CN102043918A - Socket type trusted computer - Google Patents
Socket type trusted computer Download PDFInfo
- Publication number
- CN102043918A CN102043918A CN2010105772310A CN201010577231A CN102043918A CN 102043918 A CN102043918 A CN 102043918A CN 2010105772310 A CN2010105772310 A CN 2010105772310A CN 201010577231 A CN201010577231 A CN 201010577231A CN 102043918 A CN102043918 A CN 102043918A
- Authority
- CN
- China
- Prior art keywords
- module
- female type
- tpm
- trusted computer
- kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The trusted theory of computation of a PC (Personnel Computer) is introduced into a socket type computer. On the basis of a trusted platform module (TPM), taking a secure operating system as a core, the security of the computer system is ensured by continuously expanding a trust domain. Signal conversion between the LCP (Link Control Protocol) of the TPM and the SPI (Serial Peripheral Interface) of ARMDA 310 is finished by independently-developed interface conversion based on FPGA (Field Programmable Gata Array) and a safety protection circuit (ITFP) module; and meanwhile, the invention also provides a protection function for the address space of NANDFlash, so that the protected space is read-only and can not be erased. On software design, an operation system adopts an independently-developed trusted microkernel structure which is favourable for isolating modules, modules in the microkernel have the highest kernel mode, and only the modules can directly manage basic hardware operation and dispatch modules out of the kernel, and have the highest permission.
Description
Affiliated technical field
The present invention relates to a kind of female type trusted computer, belong to the Trusted Computing direction of information security field.
Background technology
Along with popularizing of internet, the surging forward of new technologies such as Internet of Things, cloud computing, people are to the demand of digital content and rely on increasingly, how conveniently, safe and reliable obtain, manage, transmit these numerical informations and become and become more and more important.A kind of new computing platform of our urgent needs replaces heaviness, these work were finished in PC and notes dangerous, highly energy-consuming originally.
Had a kind of female type computing machine at present abroad, its principal feature is: 1, small and exquisite, it can directly insert the wall socket of daily family; 2, low-power consumption, its overall power remains on 5W.Its major defect is: security is not high, can only be applied to Digital Media and network service towards daily family.It does not consider security when system design, make it can't be applied to the higher field of security.
Summary of the invention
The security of enhanced jack formula computing machine overcomes the weak shortcoming of security intrinsic on the embedded platform, makes it can be applied to the higher field of security.
For reaching above purpose, the present invention introduces the Trusted Computing theory of PC on the female type computing machine.Based on credible platform module (TPM), be core with the secure operating system, guarantee the safety of computer system by the continuous expansion of trust domain.
The invention has the beneficial effects as follows, on the basis that keeps characteristics such as the female type computing machine is small and exquisite, low-power consumption, add reliable computing technology, make the female type trusted computer become a kind of novel embedded credible calculating platform.
Description of drawings
Fig. 1 is the hardware system schematic diagram of female type trusted computer described in the invention.
Fig. 2 is the female type trusted computer described in the invention and the integrated scheme of TPM chip.
Fig. 3 is the interface conversion of female type trusted computer described in the invention and the design drawing of safety protective circuit (ITFP).
Fig. 4 is the software systems schematic diagram of female type trusted computer described in the invention.
Embodiment
1, in Fig. 1, the hardware system principle of female type trusted computer has been described.The present invention selects for use the high-performance ARMADA 310SOC chip of Marvell company as primary processor, and common Peripheral Interface has been expanded in the outside; The conversion of signals of LCP that finishes the TPM module by the interface conversion and safety protective circuit (ITFP) module based on FPGA of independent development and the SPI interface of ARMDA 310; simultaneously it also provides the address space defencive function to NANDFlash, makes that shielded space is read-only and can not wipe.
2, in Fig. 2, the integrated scheme of female type trusted computer and TPM chip has been described, realize the credible startup of computing machine.
