CN101122936A - Embed type platform guiding of credible mechanism - Google Patents
Embed type platform guiding of credible mechanism Download PDFInfo
- Publication number
- CN101122936A CN101122936A CN 200710053330 CN200710053330A CN101122936A CN 101122936 A CN101122936 A CN 101122936A CN 200710053330 CN200710053330 CN 200710053330 CN 200710053330 A CN200710053330 A CN 200710053330A CN 101122936 A CN101122936 A CN 101122936A
- Authority
- CN
- China
- Prior art keywords
- tpm
- bootloader
- external unit
- platform
- embedded platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an embedded platform guide on a creditable mechanism, i. e.: placing the embedded platform and a TPM together, and using the TPM to support safety and creditability of the embedded platform; In accordance with the creditability completeness measuring roots and prior to running of the CPU of the embedded platform, the TPM carries out completeness verification for the Bootloader and the operation system which are stored in the embedded platform to ensure that the software executable codes in the platform startup chain is not modified, and then permits the CPU of the embedded platform to read the Bootloader for startup; and the TPM controls the startup process and measures completeness and reliability of the appointed external devices as well as initializes the external devices. The invention is used for completeness measuring of the Bootloader executed at the platform in accordance with the creditability chain structure, ensuring good completeness of the Bootloader, and realizing a reporting mechanism in a creditable environment with a TPM monitoring.
Description
Technical field
The present invention relates to a kind of embedded device the unloading phase to external unit, particularly the storage-type external unit carries out the architecture of safety detection.
Background technology
There is the following potential safety hazard in conventional computer system: computing machine is soft, hardware configuration is simple, causes computer resource to be free to use, especially run time version can revise, implantable rogue program; Virus utilizes computer operating system to the weakness that run time version does not carry out consistency check, and viral code is embedded into the run time version program, realizes virus disseminating or the like.Therefore, must consider soft, the hardware configuration of traditional computing machine are transformed.
TCG (Trust Computing Group, Trusted Computing tissue) has proposed the notion of " chain-of-trust " and " credible tolerance ", comprise system platform trust metrics, storage, report the trusted mechanism that these are a series of.TCG thinks: if computer system is by received initial " trusted root " beginning, when the conversion of control each time of system platform, by integrity measurement, this trust can be passed to next control module, so the platform computing environment is believable all the time.TCG has defined credible platform module (the Trust Platform Module with security function in the standard [1] of its issue, TPM), by in computer system, embedding a trusted root that can resist the independent computing engines distorted as plateform system, by trust chain mechanism, trust is expanded to whole platform again.
The platform start-up course is the important transition from the hardware domain to the software domain, realizes that therefore the platform of safety starts significant to the safety of total system.
After embedded platform started, the first's guidance code that is moved was called Bootloader (platform boot program).Bootloader is serious the dependence and hardware, at different embedded platforms different Bootloader is arranged, but its basic function all is: platform powers on, is provided with the CPU frequency of operation, interruption is set, initialization kernal hardware equipment, set up memory headroom mapping, the required external unit of initialization section, from the Flash memory device, operating system nucleus is copied to the predetermined memory headroom then, user configured start-up parameter is transmitted linux system, jump to the start address operation system of operating system nucleus subsequently.
Because embedded platform does not generally have configuration ROM (ROM (read-only memory)), Bootloader is stored in this read-write storage medium of Flash usually, is subjected to the malicious attack from the outside easily.Malicious attacker can attempt Bootloader is distorted and destroys, with the purpose of scheming to reach control or destroying total system.
Present some architecture improvement projects that adopt, as rely on USB key, smart card to carry out authentication and integrity measurement, the problem that all exists is: the root of trust of embedded system depends on start-up routine Bootloader, if Bootloader is maliciously tampered, then can cross authentication mode start-up systems such as USB key.So this class scheme remains by means of the software mode chain that breaks the wall of mistrust.Given this threaten, can consider to introduce hardware protection mechanism--TPM, be used to protect the integrality of Bootloader.
