Nothing Special   »   [go: up one dir, main page]

WO2022156513A1 - Server operation system guiding method and apparatus, device, and medium - Google Patents

Server operation system guiding method and apparatus, device, and medium Download PDF

Info

Publication number
WO2022156513A1
WO2022156513A1 PCT/CN2021/143306 CN2021143306W WO2022156513A1 WO 2022156513 A1 WO2022156513 A1 WO 2022156513A1 CN 2021143306 W CN2021143306 W CN 2021143306W WO 2022156513 A1 WO2022156513 A1 WO 2022156513A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
program
operating system
tftp service
booting
Prior art date
Application number
PCT/CN2021/143306
Other languages
French (fr)
Chinese (zh)
Inventor
张国磊
Original Assignee
浪潮电子信息产业股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 浪潮电子信息产业股份有限公司 filed Critical 浪潮电子信息产业股份有限公司
Publication of WO2022156513A1 publication Critical patent/WO2022156513A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files

Definitions

  • the present application relates to the technical field of servers, and in particular, to a method, apparatus, device, and medium for booting a server operating system.
  • the server boots the OS (operation system) through the BIOS (Basic Input Output System) when it is powered on, and the BIOS first boots the PXE (Preboot eXecution Environment, pre-boot execution environment) for network boot.
  • the network boot item is directly loaded, which may lead to an unsafe server operating system, thereby making the entire server operating system unreliable.
  • the purpose of the present application is to provide a server operating system booting method, apparatus, device, and medium, which can ensure the reliability of the booted server operating system. Its specific plan is as follows:
  • the present application discloses a method for booting a server operating system, including:
  • boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, verifying the operating system mirroring program based on the digital certificate corresponding to the server;
  • the server is used to run the booting program to boot the operating system mirroring program.
  • the scanning of the TFTP service corresponding to the server in the network to determine whether there is a boot program and an operating system mirroring program corresponding to the server in the TFTP service including:
  • the TFTP service exists, it is detected whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service, wherein both the bootstrap program and the operating system mirror program conform to the TFTP specification.
  • the detecting whether there is a bootstrap program and an operating system mirroring program corresponding to the server in the TFTP service includes:
  • the method further includes:
  • the TFTP service does not exist in the network, or, the TFTP service exists in the network and the boot program and the operating system mirroring program do not exist in the TFTP service, perform the operation of the server Local boot of the system.
  • the method further includes:
  • the verification of the operating system mirroring program based on the digital certificate corresponding to the server includes:
  • the preset algorithm calculates the operating system image program, and encrypts the calculation result with the private key corresponding to the public key;
  • the reference plaintext is compared with the to-be-verified plaintext, and whether the operating system mirroring program passes the verification is determined according to the comparison result.
  • the default configuration of the PXE enable mode of the server to the encryption mode includes:
  • the PXE enable mode of the server is configured to be encrypted mode by default.
  • a server operating system booting device including:
  • the PXE setting module is used to configure the PXE enable mode of the server to the encryption mode by default, and guide the server to enter the PXE stage;
  • a scanning module configured to scan the TFTP service corresponding to the server in the network, to determine whether there is a bootstrap program and an operating system mirror program corresponding to the server in the TFTP service;
  • a verification module configured to verify the operating system mirroring program based on the digital certificate corresponding to the server if the bootstrap program and the operating system mirroring program corresponding to the server exist in the TFTP service;
  • a booting module configured to run the booting program through the server to boot the operating system mirroring program when the operating system mirroring program passes the verification.
  • a server including:
  • the memory is used to store computer programs
  • the processor is configured to execute the computer program to implement the aforementioned method for booting a server operating system.
  • the present application discloses a computer-readable storage medium for storing a computer program, wherein when the computer program is executed by a processor, the aforementioned method for booting a server operating system is implemented.
  • this application first configures the PXE enable mode of the server to be encrypted mode by default, and guides the server to enter the PXE stage, and then scans the TFTP service corresponding to the server in the network to determine whether there is a bootstrap in the TFTP service.
  • the program and the operating system mirroring program corresponding to the server if the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, then based on the digital certificate corresponding to the server, the operating system mirroring program is Verification is performed, and when the operating system mirroring program passes the verification, the server is used to run the booting program to guide the operating system mirroring program.
  • the PXE enable mode of the server is configured to be encrypted by default, so that when the server enters the PXE stage, the TFTP server corresponding to the server in the network is scanned, and when it is found that the TFTP server exists in the server.
  • the operating system mirror program will be verified first, and after the operating system mirror program has passed the verification, the boot program will be run to guide the server.
  • the operating system mirroring program compared with the prior art directly running the bootstrap program to guide the operating system mirroring program after discovering the bootstrap program and the operating system mirroring program, firstly verifying the operating system mirroring program can ensure the operating system mirroring Program reliability, avoid booting into malicious mirror programs, and ensure the reliability of the server operating system.
  • FIG. 1 is a flowchart of a method for booting a server operating system disclosed in the application
  • FIG. 4 is a schematic structural diagram of a server operating system boot device disclosed in the present application.
  • FIG. 5 is a schematic structural diagram of a server disclosed in this application.
  • the present application proposes a method for booting a server operating system, which can ensure the reliability of the booted server operating system.
  • an embodiment of the present application discloses a method for booting a server operating system, which includes:
  • Step S11 Configure the PXE enable mode of the server to be the encryption mode by default, and guide the server to enter the PXE stage.
  • the PXE enable mode of the server is configured to be encrypted mode by default, that is, when the server enters the PXE mode, the encrypted mode is used to boot the operating system by default.
  • setting the PXE enable mode of the server to the encryption mode by default may specifically include: configuring the PXE enable mode of the server to the encryption mode by default in the BIOS setup page of the server.
  • Step S12 Scan the TFTP service corresponding to the server in the network to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service.
  • the server enters the PXE mode
  • the TFTP (Trivial File Transfer Protocol, Simple File Transfer Protocol) service corresponding to the server in the network is scanned, so as to determine whether there is a bootstrap and a TFTP service in the TFTP service.
  • the operating system mirroring program corresponding to the server is used to guide the operating system mirror program corresponding to the server, and the operating system mirror program is used to install the operating system of the server.
  • Step S13 If the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, verify the operating system mirroring program based on the digital certificate corresponding to the server.
  • the operating system mirroring program may have threat information. If the operating system mirroring program is directly booted, the reliability of the operating system of the server will be affected. The digital certificate verifies the operating system image program, so as to determine the reliability of the operating system image file.
  • Step S14 When the operating system mirroring program passes the verification, run the booting program through the server to boot the operating system mirroring program.
  • the operating system image file passes the verification, it indicates that the operating system image file is reliable, so the operating system image file can be booted, and the server can run the boot program to boot the operating system image file. the operating system mirroring program. If the operating system mirroring program fails the verification, it indicates that the operating system mirroring program is unreliable, and the operating system mirroring program is not to be booted.
  • this application first configures the PXE enable mode of the server to be encrypted mode by default, and guides the server to enter the PXE stage, and then scans the TFTP service corresponding to the server in the network to determine whether there is a bootstrap in the TFTP service.
  • the program and the operating system mirroring program corresponding to the server if the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, then based on the digital certificate corresponding to the server, the operating system mirroring program is Verification is performed, and when the operating system mirroring program passes the verification, the server is used to run the booting program to guide the operating system mirroring program.
  • the PXE enable mode of the server is configured to be encrypted by default, so that when the server enters the PXE stage, the TFTP server corresponding to the server in the network is scanned, and when it is found that the TFTP server exists in the server.
  • the operating system mirror program will be verified first, and after the operating system mirror program has passed the verification, the boot program will be run to guide the server.
  • the operating system mirroring program compared with the prior art directly running the bootstrap program to guide the operating system mirroring program after discovering the bootstrap program and the operating system mirroring program, firstly verifying the operating system mirroring program can ensure the operating system mirroring Program reliability, avoid booting into malicious mirror programs, and ensure the reliability of the server operating system.
  • an embodiment of the present application discloses a specific server operating system booting method, and the method includes:
  • Step S21 Configure the PXE enable mode of the server to be the encryption mode by default, and guide the server to enter the PXE stage.
  • the method further includes: acquiring the digital certificate and storing the digital certificate, wherein the digital certificate includes the corresponding data of the server. public key.
  • Step S22 Scan the TFTP service corresponding to the server in the network.
  • the server After the server is booted into the PXE mode, it is necessary to scan the TFTP service corresponding to the server in the network, and if the TFTP service does not exist, the local boot of the operating system of the server is directly performed. If the TFTP service exists, the subsequent network boot can be continued.
  • Step S23 If the TFTP service exists, detect whether there is a bootstrap program and an operating system mirroring program corresponding to the server in the TFTP service, wherein both the bootstrap program and the operating system mirroring program conform to the TFTP specification.
  • the TFTP service exists, it is detected whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service, wherein both the bootstrap program and the operating system mirror program conform to the TFTP specification.
