Background technology
Along with computer system, the becoming increasingly conspicuous of safety problem in the end system especially, the computer system under the network environment is faced with serious trust crisis.The main cause that infosystem produces safety problem is: main frame is soft, there is the design leak in hardware configuration; Legal users is not carried out strict authentication and authorization control, cause resource to be abused; Rogue program utilizes system vulnerability to destroy wantonly etc.To thoroughly address these problems, will solve the safety problem of end system after all from architecture, for system sets up believable computing environment.The credible calculating platform technology is exactly living therefrom.The credible calculating platform technology is by Trusted Computing tissue (Trusted Computing Group, TCG) propose, be intended to based on reliable hardware---credible platform module TPM(Trust Platform Module), and realize the transmission of trust chain making up believable computing environment by the continuous trust metrics in the system bootstrap process.
Trusted bootstrap is the core security function of credible calculating platform TPM, by trusted bootstrap, sets up the trusted computation environment of software application operation, guarantees the integrality of system hardware and software integral body.The trusted bootstrap process must guarantee following 3 points: the transmission successively that trust (1).When previous carry out entity measured and verified be credible and carry out after, it shifts control to next one and can carry out before the entity, must measure it earlier, verifies the transferable control in credible rear, is passed to next execution entity thereby trust.(2) all tolerance and the checking that relates in the process setting up of trust chain called and will finally be finished by the TPM authentication module.(3) trust chain is based upon and successively measures and verify on the basis, in proof procedure, is responsible for guaranteeing the integrality and the confidentiality of important secret data by TPM.All significant datas that relate in the chain-of-trust transmittance process, the identifying code that need prestore all must be preserved by TPM, can not use the Installed System Memory of memory storage movably or PC, and these data in use can not break away from TPM.TPM can not provide the external call interface of these data of visit, with the secret that guarantees these significant datas and credible.
At present, in based on the TPM computer system, trusted bootstrap mainly comprises two stages: the guiding of hardware platform and operating system the unloading phase.The guiding of hardware platform comprise from platform power up, BIOS runs to BIOS control given before the Boot.Mainly guarantee hardware environment credible during this.Operating system the unloading phase call in the operating system loading program until operating system nucleus operation finishes from master boot sector, and operation Init process.The start-up course of this stage principal security system and operating system nucleus credible.Based on the operating system of TPM the unloading phase in the trusted bootstrap process, basic step is as follows:
The first step: credible BIOS is according to the Boot program that is provided with in the operation boot sector; By the proving program among the TPM Boot program is carried out credible tolerance.If be proved to be successful, then Boot is read internal memory 0000:7C00h place, again control is handed to the CPU operation Boot program of hardware platform, enter the booting operating system stage.
Second step: by TPM verification operation system bootstrap routine Grub.If be proved to be successful, the Grub Stage1 guidance code that then will be positioned at Master boot sector is loaded into internal memory, and gives CPU operation Grub program with control, enters the operating system nucleus load phase.
The 3rd step: enter Grub Stage1 bootup process,,, then carry out the code in Stage1.5 stage, the load document system if be proved to be successful by the TPM code in checking Grub Stage1.5 stage.
The 4th step: enter Grub Stage2 bootup process,,, then carry out the code in Stage2 stage if be proved to be successful by the TPM code in checking Grub Stage2 stage.The code in Stage2 stage can read by the resident disk partition of the operating system of Grub guiding, kernel reflection and disk virtual RAM file initrd according to the information of configuration file/boot/Grub/Grub.conf configuration file.
The 5th step: open configuration file by Stage2, read operation system kernel reflection, by the integrality of TPM verification operation system kernel reflection, if be proved to be successful, then the load operation system kernel is videoed and transfers control.
The 6th step: operating system nucleus reflection loaded, by TPM checking Init process, after being proved to be successful, create the kernel key data structure, create and operation kernel Init process.
The 7th step: the Init process determines that according to system configuration needs load the finger daemon of kernel module and needs establishment, by its integrality of TPM module verification, and execution corresponding actions: load kernel module, create finger daemon, and beginning to receive user's input, entire machine enters normal executing state.
