CN102722665B - Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) - Google Patents
Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) Download PDFInfo
- Publication number
- CN102722665B CN102722665B CN201210160589.2A CN201210160589A CN102722665B CN 102722665 B CN102722665 B CN 102722665B CN 201210160589 A CN201210160589 A CN 201210160589A CN 102722665 B CN102722665 B CN 102722665B
- Authority
- CN
- China
- Prior art keywords
- vtpm
- module
- tpm
- saved
- patched
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000007789 sealing Methods 0.000 claims abstract description 21
- 230000015654 memory Effects 0.000 claims description 82
- 230000006870 function Effects 0.000 claims description 50
- 238000007726 management method Methods 0.000 claims description 44
- 238000013500 data storage Methods 0.000 claims description 39
- 230000005540 biological transmission Effects 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 9
- 230000004913 activation Effects 0.000 claims description 7
- 238000004088 simulation Methods 0.000 claims description 5
- 230000008859 change Effects 0.000 claims description 4
- 230000002708 enhancing effect Effects 0.000 claims description 4
- 238000001994 activation Methods 0.000 description 6
- 230000003068 static effect Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4403—Processor initialisation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for generating a trusted program list based on a trusted platform module (TPM)/a virtual trusted platform module (VTPM). The method comprises the following steps of: 1, changing the startup configuration of a computer, changing a startup mode into a trusted program list generating mode, setting a data sealing or unsealing password, and starting the computer; 2, storing the Hash value, protected in a sealed way, of a Boot Loader in a non-volatile storage of the TPM or the VTPM by using a basic input/output system (BIOS), wherein only the first part of the Boot Loader can be protected by the BIOS in the sealed way and the subsequent part is protected by the first part in the sealed way; 3, storing the Hash values, which are protected in the sealed way, of the kernel and related modules of an operating system to the non-volatile storage of the TPM or the VTPM by using the Boot Loader; and 4, storing critical or all trusted program lists which are protected in the sealed way to a specified file of a file system by using the kernel of the operating system.
Description
Technical field
The present invention relates to trusted program list, be specifically related to the generation method of trusted program list in the credible start-up course of a kind of computer, belong to trust computing field.
Background technology
The behavior of an entity meets the set goal in expected mode, then this entity is believable.Divide from technical standpoint, be crediblely divided into static credible and dynamic credible.Static credible using TPM (credible platform module) and part BIOS(basic input output system) as being credible tolerance core root, before the program that load operating is new, first calculate its hash value, afterwards hash value expanded to the PCR(platform configuration register of TPM) in.Dynamic credible is based on CPU(central processing unit) the credible execution technique of TXT(of extended attribute such as Intel) and TPM, any time after computer starting can build the trusted computation environment of an isolation.No matter but be static credible or dynamic credible, they are all towards remote validation, namely long-range challenge side's timing demands is provided the PCR of its platform and the list of institute's loading procedure by challenge side, and challenge root long-range afterwards confirms by the credibility of challenge side's platform according to trusted program list (or being called fingerprint database).Consider that remote validation needs timing to carry out platform credible checking with third party, it inevitably also exists communication security leak, how to ensure that third-party credibility is also very large problem simultaneously, also have the time window also existed between trust authentication and program loading also to bring huge threat to the credibility of system.Based on above-mentioned consideration, we introduce local trust authentication method, are kept at this locality by trusted program list, and verify that it is credible in real time in system or program start-up course, if insincere, the execution of suspension system or program, avoids rogue program to spread further.But in local trust authentication method, how to ensure the security of trusted program list and ease for use just extremely important.
Summary of the invention
For solving the problem, the object of the invention provides a kind of generation method of trusted program list, and the Trusted List generated via this method is easy to use, and its security is simultaneously also very good.
The present invention discloses a kind of trusted program row table generating method based on TPM/VTPM, comprising:
Step 1, the startup configuration of change computer, changes by start-up mode as trusted program list generation mode into and setting data is sealed up for safekeeping or deblocking password, start-up simulation machine;
Step 2, the hash value of the Boot Loader (start-up loading device) sealing protection up for safekeeping is saved in the non-volatile memories of TPM or VTPM by BIOS; BIOS can only seal the Part I of protection Boot Loader up for safekeeping, and further part seals protection up for safekeeping by front portion;
Step 3, the hash value of the operating system nucleus and correlation module of sealing protection up for safekeeping is saved in the non-volatile memories of TPM or VTPM by Boot Loader;
Step 4, the trusted program list of the key or whole executable program, kernel module and dynamic base of sealing protection up for safekeeping is saved in file system specified file by operating system nucleus.
The described trusted program row table generating method based on TPM/VTPM, also comprises:
Step 5, the operating system nucleus of virtual machine will be saved in the data of VTPM non-volatile memories and step 4 file be saved in file system in step 2 and step 3, be transferred to the file system assigned address of management domain or main frame, and remove in step 2 and step 3 in the data and step 4 being saved in VTPM non-volatile memories the file be saved in file system; In the process used after virtual machine activation, virtual machine user cannot read these trusted program lists at all, further enhancing the security of these lists.