  • detecting whether a bootstrap program and an operating system mirroring program corresponding to the server exist in the TFTP service may include: detecting all files in the default directory in the TFTP service to determine whether the TFTP service is in the Whether there is a boot program and an operating system mirroring program corresponding to the server. That is, the boot program and the operating system mirror program are generally placed in the default directory in the TFTP service according to the TFTP specification, so after the TFTP service is discovered, the default directory in the TFTP service can be All files below are detected to determine whether the boot program and the operating system image program exist in the TFTP service.
  • Step S24 If the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, verify the operating system mirroring program based on the digital certificate corresponding to the server.
  • the operating system mirroring program corresponding to the server exists in the TFTP service, the operating system mirroring program is verified based on the digital certificate corresponding to the server.
  • verifying the operating system image program based on the digital certificate corresponding to the server includes: decrypting the signature file corresponding to the operating system image program by using the public key in the digital certificate, to obtain Refer to the plaintext, wherein the signature file is stored in the TFTP service, and the signature file is calculated by using a preset algorithm for the operating system image program, and the private key corresponding to the public key is used to pair the calculation results.
  • the preset algorithm is an MD5 algorithm or the like.
  • the preset algorithm when storing the operating system image program in the TFTP service, first use the preset algorithm to calculate the operating system image program to obtain the calculation result, and then use the public data in the digital certificate to calculate the operating system image program.
  • the private key corresponding to the key encrypts the calculation result, obtains the signature file, and stores the signature file, the operating system image file and the boot program in the default directory in the TFTP service, so
  • Step S25 When the operating system mirroring program passes the verification, run the booting program through the server to boot the operating system mirroring program.
  • the server runs the booting program to boot the operating system mirroring program.
  • Step S26 If the TFTP service does not exist in the network, or, the TFTP service exists in the network and the boot program and the operating system image program do not exist in the TFTP service, perform the Local boot of the server's operating system.
  • the TFTP service does not exist in the network, or, the TFTP service exists in the network and the boot program and the operating system mirroring program do not exist in the TFTP service, perform the operation of the server Local boot of the system.
  • the PXE enabling mode of the server may also be set to a non-encryption mode, wherein the non-encryption mode is the same as the booting method of the operating system of the server in the prior art. That is, in the non-encrypted mode, after the server enters the PXE mode, the TFTP service is detected, and if the boot program and the operating system mirror program corresponding to the server are detected in the TFTP service, the boot program is directly run to guide the The operating system mirroring program, if the TFTP service is not detected or the booting program and the operating system mirroring program do not exist in the TFTP service, perform local booting of the operating system of the server.
  • FIG. 3 it is a flowchart for booting the server operating system.
  • Two modes are enabled for the PXE of the server, encrypted mode and non-encrypted mode.
  • the encrypted mode is enabled by default, which is configured on the BIOS steup page.
  • the BIOS boots to the PXE stage to scan and detect the TFTP server in the network.
  • the TFTP service exists, it is detected whether there is a bootstrap program. If there is a bootstrap program, the operating system image program corresponding to the bootstrap program is verified according to the digital certificate. If the verification passes, the bootstrap program continues to be loaded and the bootstrap program runs.
  • an embodiment of the present application discloses a device for booting a server operating system, including:
  • the PXE setting module 11 is used to configure the PXE enable mode of the server to be encrypted mode by default, and guide the server to enter the PXE stage;
  • a scanning module 12 configured to scan the TFTP service corresponding to the server in the network, to determine whether there is a bootstrap program and an operating system mirror program corresponding to the server in the TFTP service;
  • the verification module 13 is used for verifying the operating system mirroring program based on the digital certificate corresponding to the server if the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service;
  • the booting module 14 is configured to run the booting program through the server to boot the operating system mirroring program when the operating system mirroring program passes the verification.
  • this application first configures the PXE enable mode of the server to be encrypted mode by default, and guides the server to enter the PXE stage, and then scans the TFTP service corresponding to the server in the network to determine whether there is a bootstrap in the TFTP service.
  • the program and the operating system mirroring program corresponding to the server if the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, then based on the digital certificate corresponding to the server, the operating system mirroring program is Verification is performed, and when the operating system mirroring program passes the verification, the server is used to run the booting program to guide the operating system mirroring program.
  • the PXE enable mode of the server is configured to be encrypted by default, so that when the server enters the PXE stage, the TFTP server corresponding to the server in the network is scanned, and when it is found that the TFTP server exists in the server.
  • the operating system mirror program will be verified first, and after the operating system mirror program has passed the verification, the boot program will be run to guide the server.
  • the operating system mirroring program compared with the prior art directly running the bootstrap program to guide the operating system mirroring program after discovering the bootstrap program and the operating system mirroring program, firstly verifying the operating system mirroring program can ensure the operating system mirroring Program reliability, avoid booting into malicious mirror programs, and ensure the reliability of the server operating system.
  • the scanning module 12 is used for:
  • the TFTP service exists, it is detected whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service, wherein both the bootstrap program and the operating system mirror program conform to the TFTP specification.
  • the scanning module 12 is used for:
  • the server operating system booting module further includes:
  • a local boot module configured to, when the TFTP service does not exist in the network, or when the TFTP service exists in the network and the boot program and the operating system mirror program do not exist in the TFTP service, A local boot of the operating system of the server is then performed.
  • the server operating system booting module further includes:
  • An information acquisition module configured to acquire the digital certificate and store the digital certificate, wherein the digital certificate includes the public key corresponding to the server.
  • the verification module 13 is used for:
  • the preset algorithm calculates the operating system image program, and encrypts the calculation result with the private key corresponding to the public key;
  • the reference plaintext is compared with the to-be-verified plaintext, and whether the operating system mirroring program passes the verification is determined according to the comparison result.
  • the PXE setting module 11 is used to:
  • the PXE enable mode of the server is configured to be encrypted mode by default.
  • FIG. 5 is a schematic structural diagram of a server 20 provided in an embodiment of the present application
  • the server 20 can specifically implement the steps of the server operating system booting method disclosed in the foregoing embodiments.
  • the server 20 in this embodiment includes: a processor 21 and a memory 22 .
  • the processor 21 may include one or more processing cores, such as a quad-core processor, an octa-core processor, and the like.
  • the processor 21 can be implemented by at least one hardware selected from DSP (digital signal processing, digital signal processing), FPGA (field-programmable gate array, field programmable array), and PLA (programmable logic array, programmable logic array).
  • the processor 21 may also include a main processor and a co-processor.
  • the main processor is a processor used to process data in the wake-up state, also called CPU (central processing unit, central processing unit); the co-processor is A low-power processor for processing data in a standby state.
  • the processor 21 may be integrated with a GPU (graphics processing unit, image processor), and the GPU is used for rendering and drawing the images required to be displayed on the display screen.
  • the processor 21 may include an AI (artificial intelligence, artificial intelligence) processor for processing computing operations related to machine learning.
  • Memory 22 may include one or more computer-readable storage media, which may be non-transitory. Memory 22 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash storage devices. In this embodiment, the memory 22 is used to store at least the following computer program 221 , wherein, after the computer program is loaded and executed by the processor 21 , the steps of the server operating system booting method disclosed in any of the foregoing embodiments can be implemented.
  • the server 20 may further include an input/output interface 23 , a communication interface 24 , a sensor 25 , a power supply 26 and a communication bus 27 .
  • FIG. 5 does not constitute a limitation on the server 20, and may include more or less components than those shown.
  • an embodiment of the present application further discloses a computer-readable storage medium for storing a computer program, wherein when the computer program is executed by a processor, the server operating system booting method disclosed in any of the foregoing embodiments is implemented.
  • a software module can be placed in random access memory (RAM), internal memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other in the technical field. in any other known form of storage medium.
  • RAM random access memory
  • ROM read only memory
  • electrically programmable ROM electrically erasable programmable ROM
  • registers hard disk, removable disk, CD-ROM, or any other in the technical field. in any other known form of storage medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Disclosed in the present application are a server operation system guiding method and apparatus a device, and a medium. The method comprises: configuring a PXE enabling mode of a server by default as an encryption mode, and guiding the server to enter a PXE phase; scanning a TFTP service corresponding to the server in a network to determine whether a bootstrap program and an operation system image program corresponding to the server are present in the TFTP service; if the bootstrap program and the operation system image program corresponding to the server are present in the TFTP service, verifying the operation system image program on the basis of a digital certificate corresponding to the server; and when the operation system image program passes the verification, running the bootstrap program by the server to guide the operation system image program. In this way, first verifying an operation system image program can ensure the reliability of the operation system image program, avoid guidance to a malicious image program, and ensure the reliability of a server operation system.

