CN107346393A - A kind of system start method and system based on TCM - Google Patents

A kind of system start method and system based on TCM Download PDF

Info

Publication number
CN107346393A
CN107346393A CN201710521916.5A CN201710521916A CN107346393A CN 107346393 A CN107346393 A CN 107346393A CN 201710521916 A CN201710521916 A CN 201710521916A CN 107346393 A CN107346393 A CN 107346393A
Authority
CN
China
Prior art keywords
cryptographic hash
file
credible
measured
measurement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710521916.5A
Other languages
Chinese (zh)
Inventor
程学超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Beijing Electronic Information Industry Co Ltd
Original Assignee
Inspur Beijing Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Beijing Electronic Information Industry Co Ltd filed Critical Inspur Beijing Electronic Information Industry Co Ltd
Priority to CN201710521916.5A priority Critical patent/CN107346393A/en
Publication of CN107346393A publication Critical patent/CN107346393A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

This application discloses a kind of system start method based on TCM, including:When getting system action command, then corresponding current goal file is transferred using the file name information in credible measurement file template, obtain file to be measured;Hash operation is carried out to the file to be measured, obtains measuring cryptographic Hash;From TCM NV spaces corresponding with the file to be measured, the credible benchmark cryptographic Hash being pre-created is obtained;Judge whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, if it is, activation system.Pass through the system start method provided herein based on TCM, it can be determined that whether the system being currently up is credible, so as to reach the purpose of credible activation system.In addition, the application further correspondingly discloses a kind of system activation system based on TCM.

Description

A kind of system start method and system based on TCM
Technical field
The present invention relates to information security technology, more particularly to a kind of system start method and system based on TCM.
Background technology
Creditable calculation modules are a kind of hardware modules, are widely used in information security field, such as credible platform module TPM (TPM, Trusted Platform Module) and credible password module TCM (TCM, Trusted Cryptography Module)。
Such as using TPM, it is in order to ensure user stores the credible of the equipment of important information, such as determines computer and clothes Device etc. be engaged in not by illegal invader's access and attack, a computing environment that can be trusted can be provided.It is embedded in a device TPM chips, it is possible to set up a kind of credible strategy to enter the credible delivery of row information to equipment, ensure the credible of equipment.
In view of the national conditions of China's information security management, used in the equipment that some are stored with the great confidential information of country TPM chips there may be risk, therefore China have developed credible password module TCM with State Commercial Cryptography Administration from master encryption algorithm.Profit It is stored with the insertion of TCM chips in the equipment of great confidential information, to ensure the credible of equipment.Unfortunately, currently there are no A kind of specific method that the credible startup of device systems is carried out using TCM.
The content of the invention
In view of this, it is an object of the invention to provide a kind of system start method and system based on TCM, to reach profit The purpose of the credible startup of device systems is carried out with TCM.Its concrete scheme is as follows:
A kind of system start method based on TCM, including:
When getting system action command, then transferred using the file name information in credible measurement file template and worked as accordingly Preceding file destination, obtain file to be measured;
Hash operation is carried out to the file to be measured, obtains measuring cryptographic Hash;
From TCM NV spaces corresponding with the file to be measured, the credible benchmark cryptographic Hash being pre-created is obtained;
Judge whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, if it is, activation system.
Preferably, the establishment process of the credible benchmark cryptographic Hash being pre-created, including:
Hash operation is carried out to initial trusted file destination under system trusted status, obtains the credible benchmark Hash Value;
The credible benchmark cryptographic Hash is stored to the file to be measured NV spaces accordingly.
Preferably, in addition to:
The measurement cryptographic Hash is stored.
Preferably, the process that the measurement cryptographic Hash is stored, including:
The measurement cryptographic Hash is stored into the PCR register of the TCM.
Preferably, in addition to:
When the measurement cryptographic Hash and the credible benchmark cryptographic Hash are inconsistent, then prompting inputs franchise start code;
Judge whether the franchise start code of input is consistent with presetting franchise start code, if it is, activation system.
The invention also discloses a kind of system activation system based on TCM, including:
File acquisition module to be measured, for when getting system action command, then being measured using credible in file template File name information transfer corresponding current goal file, obtain file to be measured;
Cryptographic Hash computing module is measured, for carrying out Hash operation to the file to be measured, obtains measuring cryptographic Hash;
Credible benchmark cryptographic Hash acquisition module, for from TCM NV spaces corresponding with the file to be measured, obtaining The credible benchmark cryptographic Hash being pre-created;
Cryptographic Hash judge module, for judging whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, such as Fruit is, then activation system.
