Patent Application
20240303382
The present disclosure relates to the field of computer technologies, in particular to a method, an apparatus, and a system for monitoring an I2C, and a storage medium.
At present, an inter-integrated circuit (IIC or I2C for short) is widely used in a server management architecture. Data transmission communication is carried out between devices such as a power supply unit (PSU), a hard disk backboard, a temperature sensor, various power VRs, and a complex programmable logic device (CPLD) of a mainboard, and a main chip, namely, a baseboard management controller (BMC) managed by a server by the I2C.
For each device connected to the I2C, the BMC can conveniently and easily obtain device information and control the device. The server is a high-reliability device, so that if the operation of each device is abnormally modified, serious consequences will be brought. For example, the illegal operation such as abnormal shutdown may lead to malignant consequences of data loss, and illegal intrusion and information stealing for the BMC may even lead to information security issues.
Therefore, how to enhance the security of I2C communication is currently an urgent technical problem to be solved.
Embodiments of the present disclosure provide a method, an apparatus, and a system for monitoring an I2C, and a storage medium.
In a first aspect, an embodiment of the present disclosure provides a method for monitoring an I2C, the method includes:
In some embodiments, before the first command is obtained from a BMC, the method further includes:
In some embodiments, the first command is sent to the device in the different modes according to the level of the first command includes:
In some embodiments, the sending mode parameter of the first command is read from the command level list according to the level of the first command includes:
In some embodiments, the sending mode parameter of the first command is read from the command level list according to the level of the first command includes:
In some embodiments, the sending mode parameter of the first command is read from the command level list according to the level of the first command includes:
In some embodiments, the security setting jumper is a jumper of the device.
Based on a same inventive concept, in a second aspect, the present disclosure further provides an apparatus for monitoring an I2C, the apparatus includes:
In some embodiments, the apparatus further includes:
Based on a same inventive concept, in a third aspect, the present disclosure provides a system for monitoring an I2C, the system including an I2C, a BMC, a CPLD, a device, and an executable program stored on the CPLD, where the CPLD is connected to the BMC and the device by the I2C, respectively, and the CPLD, when executing the program, implements steps of a method for monitoring an I2C.
Based on a same inventive concept, in a fourth aspect, the present disclosure provides a computer-readable storage medium, having a computer program stored thereon, where the program, when executed by a processor, implements the steps of the above method for monitoring an I2C.
Upon reading the detailed description of the preferred embodiments below, various other advantages and benefits will become clear to those of ordinary skill in the art. The accompanying drawings are only intended to illustrate the preferred embodiments and are not considered as a limitation to the present disclosure. Moreover, in the entire drawings, the same reference graphs are used to represent the same components. In the drawings:
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the accompanying drawings, it should be understood that the present disclosure may be implemented in various forms and should not be limited by the embodiments described herein. On the contrary, these embodiments are provided to understand the present disclosure more thoroughly and to convey the scope of the present disclosure to those skilled in the art completely.
A first embodiment of the present disclosure provides a method for monitoring an I2C, as shown in
The present disclosure provides a method for monitoring an I2C. In hardware design, the CPLD is embedded between the BMC and the device to monitor the commands. The method is applied to the CPLD. The CPLD divides the commands into those of three different security levels, and a different sending mode is adopted for the command of each level. Moreover, the command level list is used to record sending modes corresponding to the commands of the different levels, so as to ensure the security of I2C communication. Also, the advantages of simple operation, convenience, practicality and the like are achieved.
It should be noted that the method according to the present disclosure is applied to a CPLD. As shown in
According to the present disclosure, commands sent by the BMC are divided into those of different security levels, different transmission modes are adopted, and data on the I2C is monitored in real time, which improves the security of I2C communication and provides a guarantee for transmission of the data on the I2C.
In a specific implementation process, before step S101, the method further includes:
Specifically, before step S101, the CPLD obtains the commands involved in the device and meanings thereof from the device, and sends the commands involved and the meanings thereof to an operator by the BMC, and the operator distinguishes the importance of the commands and sets the corresponding levels of the commands, which are the first level, the second level, and the third level with a gradual increase in security level, respectively, and are recorded as class1, class2, and class3.
Generally, a command of the Class1 is an ordinary register read operation with a higher security level. In term of security, the CPLD allows such operation to run unconditionally.
A command of the Class2 is a register write operation, which will change an operating state of the device, such as a slightly sensitive operation of setting an OCP threshold, setting a temperature threshold, etc.
A command of the Class3 is a sensitive operation of setting the device to be shut down, powered off, reset, restarted, etc., and a direct operation is not allowed by default.
The operator sets the commands and the levels thereof and then input them into the CPLD to generate a command list, so as to provides a basis for dividing the levels of the commands subsequently received by the CPLD. It should be noted that the first command is in a correspondence to the second command, and the correspondence represents that the command applied in the device is consistent with the command sent by the BMC to the device. For example, the command applied in the device A is VIN_ON, which represents a command to read a device voltage threshold of the device A. When the BMC reads the voltage threshold of the device, the voltage threshold of the device A can only be read by sending the command VIN_ON.