The described trusted program row table generating method based on TPM/VTPM, described step 2 also comprises:
Step 31, BIOS reads the relevant sectors of Boot Loader in startup medium in internal memory;
Step 32, calculates the hash value of the Boot Loader relevant sectors in internal memory, adds Hash array hashes1 to;
Step 33, the Seal function calling TPM or VTPM with data storage password seals protection hashes1 array up for safekeeping, and generate binary data blob1, wherein blob1 is nonvolatile data storage;
Step 34, DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob1 to TPM or VTPM, TPM or VTPM return data index i1, wherein DefineSpace is the space distributed from non-volatile memories, and data are write in the space of distribution by WriteValueAuth.
The described trusted program row table generating method based on TPM/VTPM, described step 3 also comprises:
Step 41, Boot Loader read operation system kernel and correlation module are in internal memory;
Step 42, the operating system nucleus in calculating internal memory and the hash value of correlation module, and add Hash array hashes2 respectively to;
Step 43, the Seal function calling TPM or VTPM with data storage password seals protection hashes2 array up for safekeeping, and generate binary data blob2, wherein blob2 is nonvolatile data storage;
Step 44, DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob2 to TPM or VTPM, TPM or VTPM return data index i2.
The described trusted program row table generating method based on TPM/VTPM, described step 4 also comprises:
Step 51, the configuration file of specifying in resolution file system, calculates the hash value of application program, kernel module and dynamic base described in configuration file respectively, two tuples that mark and the hash value by each program forms is saved in trusted program list array hashes3;
Step 52, the Seal function calling TPM or VTPM with data storage password seals protection hashes3 array up for safekeeping, and generate binary data blob3, wherein blob3 is nonvolatile data storage;
Step 53, is saved to blob3 in file system specified file fblob3.dat.
The described trusted program row table generating method based on TPM/VTPM, described step 5 also comprises:
Step 61, or first will be saved in the data dump of VTPM non-volatile memories in step 2 and step 3 in virtual machine file system specified file by the operating system nucleus of virtual machine, and remove in step 2 and step 3 data being saved in VTPM non-volatile memories, by application layer program these file transfer are deleted simultaneously these files in virtual machine after having started to the file system assigned address of management domain or main frame.
The described trusted program row table generating method based on TPM/VTPM, described step 61 also comprises:
Step 71, the ReadValueAuth function calling VTPM reads blob1, blob2 that in VTPM non-volatile memories, i1, i2 place preserves, and wherein ReadValueAuth reads the data in VTPM nonvolatile storage;
Step 72, passes to management domain or main frame by blob1 and blob2 and fblob3.dat by transmission means between the territory such as network or shared drive, and to be saved in management domain or host file system in specified file respectively;
Described management domain, refers to, in the TYPE1 virtual platform of XEN, provide the territory of management function of virtual machine;
Described main frame, refers to HOST in the TYPE2 virtual platform of KVM;
Step 73, the DefineSpace function calling VTPM removes blob1, blob2 that in the non-volatile memories of VTPM, i1, i2 place preserves;
Step 74, deletes virtual machine file system specified file fblob3.dat.
The present invention also discloses a kind of trusted program profile generation system based on TPM/VTPM, comprising:
Startup manager module, for changing the startup configuration of computer, changes by start-up mode as trusted program list generation mode into and setting data is sealed up for safekeeping or deblocking password, start-up simulation machine;
Patched BIOS module, for being saved in the non-volatile memories of TPM or VTPM by the hash value of the patched GRUB module of sealing protection up for safekeeping; BIOS can only seal the Part I of protection patched GRUB module up for safekeeping, and further part seals protection up for safekeeping by front portion;
Patched GRUB module, for being saved in the non-volatile memories of TPM or VTPM by the hash value blob2 of the operating system nucleus and correlation module of sealing protection up for safekeeping;
Patched operating system nucleus module, for being saved to the trusted program list of the key or whole executable program, kernel module and dynamic base of sealing protection up for safekeeping in file system specified file.
The described trusted program profile generation system based on TPM/VTPM, also comprises:
Trusted program list update module, for being saved in file transfer in the file system file system assigned address to management domain or main frame by being saved in patched BIOS module and patched GRUB module in the data of VTPM non-volatile memories and patched operating system nucleus module, and remove in the data and patched operating system nucleus module being saved in VTPM non-volatile memories in patched BIOS module and patched GRUB module the file be saved in file system.
The described trusted program profile generation system based on TPM/VTPM, described patched BIOS module also comprises:
Read medium module, for reading the relevant sectors of patched GRUB module in startup medium in internal memory;
Calculating hash value module, for calculating the hash value of the patched GRUB module relevant sectors in internal memory, adding Hash array hashes1 to;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes1 array up for safekeeping, and generate binary data blob1, wherein blob1 is nonvolatile data storage; DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob1 to TPM or VTPM, TPM or VTPM return data index i1, wherein DefineSpace is the space distributed from non-volatile memories, and data are write in the space of distribution by WriteValueAuth.
The described trusted program profile generation system based on TPM/VTPM, described patched GRUB module also comprises:
Read information module, for patched GRUB module read operation system kernel and operating system correlation module in internal memory;
Calculating hash value module, for calculating the hash value of operating system nucleus in internal memory and correlation module, and adding Hash array hashes2 respectively to;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes2 array up for safekeeping, and generate binary data blob2, wherein blob2 is nonvolatile data storage; DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob2 to TPM or VTPM, TPM or VTPM return data index i2.
