1. A method for starting a server is characterized by comprising the following steps:

after a server is started and an operating system is started to be booted, reading a boot program of a hard disk when the hard disk is booted;

determining signature information to be verified of the bootstrap program based on a pre-stored digital certificate;

judging whether the signature information to be verified is consistent with the pre-stored standard signature information of the bootstrap program;

if yes, executing the bootstrap program and continuing the starting process of the server;

if not, the booting of the operating system is exited.

2. The boot method of the server according to claim 1, wherein the reading of the boot program of the hard disk includes:

and reading a boot program of the hard disk corresponding to the boot type according to the configured boot type.

3. A boot method for a server according to claim 2, wherein the reading a boot program of a hard disk corresponding to the boot type according to the configured boot type includes:

when the configured boot type is the traditional boot type, reading an MBR boot program of the hard disk;

and when the configured boot type is a UEFI boot type, reading an EFIGRUB boot program of the hard disk.

4. The method for booting the server according to claim 1, wherein the pre-stored digital certificate is a digital certificate that the BIOS creates through a preset protocol and stores into Flash used by the BIOS.

5. The boot method of the server according to claim 1, wherein the pre-stored standard signature information of the boot program is standard signature information generated for the boot program of the hard disk based on the pre-stored digital certificate when the operating system is installed.

6. The boot method of the server according to claim 5, wherein the pre-stored standard signature information of the boot program is stored in Flash used by the BIOS.

7. The method for starting up the server according to any one of claims 1 to 6, further comprising:

and after the operation system is withdrawn from the guidance, alarm information is output to a preset terminal.

8. The method for starting up the server according to claim 7, wherein the outputting alarm information to the preset terminal includes:

and outputting alarm information to a remote control center based on the wireless communication device.

9. A system for booting a server, comprising:

the hard disk boot unit is used for reading a boot program of the hard disk when the hard disk is booted after the server is booted and the boot of the operating system is started;

the verification-waiting signature information acquisition unit is used for determining the verification-waiting signature information of the bootstrap program based on a pre-stored digital certificate;

the judging unit is used for judging whether the signature information to be verified is consistent with the standard signature information of the pre-stored bootstrap program;

if yes, executing a first trigger unit, wherein the first trigger unit is used for executing the bootstrap program and continuing the starting process of the server;

and if not, executing a second trigger unit, wherein the second trigger unit is used for exiting the guidance of the operating system.

10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for powering on a server according to any one of claims 1 to 8.

Background

With the development of information technology, the degree of informatization is continuously improved, and information security is concerned more and more, especially the security of a server.

At present, a server performs boot by a Basic Input Output System (BIOS), specifically, after completing hardware diagnosis, the BIOS guides an OS (operating System) to run according to a priority, and because security verification is not performed in a boot process, a hidden danger is left for safe Operation of the server.

In summary, how to safely boot a server is a technical problem that needs to be solved urgently by those skilled in the art.

Disclosure of Invention

The invention aims to provide a method, a system and a storage medium for starting a server, so as to start the server more safely.

In order to solve the technical problems, the invention provides the following technical scheme:

a starting method of a server comprises the following steps:

after a server is started and an operating system is started to be booted, reading a boot program of a hard disk when the hard disk is booted;

determining signature information to be verified of the bootstrap program based on a pre-stored digital certificate;

judging whether the signature information to be verified is consistent with the pre-stored standard signature information of the bootstrap program;

if yes, executing the bootstrap program and continuing the starting process of the server;

if not, the booting of the operating system is exited.

Preferably, the boot program for reading a hard disk includes:

and reading a boot program of the hard disk corresponding to the boot type according to the configured boot type.

Preferably, the reading a boot program of a hard disk corresponding to the boot type according to the configured boot type includes:

when the configured boot type is the traditional boot type, reading an MBR boot program of the hard disk;

and when the configured boot type is the UEFI boot type, reading an EFI GRUB boot program of the hard disk.

Preferably, the pre-stored digital certificate is a digital certificate which is created by the BIOS through a preset protocol and stored in Flash used by the BIOS.

Preferably, the standard signature information of the boot program stored in advance is standard signature information generated for the boot program of the hard disk based on the digital certificate stored in advance when the operating system is installed.

Preferably, the pre-stored standard signature information of the boot program is stored in Flash used by the BIOS.

Preferably, the method further comprises the following steps:

and after the operation system is withdrawn from the guidance, alarm information is output to a preset terminal.

Preferably, the outputting the alarm information to the preset terminal includes:

and outputting alarm information to a remote control center based on the wireless communication device.

A boot system for a server, comprising:

the hard disk boot unit is used for reading a boot program of the hard disk when the hard disk is booted after the server is booted and the boot of the operating system is started;

the verification-waiting signature information acquisition unit is used for determining the verification-waiting signature information of the bootstrap program based on a pre-stored digital certificate;

the judging unit is used for judging whether the signature information to be verified is consistent with the standard signature information of the pre-stored bootstrap program;

if yes, executing a first trigger unit, wherein the first trigger unit is used for executing the bootstrap program and continuing the starting process of the server;

and if not, executing a second trigger unit, wherein the second trigger unit is used for exiting the guidance of the operating system.

