CN107346393A - A kind of system start method and system based on TCM - Google Patents
A kind of system start method and system based on TCM Download PDFInfo
- Publication number
- CN107346393A CN107346393A CN201710521916.5A CN201710521916A CN107346393A CN 107346393 A CN107346393 A CN 107346393A CN 201710521916 A CN201710521916 A CN 201710521916A CN 107346393 A CN107346393 A CN 107346393A
- Authority
- CN
- China
- Prior art keywords
- cryptographic hash
- file
- credible
- measured
- measurement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses a kind of system start method based on TCM, including:When getting system action command, then corresponding current goal file is transferred using the file name information in credible measurement file template, obtain file to be measured;Hash operation is carried out to the file to be measured, obtains measuring cryptographic Hash;From TCM NV spaces corresponding with the file to be measured, the credible benchmark cryptographic Hash being pre-created is obtained;Judge whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, if it is, activation system.Pass through the system start method provided herein based on TCM, it can be determined that whether the system being currently up is credible, so as to reach the purpose of credible activation system.In addition, the application further correspondingly discloses a kind of system activation system based on TCM.
Description
Technical field
The present invention relates to information security technology, more particularly to a kind of system start method and system based on TCM.
Background technology
Creditable calculation modules are a kind of hardware modules, are widely used in information security field, such as credible platform module TPM
(TPM, Trusted Platform Module) and credible password module TCM (TCM, Trusted Cryptography
Module)。
Such as using TPM, it is in order to ensure user stores the credible of the equipment of important information, such as determines computer and clothes
Device etc. be engaged in not by illegal invader's access and attack, a computing environment that can be trusted can be provided.It is embedded in a device
TPM chips, it is possible to set up a kind of credible strategy to enter the credible delivery of row information to equipment, ensure the credible of equipment.
In view of the national conditions of China's information security management, used in the equipment that some are stored with the great confidential information of country
TPM chips there may be risk, therefore China have developed credible password module TCM with State Commercial Cryptography Administration from master encryption algorithm.Profit
It is stored with the insertion of TCM chips in the equipment of great confidential information, to ensure the credible of equipment.Unfortunately, currently there are no
A kind of specific method that the credible startup of device systems is carried out using TCM.
The content of the invention
In view of this, it is an object of the invention to provide a kind of system start method and system based on TCM, to reach profit
The purpose of the credible startup of device systems is carried out with TCM.Its concrete scheme is as follows:
A kind of system start method based on TCM, including:
When getting system action command, then transferred using the file name information in credible measurement file template and worked as accordingly
Preceding file destination, obtain file to be measured;
Hash operation is carried out to the file to be measured, obtains measuring cryptographic Hash;
From TCM NV spaces corresponding with the file to be measured, the credible benchmark cryptographic Hash being pre-created is obtained;
Judge whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, if it is, activation system.
Preferably, the establishment process of the credible benchmark cryptographic Hash being pre-created, including:
Hash operation is carried out to initial trusted file destination under system trusted status, obtains the credible benchmark Hash
Value;
The credible benchmark cryptographic Hash is stored to the file to be measured NV spaces accordingly.
Preferably, in addition to:
The measurement cryptographic Hash is stored.
Preferably, the process that the measurement cryptographic Hash is stored, including:
The measurement cryptographic Hash is stored into the PCR register of the TCM.
Preferably, in addition to:
When the measurement cryptographic Hash and the credible benchmark cryptographic Hash are inconsistent, then prompting inputs franchise start code;
Judge whether the franchise start code of input is consistent with presetting franchise start code, if it is, activation system.
The invention also discloses a kind of system activation system based on TCM, including:
File acquisition module to be measured, for when getting system action command, then being measured using credible in file template
File name information transfer corresponding current goal file, obtain file to be measured;
Cryptographic Hash computing module is measured, for carrying out Hash operation to the file to be measured, obtains measuring cryptographic Hash;
Credible benchmark cryptographic Hash acquisition module, for from TCM NV spaces corresponding with the file to be measured, obtaining
The credible benchmark cryptographic Hash being pre-created;
Cryptographic Hash judge module, for judging whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, such as
Fruit is, then activation system.