Preferably, in addition to:
Credible benchmark cryptographic Hash computing module, for carrying out Hash operation to initial trusted file destination, obtain it is described can Believe benchmark cryptographic Hash;
Credible benchmark cryptographic Hash memory module, for the credible benchmark cryptographic Hash to be stored to the file phase to be measured The NV spaces answered.
Preferably, in addition to:
Cryptographic Hash memory module is measured, for the measurement cryptographic Hash to be stored.
Preferably, it is described measurement cryptographic Hash memory module be PCR memory modules, for by it is described measure cryptographic Hash store to In the PCR register of the TCM.
Preferably, in addition to:
Franchise start code input module, for when it is described measurement cryptographic Hash and the credible benchmark cryptographic Hash it is inconsistent, then Prompting inputs franchise start code;
Franchise start code judge module, for judge input franchise start code and preset franchise start code whether one Cause, if it is, activation system.
In the present invention, the system start method based on TCM includes:When getting system action command, then confidence level is utilized File name information in amount file template transfers corresponding current goal file, obtains file to be measured;Measurement file is treated to enter Row Hash operation, obtain measuring cryptographic Hash;From TCM NV spaces corresponding with file to be measured, obtain be pre-created can Believe benchmark cryptographic Hash;Judge to measure cryptographic Hash and whether credible benchmark cryptographic Hash is consistent, if it is, activation system.It can be seen that this When system starts, obtaining needs the file to be measured measured for invention, in order in checking system file to be measured either with or without It is tampered, if the use of system incredible risk is present, the present invention treats measurement file progress Hash operation and obtains it Cryptographic Hash is measured, then the credible benchmark cryptographic Hash in the NV spaces for being stored in TCM corresponding with file to be measured carries out uniformity Compare, illustrate that file to be measured is not tampered with if consistent, system is believable, so as to reach the mesh of credible activation system 's.Generally speaking, the purpose of credible activation system can be reached using the inventive method.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of system start method flow chart based on TCM disclosed in the embodiment of the present invention;
Fig. 2 is a kind of specifically system start method flow chart based on TCM disclosed in the embodiment of the present invention;
Fig. 3 is another specifically system start method flow chart based on TCM disclosed in the embodiment of the present invention;
Fig. 4 is a kind of also disclosed system activation system structural representation based on TCM of the embodiment of the present invention;
Fig. 5 is a kind of also disclosed specifically system activation system structural representation based on TCM of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
The embodiment of the invention discloses a kind of system start method based on TCM, shown in Figure 1, this method includes:
Step S11:When getting system action command, then transferred using the file name information in credible measurement file template Corresponding current goal file, obtains file to be measured.
In the embodiment of the present invention, system refers to the system on terminal device, for example, it may be being stored with country, enterprise And system or the system of individual or privately owned local memory device in the cloud storage equipment of personal important information, And computer equipment system.The equipment of present system startup method is carried all using TCM as physics trusted root, that is, Credible and secure chip of the embedded TCM chips as equipment in equipment, to carry out various credible and secure operations to equipment using TCM And credible and secure tactful deployment.
The filename that system starts related critical file, such as kernel text are mainly stored in credible measurement file template Filename of part etc., the critical file in system can be transferred by these filenames.File destination is the text stored in system It part, can be the critical file in system, the security of system will be had a strong impact on after illegally being distorted, cause system can not Letter, therefore during system starts, in order to ensure the credible of system, it is necessary to which the file crucial to these is measured. In system starting process, the file destination that needs to be measured can be transferred using authority is started with the startup authority of adapter system, File namely to be measured, for example, can be after obtaining and starting authority, the file template in acquisition system, in this document template Include the filename of file in system, found by these filename cans and transfer file to be measured.
Step S12:Treat measurement file and carry out Hash operation, obtain measuring cryptographic Hash.
In the embodiment of the present invention, in order to which the file to be measured that judges to transfer to obtain by way of measurement is either with or without being usurped Change, it is necessary to judge whether file to be measured and corresponding file destination under the system trusted status are consistent.It is quick in view of needing Credible activation system, the consumption that file compares the brought time in detail is reduced, measurement file can be treated and carry out Hash operation, obtained To the cryptographic Hash of file to be measured, the standard compared is used as by the use of cryptographic Hash.One is carried out using the whether consistent standard of cryptographic Hash The judgement of cause property, the speed of feasible activation system can be effectively improved.
