1332 *

Similar Documents

Publication Publication Date Title
EP3287800B1 (en) Jtag debug apparatus and jtag debug method
AU2002315565B2 (en) Security system and method for computers
KR101146153B1 (en) Security system and method for computer operating systems
US8661235B2 (en) Firmware storage medium with customized image
US20070028292A1 (en) Bus bridge security system and method for computers
US20070011491A1 (en) Method for platform independent management of devices using option ROMs
WO2017113879A1 (en) Method and device for controlling smart interface card
US20070220120A1 (en) Computer System
US10831897B2 (en) Selective enforcement of secure boot database entries in an information handling system
CN109670349A (en) The hardware structure of trusted computer and the credible starting method of computer
US20080270780A1 (en) Design structure for disabling a universal serial bus port
CN105807848A (en) Touch industrial personal computer
US7685361B2 (en) Virtualization method and storage apparatus for a storage system having external connectivity
US20060230224A1 (en) Information processing apparatus
US20230342472A1 (en) Computer System, Trusted Function Component, and Running Method
US7590770B2 (en) Device-independent control of storage hardware using SCSI enclosure services
WO2009017556A1 (en) Electronic device interface control system
US20050036285A1 (en) Portable computer
CN115033933A (en) BIOS-based port management and control method and system
US11354259B1 (en) Computer system configurations based on accessing data elements presented by baseboard management controllers
CN103049342A (en) Access method of boot information
US7590767B2 (en) Electronic apparatus, information processing system and method of controlling said apparatus
TW201442464A (en) The controlling system and the method of the remote device and the server
US11734457B2 (en) Technology for controlling access to processor debug features
CN115310150A (en) Novel server, server control method, device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination