CN101221509B - Bus arbitration starting method of reliable embedded system - Google Patents
Bus arbitration starting method of reliable embedded system Download PDFInfo
- Publication number
- CN101221509B CN101221509B CN2008100467757A CN200810046775A CN101221509B CN 101221509 B CN101221509 B CN 101221509B CN 2008100467757 A CN2008100467757 A CN 2008100467757A CN 200810046775 A CN200810046775 A CN 200810046775A CN 101221509 B CN101221509 B CN 101221509B
- Authority
- CN
- China
- Prior art keywords
- embedded system
- tpm
- external memory
- bus
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides an embedded type system start-up guiding method which is established on the basis of a trusted mechanism, wherein, an embedded type system is combined with a trusted platform module (TPM); an external memory device in the embedded type system is independent from the system and reading and writing of the external memory device are controlled by the TPM; integrity verification of executable codes in an external memory must be performed by the TPM during the start-up process of the embedded type system; the authority of reading and writing of the external memory can be endowed to the embedded type system by the TPM only when verification passes, and the embedded type system is allowed to be started up. In the invention, the TMP is at the core position during the start-up process of the system and can conveniently realize start-up flow of the trusted embedded type system by controlling a bus arbitration chip; moreover, the TMP has the advantages of convenient and flexible start-up control, convenient extension, reliable and safe operation and so on.
Description
Technical field
The present invention relates to the credible embedded platform field; Particularly relate to and a kind ofly follow Trusted Computing (Trusted Computing, TC) chain type of [1] thought trust to start framework, is used for the credible embedded system bus arbitration startup method of embedded type platform safety guiding mechanism.
Background technology
Credible being meant " entity is being realized giving when setting the goal, and its behavior always obtains and the same result of expect ".
Measurable and the may command of credible emphasical behavior outcome.
Trusted Computing is meant that the behavior of believable assembly, operation or a process is measurable, can resist the destruction that certain physical is disturbed and bad code causes.
The basic thought of Trusted Computing is to formulate safety standard from aspects such as chip, hardware configuration and operating systems, to guarantee the safety of computing machine and network structure.It as believable basic point (being called trusted root), constantly expands inter-trust domain through security mechanism with safety chip, up to total system is formed an inter-trust domain.
The function of Trusted Computing is to guarantee the unique identity of user, authority, the integrality of work space, availability; Guarantee the confidentiality and integrity storing, handle, transmit; Guarantee the integrality of hardware environment configuration, operating system nucleus, service and application program; Guarantee the integrality of key operation and storage.
According to the Trusted Computing tissue (credible embedded platform will comprise following assembly at least for Trusted Computing Group, the TCG) description of [2] standard:
1. the credible measurement root of at least one integrity measurement (Root of Trust for Measurement, RTM);
2. just what a integrality is stored and the report trusted root;
3. at least one credible embedded platform metric;
4. at least one TCG confirms data;
5. just what a credible embedded platform is acted on behalf of.
The Trusted Computing root comprises a core component, and core and computing engines and other are to liking physical link.Trusted root must be able to provide the physical protection to self and CC, and can provide authentication protection, significant data to encrypt and access control service as the trusted authority of a plateform system.
Begin from trusted root, the trust in all measuring processes all is foreseeable, for the platform that is in the inappropriate environment, with the right of its access data of rejection and working procedure.
In order to realize credible start-up course, existing PC (Personal Computer, PC) combines himself architecture characteristic, adopts following technology to realize:
1) credible measurement root (RTM) be integrated in Basic Input or Output System (BIOS) (Basic Input Output System, BIOS) in, and in PC, carry out integrity measurement.
2) adopt chain structure tolerance, begin tolerance from BIOS, to operating system loading program (Operation SystemLoader; OS Loader), to operating system (Operation System, OS); Arrive application program again; The first level verification one-level, one-level is trusted one-level, thereby reaches the credible of total system.
3) (Trusted Computer Platform Module TPM) is integrated on the mainboard, as the peripheral hardware of PC the credible embedded platform module.
There is following problem in this implementation structure of PC: adopt the chain type metrology structure, for the disappearance problem of trusting in transmittance process, can in trust transfer, amplify step by step; BIOS is as the credible basis of PC, rather than TPM.
For embedded system, because its architecture flexibly also has embedded OS, application program is comparatively stable, in credible embedded system, can realize overcoming with the reliable PC various structure deficiency of reliable PC like this.