Description

一种服务器操作系统引导方法、装置、设备及介质A server operating system booting method, device, device and medium
本申请要求在2021年01月20日提交中国专利局、申请号为202110076353.X、发明名称为“一种服务器操作系统引导方法、装置、设备及介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on January 20, 2021, with the application number 202110076353.X and the invention titled "A server operating system booting method, device, device and medium", all of which are The contents are incorporated herein by reference.
技术领域technical field
本申请涉及服务器技术领域,特别涉及一种服务器操作系统引导方法、装置、设备、介质。The present application relates to the technical field of servers, and in particular, to a method, apparatus, device, and medium for booting a server operating system.
背景技术Background technique
随着信息技术的发展,信息化程度的不断提高,信息安全越来越受到广泛关注,特别是服务器的安全。服务器在管理过程中,为了保证服务器运行的系统是可控的,服务器在开机时通过BIOS(Basic Input Output System,基本输入输出系统)对OS(operation system,操作系统)进行引导,BIOS首先引导PXE(Preboot eXecution Environment,预启动执行环境)进行网络启动。在现有的服务器操作系统引导过程中存在网络启动项便直接进行加载,这可能引导出不安全的服务器的操作系统,从而使得整个服务器的操作系统不可靠。With the development of information technology and the continuous improvement of the degree of informatization, information security has received more and more attention, especially the security of the server. During the management process of the server, in order to ensure that the system running on the server is controllable, the server boots the OS (operation system) through the BIOS (Basic Input Output System) when it is powered on, and the BIOS first boots the PXE (Preboot eXecution Environment, pre-boot execution environment) for network boot. In the existing server operating system booting process, the network boot item is directly loaded, which may lead to an unsafe server operating system, thereby making the entire server operating system unreliable.
因此,如何保证服务器的操作系统引导的可靠性是本领域技术人员要解决的重要问题。Therefore, how to ensure the reliability of the operating system booting of the server is an important problem to be solved by those skilled in the art.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本申请的目的在于提供一种服务器操作系统引导方法、装置、设备、介质,能够保证引导出的服务器操作系统的可靠性。其具体方案如下:In view of this, the purpose of the present application is to provide a server operating system booting method, apparatus, device, and medium, which can ensure the reliability of the booted server operating system. Its specific plan is as follows:
第一方面,本申请公开了一种服务器操作系统引导方法,包括:In a first aspect, the present application discloses a method for booting a server operating system, including:
将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段;Configure the PXE enable mode of the server to be encrypted mode by default, and guide the server to enter the PXE stage;
对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务 中是否存在引导程序和所述服务器对应的操作系统镜像程序;Scan the TFTP service corresponding to the server in the network to determine whether there is a bootstrap and the operating system mirroring program corresponding to the server in the TFTP service;
如果所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验;If the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, verifying the operating system mirroring program based on the digital certificate corresponding to the server;
在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。When the operating system mirroring program passes the verification, the server is used to run the booting program to boot the operating system mirroring program.
可选地,所述对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,包括:Optionally, the scanning of the TFTP service corresponding to the server in the network to determine whether there is a boot program and an operating system mirroring program corresponding to the server in the TFTP service, including:
对网络中所述服务器对应的TFTP服务进行扫描;Scan the TFTP service corresponding to the server in the network;
如果存在所述TFTP服务,则检测所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,其中,所述引导程序和所述操作系统镜像程序均符合TFTP规范。If the TFTP service exists, it is detected whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service, wherein both the bootstrap program and the operating system mirror program conform to the TFTP specification.
可选地,所述检测所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,包括:Optionally, the detecting whether there is a bootstrap program and an operating system mirroring program corresponding to the server in the TFTP service includes:
对所述TFTP服务中的default目录下的所有文件进行检测,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序。Detecting all files in the default directory in the TFTP service to determine whether a boot program and an operating system mirroring program corresponding to the server exist in the TFTP service.
可选地,所述对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序之后,还包括:Optionally, after scanning the TFTP service corresponding to the server in the network to determine whether there is a bootloader and an operating system mirroring program corresponding to the server in the TFTP service, the method further includes:
如果所述网络中不存在所述TFTP服务,或,所述网络中存在所述TFTP服务且所述TFTP服务中不存在所述引导程序和所述操作系统镜像程序,则进行所述服务器的操作系统的本地引导。If the TFTP service does not exist in the network, or, the TFTP service exists in the network and the boot program and the operating system mirroring program do not exist in the TFTP service, perform the operation of the server Local boot of the system.
可选地,所述将服务器的PXE启用模式默认配置为加密模式之后,还包括:Optionally, after the PXE enable mode of the server is configured to be the encryption mode by default, the method further includes:
获取所述数字证书,并对所述数字证书进行存储,其中,所述数字证书中包括所述服务器对应的公钥。Acquire the digital certificate, and store the digital certificate, wherein the digital certificate includes the public key corresponding to the server.
可选地,所述基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验,包括:Optionally, the verification of the operating system mirroring program based on the digital certificate corresponding to the server includes:
利用所述数字证书中的所述公钥对所述操作系统镜像程序对应的签名文 件进行解密,得到参考明文,其中,所述签名文件存储在所述TFTP服务中,且所述签名文件为利用预设算法对所述操作系统镜像程序进行计算,并利用所述公钥对应的私钥对计算结果进行加密得到;Use the public key in the digital certificate to decrypt the signature file corresponding to the operating system image program to obtain the reference plaintext, wherein the signature file is stored in the TFTP service, and the signature file is a The preset algorithm calculates the operating system image program, and encrypts the calculation result with the private key corresponding to the public key;
利用所述预设算法对所述操作系统镜像程序进行处理,得到待验证明文;Using the preset algorithm to process the operating system image program to obtain the plaintext to be verified;
将所述参考明文与所述待验证明文进行比对,并根据比对结果判断所述操作系统镜像程序是否通过校验。The reference plaintext is compared with the to-be-verified plaintext, and whether the operating system mirroring program passes the verification is determined according to the comparison result.
可选地,所述将服务器的PXE启用模式默认配置为加密模式,包括:Optionally, the default configuration of the PXE enable mode of the server to the encryption mode includes:
在所述服务器的BIOS setup页面中将所述服务器的PXE启用模式默认配置为加密模式。In the BIOS setup page of the server, the PXE enable mode of the server is configured to be encrypted mode by default.
第二方面,本申请公开了一种服务器操作系统引导装置,包括:In a second aspect, the present application discloses a server operating system booting device, including:
PXE设置模块,用于将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段;The PXE setting module is used to configure the PXE enable mode of the server to the encryption mode by default, and guide the server to enter the PXE stage;
扫描模块,用于对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序;a scanning module, configured to scan the TFTP service corresponding to the server in the network, to determine whether there is a bootstrap program and an operating system mirror program corresponding to the server in the TFTP service;
校验模块,用于在所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验;a verification module, configured to verify the operating system mirroring program based on the digital certificate corresponding to the server if the bootstrap program and the operating system mirroring program corresponding to the server exist in the TFTP service;
引导模块,用于在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。A booting module, configured to run the booting program through the server to boot the operating system mirroring program when the operating system mirroring program passes the verification.
第三方面,本申请公开了一种服务器,包括:In a third aspect, the present application discloses a server, including:
存储器和处理器;memory and processor;
其中,所述存储器,用于存储计算机程序;Wherein, the memory is used to store computer programs;
所述处理器,用于执行所述计算机程序,以实现前述公开的服务器操作系统引导方法。The processor is configured to execute the computer program to implement the aforementioned method for booting a server operating system.
第四方面,本申请公开了一种计算机可读存储介质,用于保存计算机程序,其中,所述计算机程序被处理器执行时实现前述公开的服务器操作系统引导方法。In a fourth aspect, the present application discloses a computer-readable storage medium for storing a computer program, wherein when the computer program is executed by a processor, the aforementioned method for booting a server operating system is implemented.
可见,本申请先将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段,然后对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系 统镜像程序,如果所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验,在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。由此可见,本申请中将服务器的PXE启用模式默认配置成加密模式,这样在服务器进入PXE阶段时,对网络中所述服务器对应的TFTP服务器进行扫描,当发现所述TFTP服务器存在所述服务器对应的引导程序和操作系统镜像程序时,便会先对所述操作系统镜像程序进行校验,在所述操作系统镜像程序通过校验后,才运行所述引导程序为所述服务器引导所述操作系统镜像程序,相比于现有技术中在发现引导程序和操作系统镜像程序后直接运行引导程序引导操作系统镜像程序来说,先进行操作系统镜像程序的校验可以保证所述操作系统镜像程序的可靠性,避免引导到恶意镜像程序,保证了服务器操作系统的可靠性。It can be seen that this application first configures the PXE enable mode of the server to be encrypted mode by default, and guides the server to enter the PXE stage, and then scans the TFTP service corresponding to the server in the network to determine whether there is a bootstrap in the TFTP service. The program and the operating system mirroring program corresponding to the server, if the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, then based on the digital certificate corresponding to the server, the operating system mirroring program is Verification is performed, and when the operating system mirroring program passes the verification, the server is used to run the booting program to guide the operating system mirroring program. It can be seen that in this application, the PXE enable mode of the server is configured to be encrypted by default, so that when the server enters the PXE stage, the TFTP server corresponding to the server in the network is scanned, and when it is found that the TFTP server exists in the server When the corresponding boot program and operating system mirror program are used, the operating system mirror program will be verified first, and after the operating system mirror program has passed the verification, the boot program will be run to guide the server. The operating system mirroring program, compared with the prior art directly running the bootstrap program to guide the operating system mirroring program after discovering the bootstrap program and the operating system mirroring program, firstly verifying the operating system mirroring program can ensure the operating system mirroring Program reliability, avoid booting into malicious mirror programs, and ensure the reliability of the server operating system.