Existing Bootloader does not detect external unit in initialization external unit process, but but the supposition external unit all is an operate as normal, safe and reliable.Yet the assailant might insert illegal external unit by adding, change, replace means such as external unit, to scheme when embedded platform is worked the important information of collecting platform, destruction platform operate as normal.
If will get rid of above-mentioned potential danger,, physical equipment is mapped to file manages because (SuSE) Linux OS adopts Virtual File System mechanism at operating system layer.Must by a relatively large margin modification be arranged to Linux Drive Layer source code, difficulty is big, and the predictability of revising the result is poor.Therefore, in the Bootloader vectoring phase external unit being detected is a strategy preferably.
Summary of the invention
Technical matters to be solved by this invention is: expand thought in conjunction with credible measurement, credible report, chain-of-trust, design the embedded platform guidance mode on a kind of trusted mechanism, this mode utilizes TPM to provide independence, hardware mode to realize the credible startup of embedded platform based on the current conditions of built-in Linux operating system start-up course on embedded platform.
The technical scheme that the present invention solves its technical matters employing is: embedded platform and TPM are combined, support the security and the credibility of embedded platform with TPM; TPM at first will be according to credible integrity measurement root, before embedded platform CPU starts working, carry out integrity verification to being stored on the embedded platform part that comprises Bootloader, operating system among the Flash, to guarantee that the software executable code that platform starts in the chain is not distorted, allow embedded platform CPU to read Bootloader thereafter again and start; Because Bootloader opens source code, TPM can control the trend of each step in the start-up course according to step-by-step system, and in the initialization external unit, the external unit of appointment is carried out integrality, reliability measurement, realize credible measurement and report mechanism; TPM is a credible platform module, and Bootloader is the embedded platform boot.
Method provided by the invention compared with prior art has following major advantage:
One. adopt the hardware root of trust of separate hardware unit TPM, so TPM just started working before the embedded platform initialization as whole embedded system; Under supporting, TPM can make the Bootloader of operation guarantee good integrality according to chain of trust structure to carrying out integrity measurement in the Bootloader boot that embedded platform is carried out.
They are two years old. owing to used, guarantee under the trusted context that has the TPM monitoring, to carry out that embedded main platform initialization, external unit detect, operating system is written into, work such as the operating system parameter is imported into, operating system by trust chain mechanism through the Bootloader after credibleization.
They are three years old. and a complete credible startup system from hardware to software be can form, credible measurement and report mechanism realized.
Description of drawings
Fig. 1 is the structural relation figure of embedded platform and TPM.
Fig. 2 is for revising back Bootloader overall flow synoptic diagram.
Fig. 3 is the star trust chain synoptic diagram that has TPM.
Fig. 4 is an external unit function process flow diagram.
Embodiment
The invention discloses a kind of embedded platform that is based upon on the trusted mechanism and start guidance mode, specifically: according to the architecture characteristics of trusted system, with embedded platform and TPM hardware module (wherein, the TPM hardware module comprises credible measurement root, credible report root, three parts of trusted storage root) combine, the initialization of embedded platform use have chain of trust structure, on the basis of vivi (a kind of Bootloader) improved Bootloader, this Bootloader is cured in the Flash storer of platform.TPM at first according to the startup of credible integrity measurement root from system, carries out integrity verification to Bootloader, operating system etc., guarantees that the software that platform starts in the chain is not distorted, and allows CPU to read Bootloader again and starts.Because Bootloader opens source code, support that through the Bootloader after credibleization TPM controls by step-by-step system: each step all is under the believable monitoring of TPM in the embedded platform start-up course, and in the initialization external unit, external unit to appointment under TPM supports carries out integrality, reliability measurement, and realizes credible measurement and report mechanism.Above-mentioned route meets credible platform and starts suggestion.
Above-mentioned embedded platform provided by the invention starts guidance mode, specifically is the method that adopts following steps:
(1) the embedded platform system by a hardware independently TPM at first start as the control platform; By TPM the Bootloader of embedded platform is carried out integrity measurement;
(2) if the Bootloader integrity measurement by TPM not, TPM then by the hardware mechanisms of self, sends " No starting " signal, forbids that embedded platform starts;
(3) if Bootloader passes through integrity detection, then TPM authorizes the power that the Bootloader program is carried out at embedded platform;
(4) core board of use Bootloader initialization embedded platform comprises the setting of platform frequency of operation, interrupt vector table configuration, internal memory planning;
(5) the Bootloader master routine calls the external unit related function of appointment, and external unit is carried out initialization, and maintenance and TPM's is mutual in this process;
(6) Bootloader detect external unit whether can operate as normal, Bootloader keeps in this testing result;
(7) Bootloader judges whether external unit is previous access, used equipment, Bootloader reads external unit identifier, and with TPM in the previous identifier of preserving compare: if identical, think that then the integrality of this external unit is not damaged; If different, think that then this external unit integrality has been subjected to destruction; Bootloader keeps in this testing result;
(8) the Bootloader master routine passes to TPM with above external unit testing result, and TPM will differentiate according to the security strategy that sets in advance, and external unit is divided into credible and insincere two classes, and TPM carries out the management of external unit according to this thereafter;
(9) in the process of system works after this, when operating system will be used certain external unit, need send request to TPM, TPM will according to the unloading phase testing result, allow use request, and ban use of incredible external unit credible external unit; The situation that detected external unit can not use in system can join in the record of TPM and go, but disabled external unit is reactivated.
The invention will be further described below in conjunction with accompanying drawing, but be not limited to the present invention.
1. trust chain theoretical foundation (referring to Fig. 3)
Credible platform module (TPM) but be the entity that the software and hardware combining of telecommunications services can be provided, security system, reliability, availability, information and behavior can be provided.TPM forms initial trust boundary as the trusted root of whole computer system platform by trusted root.Platform and user carry out authentication by certificate, and the certificate of platform is stored among the TPM, with the platform hardware binding, thereby make platform that unique identity be arranged.Here suppose that TPM hardware is can not be ruined.
It is from trusted root (CTRM) that platform starts, and at first by trusted root first platform component that will carry out (being Bootloader) is carried out credible tolerance, after detection is passed through, includes these parts in trust boundary, allows its execution.Basic credible platform thinking is a chain type: at first make up a root of trust, the chain that breaks the wall of mistrust again begins to hardware platform, to Bootloader, again to OS and application from root of trust, authentication step by step, thus trust chain is expanded to total system.
Hypothetical model is divided into three layers: the TPM platform; Bootloader; OS.And with T (TPM), the trust domain set of formal respectively expression TPM of T (Bootloader) and Bootloader.
Had by the chain type trust model, rule is T (TPM) → Bootloader 1.; Rule is T (Bootloader) → OS 2.; 1. and recurrence relation 2. then, infer 3. T (TPM) → OS of rule by.
At first, after repeatedly transmitting step by step, the intensity of trust chain can constantly weaken, thereby may have influence on the security of whole trusting relationship system.Secondly, any one link in the trust chain is broken the safety that all can destroy total system.Once more, multi-level excessively call can the reduction system work efficiency.
Another kind of trust model one hub-and-spoke configuration is the expansion of chain type model.After root of trust begins from hardware platform, not only can directly measure the integrality of Bootloader, and can extend to the OS layer to the direct tolerance of this TPM, even go (specifically extend to that stage can determine according to actual conditions) in the application layer, thereby the trusting relationship of total system is radial hub-and-spoke configuration.
1. T (TPM) → Bootloader is promptly arranged; Rule is T (TPM) → OS 2..2. rule wherein also is prerequisite, rather than releases rule, and whole trust chain does not have transitivity, has avoided trust strength weakening in transmittance process.Secondly, because the security of TPM, TPM directly can not destroy this link that Bootloader and operating system are measured.