Credible embedded system has adopted following technology:
1) credible measurement root is in TPM (Trust Platform Module, credible platform module include Trusted Computing root, trusted storage root and three types of trusted roots of credible report root), and the integrity measurement process is also carried out in TPM.
Adopt star-like metrology structure when 2) starting, bottom software is unified to verify, can not produce and trust loss by TPM.
3) as master controller, controlled by TPM fully by the startup flow process of credible embedded system in credible embedded system architecture for TPM.
Summary of the invention
Technical matters to be solved by this invention is: a kind of credible embedded system bus arbitration startup method is provided; This method combines Trusted Computing, field programmable gate array (Field-Programmable Gate Array; FPGA) and the embedded system three types of technology; Be implemented in the startup that FPGA supports credible embedded system down, that controlled by TPM, reach platform credible to the user.
The technical scheme that the present invention solves its technical matters employing is: embedded system and TPM combined, and external memory devices in the embedded system is independent, by the read and write of TPM control to it; In the embedded system start-up course, must carry out integrity verification by TPM to executable code in the external memory storage earlier, only after checking was passed through, TPM just gave embedded system with the power of external memory storage read and write, allows its startup.
The present invention adopts the method that may further comprise the steps:
(1) credible embedded system is powered on, this system comprises embedded system, bus arbiter and the embedded system external memory devices of TPM, no external memory devices part,
(2) TPM starts at first, and control embedded system be in reset mode,
(3) TPM obtains the control of external memory devices bus,
(4) platform in the TPM reading external memory equipment starts boot, operating system data message,
(5) inner at TPM, carry out completeness check to reading in data,
(6) if TPM through completeness check, jumps to step (8),
(7) content is illegally modified otherwise in the explanation embedded system external memory devices, and TPM no longer allows embedded system to carry out start-up operation, and provides prompting to the user, run abort,
(8) TPM arbitrates the external memory bus control to embedded system,
(9) executable code in the embedded system reading external memory equipment and operation; Embedded platform normally starts, works; But in operation for embedded system process after this, TPM maintains always and stops the power of embedded system to the read and write of external memory devices at any time.
Among the present invention, TPM is in core status in system starting process, and it can realize the startup flow process of credible embedded system easily through control bus arbitration chip.The present invention has the following advantages:
(1) start-up control is convenient, flexible: TPM can control the startup of credible embedded platform flexibly through the operation to the control register in the bus control chip.
(2) expansion is convenient: the present invention has only realized starting relevant function with credible embedded platform, like start-up control, the reading outside memory data to embedded system.For other security control modes,, can realize through the bus arbitration chip is done a little expansion like the read and write protection of the cut-offfing of embedded system peripheral hardware, external memory storage etc.
(3) reliable, safety:, also more reliable during operation because use separate hardware modes such as the critical component TPM of Trusted Computing, bus arbitration chip realize that compare with PC external connection module form or software way of realization, their securities are better.
Description of drawings
Fig. 1 is the architectural block diagram of the credible embedded system of the present invention.
Fig. 2 is the realization block diagram of bus arbitration chip of the present invention.
Embodiment
Bus arbitration starting method of reliable embedded platform provided by the invention, it relates to credible embedded architecture design method and starts flow and method.Bus arbitration starting method of reliable embedded platform is that a kind of embedded system that is based upon on the trusted mechanism starts bootstrap technique.This method is that embedded system and TPM are combined, and external memory devices in the embedded system is independent, by the read and write of TPM control to it; In the embedded system start-up course, must carry out integrity verification by TPM to executable code in the external memory storage earlier, only after checking was passed through, TPM just gave embedded system with the power of external memory storage read and write, allows its startup.Behind electrifying startup, TPM is operation earlier, and the control embedded system is restarted; TPM obtains the external memory bus control, and software codes such as the startup boot in the reading external memory, operating system nucleus carry out completeness check then; If verification is passed through, the credible embedded platform module is then arbitrated the external memory bus control to embedded system, and starts operation for embedded system, otherwise prompting embedded system bottom software is modified credible embedded system closure operation.Use this bus arbitration method, before operation for embedded system, the software that will move is carried out credible checking above that, implementation platform is credible to the user's.
Below in conjunction with embodiment and accompanying drawing the present invention is described further, but does not limit the present invention.