So far, the trusted bootstrap process of operating system finishes.Operating system trusted bootstrap process based on TPM realizes based on " forward integrity checking " process, i.e. " by realizing trusted bootstrap with the corresponding to integrity verification procedures of booting operating system process ".
The credible calculating platform technology has been introduced credible platform module TPM and relevant software as the trusted root of system, by the transmittance process of trusting, guarantees the trustworthiness of computing platform and application program, improves the security of terminal platform.But, seek out the various security features that TCG defines, special reliable hardware support just must be arranged, the major obstacle that this has become the technology popularization of restriction credible calculating platform to use.In whole trusted bootstrap process, the TPM chip is the basis that the Trusted Computing trust chain is transmitted.But the computing equipment that has disposed the TPM chip at present is also few, thereby has limited the range of application of reliable computing technology.
Summary of the invention
Technical matters to be solved by this invention is: at the problem of prior art existence, the invention provides a kind of integrity verification with data and executable file mirror image is main security means, with the stage integrity verification is main mode, the operating system trusted bootstrap that can replace TPM, and dirigibility and ease for use are better based on the operating system trusted bootstrap method of reverse integrity verification.
For solving the problems of the technologies described above, the present invention by the following technical solutions:
A kind of operating system trusted bootstrap method based on reverse integrity verification is characterized in that may further comprise the steps:
(1) pre-tolerance: operating system is carried out the routine guiding until beginning to receive user's input, loading system is measured program in advance, by system measure in advance program successively reading system guide the information in each stage, whenever read the information in a stage, just the information in described stage is carried out the credible tolerance first time, and for the first time the result of credible tolerance writes in the storage unit as the trusted bootstrap metric in described stage;
(2) reverse integrity verification: operating system guides once more until beginning to receive user's input, load reverse integrity verification module and described storage unit, guide the trusted bootstrap metric in each stage by described reverse integrity verification module reading system from described storage unit, and reading system guides the information in each stage successively, whenever read the information in a stage, just the information in described stage is carried out the credible tolerance second time, with the described second time credible tolerance the result and the trusted bootstrap metric in described stage compare, if the two is unequal, then is changed to system state insincere and activates corresponding trusted bootstrap failure handling procedure; Otherwise the second time that enters next stage, credible tolerance and comparison were finished until the tolerance in all stages of system bootstrap, and operating system is changed to trusted status, the success of operating system trusted bootstrap.
As a further improvement on the present invention:
In the above-mentioned method, the information in each stage of described system bootstrap comprises the fileinfo in following 9 stages that load successively:
1) BIOS information;
2) the Grub Stage1 data in the Master boot sector;
3) Grub Stage1.5 data;
4) data of Grub Stage2;
5) Grub configuration file;
6) kernel image file;
7) Init process data;
8) the Init process is according to the kernel module data of system configuration loading;
9) the Init process is according to the finger daemon data of system configuration loading;
Wherein, described BIOS information comprise the firmware layer of system platform hardware information information, realize system bootstrap initial period information and finish hardware and power up the feature operation information that booting operating system begins; The data of Grub Stage1 data in the described Master boot sector, Grub Stage1.5 data, Grub Stage2 and Init process belong to operating system nucleus according to the kernel module data that system configuration loads.
Described operating system is carried out routine guiding until beginning to receive user's input and described operating system guides once more until beginning to receive user's input, refers to successfully load up to the Init process from the BIOS loading.
Described system measures program in advance and described reverse integrity verification module is arranged in the operating system, and described storage unit is arranged among the USBKey.
Described loading system before the tolerance program, is carried out the PIN code checking to described USBKey earlier in advance, reloads described system after being proved to be successful and measures program in advance.
Described credible tolerance realizes that by the SHA1 algorithm SHA1 algoritic module defaults among the described USBKey.
Before the reverse integrity verification module of described loading, earlier described USBKey is carried out the PIN code checking,, then verify the legitimacy and the integrality of reverse integrity verification module, after being proved to be successful, load described reverse integrity verification module as if success.