A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of booting a server as described in any one of the above.

By applying the technical scheme provided by the embodiment of the invention, after the server is started and the booting of the operating system is started, the operation of safety verification is designed when the hard disk is booted. Specifically, the digital certificate and the standard signature information of the bootstrap program are pre-stored in the present application, so after the bootstrap program of the hard disk is read, the signature information to be verified of the bootstrap program can be determined based on the pre-stored digital certificate, and then it can be determined whether the signature information to be verified is consistent with the standard signature information of the pre-stored bootstrap program, if so, it indicates that there are no abnormal situations such as hard disk replacement, hard disk bootstrap program data error, and the like, and therefore, the bootstrap program can be executed and the boot process of the server is continued, otherwise, it indicates that there may be abnormal situations such as hard disk replacement, hard disk bootstrap program data error, and the like, and at this time, there may be a potential safety hazard in continuing to start the server, and therefore, the scheme of the present application may quit the booting of the operating system. In summary, the application performs security verification when the hard disk is booted, so that the server can be started more safely, and hidden dangers are reduced.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 is a flowchart illustrating an embodiment of a method for booting a server according to the present invention;

fig. 2 is a schematic structural diagram of a boot system of a server according to the present invention.

Detailed Description

The core of the invention is to provide a starting method of the server, which carries out safety check when the hard disk is guided, thereby being beneficial to starting the server more safely and reducing hidden danger.

In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, fig. 1 is a flowchart illustrating an implementation of a server booting method according to the present invention, where the server booting method includes the following steps:

step S101: after the server is powered on and the booting of the operating system is started, the boot program of the hard disk is read when the hard disk is booted.

The server of the present application may be an AI server with a high requirement for security.

After the server is powered on, the BIOS may perform hardware diagnostics, and after the diagnostics are completed, the BIOS may start booting the operating system, for example, booting each part of the operating system according to the priority. When booting the hard disk, the BIOS may read a boot program of the hard disk.

In an embodiment of the present invention, considering that in some cases, configured boot types are different, and sector divisions of the hard disk are also different, the boot program for reading the hard disk described in step S101 may specifically include:

and reading the boot program of the hard disk corresponding to the boot type according to the configured boot type.

In practical applications, considering that a legacy boot type and a UEFI (Unified Extensible Firmware Interface) boot type are 2 types of boot types that are commonly used, in an embodiment of the present invention, an operation of reading a boot program of a hard disk corresponding to a boot type according to a configured boot type may specifically be:

when the configured boot type is the traditional boot type, reading an MBR boot program of the hard disk;

and when the configured boot type is the UEFI boot type, reading an EFI GRUB boot program of the hard disk.

The conventional Boot type described herein represents a legacy Boot type, and when the Boot type is the legacy Boot type, an MBR (Master Boot Record) Boot program of the hard disk needs to be read. The MBR may also be called a master boot sector, and records information such as parameter information of the hard disk itself and the size and position of each partition.

And when the configured boot type is the UEFI boot type, reading an EFI GRUB (Extensible Firmware Interface GRUB and Unified Bootloader Extensible operating system boot) boot program of the hard disk.

Step S102: and determining the signature information to be verified of the bootstrap program based on the pre-stored digital certificate.

In the scheme of the application, the digital certificate corresponding to the bootstrap program is created in advance, so that when signature verification is performed subsequently, the bootstrap program of the hard disk can be decrypted based on the digital certificate, and signature information to be verified of the bootstrap program is obtained, and the signature information to be verified, which is described herein, indicates that the signature obtained after decryption is to be verified, and is called as signature information to be verified.

In practical application, the scheme of the application is considered to be executed by the BIOS, so that the pre-stored digital certificate can be a digital certificate which is created by the BIOS through a preset protocol and stored in Flash used by the BIOS. The preset protocol may be set according to actual needs, and may be, for example, SSL (Secure Sockets Layer) protocol. The Flash used by the BIOS may be, for example, SPI (Serial Peripheral Interface) Flash used by the BIOS.

Step S103: and judging whether the signature information to be verified is consistent with the standard signature information of the pre-stored bootstrap program.

The application needs to store the standard signature information of the bootstrap program in advance, that is, the correct, untampered and replaced bootstrap program is digitally signed in advance to obtain the signature information of the bootstrap program as the standard signature information of the application.

In one embodiment of the present invention, the standard signature information of the boot program stored in advance may be standard signature information generated for the boot program of the hard disk based on a digital certificate stored in advance when the operating system is installed.

In this embodiment, standard signature information of the boot program of the hard disk is generated when the OS is installed. That is, at the time of installing the OS, after the boot partition is created, the data in the boot partition is encrypted using the digital certificate described above, and the signature information is obtained. The obtained signature information may also be stored in SPI Flash used by the BIOS, that is, the standard signature information of the pre-stored boot program described in step S103 may be stored in Flash used by the BIOS.