One. architecture Design:
During credible embedded system start-up, TPM is in the driver's seat, adopts the star trust structure to carry out integrity measurement simultaneously.In embedded system, all there be (like Nand Flash) in the external memory storage in the binary executable code that starts boot and operating system.Therefore, in credible embedded system starting process, solve following problem:
The one, start flow process, after powering on, TPM must carry out integrity check earlier, and this moment, embedded system can't start, and after the TPM verification was passed through, embedded system began to start;
The 2nd, TPM wants the data of reading external memory to carry out completeness check, so just exists two equipment to need access external memory: embedded system and TPM, therefore will arbitrate the bus of external memory storage.
Under existing Embedded System Structure, be difficult to address these problems.
The present invention has designed a kind of architecture that can realize credible embedded system start-up flow process.
The architectural block diagram of credible embedded system can be referring to accompanying drawing 1.
In credible embedded architecture, the bus arbitration chip is arbitrated the external memory bus control under the control of TPM, and embedded system is controlled: reset and start.The bus arbitration chip is unique to be controlled by TPM.Under this structure, TPM can control the startup flow process of credible embedded system easily.
To credible embedded architecture, the startup flow process of credible embedded system below the present invention has designed:
(1) credible embedded system is powered on, this system comprises TPM, does not comprise embedded system, bus arbiter and the embedded system external memory devices of no external memory devices part;
(2) TPM starts at first, and the control embedded system is in reset mode;
(3) TPM obtains the control of external memory devices bus;
(4) platform starts boot (bootloader) in the TPM reading external memory equipment, (Operating System OS) waits data message to operating system;
(5) inner at TPM, carry out completeness check to reading in data;
(6) if TPM through completeness check, jumps to step (8);
(7) content is illegally modified otherwise in the explanation embedded system external memory devices, and TPM no longer allows embedded system to carry out start-up operation, and provides prompting to the user, runs abort;
(8) TPM arbitrates the external memory bus control to embedded system;
(9) executable code in the embedded system reading external memory equipment and operation; Embedded platform normally starts, works; But in operation for embedded system process after this, TPM maintains always and stops the power of embedded system to the read and write of external memory devices at any time.
Two. the realization in platform specific
The practical feasibility of this instance proof invention does not limit concrete embedded platform.
1. realization environment:
The embedded system that the present invention uses be the S3C2410 embedded system based on ARM, and TPM is that (Embedded Security Module, ESM), the bus arbitration chip uses the FPGA realization for the J2810 embedded safety module of Rui Da company.
2. bus arbitration chip design:
The characteristics of the testing equipment that the present invention's combination is selected for use design the bus arbitration module.
(1) the external memory storage reservoir of S3C2410 is Nand Flash (one of current main-stream nonvolatile memory).There is not Nand Flash controller among the TPM; There is not corresponding N and Flash interface yet; The design has selected the communication interface of iic bus (Inter-Integrated Circuit, iic bus are a kind of two wire bus by the exploitation of PHILIPS company) interface as TPM and bus arbitration chip; TPM will read Nand Flash through iic bus, and this just need realize Nand Flash controller in the bus arbitration chip.
(2) S3C2410 embedded system itself has realized Nand Flash controller, has corresponding N and Flash bus pin to draw, and therefore only needs this pin is linked to each other with FPGA.The present invention has simultaneously realized the NandFlash bus control module in the bus arbitration chip, the operation of embedded system visit Nand Flash is controlled.
(3) in credible embedded start-up course, TPM is in the driver's seat, and it can determine the ownership of Nand Flash bus control right, also can reset to S3C2410 simultaneously, operation such as startup.In order to realize these characteristics, designed control register among the FPGA and realized aforesaid operations.This control register can only be controlled by TPM.
The realization block diagram of bus arbitration chip can be referring to accompanying drawing 2.Each functions of modules is following in the bus arbitration chip: MUX is that TPM and embedded system visit external storage provide arbitration function among the figure, determines which equipment can obtain the bus right to use of external memory storage; Embedded system external memory bus controller connects embedded system and external memory bus, can judge the flow direction of information on the bus according to the signal on the bus, for the communication between embedded system and the external storage equipment provides bridge joint; The IIC control unit interface is realized the slave unit interface of IIC, uses iic bus to be connected with TPM, receives the data or the transmission data that send from TPM and returns to TPM; Nand flash controller realizes the reading of Nand flash, and it can be read the external memory storage order and read Nand flash corresponding information automatically according to what TPM sent, and passes to TPM by the IIC interface module; Control register is the control section of bus arbitration chip; Through writing its corresponding positions; Can control the startup of embedded system, the bus arbitration of MUX and the startup of Nand flash controller, it is operated through the IIC interface module by TPM, guarantees to carry out unique control by TPM.