When the legitimacy of verifying reverse integrity verification module and integrality, specific implementation is: adopt a customer digital certificate that described reverse integrity verification module is carried out Digest Authentication and signature authentication, described customer digital certificate is stored among the described USBKey, and the algoritic module of described Digest Authentication and signature verification also defaults among the described USBKey.
Compared with prior art, the invention has the advantages that:
1, the operating system trusted bootstrap method based on reverse integrity verification of the present invention, integrity verification with data and executable file mirror image is main security means, with the stage integrity verification is main mode, thereby insensitive, and can guarantee the integrality of software function code to the module loading in booting operating system process order; Compare with the operating system trusted bootstrap process based on TPM, the present invention has better dirigibility and ease for use.
2, the operating system trusted bootstrap method based on reverse integrity verification of the present invention on the computing machine that does not possess the TPM chip, has been realized the trusted bootstrap of operating system based on USBKey, has promoted the range of application of reliable computing technology greatly; Simplified the environment of trusted bootstrap, by the authenticate reverse method, the checking of the system integrity of any stage of back-up system bootup process.
Embodiment
Below with reference to Figure of description and specific embodiment the present invention is described in further detail.
As shown in Figure 1, the operating system trusted bootstrap method based on reverse integrity verification of the present invention is by operating system nucleus, BIOS(firmware), the USBKey(USB smart card) three parts cooperate to realize.Operating system nucleus is the basic environment of software systems operation, finishes the driving loading of system hardware and the structure of system's execution environment.In the system bootstrap process, operating system nucleus comprises Stage 1, Stage 1.5, the Stage 2 of system bootstrap and the kernel module that loads afterwards.BIOS has been contained the firmware layer of system platform hardware information, realizes the initial period of system bootstrap, finishes hardware and powers up the feature operation that booting operating system begins.In the present embodiment, the USBKey that uses is built-in CPU, storer and chip operating system (COS), and inside has secure data storage space (in the present embodiment, being storage unit), can store secret datas such as customer digital certificate, key.USBKey inside also is provided with a computing unit, supports " locked in " operations such as SHA1 algorithm, signature, authentication, data encrypting and deciphering, data summarization, can utilize the completeness check of its realization to data.
As Fig. 2, shown in Figure 3, the operating system trusted bootstrap method based on reverse integrity verification of the present invention may further comprise the steps:
1, pre-tolerance: operating system is carried out the routine guiding until beginning to receive user's input, loading system is measured program in advance, by system measure in advance program successively reading system guide the information in each stage, whenever read the information in a stage, just the information in this stage is carried out the credible tolerance first time, and for the first time the result of credible tolerance is written in the storage unit as the trusted bootstrap metric in this stage; As shown in Figure 2, its concrete steps are as follows:
1.1 operating system is carried out the routine guiding until beginning to receive user's input, promptly successfully loads up to the Init process from the BIOS loading, at this moment, inserts USBKey, carries out the PIN code checking, if successful then operational system is measured program in advance, otherwise tolerance failure in advance;
1.2 by system in advance the tolerance program read BIOS information, and adopt the SHA1 algoritic module be located among the USBKey to carry out credible tolerance, will measure the result as the BIOS metric, deposit in the storage unit of USBKey.
The SHA1 algorithm, promptly Secure Hash Algorithm (Secure Hash Algorithm) mainly is applicable to the Digital Signature Algorithm (Digital Signature Algorithm DSA) in the Digital Signature Standard (Digital Signature Standard DSS).For the message of length less than the 2^64 position, the SHA1 algorithm can produce one 160 eap-message digest; When receiving message, this eap-message digest can be used for the integrality (closed specification of SHA1 algorithm, can with reference to the standard FIPS 180-2:Secure Hash Standard (SHS) of NIST NSA website http://www.itl.nist.gov/fipspubs) of verification msg.