And judging whether the signature information to be verified is consistent with the standard signature information of the pre-stored bootstrap program, namely, the signature verification process. If the signature information to be verified is consistent with the standard signature information of the pre-stored boot program, which indicates that there are no abnormal situations such as hard disk replacement, hard disk boot program data error, loss, etc., therefore, step S104 may be executed: and executing the bootstrap program and continuing the starting process of the server. Specifically, for example, the BIOS reads the EFI GRUB boot program of the hard disk, and after the verification passes, the EFI GRUB boot program may be executed, and the boot process of the server is continued, that is, the OS is continuously started.

If the signature information to be verified is not consistent with the standard signature information of the pre-stored boot program, which indicates that there may be abnormal situations such as hard disk replacement, hard disk boot program data error, etc., step S105 may be executed: the server is not powered on to exit the boot of the operating system, i.e., directly exit the boot.

In an embodiment of the present invention, the method may further include:

and after the guidance of the operating system is quitted, alarm information is output to a preset terminal.

Generally, the alarm information may be output to a preset terminal through wireless communication, and the preset terminal may be a remote control center, or a mobile communication device of an operation and maintenance person, for example, in an embodiment of the present invention, the alarm information output to the preset terminal may specifically be: and outputting alarm information to a remote control center based on the wireless communication device.

In the embodiment, the condition that the bootstrap program can usually check the signature and pass is considered, and if the bootstrap program does not pass, the potential safety hazard of the server exists is indicated, so that alarm information is output to the preset terminal, related workers can timely notice the abnormal condition, and timely processing is facilitated.

By applying the technical scheme provided by the embodiment of the invention, after the server is started and the booting of the operating system is started, the operation of safety verification is designed when the hard disk is booted. Specifically, the digital certificate and the standard signature information of the bootstrap program are pre-stored in the present application, so after the bootstrap program of the hard disk is read, the signature information to be verified of the bootstrap program can be determined based on the pre-stored digital certificate, and then it can be determined whether the signature information to be verified is consistent with the standard signature information of the pre-stored bootstrap program, if so, it indicates that there are no abnormal situations such as hard disk replacement, hard disk bootstrap program data error, and the like, and therefore, the bootstrap program can be executed and the boot process of the server is continued, otherwise, it indicates that there may be abnormal situations such as hard disk replacement, hard disk bootstrap program data error, and the like, and at this time, there may be a potential safety hazard in continuing to start the server, and therefore, the scheme of the present application may quit the booting of the operating system. In summary, the application performs security verification when the hard disk is booted, so that the server can be started more safely, and hidden dangers are reduced.

Corresponding to the above method embodiments, the embodiments of the present invention further provide a startup system of a server, which can be referred to in correspondence with the above.

Referring to fig. 2, a schematic structural diagram of a booting system of a server in the present invention is shown, including:

a hard disk boot unit 201, configured to read a boot program of a hard disk when booting the hard disk after the server is powered on and booting of an operating system is started;

a signature information to be verified acquisition unit 202, configured to determine signature information to be verified of the bootstrap program based on a pre-stored digital certificate;

a judging unit 203, configured to judge whether the signature information to be verified is consistent with standard signature information of a pre-stored bootstrap;

if yes, executing a first trigger unit 204, wherein the first trigger unit 204 is used for executing a bootstrap program and continuing to perform a starting process of the server;

if not, executing a second triggering unit 205, the second triggering unit 205, for exiting the booting of the operating system.

In an embodiment of the present invention, the hard disk booting unit 201 is specifically configured to:

after the server is started and the booting of the operating system is started, when the hard disk is booted, the boot program of the hard disk corresponding to the boot type is read according to the configured boot type.

In an embodiment of the present invention, the hard disk boot unit 201 reads a boot program of a hard disk corresponding to a boot type according to the configured boot type, specifically:

when the configured boot type is the traditional boot type, reading an MBR boot program of the hard disk;

and when the configured boot type is the UEFI boot type, reading an EFI GRUB boot program of the hard disk.

In a specific embodiment of the present invention, the pre-stored digital certificate is a digital certificate that is created by the BIOS through a preset protocol and stored in Flash used by the BIOS.

In one embodiment of the present invention, the standard signature information of the pre-stored boot program is standard signature information generated for the boot program of the hard disk based on the pre-stored digital certificate when the operating system is installed.

In one embodiment of the present invention, the pre-stored standard signature information of the boot program is stored in the Flash used by the BIOS.

In an embodiment of the present invention, the mobile terminal further includes an information output unit, configured to:

and after the guidance of the operating system is quitted, alarm information is output to a preset terminal.

In an embodiment of the present invention, the information output unit is specifically configured to:

and after the guidance of the operating system is quitted, alarm information is output to a remote control center based on the wireless communication device.

Corresponding to the above method and system embodiments, the embodiments of the present invention also provide a computer readable storage medium, which can be referred to in correspondence with the above. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the server boot method of any of the above.

A computer-readable storage medium as referred to herein may include Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

The principle and the implementation of the present invention are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present invention. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.