Step S13:From TCM NV spaces corresponding with file to be measured, the credible benchmark Hash being pre-created is obtained Value.
NV spaces (NV, Non-volatile Storage, non-volatile memories) in the embodiment of the present invention in TCM are one Individual safe space, the data stored in NV spaces are all encrypted from master encryption algorithm by State Commercial Cryptography Administration and stored, therefore are stored in The data in NV spaces will not be securely and reliably tampered.But the capacity in NV spaces is smaller, the text of big byte can not be stored Part, thus can use cryptographic Hash judge standard, in NV spaces under storage system trusted status file destination credible base Quasi- cryptographic Hash, it is file to be measured corresponding to the file destination.
TCM NV spaces have multiple, can store credible benchmark cryptographic Hash corresponding to difference file to be measured respectively, Therefore difference is being obtained when credible benchmark cryptographic Hash corresponding to file is measured, the method that can use retrieval, in the multiple of TCM NV spaces corresponding with file to be measured, credible benchmark cryptographic Hash corresponding to acquisition are found in NV spaces.
Step S14:Judge to measure cryptographic Hash and whether credible benchmark cryptographic Hash is consistent, if it is, activation system.
In the embodiment of the present invention, it is all specific numerical value to measure cryptographic Hash and credible benchmark cryptographic Hash, is binary number Value, therefore when judging to measure cryptographic Hash and whether consistent credible benchmark cryptographic Hash, can be realized using algorithm, such as can be with Using binary subtraction, if the difference of measurement cryptographic Hash and credible benchmark cryptographic Hash is zero, illustrate file to be measured not by Distort, the system is credible, then can be with activation system.It is if it is judged that inconsistent for measurement cryptographic Hash and credible benchmark cryptographic Hash When, file to be measured has been tampered with system, and system becomes insincere, at this moment can be given a warning to the user of open system Prompting, prompts the system to be now arranged in insincere state.
It can be seen that the present invention when system starts, obtains the file to be measured for needing to be measured, in order to be treated in checking system Measurement file is either with or without being tampered, if the use of system incredible risk is present, the present invention treats measurement file and carried out Hash operation obtains it and measures cryptographic Hash, and then the credible benchmark in the NV spaces for being stored in TCM corresponding with file to be measured is breathed out Uncommon value carries out comparison of coherence, illustrates that file to be measured is not tampered with if consistent, system be it is believable, can so as to reach Believe the purpose of activation system.Generally speaking, the purpose of credible activation system can be reached using the inventive method.
The embodiment of the invention discloses a kind of specifically system start method based on TCM, relative to a upper embodiment, sheet Embodiment has made further instruction and optimization to technical scheme.Specifically:
The establishment process for the credible benchmark cryptographic Hash being pre-created, referring to Fig. 2, including:
Step S21:Hash operation is carried out to initial trusted file destination under system trusted status, credible benchmark is obtained and breathes out Uncommon value.
In the embodiment of the present invention, the premise that credible initial target file carries out Hash operation is that the system is to be in credible shape State simultaneously opens running, that is, current system may be in the state of user has determined as credible and safety.It is initial trusted File destination can be the critical file in system, and the security of system will be had a strong impact on after illegally being distorted, causes system It is insincere.
Therefore during the next time of system starts, in order to ensure the credible of system, needed under system trusted status Hash operation is carried out to these crucial initial trusted file destinations, obtains credible benchmark cryptographic Hash, is breathed out using the credible benchmark Uncommon value offer standard judges the critical file in lower subsystem startup either with or without being tampered
For transferring for initial trusted file destination, for example, file template that can be in acquisition system, in this document template Include the filename of file in system, found by these filename cans and transfer initial trusted file destination, then Hash operation is carried out to it and obtains credible benchmark cryptographic Hash.
Step S22:Credible benchmark cryptographic Hash is stored to the corresponding NV spaces of file to be measured.
TCM NV spaces have it is multiple, when being stored to credible benchmark cryptographic Hash, at the beginning of difference can be stored respectively Begin the credible benchmark cryptographic Hash of letter file destination, when system starts next time, to obtain corresponding to difference file to be measured During credible benchmark cryptographic Hash, the method retrieved can be used, is found in TCM multiple NV spaces corresponding with file to be measured NV spaces, credible benchmark cryptographic Hash corresponding to acquisition.