Preferably, in addition to:
Credible benchmark cryptographic Hash computing module, for carrying out Hash operation to initial trusted file destination, obtain it is described can
Believe benchmark cryptographic Hash;
Credible benchmark cryptographic Hash memory module, for the credible benchmark cryptographic Hash to be stored to the file phase to be measured
The NV spaces answered.
Preferably, in addition to:
Cryptographic Hash memory module is measured, for the measurement cryptographic Hash to be stored.
Preferably, it is described measurement cryptographic Hash memory module be PCR memory modules, for by it is described measure cryptographic Hash store to
In the PCR register of the TCM.
Preferably, in addition to:
Franchise start code input module, for when it is described measurement cryptographic Hash and the credible benchmark cryptographic Hash it is inconsistent, then
Prompting inputs franchise start code;
Franchise start code judge module, for judge input franchise start code and preset franchise start code whether one
Cause, if it is, activation system.
In the present invention, the system start method based on TCM includes:When getting system action command, then confidence level is utilized
File name information in amount file template transfers corresponding current goal file, obtains file to be measured;Measurement file is treated to enter
Row Hash operation, obtain measuring cryptographic Hash;From TCM NV spaces corresponding with file to be measured, obtain be pre-created can
Believe benchmark cryptographic Hash;Judge to measure cryptographic Hash and whether credible benchmark cryptographic Hash is consistent, if it is, activation system.It can be seen that this
When system starts, obtaining needs the file to be measured measured for invention, in order in checking system file to be measured either with or without
It is tampered, if the use of system incredible risk is present, the present invention treats measurement file progress Hash operation and obtains it
Cryptographic Hash is measured, then the credible benchmark cryptographic Hash in the NV spaces for being stored in TCM corresponding with file to be measured carries out uniformity
Compare, illustrate that file to be measured is not tampered with if consistent, system is believable, so as to reach the mesh of credible activation system
's.Generally speaking, the purpose of credible activation system can be reached using the inventive method.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of system start method flow chart based on TCM disclosed in the embodiment of the present invention;
Fig. 2 is a kind of specifically system start method flow chart based on TCM disclosed in the embodiment of the present invention;
Fig. 3 is another specifically system start method flow chart based on TCM disclosed in the embodiment of the present invention;
Fig. 4 is a kind of also disclosed system activation system structural representation based on TCM of the embodiment of the present invention;
Fig. 5 is a kind of also disclosed specifically system activation system structural representation based on TCM of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
The embodiment of the invention discloses a kind of system start method based on TCM, shown in Figure 1, this method includes:
Step S11:When getting system action command, then transferred using the file name information in credible measurement file template
Corresponding current goal file, obtains file to be measured.
In the embodiment of the present invention, system refers to the system on terminal device, for example, it may be being stored with country, enterprise
And system or the system of individual or privately owned local memory device in the cloud storage equipment of personal important information,
And computer equipment system.The equipment of present system startup method is carried all using TCM as physics trusted root, that is,
Credible and secure chip of the embedded TCM chips as equipment in equipment, to carry out various credible and secure operations to equipment using TCM
And credible and secure tactful deployment.
The filename that system starts related critical file, such as kernel text are mainly stored in credible measurement file template
Filename of part etc., the critical file in system can be transferred by these filenames.File destination is the text stored in system
It part, can be the critical file in system, the security of system will be had a strong impact on after illegally being distorted, cause system can not
Letter, therefore during system starts, in order to ensure the credible of system, it is necessary to which the file crucial to these is measured.
In system starting process, the file destination that needs to be measured can be transferred using authority is started with the startup authority of adapter system,
File namely to be measured, for example, can be after obtaining and starting authority, the file template in acquisition system, in this document template
Include the filename of file in system, found by these filename cans and transfer file to be measured.
Step S12:Treat measurement file and carry out Hash operation, obtain measuring cryptographic Hash.
In the embodiment of the present invention, in order to which the file to be measured that judges to transfer to obtain by way of measurement is either with or without being usurped
Change, it is necessary to judge whether file to be measured and corresponding file destination under the system trusted status are consistent.It is quick in view of needing
Credible activation system, the consumption that file compares the brought time in detail is reduced, measurement file can be treated and carry out Hash operation, obtained
To the cryptographic Hash of file to be measured, the standard compared is used as by the use of cryptographic Hash.One is carried out using the whether consistent standard of cryptographic Hash
The judgement of cause property, the speed of feasible activation system can be effectively improved.