Star-like chain of trust structure realizes that difficulty is big, to the processing power of TPM with the judgement of upper strata behavior is required very high, but adopts the star trust chain structure, makes that the trusted sources of total system is unique, can guarantee the intensity of whole chain of trust relationship.
To above two kinds of chain of trust structure, can choose according to the needs of specific implementation.
2. storage
Bootloader and operating system all leave in the limited Flash storage space of write operation, partly store as ROM in logic, and by TPM control, the user side does not allow this storage area is carried out write operation.
3. external unit testing process
Enter the detailed process following (referring to Fig. 2, Fig. 4) behind certain external device processes function:
1) device power;
Whether can operate as normal, if not all right then to 6 if 2) detecting the external unit register);
3) the external unit register is set, makes external unit enter normal mode of operation;
Whether 4) differentiate it is the equipment that inserts before, if not, jump to 6);
5) integrality of detection of stored type external unit is if integrality is good, then to 7);
6) be labeled as insincere equipment, jump to 9);
7) mark can operate as normal, believable external unit, and passes to TPM as parameter;
8) withdraw from the processing function of such external unit.
4. at the explanation of a few class external units:
Here external unit is divided into two types: communication type external unit and storage-type external unit.The communication type external unit has only control information and status information, does not have data message.The storage-type external unit then comprises control information, status information and data message.
Belong to having of communication type external unit: serial line interface (UART), I2C interface, USB interface.Belong to having of storage-type external unit: the SD storage card.
List of references:
[1]TCG?Specification?Architecture?Overview(Version1.2);
[2]ZHAO?Bo,ZHANG?Huanguo,HUANG?Rui,A?New?Approach?of?TPM?ConstructionBased,Wuhan?University?Journal?of?Natural?Sciences,Vol.12?No.12007;
[3] Zheng Jun, Liu Anhui, Zhang Hongqi is based on the chain-of-trust model investigation of TPM, microcomputer information, Control﹠amp; Automation, 2006 33 phases.
Claims (2)
1. embedded platform guiding is characterized in that a kind of embedded system that is based upon on the trusted mechanism starts bootstrap technique, and this method is that embedded platform and TPM are combined, and supports the security and the credibility of embedded platform with TPM; TPM at first will be according to credible integrity measurement root, before embedded platform CPU starts working, carry out integrity verification to being stored on the embedded platform part that comprises Bootloader, operating system among the Flash, to guarantee that the software executable code that platform starts in the chain is not distorted, allow embedded platform CPU to read Bootloader thereafter again and start; Because Bootloader opens source code, TPM can control the trend of each step in the start-up course according to step-by-step system, and in the initialization external unit, the external unit of appointment is carried out integrality, reliability measurement, realize credible measurement and report mechanism; TPM is a credible platform module, and Bootloader is the embedded platform boot.
2. embedded platform guiding according to claim 1 is characterized in that having step:
(1) the embedded platform system by a hardware independently TPM by TPM the Bootloader of embedded platform is carried out integrity measurement as the control platform;
(2) if the start-up routine integrity measurement by TPM not, TPM then by the hardware mechanisms of self, sends " No starting " signal, forbids that embedded platform starts;
(3) if Bootloader passes through integrity detection, then TPM authorizes the power that the Bootloader program is carried out at embedded platform;
(4) core board of use Bootloader initialization embedded platform comprises the setting of platform frequency of operation, interrupt vector table configuration, internal memory planning;
(5) the Bootloader master routine calls the external unit related function of appointment, and external unit is carried out initialization;
(6) Bootloader detect external unit whether can operate as normal, Bootloader keeps in this testing result;
(7) Bootloader judges whether external unit is previous access, used equipment, and Bootloader keeps in this testing result;
(8) the Bootloader master routine passes to TPM with above external unit testing result, and TPM will be divided into credible and insincere two classes with external unit according to the security strategy that sets in advance, and TPM carries out the management of external unit according to this thereafter;
(9) in the process of system works after this, when operating system will be used certain external unit, need send request to TPM, TPM will according to the unloading phase testing result, allow use request, and ban use of incredible external unit credible external unit; The situation that detected external unit can not use in system can join in the record of TPM and go, but disabled external unit is reactivated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100533307A CN100454324C (en) | 2007-09-21 | 2007-09-21 | Embed type platform guiding of credible mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100533307A CN100454324C (en) | 2007-09-21 | 2007-09-21 | Embed type platform guiding of credible mechanism |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101122936A true CN101122936A (en) | 2008-02-13 |
| CN100454324C CN100454324C (en) | 2009-01-21 |
Family
ID=39085269
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007100533307A Expired - Fee Related CN100454324C (en) | 2007-09-21 | 2007-09-21 | Embed type platform guiding of credible mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100454324C (en) |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888442A (en) * | 2010-04-16 | 2010-11-17 | 中兴通讯股份有限公司 | Security management method for mobile terminal and mobile terminal |
| CN102012979A (en) * | 2010-11-15 | 2011-04-13 | 深圳市华威世纪科技股份有限公司 | Embedded credible computing terminal |
| CN101515316B (en) * | 2008-02-19 | 2011-09-28 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN102223232A (en) * | 2011-05-12 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Trusted system building method and system based on USB safety memory encryption card |
| CN102314354A (en) * | 2010-06-30 | 2012-01-11 | 无锡中星微电子有限公司 | Embedded system starting method and embedded device |
| CN102355467A (en) * | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN102396251A (en) * | 2009-04-15 | 2012-03-28 | 交互数字专利控股公司 | Validation and/or authentication of device for communication with network |
| CN102880828A (en) * | 2012-09-07 | 2013-01-16 | 普华基础软件股份有限公司 | Intrusion detection and recovery system aiming at virtualization support environment |
| US20130061056A1 (en) * | 2010-05-21 | 2013-03-07 | Graeme John Proudler | Extending an integrity measurement |
| CN103139221A (en) * | 2013-03-07 | 2013-06-05 | 中国科学院软件研究所 | Dependable virtual platform and construction method thereof, data migration method among platforms |
| CN103455750A (en) * | 2013-08-26 | 2013-12-18 | 北京视博数字电视科技有限公司 | High-security verification method and high-security verification system for embedded devices |
| CN103646214A (en) * | 2013-12-18 | 2014-03-19 | 国家电网公司 | Method for establishing trusted environment in power distribution terminal |
| CN103760892A (en) * | 2014-01-23 | 2014-04-30 | 国家电网公司 | Embedded dependable computing platform and detection method thereof |
| CN103795905A (en) * | 2013-11-03 | 2014-05-14 | 北京工业大学 | Trusted starting method of web camera |
| CN104217141A (en) * | 2014-09-04 | 2014-12-17 | 东莞理工学院 | Reinforced virtual instrument measuring software metrology support method and device |