The described trusted program profile generation system based on TPM/VTPM, described patched operating system nucleus module also comprises:
Resolve profile module, for the configuration file of specifying in resolution file system, calculate the hash value of application program, kernel module and dynamic base described in configuration file respectively, then two tuples that mark and the hash value by each program forms are saved in trusted program list array hashes3;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes3 array up for safekeeping, and generate binary data blob3, wherein blob3 is nonvolatile data storage; Afterwards blob3 is saved in file system specified file fblob3.dat.
The described trusted program profile generation system based on TPM/VTPM, described trusted program list update module also comprises:
Application management module, for the data dump of VTPM non-volatile memories will be saved in patched BIOS module and patched GRUB module in virtual machine file system specified file by the operating system nucleus of virtual machine, and remove the data being saved in VTPM non-volatile memories in patched BIOS module and patched GRUB module; By application layer program these file transfer are deleted simultaneously these files in virtual machine after virtual machine activation completes to the file system assigned address of management domain or main frame.
The described trusted program profile generation system based on TPM/VTPM, described application management module also comprises:
Call read data functional module, read for the ReadValueAuth function calling VTPM blob1, blob2 that in VTPM non-volatile memories, i1, i2 place preserves, wherein ReadValueAuth is read data;
Document transmission module, for by blob1 and blob2 and fblob3.dat by network or shared drive, between territory, transmission means passes to management domain or main frame, and to be saved in management domain or host file system in specified file respectively;
Described management domain, refers to, in the TYPE1 virtual platform of XEN, provide the territory of management function of virtual machine;
Described main frame, refers to HOST in the TYPE2 virtual platform of KVM;
Call DefineSpace functional module, remove for the DefineSpace function calling VTPM blob1, blob2 that in the non-volatile memories of VTPM, i1, i2 place preserves, DefineSpace for delete data from non-volatile memories; And delete virtual machine file system specified file fblob3.dat.
Beneficial effect of the present invention is:
Advantage of the present invention is to provide a kind of generation method being easy to use, safe trusted program list.In the process used after computer starting, malicious user at all cannot deblocking, distort the trusted program list generated via this method.If under virtual platform, virtual machine user cannot read or access these trusted program lists at all, further enhancing its security.But in the local trust authentication process of computer, each stage of normal boot process but can successfully deblocking, use these lists, be highly susceptible to using.The trusted program list that this method generates in sum is suitable in the local trust authentication method of computer very much, and the remote trusted checking that this method is compatible traditional simultaneously, has good market prospects and using value.
Accompanying drawing explanation
Fig. 1 is XEN virtual platform Linux of the present invention fully virtualized virtual machine Trusted List generation system structure chart;
Fig. 2 is fully virtualized virtual machine activation process schematic;
Fig. 3 is the generation method flow diagram of the trusted program list based on TPM;
Fig. 4 is the fully virtualized virtual machine configuration figure of Linux under XEN virtual platform;
Fig. 5 is the configuration file figure of the appointment trusted program list for operating system nucleus brief analysis.
Detailed description of the invention
Provide the specific embodiment of the present invention below, by reference to the accompanying drawings to invention has been detailed description.
Object of the present invention is just to provide a kind of generation method of trusted program list, and the Trusted List generated via this method is easy to use, and its security is simultaneously also very good.
In the method, for a kind of new start-up mode introduced by computer: trusted program list generation mode.In such a mode, each stage of start-up course generates according to the current state of TPM and only has this stage could the trusted program list of deblocking.In the process used after computer starting, malicious user at all cannot deblocking, distort these trusted program lists, ensure that their security, and then ensure that the validity of local trust authentication method.Simultaneously in the local trust authentication process of computer, each stage of normal boot process but can successfully deblocking, use these lists, therefore it is also highly susceptible to using.
Specifically, the generation method that the present invention is directed to trusted program list comprises the following steps:
A. change the startup configuration of computer, start-up mode is changed into trusted program list generation mode and setting data is sealed up for safekeeping or deblocking password p, start-up simulation machine.
Described " computer ", refer to TPM equipment is housed server, PC, terminal device and virtual platform on use VTPM(virtual credible platform module) fully virtualized virtual machine.
Described " sealing up for safekeeping ", the Seal(that referring to TPM or VTPM provides seals up for safekeeping) function.
Described " deblocking ", refers to the Unseal(deblocking that TPM or VTPM provides) function.
Described " data storage or deblocking password ", refer to seal up for safekeeping, deblocking data time TPM or VTPM the Dataauth (data authentication code) that provides is provided.
Hash value-the blob1 of the Boot Loader (start-up loading device) sealing protection up for safekeeping is saved in the non-volatile memories of TPM or VTPM by B.BIOS.Boot Loader(start-up loading device) start-up course may comprise some independent sectors, therefore BIOS may can only seal the Part I of protection Boot Loader up for safekeeping, and further part seals protection up for safekeeping by front portion.Its implementation is:
B1.BIOS reads the relevant sectors of Boot Loader in startup medium (disk or subregion) in internal memory.
B2. calculate the hash value of the Boot Loader relevant sectors in internal memory, add Hash array hashes1 to.
B3. be that the Seal function that data storage password calls TPM or VTPM seals protection hashes1 array up for safekeeping with p, generate binary data blob1.