Step S13:From TCM NV spaces corresponding with file to be measured, the credible benchmark Hash being pre-created is obtained
Value.
NV spaces (NV, Non-volatile Storage, non-volatile memories) in the embodiment of the present invention in TCM are one
Individual safe space, the data stored in NV spaces are all encrypted from master encryption algorithm by State Commercial Cryptography Administration and stored, therefore are stored in
The data in NV spaces will not be securely and reliably tampered.But the capacity in NV spaces is smaller, the text of big byte can not be stored
Part, thus can use cryptographic Hash judge standard, in NV spaces under storage system trusted status file destination credible base
Quasi- cryptographic Hash, it is file to be measured corresponding to the file destination.
TCM NV spaces have multiple, can store credible benchmark cryptographic Hash corresponding to difference file to be measured respectively,
Therefore difference is being obtained when credible benchmark cryptographic Hash corresponding to file is measured, the method that can use retrieval, in the multiple of TCM
NV spaces corresponding with file to be measured, credible benchmark cryptographic Hash corresponding to acquisition are found in NV spaces.
Step S14:Judge to measure cryptographic Hash and whether credible benchmark cryptographic Hash is consistent, if it is, activation system.
In the embodiment of the present invention, it is all specific numerical value to measure cryptographic Hash and credible benchmark cryptographic Hash, is binary number
Value, therefore when judging to measure cryptographic Hash and whether consistent credible benchmark cryptographic Hash, can be realized using algorithm, such as can be with
Using binary subtraction, if the difference of measurement cryptographic Hash and credible benchmark cryptographic Hash is zero, illustrate file to be measured not by
Distort, the system is credible, then can be with activation system.It is if it is judged that inconsistent for measurement cryptographic Hash and credible benchmark cryptographic Hash
When, file to be measured has been tampered with system, and system becomes insincere, at this moment can be given a warning to the user of open system
Prompting, prompts the system to be now arranged in insincere state.
It can be seen that the present invention when system starts, obtains the file to be measured for needing to be measured, in order to be treated in checking system
Measurement file is either with or without being tampered, if the use of system incredible risk is present, the present invention treats measurement file and carried out
Hash operation obtains it and measures cryptographic Hash, and then the credible benchmark in the NV spaces for being stored in TCM corresponding with file to be measured is breathed out
Uncommon value carries out comparison of coherence, illustrates that file to be measured is not tampered with if consistent, system be it is believable, can so as to reach
Believe the purpose of activation system.Generally speaking, the purpose of credible activation system can be reached using the inventive method.
The embodiment of the invention discloses a kind of specifically system start method based on TCM, relative to a upper embodiment, sheet
Embodiment has made further instruction and optimization to technical scheme.Specifically:
The establishment process for the credible benchmark cryptographic Hash being pre-created, referring to Fig. 2, including:
Step S21:Hash operation is carried out to initial trusted file destination under system trusted status, credible benchmark is obtained and breathes out
Uncommon value.
In the embodiment of the present invention, the premise that credible initial target file carries out Hash operation is that the system is to be in credible shape
State simultaneously opens running, that is, current system may be in the state of user has determined as credible and safety.It is initial trusted
File destination can be the critical file in system, and the security of system will be had a strong impact on after illegally being distorted, causes system
It is insincere.
Therefore during the next time of system starts, in order to ensure the credible of system, needed under system trusted status
Hash operation is carried out to these crucial initial trusted file destinations, obtains credible benchmark cryptographic Hash, is breathed out using the credible benchmark
Uncommon value offer standard judges the critical file in lower subsystem startup either with or without being tampered
For transferring for initial trusted file destination, for example, file template that can be in acquisition system, in this document template
Include the filename of file in system, found by these filename cans and transfer initial trusted file destination, then
Hash operation is carried out to it and obtains credible benchmark cryptographic Hash.
Step S22:Credible benchmark cryptographic Hash is stored to the corresponding NV spaces of file to be measured.