| CN104598841A (en) * | 2014-12-29 | 2015-05-06 | 东软集团股份有限公司 | Double-system guide method and device facing terminal security |
| CN104794393A (en) * | 2015-04-24 | 2015-07-22 | 杭州字节信息技术有限公司 | Embedded type partition image security certification and kernel trusted boot method and equipment thereof |
| CN104834845A (en) * | 2015-05-12 | 2015-08-12 | 武汉上博科技有限公司 | Implementation method for credible industrial camera |
| WO2015143989A1 (en) * | 2014-03-25 | 2015-10-01 | 华为技术有限公司 | Credible kernel starting method and device |
| CN105653269A (en) * | 2015-12-28 | 2016-06-08 | 北京星地恒通信息科技有限公司 | Boot starting device and method |
| CN106156635A (en) * | 2016-07-29 | 2016-11-23 | 深圳兆日科技股份有限公司 | Method for starting terminal and device |
| CN106484477A (en) * | 2016-10-11 | 2017-03-08 | 上海华虹集成电路有限责任公司 | The software download of safety and startup method |
| CN107315960A (en) * | 2017-06-23 | 2017-11-03 | 联想(北京)有限公司 | The control method and system of credible platform module |
| CN107992372A (en) * | 2017-12-13 | 2018-05-04 | 郑州云海信息技术有限公司 | A kind of chassis information exchange method, system, equipment and computer-readable storage medium |
| CN109245899A (en) * | 2018-09-06 | 2019-01-18 | 成都三零嘉微电子有限公司 | One kind being based on the novel trust chain design method of SM9 cryptographic algorithm |
| CN109325352A (en) * | 2018-08-28 | 2019-02-12 | 全球能源互联网研究院有限公司 | A kind of credible calculating platform framework |
| CN110263545A (en) * | 2019-05-22 | 2019-09-20 | 西安理工大学 | A kind of start-up course integrity measurement detection method based on android system |
| CN111597560A (en) * | 2020-05-18 | 2020-08-28 | 国网电力科学研究院有限公司 | Secure trusted module starting method and system |
| CN112445537A (en) * | 2020-12-11 | 2021-03-05 | 中国科学院信息工程研究所 | Trusted starting method and device of operating system, mobile terminal and storage medium |
| CN112769800A (en) * | 2020-12-31 | 2021-05-07 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Switch integrity verification method and device and computer storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6711675B1 (en) * | 2000-02-11 | 2004-03-23 | Intel Corporation | Protected boot flow |
| US6931545B1 (en) * | 2000-08-28 | 2005-08-16 | Contentguard Holdings, Inc. | Systems and methods for integrity certification and verification of content consumption environments |
| US20030037237A1 (en) * | 2001-04-09 | 2003-02-20 | Jean-Paul Abgrall | Systems and methods for computer device authentication |
| CN100489728C (en) * | 2004-12-02 | 2009-05-20 | 联想(北京)有限公司 | Method for establishing trustable operational environment in a computer |
-
2007
- 2007-09-21 CN CNB2007100533307A patent/CN100454324C/en not_active Expired - Fee Related
Cited By (52)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515316B (en) * | 2008-02-19 | 2011-09-28 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN102396251A (en) * | 2009-04-15 | 2012-03-28 | 交互数字专利控股公司 | Validation and/or authentication of device for communication with network |
| CN101888442A (en) * | 2010-04-16 | 2010-11-17 | 中兴通讯股份有限公司 | Security management method for mobile terminal and mobile terminal |
| US8850212B2 (en) * | 2010-05-21 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | Extending an integrity measurement |
| CN103038745B (en) * | 2010-05-21 | 2016-08-24 | 惠普发展公司,有限责任合伙企业 | Extension integrity measurement |
| US20130061056A1 (en) * | 2010-05-21 | 2013-03-07 | Graeme John Proudler | Extending an integrity measurement |
| CN103038745A (en) * | 2010-05-21 | 2013-04-10 | 惠普发展公司,有限责任合伙企业 | Extending an integrity measurement |
| CN102314354A (en) * | 2010-06-30 | 2012-01-11 | 无锡中星微电子有限公司 | Embedded system starting method and embedded device |
| CN102012979A (en) * | 2010-11-15 | 2011-04-13 | 深圳市华威世纪科技股份有限公司 | Embedded credible computing terminal |
| CN102012979B (en) * | 2010-11-15 | 2012-07-04 | 深圳市华威世纪科技股份有限公司 | Embedded credible computing terminal |
| CN102223232A (en) * | 2011-05-12 | 2011-10-19 | 郑州信大捷安信息技术股份有限公司 | Trusted system building method and system based on USB safety memory encryption card |