The detailed process that starts is:
1. after the system power-up, TPM starts earlier and self check;
2. after self check finished, interface conversion and safety protective circuit (ITFP) read and carry out integrity verification in the Bootloader to TPM in the BOOTROM;
3. after completeness check passed through, ITFP set up ARM and is connected with the actual of BOOTROM, and TPM sends enabling signal to arm processor, and Bootloader begins to start;
4. verification makes mistakes then with system reset.
3, in Fig. 3, the interface conversion of independent development and the design concept of safety protective circuit (ITFP) have been described.It has two functions:
1. the conversion of signals of the SPI interface of the LCP of TPM module and ARMDA 310.
Method by the bus cycles simulation generates special spi bus signal, finishes the conversion of signals of LCP bus to spi bus, to finish the process of believable startup
2. protect the important address space of NANDFlash.
By real-time bus signals analysis, check write operation and the erase operation of NANDFlash, make shielded address space become read-only and can not wiping property.
4, in Fig. 4, the software systems principle of female type trusted computer has been described, operating system adopts the credible microkernel designs of independent development on the software design, the design of micro-kernel helps the isolation of intermodule, the module that is positioned at kernel has the highest kernel state, have only it can directly manage bottom hardware operation, the outer module of scheduling nuclear, have the highest weight limit.The design of micro-kernel is used in conjunction with the security function of TPM, has effectively strengthened the security of female type trusted computer.
(trusted software stack TSS) is the software that provides support for TPM to the credible software stack of independent development, is respectively TDDL, TCS and TSP from bottom to top.TDDL is the driver storehouse of TPM, the direct control bottom hardware, and standard interface upwards is provided; TCS is the TSS kernel service, runs on kernel mode, by communicating by letter with bottom TDDL, upwards provides the basic function interface of TPM chip, also provides such as more complicated functions such as key managements simultaneously; TSP is the TSS ISP, is positioned at the superiors of TSS, and it provides calling interface for application program, and the function that makes application program utilize safety chip to provide more easily realizes needed security feature.The support programs of TPM are incorporated the trusted operating system of microkernel designs, are female type trusted computer software kernels parts.Whole software structure comprises that mainly trusted operating system and operation trusted application thereon constitute, and trusted operating system is made up of credible micro-kernel and service layer, and micro-kernel then is divided into simplifies inner nuclear layer and core component layer.Simplify inner nuclear layer, core component layer, service layer in the operating system and run on different System Privileges respectively, with the security of enhanced system.Because TPM is the core of safety management, with directly and the driver storehouse TDDL that comes into contacts with of bottom TPM hardware place operating system the most core simplify inner nuclear layer, with component management, CPU scheduling, elementary interrupt management, Clock management, elementary storage administration etc., have the highest System Privileges, general process haves no right to visit; Common formation such as TCS kernel service and high level interrupt management component, management of process parts, advanced storage management component, equipment control parts core component layer; give the System Privileges than the low one-level of core layer: TSS ISP TSP is positioned at service layer; but call API by security of system and provide telecommunications services, realize security functions such as integrity verification, authentication, safeguard protection for application program.
Claims (4)
1. female type trusted computer, it is characterized in that: the Trusted Computing theory of introducing PC on the female type trusted computer, based on credible platform module (TPM), be core with the secure operating system, guarantee the safety of computer system by the continuous expansion of trust domain.
2. a kind of female type trusted computer according to claim 1 is characterized in that: the conversion of signals of LCP that finishes the TPM module by the interface conversion and safety protective circuit (ITFP) module based on FPGA of independent development and the SPI interface of ARMDA 310.
3. a kind of female type trusted computer according to claim 1; it is characterized in that: by independent development finish address space defencive function based on the interface conversion of FPGA and safety protective circuit (ITFP) module to NANDFlash, make that shielded space is read-only and can not wipe.
4. a kind of female type trusted computer according to claim 1, it is characterized in that: operating system adopts the credible microkernel designs of independent development on the software design, the design of micro-kernel helps the isolation of intermodule, the module that is positioned at kernel has the highest kernel state, have only it can directly manage bottom hardware operation, the outer module of scheduling nuclear, have the highest weight limit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010105772310A CN102043918A (en) | 2010-12-08 | 2010-12-08 | Socket type trusted computer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010105772310A CN102043918A (en) | 2010-12-08 | 2010-12-08 | Socket type trusted computer |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102043918A true CN102043918A (en) | 2011-05-04 |
Family
ID=43910050
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010105772310A Pending CN102043918A (en) | 2010-12-08 | 2010-12-08 | Socket type trusted computer |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102043918A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104202296A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Trusted security enhancement method for domestic operating system |
CN104243491A (en) * | 2014-09-30 | 2014-12-24 | 深圳数字电视国家工程实验室股份有限公司 | Trusted security service control method and system |
CN104380689A (en) * | 2012-05-21 | 2015-02-25 | 罗斯伯格系统公司 | Data communication network |
CN105138904A (en) * | 2015-08-25 | 2015-12-09 | 华为技术有限公司 | Access control method and device |
-
2010
- 2010-12-08 CN CN2010105772310A patent/CN102043918A/en active Pending
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104380689A (en) * | 2012-05-21 | 2015-02-25 | 罗斯伯格系统公司 | Data communication network |
CN104202296A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Trusted security enhancement method for domestic operating system |
CN104243491A (en) * | 2014-09-30 | 2014-12-24 | 深圳数字电视国家工程实验室股份有限公司 | Trusted security service control method and system |
CN104243491B (en) * | 2014-09-30 | 2017-08-29 | 深圳数字电视国家工程实验室股份有限公司 | A kind of control method and system of credible and secure service |
CN105138904A (en) * | 2015-08-25 | 2015-12-09 | 华为技术有限公司 | Access control method and device |
CN105138904B (en) * | 2015-08-25 | 2018-06-15 | 华为技术有限公司 | A kind of access control method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10445154B2 (en) | Firmware-related event notification | |
CN104981815B (en) | Methods, devices and systems for limiting CPU affairs with security attribute | |
CN103703470B (en) | System and method for power-on user authentication | |
CN108701109A (en) | The methods, devices and systems of Plugin Mechanism for computer expansion bus | |
US9870467B2 (en) | Apparatus and method for implementing a forked system call in a system with a protected region | |
US11354240B2 (en) | Selective execution of cache line flush operations | |
WO2016085592A1 (en) | Trusted computing base evidence binding for a migratable virtual machine | |
CN101980235A (en) | Safe computing platform | |
GB2525484A (en) | System and method for security-aware master | |
CN102708034A (en) | Computer remote and local monitoring system based on CPU (central processing unit) with serial port function | |
CN107038139A (en) | A kind of implementation method of the domestic server master board based on FT1500A | |
CN201820230U (en) | Computer and trusted-computing trusted root equipment for same | |
CN102043918A (en) | Socket type trusted computer | |
WO2017071429A1 (en) | Data access method and bus | |
CN206075195U (en) | Based on 411 processor of Shen prestige and the CPCI industrial control computer mainboards of Shen Wei nest plates | |
KR101436238B1 (en) | Automated human interface device operation procedure | |
CN102929802B (en) | A kind of guard method of storage resources and system | |
US8635685B2 (en) | Value generator coupled to firewall programmable qualifier data structure logics | |
EP3242237B1 (en) | Sub-area-based method and device for protecting information of mcu chip | |
CN205139800U (en) | Safe credible ATX mainboard | |
CN103164357B (en) | The remove strategies establishing method of electronic installation and USB device | |
CN205792704U (en) | A kind of network security controller of computer | |
CN114489251A (en) | Integrated computer based on Feiteng processor | |
CN104038551A (en) | Local and remote management system based on Loongson 2H and management method thereof | |
CN201063694Y (en) | Information processing and conversion device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110504 |