TCM NV spaces have it is multiple, when being stored to credible benchmark cryptographic Hash, at the beginning of difference can be stored respectively
Begin the credible benchmark cryptographic Hash of letter file destination, when system starts next time, to obtain corresponding to difference file to be measured
During credible benchmark cryptographic Hash, the method retrieved can be used, is found in TCM multiple NV spaces corresponding with file to be measured
NV spaces, credible benchmark cryptographic Hash corresponding to acquisition.
It is shown in Figure 3 the embodiment of the invention discloses another specifically system start method based on TCM, relatively
In above-described embodiment, the present embodiment has made further increase to technical scheme.Specifically:
Step S31:When getting system action command, then transferred using the file name information in credible measurement file template
Corresponding current goal file, obtains file to be measured;
Step S32:Treat measurement file and carry out Hash operation, obtain measuring cryptographic Hash;
Step S33:From TCM NV spaces corresponding with file to be measured, the credible benchmark Hash being pre-created is obtained
Value;
Step S34:Judge to measure cryptographic Hash and whether credible benchmark cryptographic Hash is consistent, if it is, activation system.
The corresponding contents disclosed in previous embodiment are may be referred on the more detailed principle of above steps, herein not
Repeat again.
In the present embodiment, it can further include:Measurement cryptographic Hash is stored.
In the embodiment of the present application, after to measurement file progress Hash operation to measurement cryptographic Hash, it will can also measure
Cryptographic Hash is stored, if so as to follow-up system be insincere state when, inconsistent degree after cryptographic Hash judges can be transferred
Cryptographic Hash is measured, system is analyzed using inconsistent measurement cryptographic Hash, for example, passing through inconsistent measurement cryptographic Hash point
The part being tampered in analysis measurement file, analyzes its seriousness distorted, so as to draw an incredible degree of system.
In above-mentioned steps, the process that is stored of cryptographic Hash will be measured, specifically included:Measurement cryptographic Hash is stored to TCM
PCR register in.
In above-mentioned steps, measurement cryptographic Hash is stored, can be stored to TCM PCR (PCR, Platform
Configuration Register, platform configuration register) in register.In TCM PCR register data, it is ensured that
The confidence level of data, therefore when analyzing insincere system, the measurement cryptographic Hash obtained in PCR is analyzed, and makes analysis result
Can be accurate and credible, obtain believable analysis report.
Step S35:When measurement cryptographic Hash and credible benchmark cryptographic Hash are inconsistent, then prompting inputs franchise start code.
In the embodiment of the present invention, when judged result is inconsistent with credible benchmark cryptographic Hash for measurement cryptographic Hash, in system
File to be measured has been tampered with, and when system becomes insincere, can give a warning prompting to the user of open system, and prompting should
System is now arranged in insincere state, after prompting user can also be prompted to input franchise start code sending, to start
Current system.The input of franchise start code can be specific numeral, such as input 1234.
Step S36:Judge whether the franchise start code of input is consistent with presetting franchise start code, if it is, opening
Dynamic system.
In the embodiment of the present invention, current system is judged for insincere system by above-mentioned steps in activation system, is repaired
Personnel can be entered in system by inputting correctly franchise start code set in advance, to be repaiied to incredible system
It is multiple, the file distorted is repaired correctly, so that system credible running again.It can be that user exists to preset franchise start code
The password set under the believable state of system is determined, is a specific password, such as under trusted status, can be set
Franchise start code is 1234.
The embodiment of the invention also discloses a kind of system activation system based on TCM, shown in Figure 4, the system includes:
File acquisition module 11 to be measured, for when getting system action command, then utilizing credible measurement file template
In file name information transfer corresponding current goal file, obtain file to be measured;
Cryptographic Hash computing module 12 is measured, Hash operation is carried out for treating measurement file, obtains measuring cryptographic Hash;
Credible benchmark cryptographic Hash acquisition module 13, it is pre- for from TCM NV spaces corresponding with file to be measured, obtaining
The credible benchmark cryptographic Hash first created;
Cryptographic Hash judge module 14, for judging whether measurement cryptographic Hash and credible benchmark cryptographic Hash are consistent, if it is,
Activation system.