1.3 by system in advance the tolerance program read Grub Stage1 data in the Master boot sector, and adopt the SHA1 algoritic module of being located among the USBKey to carry out credible tolerance, will measure the result as Grub Stage1 metric, deposit in the storage unit of USBKey;
1.4 system's tolerance program in advance reads the code data of Grub Stage1.5, and adopts the SHA1 algoritic module of being located among the USBKey to carry out credible tolerance, will measure the result as Grub Stage1.5 metric, deposits in the storage unit of USBKey;
1.5 system's tolerance program in advance reads the code data of Grub Stage2, and adopts the SHA1 algoritic module of being located among the USBKey to carry out credible tolerance, will measure the result as Grub Stage2 metric, deposits in the storage unit of USBKey;
1.6 system's tolerance program in advance reads Grub configuration file :/boot/Grub/Grub.conf, and adopts the SHA1 algoritic module of being located among the USBKey to carry out credible tolerance, will measure the result as Grub configuration file metric, deposits in the storage unit of USBKey;
1.7 system measures program read operation system kernel image file in advance, and adopts the SHA1 algoritic module of being located among the USBKey to carry out credible tolerance, will measure the result as operating system nucleus mapping degree value, deposits in the storage unit of USBKey;
1.8 system's tolerance program in advance reads the Init process data, and carries out credible tolerance with USBKey, will measure the result as Init process metric, deposits in the storage unit of USBKey;
1.9 system's tolerance program in advance reads subsequent load kernel module data, and carries out credible tolerance with USBKey, will measure the result as the kernel module metric, deposits in the storage unit of USBKey;
1.10 system's tolerance program in advance reads subsequent load finger daemon data, and carries out credible tolerance with USBKey, will measure the result as the finger daemon metric, deposits in the storage unit of USBKey;
1.11 utilize the customer digital certificate among the USBKey, with USBKey reverse integrity verification module Rev_Verify_Mod is made a summary and signature verification, and with the result as digest value, deposit in the storage unit of USBKey;
1.12 the pre-metrics process of system finishes, and withdraws from pre-tolerance program.
2, reverse integrity verification: operating system guides once more until beginning to receive user's input, load reverse integrity verification module and described storage unit, guide the trusted bootstrap metric in each stage by described reverse integrity verification module reading system from described storage unit, and reading system guides the information in each stage successively, whenever read the information in a stage, just the information in described stage is carried out the credible tolerance second time, with the described second time credible tolerance the result and the trusted bootstrap metric in described stage compare, if the two is unequal, then is changed to system state insincere and activates corresponding trusted bootstrap failure handling procedure; Otherwise the second time that enters next stage, credible tolerance and comparison were finished until the tolerance in all stages of system bootstrap, and operating system is changed to trusted status, the success of operating system trusted bootstrap.As shown in Figure 3, its concrete steps are as follows:
2.1 insert USBKey, operating system guides once more until beginning to receive user's input, promptly loads until the Init process successfully loads from BIOS;
Drive 2.2 load USBKey, and carry out the PIN code checking of USBKey by the Init process;
2.3 if PIN code is proved to be successful, USBKey successfully loads, then verify that with USBKey the legitimacy of reverse integrity verification module Rev_Verify_Mod and integrality are (in the present embodiment, adopt customer digital certificate to make a summary and signature verification, this customer digital certificate is stored among the above-mentioned USBKey, and the algoritic module of Digest Authentication and signature verification also defaults among this USBKey), the digest value of storage in checking result and the step 1.11 is compared, if the two is identical, then be proved to be successful; Load reverse integrity verification module Rev_Verify_Mod by operating system nucleus, and give Rev_Verify_Mod module control;
2.4 read the trusted bootstrap metric in each stage of booting operating system of writing down the pre-metrics process by the Rev_Verify_Mod module from the USBKey secure storage section, comprise BIOS metric, Grub Stage1 metric, Grub Stage1.5 metric, Grub Stage2 metric, Grub configuration file metric, operating system nucleus mapping degree value, Init process metric, kernel module metric and finger daemon metric;
2.5 read BIOS information by the Rev_Verify_Mod module, and carry out credible tolerance,, then measure successfully if equate with the BIOS metric comparison of tolerance result and record with USBKey; Otherwise, system state is changed to insincere;
2.6 read the data of Grub Stage1 by the Rev_Verify_Mod module, and carry out credible tolerance with USBKey, will the tolerance result and the Grub Stage 1 metric comparison of record, if equal then tolerance successfully; Otherwise, system state is changed to insincere;
2.7 read the data of Grub Stage1.5 by the Rev_Verify_Mod module, and carry out credible tolerance with USBKey, will the tolerance result and the Grub Stage 1.5 metrics comparison of record, if equal then tolerance successfully; Otherwise, system state is changed to insincere;
2.8 read the data of Grub Stage2 by the Rev_Verify_Mod module, and carry out credible tolerance with USBKey, will the tolerance result and the Grub Stage 2 metrics comparison of record, if equal then tolerance successfully; Otherwise, system state is changed to insincere;
2.9 read the Grub configuration file by the Rev_Verify_Mod module, and carry out credible tolerance,, then measure successfully if equate with the Grub configuration file metric comparison of tolerance result and record with USBKey; Otherwise, system state is changed to insincere;
2.10 by Rev_Verify_Mod module read operation system kernel image file, and carry out credible tolerance with USBKey, will the tolerance result and the operating system nucleus mapping degree value comparison of record, if equal then tolerance successfully; Otherwise, system state is changed to insincere;
2.11 read Init process execute file by the Rev_Verify_Mod module, and carry out credible tolerance,, then measure successfully if equate with the Init process metric comparison of tolerance result and record with USBKey; Otherwise, system state is changed to insincere;
2.12 read the kernel module data of subsequent load by the Rev_Verify_Mod module, and carry out credible tolerance with USBKey, will measure the comparison of result and kernel module metric, then measure successfully if equate; Otherwise, system state is changed to insincere;
2.13 read finger daemon execute file data by the Rev_Verify_Mod module, and carry out credible tolerance with USBKey, will measure the comparison of result and finger daemon metric, if equate then to measure successfully, otherwise, system state is changed to insincere;
2.14 the booting operating system process is finished, in above-mentioned reverse integrity verification procedures, if insincere tolerance result appears in any link, then the system bootstrap state is changed to insincere, and activate corresponding trusted bootstrap failure handling procedure, as the suspension system bootup process or change insincere bootup process over to; If all integrity measurements are success all, then operating system is changed to trusted status, the trusted bootstrap success.
2.15 based on the operating system trusted bootstrap success of reverse integrity verification, system enters credible running environment.
In summary, the pre-metric module of system can realize the pre-metric function of operating system trusted bootstrap.Reverse integrity verification module Rev_Verify_Mod is used for realizing the integrity verification function based on each module of operating system trusted bootstrap process of USBKey.Pre-metric module of system and reverse integrity verification module all are located in the operating system.
As shown in Figure 1, in the present embodiment, the algoritic module of storage unit, SHA1 algoritic module, customer digital certificate, Digest Authentication and signature verification all defaults among the USBKey.USBKey has that cost is low, flexible function, safe, characteristics such as be easy to carry about with one, and compares with the TPM chip to have higher application flexibility, and the similar security function with TPM can be provided.USBKey has the secure data storage space, can store secret datas such as digital certificate, key, read-write operation to this storage space must be realized by program, the user can't directly read, wherein user key can not be derived, and has stopped to duplicate the possibility of customer digital certificate or identity information.USBKey is built-in CPU can realize various algorithms such as encryption and decryption and signature, and the encryption and decryption computing carries out in USBKey, has guaranteed that key can not appear in the calculator memory, thereby has stopped the possibility that user key is intercepted by the hacker.Thereby, realize the operating system trusted bootstrap method based on reverse integrity verification of the present invention with USBKey, not only security of system can be protected, and dirigibility and ease for use are better.
The above only is a preferred implementation of the present invention, and protection scope of the present invention also not only is confined to the foregoing description, and all technical schemes that belongs under the thinking of the present invention all belong to protection scope of the present invention.Should be pointed out that for those skilled in the art the some improvements and modifications not breaking away under the principle of the invention prerequisite should be considered as protection scope of the present invention.