| CN102355467A (en) * | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN102355467B (en) * | 2011-10-18 | 2015-07-08 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN102880828A (en) * | 2012-09-07 | 2013-01-16 | 普华基础软件股份有限公司 | Intrusion detection and recovery system aiming at virtualization support environment |
| CN102880828B (en) * | 2012-09-07 | 2015-02-04 | 普华基础软件股份有限公司 | Intrusion detection and recovery system aiming at virtualization support environment |
| CN103139221A (en) * | 2013-03-07 | 2013-06-05 | 中国科学院软件研究所 | Dependable virtual platform and construction method thereof, data migration method among platforms |
| CN103139221B (en) * | 2013-03-07 | 2016-07-06 | 中国科学院软件研究所 | Data migration method between a kind of dependable virtual platform and construction method, platform |
| CN103455750A (en) * | 2013-08-26 | 2013-12-18 | 北京视博数字电视科技有限公司 | High-security verification method and high-security verification system for embedded devices |
| CN103455750B (en) * | 2013-08-26 | 2016-08-10 | 北京视博数字电视科技有限公司 | The high peace verification method of a kind of embedded device and device |
| CN103795905A (en) * | 2013-11-03 | 2014-05-14 | 北京工业大学 | Trusted starting method of web camera |
| CN103646214A (en) * | 2013-12-18 | 2014-03-19 | 国家电网公司 | Method for establishing trusted environment in power distribution terminal |
| CN103646214B (en) * | 2013-12-18 | 2016-08-31 | 国家电网公司 | A kind of method setting up trusted context in distribution terminal |
| CN103760892B (en) * | 2014-01-23 | 2017-06-06 | 国家电网公司 | A kind of embedded credible calculating platform and its detection method |
| CN103760892A (en) * | 2014-01-23 | 2014-04-30 | 国家电网公司 | Embedded dependable computing platform and detection method thereof |
| KR101894926B1 (en) * | 2014-03-25 | 2018-09-04 | 후아웨이 테크놀러지 컴퍼니 리미티드 | Trusted kernel starting method and apparatus |
| WO2015143989A1 (en) * | 2014-03-25 | 2015-10-01 | 华为技术有限公司 | Credible kernel starting method and device |
| US10032030B2 (en) | 2014-03-25 | 2018-07-24 | Huawei Technologies Co., Ltd. | Trusted kernel starting method and apparatus |
| KR20160130790A (en) * | 2014-03-25 | 2016-11-14 | 후아웨이 테크놀러지 컴퍼니 리미티드 | Credible kernel starting method and device |
| CN104217141A (en) * | 2014-09-04 | 2014-12-17 | 东莞理工学院 | Reinforced virtual instrument measuring software metrology support method and device |
| CN104217141B (en) * | 2014-09-04 | 2017-02-15 | 东莞理工学院 | Reinforced virtual instrument measuring software metrology support method and device |
| CN104598841A (en) * | 2014-12-29 | 2015-05-06 | 东软集团股份有限公司 | Double-system guide method and device facing terminal security |
| CN104598841B (en) * | 2014-12-29 | 2017-11-28 | 东软集团股份有限公司 | A kind of the dual system bootstrap technique and device of terminaloriented safety |
| CN104794393B (en) * | 2015-04-24 | 2017-11-10 | 杭州字节信息技术有限公司 | A kind of embedded partitions image safety certification and kernel trusted bootstrap method and its equipment |
| CN104794393A (en) * | 2015-04-24 | 2015-07-22 | 杭州字节信息技术有限公司 | Embedded type partition image security certification and kernel trusted boot method and equipment thereof |
| CN104834845A (en) * | 2015-05-12 | 2015-08-12 | 武汉上博科技有限公司 | Implementation method for credible industrial camera |
| CN105653269A (en) * | 2015-12-28 | 2016-06-08 | 北京星地恒通信息科技有限公司 | Boot starting device and method |
| CN106156635A (en) * | 2016-07-29 | 2016-11-23 | 深圳兆日科技股份有限公司 | Method for starting terminal and device |
| CN106484477B (en) * | 2016-10-11 | 2019-11-12 | 上海华虹集成电路有限责任公司 | The software download and starting method of safety |
| CN106484477A (en) * | 2016-10-11 | 2017-03-08 | 上海华虹集成电路有限责任公司 | The software download of safety and startup method |
| CN107315960A (en) * | 2017-06-23 | 2017-11-03 | 联想(北京)有限公司 | The control method and system of credible platform module |
| CN107315960B (en) * | 2017-06-23 | 2020-08-25 | 联想(北京)有限公司 | Control method and system of trusted platform module |