It is shown in Figure 3 the embodiment of the invention discloses another specifically system start method based on TCM, relatively In above-described embodiment, the present embodiment has made further increase to technical scheme.Specifically:
Step S31:When getting system action command, then transferred using the file name information in credible measurement file template Corresponding current goal file, obtains file to be measured;
Step S32:Treat measurement file and carry out Hash operation, obtain measuring cryptographic Hash;
Step S33:From TCM NV spaces corresponding with file to be measured, the credible benchmark Hash being pre-created is obtained Value;
Step S34:Judge to measure cryptographic Hash and whether credible benchmark cryptographic Hash is consistent, if it is, activation system.
The corresponding contents disclosed in previous embodiment are may be referred on the more detailed principle of above steps, herein not Repeat again.
In the present embodiment, it can further include:Measurement cryptographic Hash is stored.
In the embodiment of the present application, after to measurement file progress Hash operation to measurement cryptographic Hash, it will can also measure Cryptographic Hash is stored, if so as to follow-up system be insincere state when, inconsistent degree after cryptographic Hash judges can be transferred Cryptographic Hash is measured, system is analyzed using inconsistent measurement cryptographic Hash, for example, passing through inconsistent measurement cryptographic Hash point The part being tampered in analysis measurement file, analyzes its seriousness distorted, so as to draw an incredible degree of system.
In above-mentioned steps, the process that is stored of cryptographic Hash will be measured, specifically included:Measurement cryptographic Hash is stored to TCM PCR register in.
In above-mentioned steps, measurement cryptographic Hash is stored, can be stored to TCM PCR (PCR, Platform Configuration Register, platform configuration register) in register.In TCM PCR register data, it is ensured that The confidence level of data, therefore when analyzing insincere system, the measurement cryptographic Hash obtained in PCR is analyzed, and makes analysis result Can be accurate and credible, obtain believable analysis report.
Step S35:When measurement cryptographic Hash and credible benchmark cryptographic Hash are inconsistent, then prompting inputs franchise start code.
In the embodiment of the present invention, when judged result is inconsistent with credible benchmark cryptographic Hash for measurement cryptographic Hash, in system File to be measured has been tampered with, and when system becomes insincere, can give a warning prompting to the user of open system, and prompting should System is now arranged in insincere state, after prompting user can also be prompted to input franchise start code sending, to start Current system.The input of franchise start code can be specific numeral, such as input 1234.
Step S36:Judge whether the franchise start code of input is consistent with presetting franchise start code, if it is, opening Dynamic system.
In the embodiment of the present invention, current system is judged for insincere system by above-mentioned steps in activation system, is repaired Personnel can be entered in system by inputting correctly franchise start code set in advance, to be repaiied to incredible system It is multiple, the file distorted is repaired correctly, so that system credible running again.It can be that user exists to preset franchise start code The password set under the believable state of system is determined, is a specific password, such as under trusted status, can be set Franchise start code is 1234.
The embodiment of the invention also discloses a kind of system activation system based on TCM, shown in Figure 4, the system includes:
File acquisition module 11 to be measured, for when getting system action command, then utilizing credible measurement file template In file name information transfer corresponding current goal file, obtain file to be measured;
Cryptographic Hash computing module 12 is measured, Hash operation is carried out for treating measurement file, obtains measuring cryptographic Hash;
Credible benchmark cryptographic Hash acquisition module 13, it is pre- for from TCM NV spaces corresponding with file to be measured, obtaining The credible benchmark cryptographic Hash first created;
Cryptographic Hash judge module 14, for judging whether measurement cryptographic Hash and credible benchmark cryptographic Hash are consistent, if it is, Activation system.
It can be seen that the present invention when system starts, obtains the file to be measured for needing to be measured, in order to be treated in checking system Measurement file is either with or without being tampered, if the use of system incredible risk is present, the present invention treats measurement file and carried out Hash operation obtains it and measures cryptographic Hash, and then the credible benchmark in the NV spaces for being stored in TCM corresponding with file to be measured is breathed out Uncommon value carries out comparison of coherence, illustrates that file to be measured is not tampered with if consistent, system be it is believable, can so as to reach Believe the purpose of activation system.Generally speaking, the purpose of credible activation system can be reached using the inventive method.
It is may be referred on above-mentioned modules and the more detailed course of work of unit disclosed in previous embodiment Corresponding contents, will not be repeated here.