In the present invention, TPM realizes the startup flow process of credible embedded system for the control core by it.TPM realizes through the bus arbitration chip being carried out corresponding operating the realization that starts flow process control.
In TPM, use the startup of the credible embedded system of software control, control flow designs as follows:
(1) system powers on, and the TPM operation starts the flow process control program;
(2) corresponding positions of the control register in the write bus arbitration chip makes S3C2410 be in reset mode;
(3) control register in the write bus arbitration chip makes TPM obtain Nand Flash bus control right;
(4) the reading external memory corresponding information carries out completeness check;
(5) if change step (7) through completeness check;
(6) not through completeness check, prompt system is modified, and stops starting flow process;
(7) control register in the write bus arbitration chip is given S3C2410 with Nand Flash bus control right;
(8) control register in the write bus arbitration chip starts S3C2410;
(9) start flow process control program end of run.
List of references
[1]TCG?Specification?Architecture?Overview(Version1.2)。
[2]TCPA?Main?TCG?Architecture(Version?1.1b)。
Claims (3)
1. a credible embedded system bus is arbitrated the startup method; It is characterized in that a kind of embedded system that is based upon on the trusted mechanism starts bootstrap technique; This method is that embedded system and credible platform module TPM are combined; And external memory devices in the embedded system is independent, by the read and write of TPM control to it; In the embedded system start-up course, must carry out integrity verification by TPM to executable code in the external memory storage earlier, only after checking was passed through, TPM just gave embedded system with the power of external memory storage read and write, allows its startup;
Specifically be to adopt the method that may further comprise the steps:
(1) credible embedded system is powered on, this system comprises embedded system, bus arbiter and the embedded system external memory devices of TPM, no external memory devices part,
(2) TPM starts at first, and control embedded system be in reset mode,
(3) TPM obtains the control of external memory devices bus,
(4) platform in the TPM reading external memory equipment starts boot, operating system data message,
(5) inner at TPM, carry out completeness check to reading in data,
(6) if TPM through completeness check, jumps to step (8),
(7) content is illegally modified otherwise in the explanation embedded system external memory devices, and TPM no longer allows embedded system to carry out start-up operation, and provides prompting to the user, run abort,
(8) TPM arbitrates the external memory bus control to embedded system,
(9) executable code in the embedded system reading external memory equipment and operation; Embedded platform normally starts, works; But in operation for embedded system process after this, TPM maintains always and stops the power of embedded system to the read and write of external memory devices at any time.
2. credible embedded system bus arbitration startup method according to claim 1, the method for credible embedded system architecture below it is characterized in that specifically adopting:
Credible embedded system comprises embedded system, bus arbiter and the embedded system external memory devices of TPM, no external memory devices part; TPM and embedded system competition read or write external memory devices, and the external memory devices bus right to use is controlled by bus arbiter; Bus arbiter is by the unique control of TPM; The startup of TPM control embedded system.