In a specific implementation process, step S103 includes:
Specifically, in the present disclosure, different sending mode parameters are set according to commands of different security levels. Then, the commands are sent to the device according to the different sending mode parameters. The commands, the command levels, and the sending parameters correspond and are all recorded in the command level list, which simplifies the management of the commands and features the practicality.
In a specific implementation process, if the level of the first command is the first level, the sending mode parameter of the first command is read from the command level list, and a first preset parameter is obtained; and the first command is directly sent to the device according to the first preset parameter. If the level of the first command is the second level or the third level, the sending mode parameter of the first command is read from the command level list, and a second preset parameter is obtained; and the first command is not directly sent to the device according to the second preset parameter.
Specifically, when the BMC sends the command to the device, the command is monitored in real time by the CPLD. As shown in Table 1 below, if the command level is the first level, the sending parameter of the command of the first level is the first preset parameter. When the first preset parameter is set to be 1, it indicates that the command is allowed to be sent, and the CPLD directly transmits the command back to the device. A specific data transmission process is as shown in
If the command level is the second level or the third level, the sending parameter of the command of the first level is the second preset parameter. When the second preset parameter is set to be 0, it indicates that the command is not allowed to be sent, and the CPLD directly sets a clock signal (i.e. Clock) and a data signal (i.e. Data) of the device to be both at high levels, so as to prevent the command from being transmitted to the device. As shown in
Further, if the level of the first command is the second level, the sending mode parameter of the first command is the second preset parameter;
Specifically, for the command of the second level, before transmission, the BMC must modify the sending mode parameter of the corresponding command of the second level in the command list by an I2C, and sets the second preset parameter of the command as the first preset parameter representing that the transmission is allowed, that is, modifies “0” in the sending mode parameter to “1”. In this case, the CPLD recognizes a modified sending mode parameter of the command and immediately sends the command. The operation of setting and modifying the sending mode parameters in the command level list and the operation of modification required before sending of the command of the second level are intended to enhance the security. Even if an illegal user obtains a control right of the BMC, the related commands cannot be transmitted into the device if the sending mode parameters are not modified.
To further enhance the security, the sending mode parameters automatically restore to initial values thereof in 60 s or other preset time after being modified. In this case, the sending mode parameter needs to be re-modified for sending the command of the second level. The initial values of the sending mode parameters are initial set values of the sending mode parameters in the command level list. For example, in the command level list, the initial set value of the sending mode parameter of the command of the second level is the second preset parameter, which is “0”. To successfully send the command of the second level, the sending mode parameter thereof needs to be modified to the first preset parameter, which is “1”. This modification is valid for 60 s. The sending mode parameter of the command of the second level automatically restores to the second preset parameter “0” in 60 s.
Further, in a case that the level of the first command is the third level, the sending mode parameter of the first command is the second preset parameter;
Specifically, the command of the third level is more sensitive and does not need to be triggered during normal command sending. To ensure the security, transmission conditions for the command of the third level are set more strictly. In addition to the need to modify the sending mode parameter (the operation of modifying the sending mode parameter is the same as that of modifying the sending mode parameter of the command of the second level, and will not be repeated herein), the security setting jumper needs to be set to be in a turn-on state in hardware. Therefore, the command of the third level cannot be transmitted without modifying the hardware.
To further enhance the security, the sending mode parameters automatically restore to initial values thereof in 60 s or other preset time after being modified. In this case, the sending mode parameter needs to be re-modified for sending the command of the third level.
In some embodiments, the security setting jumper represents a jumper of the device.
It should be noted that in a computer, the jumper refers to springs for a pair of electrical contacts on a computer mainboard or an adapter card. When one jumper is arranged, one plug is inserted onto two springs, so that the springs are in contact with each other. In fact, the jumper functions like a switch and is used to turn off (or turn on) a circuit. The function or performance of a PC component can be changed by adding or removing the jumper. A group of jumpers is called a jumper block.
One or more technical solutions in the embodiments of the present disclosure have at least the following technical effects or advantages:
Based on a same inventive concept, a second embodiment of the present disclosure further provides an apparatus for monitoring an I2C, as shown in
In some embodiments, the apparatus further includes:
In some embodiments, the sending component 203 is further configured to: read a sending mode parameter of the first command from the command level list according to the level of the first command; and
In some embodiments, the reading a sending mode parameter of the first command from the command level list according to the level of the first command includes: if the level of the first command is the first level, reading the first command from the command level list, and obtaining a first preset parameter;
In some embodiments, the reading a sending mode parameter of the first command from the command level list according to the level of the first command includes: if the level of the first command is the second level, reading the first command from the command level list, and obtaining a second preset parameter;
returning the first command to the BMC according to the second preset parameter, so that the BMC outputs first prompt information according to the first command;
In some embodiments, the reading a sending mode parameter of the first command from the command level list according to the level of the first command includes: if the level of the first command is the third level, reading the first command from the command level list, and obtaining a second preset parameter;
The apparatus for monitoring an I2C introduced in this embodiment is the apparatus used to implement the method for monitoring an I2C in Embodiment 1 of the present application, so that based on the method for monitoring an I2C introduced in Embodiment 1 of the present application, those skilled in the art can understand the specific embodiment and various variations of the apparatus for monitoring an I2C in this embodiment. Therefore, how to implement the method in Embodiment 1 of the present application by the apparatus for monitoring an I2C will not be introduced in detail herein. All of the apparatuses used by those skilled in the art to implement the method for monitoring an I2C in Embodiment 1 of the present application fall within the scope of protection of the present application.