It can be seen that the present invention when system starts, obtains the file to be measured for needing to be measured, in order to be treated in checking system
Measurement file is either with or without being tampered, if the use of system incredible risk is present, the present invention treats measurement file and carried out
Hash operation obtains it and measures cryptographic Hash, and then the credible benchmark in the NV spaces for being stored in TCM corresponding with file to be measured is breathed out
Uncommon value carries out comparison of coherence, illustrates that file to be measured is not tampered with if consistent, system be it is believable, can so as to reach
Believe the purpose of activation system.Generally speaking, the purpose of credible activation system can be reached using the inventive method.
It is may be referred on above-mentioned modules and the more detailed course of work of unit disclosed in previous embodiment
Corresponding contents, will not be repeated here.
It is shown in Figure 5 the embodiment of the invention also discloses a kind of specifically system activation system based on TCM, relatively
In a upper embodiment, the present embodiment has made further instruction and optimization to technical scheme.Specifically:
Also include:
Credible benchmark cryptographic Hash computing module 15, for carrying out Hash operation to initial trusted file destination, obtain credible
Benchmark cryptographic Hash;
Credible benchmark cryptographic Hash memory module 16, for credible benchmark cryptographic Hash to be stored to the corresponding NV of file to be measured
Space.
Cryptographic Hash memory module is measured, for measurement cryptographic Hash to be stored;
Wherein, it is PCR memory modules 17 to measure cryptographic Hash memory module, for measurement cryptographic Hash to be stored to TCM PCR
In register.
Franchise start code input module 18, it is inconsistent for working as measurement cryptographic Hash and credible benchmark cryptographic Hash, then prompt defeated
Enter franchise start code;
Franchise start code judge module 19, for judging the franchise start code of input and whether presetting franchise start code
Unanimously, if it is, activation system.
It is may be referred on above-mentioned modules and the more detailed course of work of unit disclosed in previous embodiment
Corresponding contents, will not be repeated here.
Finally, it is to be noted that, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between any this actual relation or order be present.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or equipment including a series of elements not only include that
A little key elements, but also the other element including being not expressly set out, or also include for this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", is not arranged
Except other identical element in the process including the key element, method, article or equipment being also present.
A kind of system start method and system based on TCM provided by the present invention are described in detail above, this
Apply specific case in text to be set forth the principle and embodiment of the present invention, the explanation of above example is only intended to
Help to understand method and its core concept of the invention;Meanwhile for those of ordinary skill in the art, the think of according to the present invention
Think, in specific embodiments and applications there will be changes, in summary, this specification content should not be construed as pair
The limitation of the present invention.
Claims (10)
- A kind of 1. system start method based on TCM, it is characterised in that including:When getting system action command, then corresponding current mesh is transferred using the file name information in credible measurement file template File is marked, obtains file to be measured;Hash operation is carried out to the file to be measured, obtains measuring cryptographic Hash;From TCM NV spaces corresponding with the file to be measured, the credible benchmark cryptographic Hash being pre-created is obtained;Judge whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, if it is, activation system.
- 2. according to the method for claim 1, it is characterised in that the establishment of the credible benchmark cryptographic Hash being pre-created Journey, including:Hash operation is carried out to initial trusted file destination under system trusted status, obtains the credible benchmark cryptographic Hash;The credible benchmark cryptographic Hash is stored to the file to be measured NV spaces accordingly.
- 3. according to the method for claim 1, it is characterised in that also include:The measurement cryptographic Hash is stored.
- 4. according to the method for claim 3, it is characterised in that the process for being stored the measurement cryptographic Hash, Including:The measurement cryptographic Hash is stored into the PCR register of the TCM.
- 5. according to the method described in claim any one of 1-4, it is characterised in that also include:When the measurement cryptographic Hash and the credible benchmark cryptographic Hash are inconsistent, then prompting inputs franchise start code;Judge whether the franchise start code of input is consistent with presetting franchise start code, if it is, activation system.
- A kind of 6. system activation system based on TCM, it is characterised in that including:File acquisition module to be measured, for when getting system action command, then utilizing the text in credible measurement file template Part name information transfers corresponding current goal file, obtains file to be measured;Cryptographic Hash computing module is measured, for carrying out Hash operation to the file to be measured, obtains measuring cryptographic Hash;Credible benchmark cryptographic Hash acquisition module, for from TCM NV spaces corresponding with the file to be measured, obtaining advance The credible benchmark cryptographic Hash created;Cryptographic Hash judge module, for judging whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, if it is, Then activation system.