| CN107992372A (en) * | 2017-12-13 | 2018-05-04 | 郑州云海信息技术有限公司 | A kind of chassis information exchange method, system, equipment and computer-readable storage medium |
| CN109325352A (en) * | 2018-08-28 | 2019-02-12 | 全球能源互联网研究院有限公司 | A kind of credible calculating platform framework |
| CN109245899A (en) * | 2018-09-06 | 2019-01-18 | 成都三零嘉微电子有限公司 | One kind being based on the novel trust chain design method of SM9 cryptographic algorithm |
| CN109245899B (en) * | 2018-09-06 | 2021-03-16 | 成都三零嘉微电子有限公司 | Trust chain design method based on SM9 cryptographic algorithm |
| CN110263545A (en) * | 2019-05-22 | 2019-09-20 | 西安理工大学 | A kind of start-up course integrity measurement detection method based on android system |
| CN110263545B (en) * | 2019-05-22 | 2022-11-04 | 西安理工大学 | Starting process integrity measurement detection method based on Android system |
| CN111597560A (en) * | 2020-05-18 | 2020-08-28 | 国网电力科学研究院有限公司 | Secure trusted module starting method and system |
| CN111597560B (en) * | 2020-05-18 | 2023-05-09 | 国网电力科学研究院有限公司 | Safe and reliable module starting method and system |
| CN112445537A (en) * | 2020-12-11 | 2021-03-05 | 中国科学院信息工程研究所 | Trusted starting method and device of operating system, mobile terminal and storage medium |
| CN112769800A (en) * | 2020-12-31 | 2021-05-07 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Switch integrity verification method and device and computer storage medium |
| CN112769800B (en) * | 2020-12-31 | 2022-10-04 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Switch integrity verification method and device and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100454324C (en) | 2009-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100454324C (en) | Embed type platform guiding of credible mechanism | |
| CN105205401B (en) | Trusted computer system and its trusted bootstrap method based on security password chip | |
| US11093258B2 (en) | Method for trusted booting of PLC based on measurement mechanism | |
| EP3582129B1 (en) | Technologies for secure hardware and software attestation for trusted i/o | |
| US9230116B2 (en) | Technique for providing secure firmware | |
| CN100568254C (en) | A kind of credible platform module and active measure thereof | |
| CN102004876B (en) | Security terminal reinforcing model and reinforcing method of tolerable non-trusted component | |
| US7849315B2 (en) | Method for managing operability of on-chip debug capability | |
| CN107665308B (en) | TPCM system for building and maintaining trusted operating environment and corresponding method | |
| CN103186434A (en) | Method and system for recovering basic input/output system | |
| CN104794393A (en) | Embedded type partition image security certification and kernel trusted boot method and equipment thereof | |
| CN111399919A (en) | Starting method and system of server, electronic equipment and storage medium | |
| CN103080904A (en) | Providing a multi-phase lockstep integrity reporting mechanism | |
| CN101221509B (en) | Bus arbitration starting method of reliable embedded system | |
| CN112800429B (en) | Method for protecting driver in UEFI BIOS firmware system based on basicity | |
| CN105122261A (en) | Recovering from compromised system boot code | |
| WO2011146305A2 (en) | Extending an integrity measurement | |
| CN105718806A (en) | Method for realizing credible active measurement based on domestic BMC and TPM2.0 | |
| CN104850792A (en) | Establishment method and apparatus of trust chain of server | |
| CN103049293B (en) | A kind of startup method of embedded credible system | |
| US10181956B2 (en) | Key revocation | |
| CN101645127A (en) | Method for establishing trusted booting system based on EFI | |
| CN102880828A (en) | Intrusion detection and recovery system aiming at virtualization support environment | |
| CN100504897C (en) | Method for starting protected partition | |
| TWI468973B (en) | Clearing secure system resources in a computing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090121 Termination date: 20200921 |