B4. the DefineSpace(calling TPM or VTPM distributes one section of space from non-volatile memories) and WriteValueAuth(data are write in the space of distribution) function preserves the nonvolatile storage of blob1 to TPM or VTPM, TPM or VTPM return data index i1.
The hash value blob2 of the operating system nucleus and correlation module of sealing protection up for safekeeping is saved in the non-volatile memories of TPM or VTPM by C.Boot Loader, and its implementation is:
C1.Boot Loader read operation system kernel and correlation module are in internal memory.
C2. the operating system nucleus in calculating internal memory and the hash value of correlation module, and add Hash array hashes2 respectively to.
C3. be that the Seal function that data storage password calls TPM or VTPM seals protection hashes2 array up for safekeeping with p, generate binary data blob2.
C4. DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob2 to TPM or VTPM, TPM or VTPM return data index i2.
D. the trusted program list of the key or whole executable program, kernel module and dynamic base of sealing protection up for safekeeping is saved in file system specified file fblob3.dat by operating system nucleus, the file system specified file that described fblob3.dat refers to for application the present invention, is not limited to fblob3.dat in practical operation; Its concrete methods of realizing is:
The configuration file of D1. specifying in resolution file system, calculates the hash value of application program, kernel module and dynamic base described in configuration file respectively, two tuples that mark and the hash value by each program forms is saved in trusted program list array hashes3.
D2. be that the Seal function that data storage password calls TPM or VTPM seals protection hashes3 array up for safekeeping with p, generate binary data blob3.
D3. blob3 is saved in file system specified file fblob3.dat.
E. this step is optional step, if under virtual platform, blob1 and blob2 and fblob3.dat that are saved in VTPM non-volatile memories are transferred to the file system assigned address of management domain or main frame by the operating system nucleus of virtual machine, and blob1 and blob2 removed in VTPM non-volatile memories, in the process used after such virtual machine activation, virtual machine user cannot read these trusted program lists at all, further enhancing the security of these lists.Also first by the operating system nucleus of virtual machine, blob1 and blob2 of VTPM non-volatile memories can be dumped to virtual machine file system specified file fblob1.dat, fblob2.dat, and blob1 and blob2 removed in VTPM non-volatile memories, file system assigned address fblob1.dat, fblob2.dat and fblob3.dat being transferred to management domain or main frame by application layer program after having started deletes fblob1.dat, fblob2.dat and fblob3.dat in virtual machine simultaneously.Its concrete methods of realizing is:
E1. ReadValueAuth (read data) function calling VTPM reads blob1, blob2 that in VTPM non-volatile memories, i1, i2 place preserves.
E2. blob1 and blob2 and fblob3.dat is passed to management domain or main frame by transmission means between the territory such as network or shared drive, and to be saved in management domain or host file system in specified file respectively.
Described " management domain ", refers in the TYPE1 virtual platforms such as XEN, provides the territory of management function of virtual machine, the domain-0 (first territory that XEN starts) in such as XEN.
Described " main frame ", refers to HOST in the TYPE2 virtual platforms such as KVM.
E3. the DefineSpace function calling VTPM removes blob1, blob2 that in the non-volatile memories of VTPM, i1, i2 place preserves.
E4. the fblob3.dat in virtual machine file system is deleted.
The present invention comprise simultaneously use GRUB(start-up loading device) and (SuSE) Linux OS XEN virtual platform under fully virtualized virtual machine Trusted List generation method system as shown in Figure 1, this system is made up of following module:
1) start administration module: the start-up mode configuration information that parsing user provides and data storage deblocking encrypted message, and these information securities are submitted to patched BIOS module.In addition, the data that the VTPM of XEN cannot use VTPM to preserve last time, be mainly manifested in the same virtual machine each run of following two aspect: A., VTPM uses the same virtual machine each run of different instance number B., and VTPM uses different EK (Endorsement Key).This module mainly revises some logic errors of VTPM.
2) patched BIOS: except the patch of TCG-BIOS (credible BIOS) is got to BIOS (being called hvmloader in XEN) upper except, also need to increase the code that reads stage1, start, stage1_5 of starting patched GRUB in medium and call the code that VTPM carries out data storage, read-write non-volatile stores.
3) patched GRUB: except being got to except on GRUB by the patch of TCG-GRUB (credible GRUB), also needs to increase at stage1_5 and stage2 of patched GRUB to call the code that VTPM carries out data storage, read-write non-volatile stores.
4) patched operating system nucleus: need TPM to drive and disk drive is compiled in kernel, needs the configuration file that brief analysis is specified simultaneously, and calculates their hash value, and call VTPM and carry out data storage, Trusted List dump etc.
5) trusted program list update module: comprise client and service end two parts, client is positioned at General Virtual Machine, the trusted program listing file of specifying in its file reading system, and is transferred to server end; Service end is positioned at management domain, and it receives the data that client is sent, and is kept in the disk of management domain.
The described trusted program profile generation system based on TPM/VTPM, described patched BIOS module also comprises:
Read medium module, for reading the relevant sectors of patched GRUB module in startup medium in internal memory;
Calculating hash value module, for calculating the hash value of the patched GRUB module relevant sectors in internal memory, adding Hash array hashes1 to;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes1 array up for safekeeping, and generate binary data blob1, wherein blob1 is nonvolatile data storage; DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob1 to TPM or VTPM, TPM or VTPM return data index i1, wherein DefineSpace is the space distributed from non-volatile memories, and data are write in the space of distribution by WriteValueAuth.
The described trusted program profile generation system based on TPM/VTPM, described patched GRUB module also comprises:
Read information module, for patched GRUB module read operation system kernel and operating system correlation module in internal memory;
Calculating hash value module, for calculating the hash value of operating system nucleus in internal memory and correlation module, and adding Hash array hashes2 respectively to;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes2 array up for safekeeping, and generate binary data blob2, wherein blob2 is nonvolatile data storage; DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob2 to TPM or VTPM, TPM or VTPM return data index i2.
The described trusted program profile generation system based on TPM/VTPM, described patched operating system nucleus module also comprises:
Resolve profile module, for the configuration file of specifying in resolution file system, calculate the hash value of application program, kernel module and dynamic base described in configuration file respectively, then two tuples that mark and the hash value by each program forms are saved in trusted program list array hashes3;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes3 array up for safekeeping, and generate binary data blob3, wherein blob3 is nonvolatile data storage; Afterwards blob3 is saved in file system specified file fblob3.dat.
The described trusted program profile generation system based on TPM/VTPM, described trusted program list update module also comprises:
Application management module, for the data dump of VTPM non-volatile memories will be saved in patched BIOS module and patched GRUB module in virtual machine file system specified file by the operating system nucleus of virtual machine, and remove the data being saved in VTPM non-volatile memories in patched BIOS module and patched GRUB module; By application layer program these file transfer are deleted simultaneously these files in virtual machine after virtual machine activation completes to the file system assigned address of management domain or main frame.
The described trusted program profile generation system based on TPM/VTPM, described application management module also comprises:
Call read data functional module, read for the ReadValueAuth function calling VTPM blob1, blob2 that in VTPM non-volatile memories, i1, i2 place preserves, wherein ReadValueAuth is read data;
Document transmission module, for by blob1 and blob2 and fblob3.dat by network or shared drive, between territory, transmission means passes to management domain or main frame, and to be saved in management domain or host file system in specified file respectively;
Described management domain, refers to, in the TYPE1 virtual platform of XEN, provide the territory of management function of virtual machine;
Described main frame, refers to HOST in the TYPE2 virtual platform of KVM;
Call DefineSpace functional module, remove for the DefineSpace function calling VTPM blob1, blob2 that in the non-volatile memories of VTPM, i1, i2 place preserves, DefineSpace for delete data from non-volatile memories; And delete virtual machine file system specified file-fblob3.dat.
Below in conjunction with accompanying drawing, the invention will be further described to generate embodiment by the Trusted List of virtual machine fully virtualized under XEN virtual platform (using GRUB, (SuSE) Linux OS).
Realize an application system as shown in Figure 1, this system comprises startup administration module as shown in the figure, patched BIOS, patched GRUB, patched operating system nucleus, trusted program list update module 5 modules.
The start-up course of this virtual machine is very similar to the start-up course of General Physics machine, as shown in Figure 2: be first that BIOS runs after system power-up (virtual machine activation); BIOS loads GRUB, first loads the GRUB stage1 being positioned at and starting medium first sector, and GRUB stage1 loads the GRUB start being positioned at and starting medium second sector afterwards, and then GRUB start loads GRUB stage1_5; Stage1_5 loads and is arranged in/boot file system GRUB stage2; Last stage2 resolves GRUB configuration file, the corresponding operating system nucleus of on-demand loading.
The flow chart of method as shown in Figure 3.The inventive method comprises:
A. change fully virtualized virtual machine configuration, start-up mode changed into Trusted List generate pattern and provide data storage deblocking password-welltt, start virtual machine, startup manager resolves these information, and they are passed to patched BIOS safely.Needverify=2 (Trusted List generate pattern) and authstring=" welltt " as shown in Figure 4.
The hash value blob1 of stage1, start and stage1_5 of sealing the patched GRUB of protection up for safekeeping is saved in the non-volatile memories of VTPM by B.patched BIOS; The hash value blob2 of the stage2 sealing the patched GRUB of protection up for safekeeping is saved in the non-volatile memories of VTPM by the stage1_5 of patched GRUB;
The hash value blob3 of the patched operating system nucleus sealing protection up for safekeeping is saved in the non-volatile memories of VTPM by C.patched GRUB stage2;
The trusted program list of the key or whole executable program, kernel module and dynamic base of sealing protection up for safekeeping is saved in file system specified file fblob4.dat by D.patched operating system nucleus.
As shown in Figure 5, can in configuration file assigned operation type: MERGE (newly-increased a program to be verified to trusted program list), REPLACE (replacement), OTHER (other), the type of program to be verified can be specified: executable program (ELF), APP_END (terminate mark, after having verified a program, trust authentication terminates), kernel module (KO) and dynamic base (SO), also the ID of program to be verified (kernel module module name identifies, and other identifies with Program path) can be specified.
E. by the patched operating system nucleus of virtual machine by the blob1 of VTPM non-volatile memories, blob2 and blob3 is dumped to file system specified file fblob1.dat, fblob2.dat and fblob3.dat, and the blob1 removed in VTPM non-volatile memories, blob2 and blob3, after having started by the client of trusted program list update module by fblob1.dat, fblob2.dat, fblob3.dat and fblob4.dat is transferred to the server end of the trusted program list update module being positioned at management domain or main frame, the client of trusted program list update module deletes the fblob1.dat in virtual machine simultaneously, fblob2.dat, fblob3.dat and fblob4.dat, finally, these files are saved in file system assigned address by the server end of trusted program list update module.
Those skilled in the art, under the condition not departing from the spirit and scope of the present invention that claims are determined, can also carry out various amendment to above content.Therefore scope of the present invention is not limited in above explanation, but determined by the scope of claims.
Claims (14)
1., based on a trusted program row table generating method of TPM/VTPM, it is characterized in that, comprising:
Step 1, the startup configuration of change computer, changes by start-up mode as trusted program list generation mode into and setting data is sealed reconciliation up for safekeeping and is sealed code, start-up simulation machine;
Step 2, the blob1 of the hash value sealing the Boot Loader of protection up for safekeeping is saved in the non-volatile memories of TPM or VTPM by BIOS; BIOS can only seal the Part I of protection Boot Loader up for safekeeping, and further part seals protection up for safekeeping by the Part I of Boot Loader;
Step 3, the blob2 of the hash value of the operating system nucleus and correlation module of sealing protection up for safekeeping is saved in the non-volatile memories of TPM or VTPM by Boot Loader;
Step 4, the blob3 of the hash value of the key or whole executable program, kernel module and dynamic base of sealing protection up for safekeeping is saved in file system specified file by operating system nucleus.
2., as claimed in claim 1 based on the trusted program row table generating method of TPM/VTPM, it is characterized in that, also comprise:
Step 5, the operating system nucleus of virtual machine will be saved in the data of VTPM non-volatile memories and step 4 file be saved in file system in step 2 and step 3, be transferred to the file system assigned address of management domain or main frame, and remove in step 2 and step 3 in the data and step 4 being saved in VTPM non-volatile memories the file be saved in file system; In the process used after virtual machine activation, virtual machine user cannot read these trusted program lists at all, further enhancing the security of these lists.
3., as claimed in claim 1 based on the trusted program row table generating method of TPM/VTPM, it is characterized in that, described step 2 also comprises:
Step 31, BIOS reads the relevant sectors of Boot Loader in startup medium in internal memory;
Step 32, calculates the hash value of the Boot Loader relevant sectors in internal memory, adds Hash array hashes1 to;
Step 33, the Seal function calling TPM or VTPM with data storage password seals protection hashes1 array up for safekeeping, and generate binary data blob1, wherein blob1 is nonvolatile data storage;
Step 34, DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob1 to TPM or VTPM, TPM or VTPM return data index i 1, wherein DefineSpace is the space distributed from non-volatile memories, and data are write in the space of distribution by WriteValueAuth.
4., as claimed in claim 1 based on the trusted program row table generating method of TPM/VTPM, it is characterized in that, described step 3 also comprises:
Step 41, Boot Loader read operation system kernel and correlation module are in internal memory;
Step 42, the operating system nucleus in calculating internal memory and the hash value of correlation module, and add Hash array hashes2 respectively to;
Step 43, the Seal function calling TPM or VTPM with data storage password seals protection hashes2 array up for safekeeping, and generate binary data blob2, wherein blob2 is nonvolatile data storage;
Step 44, DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob2 to TPM or VTPM, TPM or VTPM return data index i2.
5., as claimed in claim 1 based on the trusted program row table generating method of TPM/VTPM, it is characterized in that, described step 4 also comprises:
Step 51, the configuration file of specifying in resolution file system, calculates the hash value of profileapplied program, kernel module and dynamic base respectively, two tuples that mark and the hash value by each program forms is saved in trusted program list array hashes3;
Step 52, the Seal function calling TPM or VTPM with data storage password seals protection hashes3 array up for safekeeping, and generate binary data blob3, wherein blob3 is nonvolatile data storage;
Step 53, is saved to blob3 in file system specified file fblob3.dat.
6., as claimed in claim 2 based on the trusted program row table generating method of TPM/VTPM, it is characterized in that, described step 5 also comprises:
Step 61, or first will be saved in the data dump of VTPM non-volatile memories in step 2 and step 3 in virtual machine file system specified file by the operating system nucleus of virtual machine, and remove in step 2 and step 3 data being saved in VTPM non-volatile memories, by application layer program these file transfer are deleted simultaneously these files in virtual machine after having started to the file system assigned address of management domain or main frame.
7., as claimed in claim 6 based on the trusted program row table generating method of TPM/VTPM, it is characterized in that, described step 61 also comprises:
Step 71, the ReadValueAuth function calling VTPM reads blob1, blob2 that in VTPM non-volatile memories, i1, i2 place preserves, and wherein ReadValueAuth reads the data in VTPM nonvolatile storage;
Step 72, by blob1 and blob2 and fblob3.dat by transmission means between network domains or between shared drive territory transmission means pass to management domain or main frame, and to be saved in management domain or host file system in specified file respectively;
Described management domain, refers to, in the TYPE1 virtual platform of XEN, provide the territory of management function of virtual machine;
Described main frame, refers to HOST in the TYPE2 virtual platform of KVM;
Step 73, the DefineSpace function calling VTPM removes blob1, blob2 that in the non-volatile memories of VTPM, i1, i2 place preserves;
Step 74, deletes virtual machine file system specified file fblob3.dat.