- 7. system according to claim 6, it is characterised in that also include:Credible benchmark cryptographic Hash computing module, for carrying out Hash operation to initial trusted file destination, obtain the credible base Quasi- cryptographic Hash;Credible benchmark cryptographic Hash memory module, it is corresponding to the file to be measured for the credible benchmark cryptographic Hash to be stored The NV spaces.
- 8. system according to claim 6, it is characterised in that also include:Cryptographic Hash memory module is measured, for the measurement cryptographic Hash to be stored.
- 9. system according to claim 8, it is characterised in that the measurement cryptographic Hash memory module is PCR memory modules, For the measurement cryptographic Hash to be stored into the PCR register of the TCM.
- 10. according to the system described in claim any one of 6-9, it is characterised in that also include:Franchise start code input module, for when it is described measurement cryptographic Hash and the credible benchmark cryptographic Hash it is inconsistent, then prompt Input franchise start code;Franchise start code judge module, for judging whether the franchise start code of input is consistent with presetting franchise start code, If it is, activation system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710521916.5A CN107346393A (en) | 2017-06-30 | 2017-06-30 | A kind of system start method and system based on TCM |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710521916.5A CN107346393A (en) | 2017-06-30 | 2017-06-30 | A kind of system start method and system based on TCM |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107346393A true CN107346393A (en) | 2017-11-14 |
Family
ID=60256718
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710521916.5A Pending CN107346393A (en) | 2017-06-30 | 2017-06-30 | A kind of system start method and system based on TCM |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107346393A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109117643A (en) * | 2018-09-05 | 2019-01-01 | 郑州云海信息技术有限公司 | The method and relevant device of system processing |
CN109144584A (en) * | 2018-07-27 | 2019-01-04 | 浪潮(北京)电子信息产业有限公司 | A kind of programmable logic device and its starting method, system and storage medium |
CN109558738A (en) * | 2018-12-07 | 2019-04-02 | 郑州云海信息技术有限公司 | A kind of mobile platform is credible control device and its method |
CN110457073A (en) * | 2019-08-13 | 2019-11-15 | 北京工业大学 | A kind of credible starting method of the Pre-boot Execution Environment PXE of Shen prestige server |
CN110677416A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device and trusted computing terminal |
CN111262705A (en) * | 2020-01-15 | 2020-06-09 | 西安理工大学 | Method for checking block chain trusted boot |
CN111291381A (en) * | 2020-01-17 | 2020-06-16 | 山东超越数控电子股份有限公司 | Method, equipment and medium for building trust chain based on TCM |
CN111506897A (en) * | 2019-01-30 | 2020-08-07 | 阿里巴巴集团控股有限公司 | Data processing method and device |
CN112257058A (en) * | 2020-10-12 | 2021-01-22 | 麒麟软件有限公司 | Trusted computing verification method and system for operating system |
CN113536387A (en) * | 2020-04-15 | 2021-10-22 | 青岛海信移动通信技术股份有限公司 | Terminal and method for detecting integrity of kernel data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101504704A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Star trust chain supporting embedded platform application program integrality verification method |
EP2645294A1 (en) * | 2012-03-29 | 2013-10-02 | Cisco Technology, Inc. | System and method for trusted platform attestation |
CN105354497A (en) * | 2015-10-26 | 2016-02-24 | 浪潮电子信息产业股份有限公司 | Computer protection apparatus and method |
CN105608386A (en) * | 2016-03-11 | 2016-05-25 | 成都三零嘉微电子有限公司 | Trusted computing terminal integrity measuring and proving method and device |
CN106127057A (en) * | 2016-06-23 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | Method for constructing trusted boot control based on TPM |
-
2017
- 2017-06-30 CN CN201710521916.5A patent/CN107346393A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101504704A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Star trust chain supporting embedded platform application program integrality verification method |
EP2645294A1 (en) * | 2012-03-29 | 2013-10-02 | Cisco Technology, Inc. | System and method for trusted platform attestation |