3. credible embedded system bus arbitration startup method according to claim 1 is characterized in that in step (2), step (3), step (8) and the said TPM of step (9), adopts the startup that may further comprise the steps the credible embedded system of control:
(1) credible embedded system powers on, and the TPM operation starts the flow process control program;
(2) corresponding positions of the control register in the write bus arbitration chip makes embedded system be in reset mode;
(3) control register in the write bus arbitration chip makes TPM obtain the external memory bus control;
(4) the reading external memory corresponding information carries out completeness check;
(5) if change step (7) through completeness check;
(6) not through completeness check, prompt system is modified, and stops starting flow process;
(7) control register in the write bus arbitration chip is given embedded system with the external memory bus control;
(8) control register in the write bus arbitration chip starts embedded system;
(9) start flow process control program end of run.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100467757A CN101221509B (en) | 2008-01-24 | 2008-01-24 | Bus arbitration starting method of reliable embedded system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100467757A CN101221509B (en) | 2008-01-24 | 2008-01-24 | Bus arbitration starting method of reliable embedded system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101221509A CN101221509A (en) | 2008-07-16 |
| CN101221509B true CN101221509B (en) | 2012-07-25 |
Family
ID=39631369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100467757A Expired - Fee Related CN101221509B (en) | 2008-01-24 | 2008-01-24 | Bus arbitration starting method of reliable embedded system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101221509B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8302182B2 (en) * | 2008-09-01 | 2012-10-30 | Mediatek Inc. | Embedded system with authentication, and associated authentication method |
| CN101888442A (en) * | 2010-04-16 | 2010-11-17 | 中兴通讯股份有限公司 | Security management method for mobile terminal and mobile terminal |
| TWI461907B (en) * | 2012-10-11 | 2014-11-21 | Mstar Semiconductor Inc | Integrating system and testing system for incorporating plural application programs |
| CN103414623B (en) * | 2013-08-23 | 2016-08-10 | 上海司南卫星导航技术股份有限公司 | GNSS realizes the system and method for baseband signal communication based on NandFlash bus |
| CN103760892B (en) * | 2014-01-23 | 2017-06-06 | 国家电网公司 | A kind of embedded credible calculating platform and its detection method |
| CN104318142A (en) * | 2014-10-31 | 2015-01-28 | 山东超越数控电子有限公司 | Trusted booting method of computer |
| CN104778141B (en) * | 2015-02-10 | 2017-12-26 | 浙江大学 | A kind of TPCM modules based on control system trusted infrastructure and credible detection method |
| CN106709358A (en) * | 2016-12-14 | 2017-05-24 | 南京南瑞集团公司 | Mobile device based on trusted computing |
| CN109840430B (en) * | 2017-11-28 | 2023-05-02 | 中国科学院沈阳自动化研究所 | Safety processing unit of PLC and bus arbitration method thereof |
| CN108449249B (en) * | 2018-02-26 | 2021-06-11 | 深圳市元征科技股份有限公司 | Bus control system and method |
| CN110266659B (en) * | 2019-05-31 | 2020-09-25 | 联想(北京)有限公司 | Data processing method and equipment |
| CN110737902B (en) * | 2019-10-10 | 2022-02-11 | 北京智芯微电子科技有限公司 | Embedded terminal and firmware design method of trusted security module thereof |
| CN113127839B (en) * | 2021-03-26 | 2023-05-30 | 东信和平科技股份有限公司 | Secure access method and device based on SE and storage medium |
-
2008
- 2008-01-24 CN CN2008100467757A patent/CN101221509B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101221509A (en) | 2008-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101221509B (en) | Bus arbitration starting method of reliable embedded system | |
| EP3582129B1 (en) | Technologies for secure hardware and software attestation for trusted i/o | |
| EP2596423B1 (en) | Providing platform independent memory logic | |
| CN103080904B (en) | Multistage lock-step integrity report mechanism is provided | |
| EP2002333B1 (en) | Shared nonvolatile memory architecture | |
| US11579893B2 (en) | Systems and methods for separate storage and use of system BIOS components | |
| US7596687B2 (en) | System and method for information handling system interoperable firmware storage | |
| EP3274851B1 (en) | Dynamic configuration of input/output controller access lanes | |
| KR102358470B1 (en) | Boot loader update firmware, method for updating boot loader | |
| CN105122259A (en) | Retrieving system boot code from a non-volatile memory | |
| CN107665308B (en) | TPCM system for building and maintaining trusted operating environment and corresponding method | |
| JP2008287505A (en) | Information processor and legacy emulation processing stop control method | |
| US10430589B2 (en) | Dynamic firmware module loader in a trusted execution environment container | |
| TWI542992B (en) | Method and apparatus to ensure platform silicon configuration integrity | |
| CN112789574B (en) | Secure boot via system and power management microcontroller | |
| US20220237144A1 (en) | Baseboard management controller and construction method thereof | |
| US10698696B2 (en) | Chipset fuse programming system | |
| US10019579B2 (en) | Embedded controller for safety booting and method thereof | |
| US10922150B2 (en) | Deep hardware access and policy engine | |
| US20230342472A1 (en) | Computer System, Trusted Function Component, and Running Method | |
| CN113626792B (en) | PCIe Switch firmware secure execution method, device, terminal and storage medium | |
| KR20050123152A (en) | Physical presence determination in a trusted platform | |
| CN112181860B (en) | Controller with flash memory simulation function and control method thereof | |
| US11734457B2 (en) | Technology for controlling access to processor debug features | |
| TW201423590A (en) | Computer system and operating method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120725 Termination date: 20200124 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |