{"title":"Z15自启动和安全启动","authors":"T. Webel;O. Morlok;D. Kiss","doi":"10.1147/JRD.2020.3008097","DOIUrl":null,"url":null,"abstract":"The IBM Z central processor (CP) and storage controller (SC) chips contain hardware and firmware to serve selfboot and secure boot needs. Selfboot initializes the CP/SC chips from hardware and firmware, which reside in each chip module. This establishes a core root of trust and also guarantees a boot time that is independent of the system configuration, which is key for large enterprise class systems consisting of multiple drawers and chips. Secure boot is built on this core root of trust and is used to authenticate the firmware loaded from system memory prior to execution of that firmware. Selfboot and secure boot also guarantee the integrity of the CP and SC chips by restricting hardware and memory accesses through debug or service interfaces during boot, runtime, and code update phases. In this article, we describe the basic hardware and firmware concepts that are implemented and enabled for the z15 CP and SC chips.","PeriodicalId":55034,"journal":{"name":"IBM Journal of Research and Development","volume":"64 5/6","pages":"5:1-5:9"},"PeriodicalIF":1.3000,"publicationDate":"2020-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1147/JRD.2020.3008097","citationCount":"1","resultStr":"{\"title\":\"z15 selfboot and secure boot\",\"authors\":\"T. Webel;O. Morlok;D. Kiss\",\"doi\":\"10.1147/JRD.2020.3008097\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The IBM Z central processor (CP) and storage controller (SC) chips contain hardware and firmware to serve selfboot and secure boot needs. Selfboot initializes the CP/SC chips from hardware and firmware, which reside in each chip module. This establishes a core root of trust and also guarantees a boot time that is independent of the system configuration, which is key for large enterprise class systems consisting of multiple drawers and chips. Secure boot is built on this core root of trust and is used to authenticate the firmware loaded from system memory prior to execution of that firmware. Selfboot and secure boot also guarantee the integrity of the CP and SC chips by restricting hardware and memory accesses through debug or service interfaces during boot, runtime, and code update phases. In this article, we describe the basic hardware and firmware concepts that are implemented and enabled for the z15 CP and SC chips.\",\"PeriodicalId\":55034,\"journal\":{\"name\":\"IBM Journal of Research and Development\",\"volume\":\"64 5/6\",\"pages\":\"5:1-5:9\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2020-07-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1147/JRD.2020.3008097\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IBM Journal of Research and Development\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/9138709/\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"Computer Science\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IBM Journal of Research and Development","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/9138709/","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 1
摘要
IBM Z中央处理器(CP)和存储控制器(SC)芯片包含满足自我引导和安全引导需求的硬件和固件。Selfboot从驻留在每个芯片模块中的硬件和固件初始化CP/SC芯片。这建立了信任的核心根,并保证了独立于系统配置的引导时间,这对于由多个抽屉和芯片组成的大型企业级系统来说是关键。安全引导建立在这个核心信任根的基础上,用于在固件执行之前对从系统内存加载的固件进行身份验证。Selfboot和secure boot还通过在引导、运行时和代码更新阶段限制调试或服务接口对硬件和内存的访问,从而保证了CP和SC芯片的完整性。在本文中,我们描述了为z15 CP和SC芯片实现和启用的基本硬件和固件概念。
The IBM Z central processor (CP) and storage controller (SC) chips contain hardware and firmware to serve selfboot and secure boot needs. Selfboot initializes the CP/SC chips from hardware and firmware, which reside in each chip module. This establishes a core root of trust and also guarantees a boot time that is independent of the system configuration, which is key for large enterprise class systems consisting of multiple drawers and chips. Secure boot is built on this core root of trust and is used to authenticate the firmware loaded from system memory prior to execution of that firmware. Selfboot and secure boot also guarantee the integrity of the CP and SC chips by restricting hardware and memory accesses through debug or service interfaces during boot, runtime, and code update phases. In this article, we describe the basic hardware and firmware concepts that are implemented and enabled for the z15 CP and SC chips.
期刊介绍:
The IBM Journal of Research and Development is a peer-reviewed technical journal, published bimonthly, which features the work of authors in the science, technology and engineering of information systems. Papers are written for the worldwide scientific research and development community and knowledgeable professionals.
Submitted papers are welcome from the IBM technical community and from non-IBM authors on topics relevant to the scientific and technical content of the Journal.