附图说明Description of drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings required for the description of the embodiments or the prior art. Obviously, the drawings in the following description are only It is an embodiment of the present application. For those of ordinary skill in the art, other drawings can also be obtained according to the provided drawings without any creative effort.
图1为本申请公开的一种服务器操作系统引导方法流程图;1 is a flowchart of a method for booting a server operating system disclosed in the application;
图2为本申请公开的一种具体的服务器操作系统引导方法流程图;2 is a flowchart of a specific server operating system booting method disclosed in the application;
图3为本申请公开的一种具体的服务器操作系统引导方法流程图;3 is a flowchart of a specific server operating system booting method disclosed in the application;
图4为本申请公开的一种服务器操作系统引导装置结构示意图;4 is a schematic structural diagram of a server operating system boot device disclosed in the present application;
图5为本申请公开的一种服务器结构示意图。FIG. 5 is a schematic structural diagram of a server disclosed in this application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
目前,在PXE模式下对服务器的操作系统进行引导时,只要发现引导程序 和操作系统的镜像程序便直接有引导程序引导操作系统的镜像程序,这可能引导出不安全的服务器的操作系统,从而使得整个服务器的操作系统不可靠。有鉴于此,本申请提出了一种服务器操作系统引导方法,能够保证引导出的服务器操作系统的可靠性。At present, when the operating system of the server is booted in PXE mode, as long as the boot program and the mirror program of the operating system are found, the mirror program of the boot program to boot the operating system is directly available, which may lead to the operating system of the unsafe server. Makes the entire server's operating system unreliable. In view of this, the present application proposes a method for booting a server operating system, which can ensure the reliability of the booted server operating system.
参见图1所示,本申请实施例公开了一种服务器操作系统引导方法,该方法包括:Referring to FIG. 1 , an embodiment of the present application discloses a method for booting a server operating system, which includes:
步骤S11:将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段。Step S11: Configure the PXE enable mode of the server to be the encryption mode by default, and guide the server to enter the PXE stage.
在具体的实施过程中,需要先将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段。首先将所述服务器的PXE启用模式默认配置为加密模式,也即,所述服务器进入PXE模式时,默认采用加密模式进行操作系统引导。In a specific implementation process, it is necessary to first configure the PXE enable mode of the server to be encrypted mode by default, and guide the server to enter the PXE stage. First, the PXE enable mode of the server is configured to be encrypted mode by default, that is, when the server enters the PXE mode, the encrypted mode is used to boot the operating system by default.
具体的,将所述服务器的PXE启用模式默认设置为加密模式,具体可以包括:在所述服务器的BIOS setup页面中将所述服务器的PXE启用模式默认配置为加密模式。Specifically, setting the PXE enable mode of the server to the encryption mode by default may specifically include: configuring the PXE enable mode of the server to the encryption mode by default in the BIOS setup page of the server.
步骤S12:对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序。Step S12: Scan the TFTP service corresponding to the server in the network to determine whether a boot program and an operating system image program corresponding to the server exist in the TFTP service.
相应地,在所述服务器进入PXE模式之后,便会对网络中所述服务器对应的TFTP(Trivial File Transfer Protocol,简单文件传输协议)服务进行扫描,以便确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序。其中,所述引导程序用于对所述服务器对应的操作系统镜像程序进行引导,所述操作系统镜像程序用于安装所述服务器的操作系统。Correspondingly, after the server enters the PXE mode, the TFTP (Trivial File Transfer Protocol, Simple File Transfer Protocol) service corresponding to the server in the network is scanned, so as to determine whether there is a bootstrap and a TFTP service in the TFTP service. The operating system mirroring program corresponding to the server. Wherein, the boot program is used to guide the operating system mirror program corresponding to the server, and the operating system mirror program is used to install the operating system of the server.
步骤S13:如果所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验。Step S13: If the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, verify the operating system mirroring program based on the digital certificate corresponding to the server.
可以理解的是,如果所述TFTP服务中存在所述引导程序和所述服务器对对应的操作系统镜像程序,则需要基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验。It can be understood that, if the boot program and the operating system mirroring program corresponding to the server pair exist in the TFTP service, the operating system mirroring program needs to be verified based on the digital certificate corresponding to the server.
在实际过程中,所述操作系统镜像程序可能存在威胁信息,如果直接对所述操作系统镜像程序进行引导,则会影响所述服务器的操作系统的可靠性, 所以需要先基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验,以便确定所述操作系统镜像文件的可靠性。In the actual process, the operating system mirroring program may have threat information. If the operating system mirroring program is directly booted, the reliability of the operating system of the server will be affected. The digital certificate verifies the operating system image program, so as to determine the reliability of the operating system image file.
步骤S14:在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。Step S14: When the operating system mirroring program passes the verification, run the booting program through the server to boot the operating system mirroring program.
可以理解的是,当所述操作系统镜像文件通过校验时,表明所述操作系统镜像文件可靠,所以可对所述操作系统镜像文件进行引导,所述服务器可以运行所述引导程序,以引导所述操作系统镜像程序。如果所述操作系统镜像程序未通过校验,则表明所述操作系统镜像程序不可靠,不对所述操作系统镜像程序进行引导。It can be understood that when the operating system image file passes the verification, it indicates that the operating system image file is reliable, so the operating system image file can be booted, and the server can run the boot program to boot the operating system image file. the operating system mirroring program. If the operating system mirroring program fails the verification, it indicates that the operating system mirroring program is unreliable, and the operating system mirroring program is not to be booted.
可见,本申请先将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段,然后对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,如果所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验,在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。由此可见,本申请中将服务器的PXE启用模式默认配置成加密模式,这样在服务器进入PXE阶段时,对网络中所述服务器对应的TFTP服务器进行扫描,当发现所述TFTP服务器存在所述服务器对应的引导程序和操作系统镜像程序时,便会先对所述操作系统镜像程序进行校验,在所述操作系统镜像程序通过校验后,才运行所述引导程序为所述服务器引导所述操作系统镜像程序,相比于现有技术中在发现引导程序和操作系统镜像程序后直接运行引导程序引导操作系统镜像程序来说,先进行操作系统镜像程序的校验可以保证所述操作系统镜像程序的可靠性,避免引导到恶意镜像程序,保证了服务器操作系统的可靠性。It can be seen that this application first configures the PXE enable mode of the server to be encrypted mode by default, and guides the server to enter the PXE stage, and then scans the TFTP service corresponding to the server in the network to determine whether there is a bootstrap in the TFTP service. The program and the operating system mirroring program corresponding to the server, if the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, then based on the digital certificate corresponding to the server, the operating system mirroring program is Verification is performed, and when the operating system mirroring program passes the verification, the server is used to run the booting program to guide the operating system mirroring program. It can be seen that in this application, the PXE enable mode of the server is configured to be encrypted by default, so that when the server enters the PXE stage, the TFTP server corresponding to the server in the network is scanned, and when it is found that the TFTP server exists in the server When the corresponding boot program and operating system mirror program are used, the operating system mirror program will be verified first, and after the operating system mirror program has passed the verification, the boot program will be run to guide the server. The operating system mirroring program, compared with the prior art directly running the bootstrap program to guide the operating system mirroring program after discovering the bootstrap program and the operating system mirroring program, firstly verifying the operating system mirroring program can ensure the operating system mirroring Program reliability, avoid booting into malicious mirror programs, and ensure the reliability of the server operating system.
参见图2所示,本申请实施例公开了一种具体的服务器操作系统引导方法,该方法包括:Referring to FIG. 2 , an embodiment of the present application discloses a specific server operating system booting method, and the method includes:
步骤S21:将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段。Step S21: Configure the PXE enable mode of the server to be the encryption mode by default, and guide the server to enter the PXE stage.
在实际应用中,在将服务器的PXE启用模式默认配置为加密模式之后, 还包括:获取所述数字证书,并对所述数字证书进行存储,其中,所述数字证书中包括所述服务器对应的公钥。In a practical application, after configuring the PXE enable mode of the server to be the encryption mode by default, the method further includes: acquiring the digital certificate and storing the digital certificate, wherein the digital certificate includes the corresponding data of the server. public key.
步骤S22:对网络中所述服务器对应的TFTP服务进行扫描。Step S22: Scan the TFTP service corresponding to the server in the network.
在引导所述服务器进入PXE模式之后,便需要对网络中所述服务器对应的TFTP服务进行扫描,如果不存在所述TFTP服务,则直接进行所述服务器的操作系统的本地引导。如果存在所述TFTP服务,则可以继续进行后面的网络引导。After the server is booted into the PXE mode, it is necessary to scan the TFTP service corresponding to the server in the network, and if the TFTP service does not exist, the local boot of the operating system of the server is directly performed. If the TFTP service exists, the subsequent network boot can be continued.
步骤S23:如果存在所述TFTP服务,则检测所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,其中,所述引导程序和所述操作系统镜像程序均符合TFTP规范。Step S23: If the TFTP service exists, detect whether there is a bootstrap program and an operating system mirroring program corresponding to the server in the TFTP service, wherein both the bootstrap program and the operating system mirroring program conform to the TFTP specification.
如果存在所述TFTP服务,则检测所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,其中,所述引导程序和所述操作系统镜像程序均符合TFTP规范。If the TFTP service exists, it is detected whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service, wherein both the bootstrap program and the operating system mirror program conform to the TFTP specification.
具体的,可以检测所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,包括:对所述TFTP服务中的default目录下的所有文件进行检测,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序。也即,一般将所述引导程序和所述操作系统镜像程序根据TFTP规范放置到所述TFTP服务中的default目录下,所以在发现所述TFTP服务之后,可以对所述TFTP服务中的default目录下的所有文件进行检测,以确定所述TFTP服务中是否存在所述引导程序和所述操作系统镜像程序。Specifically, detecting whether a bootstrap program and an operating system mirroring program corresponding to the server exist in the TFTP service may include: detecting all files in the default directory in the TFTP service to determine whether the TFTP service is in the Whether there is a boot program and an operating system mirroring program corresponding to the server. That is, the boot program and the operating system mirror program are generally placed in the default directory in the TFTP service according to the TFTP specification, so after the TFTP service is discovered, the default directory in the TFTP service can be All files below are detected to determine whether the boot program and the operating system image program exist in the TFTP service.
步骤S24:如果所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验。Step S24: If the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, verify the operating system mirroring program based on the digital certificate corresponding to the server.
如果所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验。If the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, the operating system mirroring program is verified based on the digital certificate corresponding to the server.
具体的,基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验,包括:利用所述数字证书中的所述公钥对所述操作系统镜像程序对应的签名文件进行解密,得到参考明文,其中,所述签名文件存储在所述TFTP服务中,且所述签名文件为利用预设算法对所述操作系统镜像程序进行计算, 并利用所述公钥对应的私钥对计算结果进行加密得到;利用所述预设算法对所述操作系统镜像程序进行处理,得到待验证明文;将所述参考明文与所述待验证明文进行比对,并根据比对结果判断所述操作系统镜像程序是否通过校验。其中,所述预设算法为MD5算法等。Specifically, verifying the operating system image program based on the digital certificate corresponding to the server includes: decrypting the signature file corresponding to the operating system image program by using the public key in the digital certificate, to obtain Refer to the plaintext, wherein the signature file is stored in the TFTP service, and the signature file is calculated by using a preset algorithm for the operating system image program, and the private key corresponding to the public key is used to pair the calculation results. Perform encryption to obtain; use the preset algorithm to process the operating system image program to obtain the plaintext to be verified; compare the reference plaintext with the plaintext to be verified, and judge the operating system according to the comparison result Whether the mirroring program passes the verification. Wherein, the preset algorithm is an MD5 algorithm or the like.
也即,在将所述操作系统镜像程序存放到所述TFTP服务中时,先利用所述预设算法对所述操作系统镜像程序进行计算,得到计算结果,然后利用所述数字证书中的公钥对应的私钥对所述计算结果进行加密,得到所述签名文件,并将所述签名文件、所述操作系统镜像文件和所述引导程序存放到所述TFTP服务中的default目录下,所以先利用所述数字证书中的所述公钥对所述操作系统镜像程序对应的签名文件进行解密,得到参考明文,然后利用所述预设算法对所述操作系统镜像程序进行处理,得到待验证明文,将所述参考明文与所述待验证明文进行比对,并根据比对结果判断所述操作系统镜像程序是否通过校验。That is, when storing the operating system image program in the TFTP service, first use the preset algorithm to calculate the operating system image program to obtain the calculation result, and then use the public data in the digital certificate to calculate the operating system image program. The private key corresponding to the key encrypts the calculation result, obtains the signature file, and stores the signature file, the operating system image file and the boot program in the default directory in the TFTP service, so First use the public key in the digital certificate to decrypt the signature file corresponding to the operating system mirroring program to obtain the reference plaintext, and then use the preset algorithm to process the operating system mirroring program to obtain the to-be-verified plaintext, compare the reference plaintext with the to-be-verified plaintext, and determine whether the operating system mirroring program passes the verification according to the comparison result.
步骤S25:在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。Step S25: When the operating system mirroring program passes the verification, run the booting program through the server to boot the operating system mirroring program.
如果所述比对结果一致,则表明所述操作系统镜像程序校验通过,如果所述比对结果不一致,则表明所述操作系统镜像程序校验不通过。如果所述操作系统镜像程序通过校验时,则所述服务器运行所述引导程序,以引导所述操作系统镜像程序。If the comparison results are consistent, it indicates that the operating system mirror program has passed the verification, and if the comparison results are inconsistent, it indicates that the operating system mirror program has failed the verification. If the operating system mirroring program passes the verification, the server runs the booting program to boot the operating system mirroring program.
步骤S26:如果所述网络中不存在所述TFTP服务,或,所述网络中存在所述TFTP服务且所述TFTP服务中不存在所述引导程序和所述操作系统镜像程序,则进行所述服务器的操作系统的本地引导。Step S26: If the TFTP service does not exist in the network, or, the TFTP service exists in the network and the boot program and the operating system image program do not exist in the TFTP service, perform the Local boot of the server's operating system.
如果所述网络中不存在所述TFTP服务,或,所述网络中存在所述TFTP服务且所述TFTP服务中不存在所述引导程序和所述操作系统镜像程序,则进行所述服务器的操作系统的本地引导。If the TFTP service does not exist in the network, or, the TFTP service exists in the network and the boot program and the operating system mirroring program do not exist in the TFTP service, perform the operation of the server Local boot of the system.
除了所述加密模式之外,所述服务器的PXE启用模式还可以设置为非加密模式,其中,非加密模式与现有技术的中服务器的操作系统引导方式相同。也即,在非加密模式下,服务器进入PXE模式之后,检测TFTP服务,若在TFTP服务中检测到引导程序和所述服务器对应的操作系统镜像程序,则直接运行所述引导程序,引导所述操作系统镜像程序,如果未检测到TFTP服务或所述 TFTP服务中不存在所述引导程序和所述操作系统镜像程序,则进行所述服务器的操作系统的本地引导。In addition to the encryption mode, the PXE enabling mode of the server may also be set to a non-encryption mode, wherein the non-encryption mode is the same as the booting method of the operating system of the server in the prior art. That is, in the non-encrypted mode, after the server enters the PXE mode, the TFTP service is detected, and if the boot program and the operating system mirror program corresponding to the server are detected in the TFTP service, the boot program is directly run to guide the The operating system mirroring program, if the TFTP service is not detected or the booting program and the operating system mirroring program do not exist in the TFTP service, perform local booting of the operating system of the server.
参见图3所示,为服务器操作系统引导流程图。针对服务器的PXE启用两种模式,加密模式和非加密模式,默认启用加密模式,具体在BIOS steup页面进行配置,启用加密模式后,BIOS引导到PXE阶段,对网络中的TFTP服务器进行扫描,检测到存在TFTP服务时,检测是否存在引导程序,如果存在引导程序,对引导程序对应的操作系统镜像程序根据数字证书进行校验,校验通过,则对引导程序继续进行加载,引导程序运行。Referring to FIG. 3 , it is a flowchart for booting the server operating system. Two modes are enabled for the PXE of the server, encrypted mode and non-encrypted mode. The encrypted mode is enabled by default, which is configured on the BIOS steup page. After the encrypted mode is enabled, the BIOS boots to the PXE stage to scan and detect the TFTP server in the network. When the TFTP service exists, it is detected whether there is a bootstrap program. If there is a bootstrap program, the operating system image program corresponding to the bootstrap program is verified according to the digital certificate. If the verification passes, the bootstrap program continues to be loaded and the bootstrap program runs.
参见图4所示,本申请实施例公开了一种服务器操作系统引导装置,包括:Referring to FIG. 4 , an embodiment of the present application discloses a device for booting a server operating system, including:
PXE设置模块11,用于将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段;The PXE setting module 11 is used to configure the PXE enable mode of the server to be encrypted mode by default, and guide the server to enter the PXE stage;
扫描模块12,用于对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序;A scanning module 12, configured to scan the TFTP service corresponding to the server in the network, to determine whether there is a bootstrap program and an operating system mirror program corresponding to the server in the TFTP service;
校验模块13,用于在所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验;The verification module 13 is used for verifying the operating system mirroring program based on the digital certificate corresponding to the server if the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service;
引导模块14,用于在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。The booting module 14 is configured to run the booting program through the server to boot the operating system mirroring program when the operating system mirroring program passes the verification.
可见,本申请先将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段,然后对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,如果所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验,在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。由此可见,本申请中将服务器的PXE启用模式默认配置成加密模式,这样在服务器进入PXE阶段时,对网络中所述服务器对应的TFTP服务器进行扫描,当发现所述TFTP服务器存在所述服务器对应的引导程序和操作系统镜像程序时,便会先对所述操作系统镜像程序进 行校验,在所述操作系统镜像程序通过校验后,才运行所述引导程序为所述服务器引导所述操作系统镜像程序,相比于现有技术中在发现引导程序和操作系统镜像程序后直接运行引导程序引导操作系统镜像程序来说,先进行操作系统镜像程序的校验可以保证所述操作系统镜像程序的可靠性,避免引导到恶意镜像程序,保证了服务器操作系统的可靠性。It can be seen that this application first configures the PXE enable mode of the server to be encrypted mode by default, and guides the server to enter the PXE stage, and then scans the TFTP service corresponding to the server in the network to determine whether there is a bootstrap in the TFTP service. The program and the operating system mirroring program corresponding to the server, if the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, then based on the digital certificate corresponding to the server, the operating system mirroring program is Verification is performed, and when the operating system mirroring program passes the verification, the server is used to run the booting program to guide the operating system mirroring program. It can be seen that in this application, the PXE enable mode of the server is configured to be encrypted by default, so that when the server enters the PXE stage, the TFTP server corresponding to the server in the network is scanned, and when it is found that the TFTP server exists in the server When the corresponding boot program and operating system mirror program are used, the operating system mirror program will be verified first, and after the operating system mirror program has passed the verification, the boot program will be run to guide the server. The operating system mirroring program, compared with the prior art directly running the bootstrap program to guide the operating system mirroring program after discovering the bootstrap program and the operating system mirroring program, firstly verifying the operating system mirroring program can ensure the operating system mirroring Program reliability, avoid booting into malicious mirror programs, and ensure the reliability of the server operating system.
在一些具体的实施过程中,所述扫描模块12,用于:In some specific implementation processes, the scanning module 12 is used for:
对网络中所述服务器对应的TFTP服务进行扫描;Scan the TFTP service corresponding to the server in the network;
如果存在所述TFTP服务,则检测所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,其中,所述引导程序和所述操作系统镜像程序均符合TFTP规范。If the TFTP service exists, it is detected whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service, wherein both the bootstrap program and the operating system mirror program conform to the TFTP specification.
在一些具体的实施过程中,所述扫描模块12,用于:In some specific implementation processes, the scanning module 12 is used for:
对所述TFTP服务中的default目录下的所有文件进行检测,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序。Detecting all files in the default directory in the TFTP service to determine whether a boot program and an operating system mirroring program corresponding to the server exist in the TFTP service.
在一些具体的实施过程中,所述服务器操作系统引导模块,还包括:In some specific implementation processes, the server operating system booting module further includes:
本地引导模块,用于在所述网络中不存在所述TFTP服务,或,所述网络中存在所述TFTP服务且所述TFTP服务中不存在所述引导程序和所述操作系统镜像程序时,则进行所述服务器的操作系统的本地引导。a local boot module, configured to, when the TFTP service does not exist in the network, or when the TFTP service exists in the network and the boot program and the operating system mirror program do not exist in the TFTP service, A local boot of the operating system of the server is then performed.
在一些具体的实施过程中,所述服务器操作系统引导模块,还包括:In some specific implementation processes, the server operating system booting module further includes:
信息获取模块,用于获取所述数字证书,并对所述数字证书进行存储,其中,所述数字证书中包括所述服务器对应的公钥。An information acquisition module, configured to acquire the digital certificate and store the digital certificate, wherein the digital certificate includes the public key corresponding to the server.
在一些具体的实施过程中,所述校验模块13,用于:In some specific implementation processes, the verification module 13 is used for:
利用所述数字证书中的所述公钥对所述操作系统镜像程序对应的签名文件进行解密,得到参考明文,其中,所述签名文件存储在所述TFTP服务中,且所述签名文件为利用预设算法对所述操作系统镜像程序进行计算,并利用所述公钥对应的私钥对计算结果进行加密得到;Use the public key in the digital certificate to decrypt the signature file corresponding to the operating system image program to obtain the reference plaintext, wherein the signature file is stored in the TFTP service, and the signature file is a The preset algorithm calculates the operating system image program, and encrypts the calculation result with the private key corresponding to the public key;
利用所述预设算法对所述操作系统镜像程序进行处理,得到待验证明文;Using the preset algorithm to process the operating system image program to obtain the plaintext to be verified;
将所述参考明文与所述待验证明文进行比对,并根据比对结果判断所述操作系统镜像程序是否通过校验。The reference plaintext is compared with the to-be-verified plaintext, and whether the operating system mirroring program passes the verification is determined according to the comparison result.
在一些具体的实施过程中,所述PXE设置模块11,用于:In some specific implementation processes, the PXE setting module 11 is used to:
在所述服务器的BIOS setup页面中将所述服务器的PXE启用模式默认配 置为加密模式。In the BIOS setup page of the server, the PXE enable mode of the server is configured to be encrypted mode by default.
参见图5所示,为本申请实施例提供的一种服务器20的结构示意图,该服务器20具体可以实现前述实施例中公开的服务器操作系统引导方法步骤。Referring to FIG. 5 , which is a schematic structural diagram of a server 20 provided in an embodiment of the present application, the server 20 can specifically implement the steps of the server operating system booting method disclosed in the foregoing embodiments.
通常,本实施例中的服务器20包括:处理器21和存储器22。Generally, the server 20 in this embodiment includes: a processor 21 and a memory 22 .
其中,处理器21可以包括一个或多个处理核心,比如四核心处理器、八核心处理器等。处理器21可以采用DSP(digital signal processing,数字信号处理)、FPGA(field-programmable gate array,现场可编程们阵列)、PLA(programmable logic array,可编程逻辑阵列)中的至少一种硬件来实现。处理器21也可以包括主处理器和协处理器,主处理器是用于对在唤醒状态下的数据进行处理的处理器,也称CPU(central processing unit,中央处理器);协处理器是用于对在待机状态下的数据进行处理的低功耗处理器。在一些实施例中,处理器21可以集成有GPU(graphics processing unit,图像处理器),GPU用于负责显示屏所需要显示的图像的渲染和绘制。一些实施例中,处理器21可以包括AI(artificial intelligence,人工智能)处理器,该AI处理器用于处理有关机器学习的计算操作。The processor 21 may include one or more processing cores, such as a quad-core processor, an octa-core processor, and the like. The processor 21 can be implemented by at least one hardware selected from DSP (digital signal processing, digital signal processing), FPGA (field-programmable gate array, field programmable array), and PLA (programmable logic array, programmable logic array). . The processor 21 may also include a main processor and a co-processor. The main processor is a processor used to process data in the wake-up state, also called CPU (central processing unit, central processing unit); the co-processor is A low-power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (graphics processing unit, image processor), and the GPU is used for rendering and drawing the images required to be displayed on the display screen. In some embodiments, the processor 21 may include an AI (artificial intelligence, artificial intelligence) processor for processing computing operations related to machine learning.
存储器22可以包括一个或多个计算机可读存储介质,计算机可读存储介质可以是非暂态的。存储器22还可以包括高速随机存取存储器,以及非易失性存储器,比如一个或多个磁盘存储设备、闪存存储设备。本实施例中,存储器22至少用于存储以下计算机程序221,其中,该计算机程序被处理器21加载并执行之后,能够实现前述任一实施例中公开的服务器操作系统引导方法步骤。Memory 22 may include one or more computer-readable storage media, which may be non-transitory. Memory 22 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash storage devices. In this embodiment, the memory 22 is used to store at least the following computer program 221 , wherein, after the computer program is loaded and executed by the processor 21 , the steps of the server operating system booting method disclosed in any of the foregoing embodiments can be implemented.
在一些实施例中,服务器20还可包括有输入输出接口23、通信接口24、传感器25、电源26以及通信总线27。In some embodiments, the server 20 may further include an input/output interface 23 , a communication interface 24 , a sensor 25 , a power supply 26 and a communication bus 27 .
本技术领域人员可以理解,图5中示出的结构并不构成对服务器20的限定,可以包括比图示更多或更少的组件。Those skilled in the art can understand that the structure shown in FIG. 5 does not constitute a limitation on the server 20, and may include more or less components than those shown.
进一步的,本申请实施例还公开了一种计算机可读存储介质,用于保存计算机程序,其中,所述计算机程序被处理器执行时实现前述任一实施例中公开的服务器操作系统引导方法。Further, an embodiment of the present application further discloses a computer-readable storage medium for storing a computer program, wherein when the computer program is executed by a processor, the server operating system booting method disclosed in any of the foregoing embodiments is implemented.
其中,关于上述服务器操作系统引导方法的具体过程可以参考前述实施例中公开的相应内容,在此不再进行赘述。For the specific process of the above-mentioned server operating system booting method, reference may be made to the corresponding content disclosed in the foregoing embodiments, which will not be repeated here.
本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。The various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same or similar parts between the various embodiments may be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method.
结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of a method or algorithm described in conjunction with the embodiments disclosed herein may be directly implemented in hardware, a software module executed by a processor, or a combination of the two. A software module can be placed in random access memory (RAM), internal memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other in the technical field. in any other known form of storage medium.
最后,还需要说明的是,在本文中,诸如第一和第二之类的关系术语仅仅用来将一个实体或者操作与另一个实体或者操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得一系列包含其他要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。Finally, it should also be noted that in this document, relational terms such as first and second are used only to distinguish one entity or operation from another, and do not necessarily require or imply that such entities or operations are There is no such actual relationship or sequence between operations. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a series of processes, methods, articles or devices that incorporate other elements not only include those elements, but also include not explicitly listed or other elements inherent in such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.
以上对本申请所提供的一种服务器操作系统引导方法、装置、设备、介质进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。A method, device, device, and medium for booting a server operating system provided by the present application have been described in detail above. The principles and implementations of the present application are described with specific examples. The descriptions of the above embodiments are only used for Help to understand the method of the present application and its core idea; meanwhile, for those of ordinary skill in the art, according to the idea of the present application, there will be changes in the specific implementation and application scope. In summary, the content of this specification It should not be construed as a limitation of this application.

Claims (10)

  1. 一种服务器操作系统引导方法,其特征在于,包括:A method for booting a server operating system, comprising:
    将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段;Configure the PXE enable mode of the server to be encrypted mode by default, and guide the server to enter the PXE stage;
    对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序;Scan the TFTP service corresponding to the server in the network to determine whether there is a bootstrap program and an operating system mirror program corresponding to the server in the TFTP service;
    如果所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验;If the boot program and the operating system mirroring program corresponding to the server exist in the TFTP service, verifying the operating system mirroring program based on the digital certificate corresponding to the server;
    在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。When the operating system mirroring program passes the verification, the server is used to run the booting program to boot the operating system mirroring program.
  2. 根据权利要求1所述的服务器操作系统引导方法,其特征在于,所述对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,包括:The method for booting a server operating system according to claim 1, wherein the TFTP service corresponding to the server in the network is scanned to determine whether there is a boot program and an operation corresponding to the server in the TFTP service System mirroring programs, including:
    对网络中所述服务器对应的TFTP服务进行扫描;Scan the TFTP service corresponding to the server in the network;
    如果存在所述TFTP服务,则检测所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,其中,所述引导程序和所述操作系统镜像程序均符合TFTP规范。If the TFTP service exists, it is detected whether a bootstrap program and an operating system mirror program corresponding to the server exist in the TFTP service, wherein both the bootstrap program and the operating system mirror program conform to the TFTP specification.
  3. 根据权利要求2所述的服务器操作系统引导方法,其特征在于,所述检测所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序,包括:The method for booting a server operating system according to claim 2, wherein the detecting whether a boot program and an operating system mirroring program corresponding to the server exist in the TFTP service comprises:
    对所述TFTP服务中的default目录下的所有文件进行检测,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序。Detecting all files in the default directory in the TFTP service to determine whether a boot program and an operating system mirroring program corresponding to the server exist in the TFTP service.
  4. 根据权利要求1所述的服务器操作系统引导方法,其特征在于,所述对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序之后,还包括:The method for booting a server operating system according to claim 1, wherein the TFTP service corresponding to the server in the network is scanned to determine whether there is a boot program and an operation corresponding to the server in the TFTP service After the system mirroring program, it also includes:
    如果所述网络中不存在所述TFTP服务,或,所述网络中存在所述TFTP服务且所述TFTP服务中不存在所述引导程序和所述操作系统镜像程序,则进行所述服务器的操作系统的本地引导。If the TFTP service does not exist in the network, or, the TFTP service exists in the network and the boot program and the operating system mirroring program do not exist in the TFTP service, perform the operation of the server Local boot of the system.
  5. 根据权利要求1所述的服务器操作系统引导方法,其特征在于,所述 将服务器的PXE启用模式默认配置为加密模式之后,还包括:The method for booting a server operating system according to claim 1, characterized in that, after the PXE enable mode of the server is configured to be encrypted mode by default, it also includes:
    获取所述数字证书,并对所述数字证书进行存储,其中,所述数字证书中包括所述服务器对应的公钥。Acquire the digital certificate, and store the digital certificate, wherein the digital certificate includes the public key corresponding to the server.
  6. 根据权利要求5所述的服务器操作系统引导方法,其特征在于,所述基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验,包括:The method for booting a server operating system according to claim 5, wherein the verifying the operating system image program based on the digital certificate corresponding to the server comprises:
    利用所述数字证书中的所述公钥对所述操作系统镜像程序对应的签名文件进行解密,得到参考明文,其中,所述签名文件存储在所述TFTP服务中,且所述签名文件为利用预设算法对所述操作系统镜像程序进行计算,并利用所述公钥对应的私钥对计算结果进行加密得到;Use the public key in the digital certificate to decrypt the signature file corresponding to the operating system image program to obtain the reference plaintext, wherein the signature file is stored in the TFTP service, and the signature file is a The preset algorithm calculates the operating system image program, and encrypts the calculation result with the private key corresponding to the public key;
    利用所述预设算法对所述操作系统镜像程序进行处理,得到待验证明文;Using the preset algorithm to process the operating system image program to obtain the plaintext to be verified;
    将所述参考明文与所述待验证明文进行比对,并根据比对结果判断所述操作系统镜像程序是否通过校验。The reference plaintext is compared with the to-be-verified plaintext, and whether the operating system mirroring program passes the verification is judged according to the comparison result.
  7. 根据权利要求1至6任一项所述的服务器操作系统引导方法,其特征在于,所述将服务器的PXE启用模式默认配置为加密模式,包括:The method for booting a server operating system according to any one of claims 1 to 6, wherein the configuring the PXE enable mode of the server to an encryption mode by default includes:
    在所述服务器的BIOS setup页面中将所述服务器的PXE启用模式默认配置为加密模式。In the BIOS setup page of the server, the PXE enable mode of the server is configured to be encrypted mode by default.
  8. 一种服务器操作系统引导装置,其特征在于,包括:A device for booting a server operating system, comprising:
    PXE设置模块,用于将服务器的PXE启用模式默认配置为加密模式,并引导所述服务器进入PXE阶段;The PXE setting module is used to configure the PXE enable mode of the server to the encryption mode by default, and guide the server to enter the PXE stage;
    扫描模块,用于对网络中所述服务器对应的TFTP服务进行扫描,以确定所述TFTP服务中是否存在引导程序和所述服务器对应的操作系统镜像程序;A scanning module, configured to scan the TFTP service corresponding to the server in the network, to determine whether there is a bootstrap program and an operating system mirror program corresponding to the server in the TFTP service;
    校验模块,用于在所述TFTP服务中存在所述引导程序和所述服务器对应的操作系统镜像程序,则基于所述服务器对应的数字证书对所述操作系统镜像程序进行校验;a verification module, configured to verify the operating system mirroring program based on the digital certificate corresponding to the server if the bootstrap program and the operating system mirroring program corresponding to the server exist in the TFTP service;
    引导模块,用于在所述操作系统镜像程序通过校验时,通过所述服务器运行所述引导程序,以引导所述操作系统镜像程序。A booting module, configured to run the booting program through the server to boot the operating system mirroring program when the operating system mirroring program passes the verification.
  9. 一种服务器,其特征在于,包括:A server, characterized in that it includes:
    存储器和处理器;memory and processor;
    其中,所述存储器,用于存储计算机程序;Wherein, the memory is used to store computer programs;
    所述处理器,用于执行所述计算机程序,以实现权利要求1至7任一项 所述的服务器操作系统引导方法。The processor is configured to execute the computer program to implement the server operating system booting method according to any one of claims 1 to 7.
  10. 一种计算机可读存储介质,其特征在于,用于保存计算机程序,其中,所述计算机程序被处理器执行时实现如权利要求1至7任一项所述的服务器操作系统引导方法。A computer-readable storage medium, characterized in that it is used for storing a computer program, wherein when the computer program is executed by a processor, the server operating system booting method according to any one of claims 1 to 7 is implemented.
PCT/CN2021/143306 2021-01-20 2021-12-30 Server operation system guiding method and apparatus, device, and medium WO2022156513A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110076353.XA CN112835628A (en) 2021-01-20 2021-01-20 Server operating system booting method, device, equipment and medium
CN202110076353.X 2021-01-20

Publications (1)

Publication Number Publication Date
WO2022156513A1 true WO2022156513A1 (en) 2022-07-28

Family

ID=75929113

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/143306 WO2022156513A1 (en) 2021-01-20 2021-12-30 Server operation system guiding method and apparatus, device, and medium

Country Status (2)

Country Link
CN (1) CN112835628A (en)
WO (1) WO2022156513A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112817644A (en) * 2021-01-20 2021-05-18 浪潮电子信息产业股份有限公司 Virtual CD driver generation method, device and computer readable storage medium
CN112835628A (en) * 2021-01-20 2021-05-25 浪潮电子信息产业股份有限公司 Server operating system booting method, device, equipment and medium
CN113407943A (en) * 2021-05-28 2021-09-17 浪潮电子信息产业股份有限公司 Server starting method, system and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10372463B1 (en) * 2013-11-27 2019-08-06 EMC IP Holding Company LLC Provisioning a computerized device with an operating system
CN110457073A (en) * 2019-08-13 2019-11-15 北京工业大学 A PXE trusted boot method for pre-boot execution environment of Shenwei server
CN110610091A (en) * 2019-09-12 2019-12-24 江苏域固威芯科技有限公司 Security PXE method based on domestic network platform
CN111159700A (en) * 2019-12-03 2020-05-15 北京工业大学 Computer remote safe starting method and system based on UEFI system
CN112835628A (en) * 2021-01-20 2021-05-25 浪潮电子信息产业股份有限公司 Server operating system booting method, device, equipment and medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7478147B2 (en) * 2005-07-21 2009-01-13 International Business Machines Corporation Method and apparatus for a secure network install

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10372463B1 (en) * 2013-11-27 2019-08-06 EMC IP Holding Company LLC Provisioning a computerized device with an operating system
CN110457073A (en) * 2019-08-13 2019-11-15 北京工业大学 A PXE trusted boot method for pre-boot execution environment of Shenwei server
CN110610091A (en) * 2019-09-12 2019-12-24 江苏域固威芯科技有限公司 Security PXE method based on domestic network platform
CN111159700A (en) * 2019-12-03 2020-05-15 北京工业大学 Computer remote safe starting method and system based on UEFI system
CN112835628A (en) * 2021-01-20 2021-05-25 浪潮电子信息产业股份有限公司 Server operating system booting method, device, equipment and medium

Also Published As

Publication number Publication date
CN112835628A (en) 2021-05-25

Similar Documents

Publication Publication Date Title
WO2022156513A1 (en) Server operation system guiding method and apparatus, device, and medium
US10878096B2 (en) BIOS startup method and data processing method
US10878097B2 (en) BIOS flashing method and BIOS image file processing method
CN109669734B (en) Method and apparatus for starting a device
US9680648B2 (en) Securely recovering a computing device
US8826405B2 (en) Trusting an unverified code image in a computing device
US10943013B2 (en) Maintaining keys for trusted boot code
CN102270288B (en) Method for performing trusted boot on operation system based on reverse integrity verification
KR101402542B1 (en) Persistent security system and method
US11269984B2 (en) Method and apparatus for securing user operation of and access to a computer system
TW201310344A (en) Authentication method for accessing profile of basic input/output system
JP6391439B2 (en) Information processing apparatus, server apparatus, information processing system, control method, and computer program
US12003960B2 (en) Booting and operating computing devices at designated locations
JP2021117928A (en) Information processing device and starting method therefor
CN107924440B (en) Method, system, and computer readable medium for managing containers
JP2020181540A (en) Information processing apparatus and data verification method
JP2019133220A (en) Integrity verification device, integrity verification system, integrity verification method and integrity verification program
US11971991B2 (en) Information processing apparatus, control method for controlling the same and storage medium
TW201935358A (en) Application or driver verification method
CN112131612A (en) A CF card data tamper-proof method, device, equipment and medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21920884

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21920884

Country of ref document: EP

Kind code of ref document: A1