8., based on a trusted program profile generation system of TPM/VTPM, it is characterized in that, comprising:
Startup manager module, for changing the startup configuration of computer, changes by start-up mode as trusted program list generation mode into and setting data is sealed reconciliation up for safekeeping and is sealed code, start-up simulation machine;
Patched BIOS module, the blob1 for the hash value of the patched GRUB module by sealing protection up for safekeeping is saved in the non-volatile memories of TPM or VTPM; BIOS can only seal the Part I of protection patched GRUB module up for safekeeping, and further part seals protection up for safekeeping by the Part I of patched GRUB module;
Patched GRUB module, the blob2 for the hash value by the operating system nucleus and correlation module of sealing protection up for safekeeping is saved in the non-volatile memories of TPM or VTPM;
Patched operating system nucleus module, the blob3 for the hash value by the key or whole executable program, kernel module and dynamic base of sealing protection up for safekeeping is saved in file system specified file.
9., as claimed in claim 8 based on the trusted program profile generation system of TPM/VTPM, it is characterized in that, also comprise:
Trusted program list update module, for being saved in file transfer in the file system file system assigned address to management domain or main frame by being saved in patched BIOS module and patched GRUB module in the data of VTPM non-volatile memories and patched operating system nucleus module, and remove in the data and patched operating system nucleus module being saved in VTPM non-volatile memories in patched BIOS module and patched GRUB module the file be saved in file system.
10., as claimed in claim 8 based on the trusted program profile generation system of TPM/VTPM, it is characterized in that, described patched BIOS module also comprises:
Read medium module, for reading the relevant sectors of patched GRUB module in startup medium in internal memory;
Calculating hash value module, for calculating the hash value of the patched GRUB module relevant sectors in internal memory, adding Hash array hashes1 to;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes1 array up for safekeeping, and generate binary data blob1, wherein blob1 is nonvolatile data storage; DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob1 to TPM or VTPM, TPM or VTPM return data index i1, wherein DefineSpace is the space distributed from non-volatile memories, and data are write in the space of distribution by WriteValueAuth.
11. as claimed in claim 8 based on the trusted program profile generation system of TPM/VTPM, and it is characterized in that, described patched GRUB module also comprises:
Read information module, for patched GRUB module read operation system kernel and operating system correlation module in internal memory;
Calculating hash value module, for calculating the hash value of operating system nucleus in internal memory and correlation module, and adding Hash array hashes2 respectively to;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes2 array up for safekeeping, and generate binary data blob2, wherein blob2 is nonvolatile data storage; DefineSpace and the WriteValueAuth function calling TPM or VTPM preserves the nonvolatile storage of blob2 to TPM or VTPM, TPM or VTPM return data index i2.
12. as claimed in claim 8 based on the trusted program profile generation system of TPM/VTPM, and it is characterized in that, described patched operating system nucleus module also comprises:
Resolve profile module, for the configuration file of specifying in resolution file system, calculate the hash value of profileapplied program, kernel module and dynamic base respectively, then two tuples that mark and the hash value by each program forms are saved in trusted program list array hashes3;
Call and seal functional module up for safekeeping, the Seal function for calling TPM or VTPM with data storage password seals protection hashes3 array up for safekeeping, and generate binary data blob3, wherein blob3 is nonvolatile data storage; Afterwards blob3 is saved in file system specified file fblob3.dat.
13. as claimed in claim 9 based on the trusted program profile generation system of TPM/VTPM, and it is characterized in that, described trusted program list update module also comprises:
Application management module, for the data dump of VTPM non-volatile memories will be saved in patched BIOS module and patched GRUB module in virtual machine file system specified file by the operating system nucleus of virtual machine, and remove the data being saved in VTPM non-volatile memories in patched BIOS module and patched GRUB module; By application layer program these file transfer are deleted simultaneously these files in virtual machine after virtual machine activation completes to the file system assigned address of management domain or main frame.