CN105354497A (en) * | 2015-10-26 | 2016-02-24 | 浪潮电子信息产业股份有限公司 | Computer protection apparatus and method |
CN105608386A (en) * | 2016-03-11 | 2016-05-25 | 成都三零嘉微电子有限公司 | Trusted computing terminal integrity measuring and proving method and device |
CN106127057A (en) * | 2016-06-23 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | Method for constructing trusted boot control based on TPM |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109144584A (en) * | 2018-07-27 | 2019-01-04 | 浪潮(北京)电子信息产业有限公司 | A kind of programmable logic device and its starting method, system and storage medium |
CN109117643A (en) * | 2018-09-05 | 2019-01-01 | 郑州云海信息技术有限公司 | The method and relevant device of system processing |
CN109117643B (en) * | 2018-09-05 | 2021-05-07 | 郑州云海信息技术有限公司 | System processing method and related equipment |
CN109558738A (en) * | 2018-12-07 | 2019-04-02 | 郑州云海信息技术有限公司 | A kind of mobile platform is credible control device and its method |
CN111506897A (en) * | 2019-01-30 | 2020-08-07 | 阿里巴巴集团控股有限公司 | Data processing method and device |
CN111506897B (en) * | 2019-01-30 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Data processing method and device |
CN110457073A (en) * | 2019-08-13 | 2019-11-15 | 北京工业大学 | A kind of credible starting method of the Pre-boot Execution Environment PXE of Shen prestige server |
CN110677416A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device and trusted computing terminal |
CN111262705A (en) * | 2020-01-15 | 2020-06-09 | 西安理工大学 | Method for checking block chain trusted boot |
CN111262705B (en) * | 2020-01-15 | 2023-05-09 | 西安理工大学 | Method for checking trusted starting of blockchain |
CN111291381A (en) * | 2020-01-17 | 2020-06-16 | 山东超越数控电子股份有限公司 | Method, equipment and medium for building trust chain based on TCM |
CN113536387A (en) * | 2020-04-15 | 2021-10-22 | 青岛海信移动通信技术股份有限公司 | Terminal and method for detecting integrity of kernel data |
CN113536387B (en) * | 2020-04-15 | 2024-06-04 | 青岛海信移动通信技术有限公司 | Terminal and method for detecting integrity of kernel data |
CN112257058A (en) * | 2020-10-12 | 2021-01-22 | 麒麟软件有限公司 | Trusted computing verification method and system for operating system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107346393A (en) | A kind of system start method and system based on TCM | |
US20200272739A1 (en) | Performing an action based on a pre-boot measurement of a firmware image | |
CN102541765B (en) | Security protection for memory content of processor main memory | |
CN105205401B (en) | Trusted computer system and its trusted bootstrap method based on security password chip | |
CN107506663A (en) | Server security based on credible BMC starts method | |
CN106384052A (en) | Method for realizing BMC U-boot trusted boot control | |
CN101965570A (en) | A computer system comprising a secure boot mechanism | |
CN101542494A (en) | Protecting interfaces on processor architectures | |
CN105678162B (en) | TPM-based operating system secure boot control method | |
CN105930733A (en) | Trust chain construction method and apparatus | |
CN101983375A (en) | Binding a cryptographic module to a platform | |
CN104008342A (en) | Method for achieving safe and trusted authentication through BIOS and kernel | |
CN104794394B (en) | A kind of virtual machine starts the method and device of verification | |
CN107508801A (en) | A kind of file tamper-proof method and device | |
CN107861793A (en) | Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium | |
CN109117643A (en) | The method and relevant device of system processing | |
CN106547648A (en) | Backup data processing method and device | |
CN107480535A (en) | The reliable hardware layer design method and device of a kind of two-way server | |
CN100334519C (en) | Method for establishing credible input-output channels | |
CN103745166A (en) | Method and device for inspecting file attribute value | |
CN106612183A (en) | Cross digital signing method and cross digital signing system for application software under domestic operating system | |
CN106980800B (en) | Measurement method and system for authentication partition of encrypted solid state disk | |
KR102256249B1 (en) | SECURE FIRMWARE UPDATE METHOD OF IoT DEVICE USING AN INTEGRATED SECURITY SoC | |
CN108270574A (en) | A kind of method for secure loading and device of white list library file | |
CN101147154A (en) | Methods, devices and data structures for trusted data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171114 |