Based on a same inventive concept, a third aspect embodiment of the present disclosure provides a system for monitoring an I2C, as shown in
Based on a same inventive concept, a fourth embodiment of the present disclosure provides a computer-readable storage medium, having a computer program stored thereon, where the program, when executed by a processor, implements the steps of any one of the above methods for monitoring an I2C in Embodiment 1.
The algorithms and displays provided herein are not inherently related to any specific computer, virtual system or other device. Various general-purpose systems may also be used with the demonstration teaching herein. According to the above description, the structure required to construct such system is obvious. In addition, the present disclosure is not specific to any specific programming language. It should be understood that the content of the present disclosure described herein can be implemented using various programming languages, and the above description of specific languages is for the purpose of disclosing the optimal embodiment of the present disclosure.
A large number of specific details are described in the specification provided herein. However, it can be understood that the embodiments of the present disclosure can be practiced without these specific details. In some examples, well-known methods, structures and technologies are not shown in detail, to avoid blurring the understanding of this specification.
Similarly, it should be understood that, to simplify the present disclosure and assist in understanding one or more of various aspects of the invention, in the above description of exemplary embodiments of the present disclosure, various features of the present disclosure are sometimes grouped together into a single embodiment, a diagram, or a description thereof. However, the disclosed method should not be interpreted as reflecting the following intention: the present disclosure to be claimed requires more features than explicitly described in each claim. More precisely, as reflected in the following claims, the invention has features fewer than all features the single embodiment disclosed previously. Therefore, the claims following specific embodiments are explicitly incorporated into the specific embodiments, where each claim itself serves as an individual embodiment of the present disclosure.
Those skilled in the art can understand that the components of the device in an embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The components, units or components in the embodiments can be combined into one component, unit or component, and in addition, they can be divided into a plurality of subcomponents, subunits or subcomponents. Except for at least some of such features and/or processes or units that are mutually exclusive, any combination may be used to combine all features disclosed in this specification (including accompanying claims, abstract and drawings) and all processes or units of any method or device so disclosed. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be substituted by an alternative feature that provides the same, equivalent or similar purpose, unless otherwise explicitly stated.
In addition, those skilled in the art can understand that although some embodiments herein include certain features included in other embodiments rather than other features, combinations of features of different embodiments mean being within the scope of the present disclosure and forming the different embodiments. For example, in the following claims, any one of the embodiments to be claimed may be used in any combination.
Various component embodiments of the present disclosure may be implemented by hardware, a software component running on one or more processors, or a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components of the BMC, the CPLD, and the device according to the embodiments of the present disclosure. The present disclosure may also be implemented as a device or apparatus program (such as a computer program and a computer program product) for performing part or all of the method described herein. Such program implementing the present disclosure may be stored on the computer-readable medium or may be in the form of one or more signals. Such signals may be downloaded from Internet websites, provided on carrier signals, or provided in any other form.
It should be noted that the above embodiments illustrate rather than limiting the present disclosure, and those skilled in the art can design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference symbol located between parentheses should not be constructed as a limitation to the claims. The term “include/comprise” does not exclude the existence of elements or steps not listed in the claims. The term “a/an” or “one” located before an element does not exclude the existence of a plurality of such elements. The present disclosure may be implemented with the aid of hardware including several different elements, and an appropriately programmed computer. In the unit claims that list several apparatuses, several of these apparatuses may be specifically embodied by the same hardware item. The use of the terms “first”, “second”, and “third” does not indicate any order. These terms may be interpreted as names.
| Number | Date | Country | Kind |
|---|---|---|---|
| 202110032810.5 | Jan 2021 | CN | national |
The present application is a National Stage Application of PCT International Application No. PCT/CN2021/143865 filed on Dec. 31, 2021, which claims the priority of Chinese patent application No. 202110032810.5, filed with China National Intellectual Property Administration on Jan. 11, 2021 and entitled “METHOD, APPARATUS AND SYSTEM FOR MONITORING I2C, AND STORAGE MEDIUM”, the entire contents of which are incorporated herein by reference.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/CN2021/143865 | 12/31/2021 | WO |