14. as claimed in claim 13 based on the trusted program profile generation system of TPM/VTPM, and it is characterized in that, described application management module also comprises:
Call read data functional module, read for the ReadValueAuth function calling VTPM blob1, blob2 that in VTPM non-volatile memories, i1, i2 place preserves, wherein ReadValueAuth is read data;
Document transmission module, for by blob1 and blob2 and fblob3.dat by transmission means between network domains or between shared drive territory transmission means pass to management domain or main frame, and to be saved in management domain or host file system in specified file respectively;
Described management domain, refers to, in the TYPE1 virtual platform of XEN, provide the territory of management function of virtual machine;
Described main frame, refers to HOST in the TYPE2 virtual platform of KVM;
Call DefineSpace functional module, remove for the DefineSpace function calling VTPM blob1, blob2 that in the non-volatile memories of VTPM, i1, i2 place preserves, DefineSpace for delete data from non-volatile memories; And delete virtual machine file system specified file fblob3.dat.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210160589.2A CN102722665B (en) | 2012-05-22 | 2012-05-22 | Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210160589.2A CN102722665B (en) | 2012-05-22 | 2012-05-22 | Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102722665A CN102722665A (en) | 2012-10-10 |
| CN102722665B true CN102722665B (en) | 2015-04-29 |
Family
ID=46948422
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210160589.2A Active CN102722665B (en) | 2012-05-22 | 2012-05-22 | Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102722665B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104715183B (en) * | 2013-12-13 | 2018-06-01 | 中国移动通信集团公司 | A kind of trust authentication method and apparatus during virtual machine operation |
| FR3028069B1 (en) * | 2014-11-05 | 2016-12-09 | Oberthur Technologies | METHOD FOR LOADING SAFE MEMORY FILE IN AN ELECTRONIC APPARATUS AND ASSOCIATED ELECTRONIC APPARATUS |
| CN104796427A (en) * | 2015-04-30 | 2015-07-22 | 浪潮电子信息产业股份有限公司 | Method and device for trusted cloud host static measurement based on Trust Grub |
| CN104866392A (en) * | 2015-05-20 | 2015-08-26 | 浪潮电子信息产业股份有限公司 | Virtual machine security protection method and apparatus |
| CN105159847A (en) * | 2015-08-12 | 2015-12-16 | 北京因特信安软件科技有限公司 | Disk change record method based on trusted chip |
| CN105224875B (en) * | 2015-11-13 | 2018-04-06 | 上海斐讯数据通信技术有限公司 | The secure startup system and method for a kind of terminal |
| CN106936768B (en) * | 2015-12-29 | 2020-04-10 | 大唐高鸿信安(浙江)信息科技有限公司 | White list network control system and method based on trusted chip |
| CN109951284A (en) * | 2017-12-20 | 2019-06-28 | 北京可信华泰信息技术有限公司 | A kind of authenticating safe state method and terminal |
| CN108229179A (en) * | 2018-01-31 | 2018-06-29 | 郑州云海信息技术有限公司 | A kind of method, apparatus, equipment and storage medium for improving security of system |
| CN108596598A (en) * | 2018-04-27 | 2018-09-28 | 北京可信华泰信息技术有限公司 | A kind of update method of trusted software list |
| CN110647740B (en) * | 2018-06-27 | 2023-12-05 | 复旦大学 | Container trusted starting method and device based on TPM |
| CN109255242A (en) * | 2018-09-18 | 2019-01-22 | 郑州云海信息技术有限公司 | A kind of method and system based on the guidance virtual machine starting of credible UEFI firmware |
| CN111177799B (en) * | 2019-12-31 | 2022-07-05 | 奇安信科技集团股份有限公司 | Security protection method, system, computer device and computer-readable storage medium |
| US11907375B2 (en) | 2021-04-13 | 2024-02-20 | Hewlett Packard Enterprise Development Lp | System and method for signing and interlocking a boot information file to a host computing system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080148387A1 (en) * | 2006-10-18 | 2008-06-19 | Madina Shab H | Trusted platform module management system and method |
| CN101038556B (en) * | 2007-04-30 | 2010-05-26 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
-
2012
- 2012-05-22 CN CN201210160589.2A patent/CN102722665B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102722665A (en) | 2012-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102722665B (en) | Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) | |
| US9729579B1 (en) | Systems and methods for increasing security on computing systems that launch application containers | |
| US8151262B2 (en) | System and method for reporting the trusted state of a virtual machine | |
| US7853804B2 (en) | System and method for secure data disposal | |
| KR100930218B1 (en) | Method, apparatus and processing system for providing a software-based security coprocessor | |
| Skillen et al. | On implementing deniable storage encryption for mobile devices | |
| US10614238B2 (en) | Data protection method and apparatus | |
| US9465943B2 (en) | Extension of a platform configuration register with a known value | |
| CN107545184A (en) | The credible measurement system and method for cloud main frame | |
| US20080059799A1 (en) | Mechanisms to control access to cryptographic keys and to attest to the approved configurations of computer platforms | |
| US11693952B2 (en) | System and method for providing secure execution environments using virtualization technology | |
| US20100115625A1 (en) | Policy enforcement in trusted platforms | |
| JP2016129071A (en) | System and method for kernel rootkit protection in hypervisor environment | |
| CN104956374A (en) | A method for software anti-rollback recovery | |
| CN103455756B (en) | A kind of course control method based on trust computing | |
| CN103914658A (en) | Safe starting method of terminal equipment, and terminal equipment | |
| CN104751063A (en) | Operation system trusted guide method based on real mode technology | |
| CN104573527A (en) | UEFI system updating method based on updating security mechanism | |
| CN114402295A (en) | Secure runtime system and method | |
| CN109766688B (en) | Merkle tree-based Linux program runtime verification and management and control method and system | |
| US10169584B1 (en) | Systems and methods for identifying non-malicious files on computing devices within organizations | |
| Kaczmarek et al. | Operating system security by integrity checking and recovery using write‐protected storage | |
| Xie et al. | Enabling accurate data recovery for mobile devices against malware attacks | |
| US8844024B1 (en) | Systems and methods for using tiered signing certificates to manage the behavior of executables | |
| Harris et al. | Building a trusted image for embedded systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240320 Address after: Room 711C, Floor 7, Building A, Yard 19, Ronghua Middle Road, Daxing District, Beijing Economic-Technological Development Area, 100176 Patentee after: Beijing Zhongke Flux Technology Co.,Ltd. Country or region after: China Address before: 100190 No. 6 South Road, Zhongguancun Academy of Sciences, Beijing, Haidian District Patentee before: Institute of Computing Technology, Chinese Academy of Sciences Country or region before: China |