It is shown in Figure 5 the embodiment of the invention also discloses a kind of specifically system activation system based on TCM, relatively In a upper embodiment, the present embodiment has made further instruction and optimization to technical scheme.Specifically:
Also include:
Credible benchmark cryptographic Hash computing module 15, for carrying out Hash operation to initial trusted file destination, obtain credible Benchmark cryptographic Hash;
Credible benchmark cryptographic Hash memory module 16, for credible benchmark cryptographic Hash to be stored to the corresponding NV of file to be measured Space.
Cryptographic Hash memory module is measured, for measurement cryptographic Hash to be stored;
Wherein, it is PCR memory modules 17 to measure cryptographic Hash memory module, for measurement cryptographic Hash to be stored to TCM PCR In register.
Franchise start code input module 18, it is inconsistent for working as measurement cryptographic Hash and credible benchmark cryptographic Hash, then prompt defeated Enter franchise start code;
Franchise start code judge module 19, for judging the franchise start code of input and whether presetting franchise start code Unanimously, if it is, activation system.
It is may be referred on above-mentioned modules and the more detailed course of work of unit disclosed in previous embodiment Corresponding contents, will not be repeated here.
Finally, it is to be noted that, herein, such as first and second or the like relational terms be used merely to by One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation Between any this actual relation or order be present.Moreover, term " comprising ", "comprising" or its any other variant meaning Covering including for nonexcludability, so that process, method, article or equipment including a series of elements not only include that A little key elements, but also the other element including being not expressly set out, or also include for this process, method, article or The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", is not arranged Except other identical element in the process including the key element, method, article or equipment being also present.
A kind of system start method and system based on TCM provided by the present invention are described in detail above, this Apply specific case in text to be set forth the principle and embodiment of the present invention, the explanation of above example is only intended to Help to understand method and its core concept of the invention;Meanwhile for those of ordinary skill in the art, the think of according to the present invention Think, in specific embodiments and applications there will be changes, in summary, this specification content should not be construed as pair The limitation of the present invention.

Claims (10)

  1. A kind of 1. system start method based on TCM, it is characterised in that including:
    When getting system action command, then corresponding current mesh is transferred using the file name information in credible measurement file template File is marked, obtains file to be measured;
    Hash operation is carried out to the file to be measured, obtains measuring cryptographic Hash;
    From TCM NV spaces corresponding with the file to be measured, the credible benchmark cryptographic Hash being pre-created is obtained;
    Judge whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, if it is, activation system.
  2. 2. according to the method for claim 1, it is characterised in that the establishment of the credible benchmark cryptographic Hash being pre-created Journey, including:
    Hash operation is carried out to initial trusted file destination under system trusted status, obtains the credible benchmark cryptographic Hash;
    The credible benchmark cryptographic Hash is stored to the file to be measured NV spaces accordingly.
  3. 3. according to the method for claim 1, it is characterised in that also include:
    The measurement cryptographic Hash is stored.
  4. 4. according to the method for claim 3, it is characterised in that the process for being stored the measurement cryptographic Hash, Including:
    The measurement cryptographic Hash is stored into the PCR register of the TCM.
  5. 5. according to the method described in claim any one of 1-4, it is characterised in that also include:
    When the measurement cryptographic Hash and the credible benchmark cryptographic Hash are inconsistent, then prompting inputs franchise start code;
    Judge whether the franchise start code of input is consistent with presetting franchise start code, if it is, activation system.
  6. A kind of 6. system activation system based on TCM, it is characterised in that including:
    File acquisition module to be measured, for when getting system action command, then utilizing the text in credible measurement file template Part name information transfers corresponding current goal file, obtains file to be measured;
    Cryptographic Hash computing module is measured, for carrying out Hash operation to the file to be measured, obtains measuring cryptographic Hash;
    Credible benchmark cryptographic Hash acquisition module, for from TCM NV spaces corresponding with the file to be measured, obtaining advance The credible benchmark cryptographic Hash created;
    Cryptographic Hash judge module, for judging whether the measurement cryptographic Hash and the credible benchmark cryptographic Hash are consistent, if it is, Then activation system.
  7. 7. system according to claim 6, it is characterised in that also include:
    Credible benchmark cryptographic Hash computing module, for carrying out Hash operation to initial trusted file destination, obtain the credible base Quasi- cryptographic Hash;
    Credible benchmark cryptographic Hash memory module, it is corresponding to the file to be measured for the credible benchmark cryptographic Hash to be stored The NV spaces.
  8. 8. system according to claim 6, it is characterised in that also include:
    Cryptographic Hash memory module is measured, for the measurement cryptographic Hash to be stored.
  9. 9. system according to claim 8, it is characterised in that the measurement cryptographic Hash memory module is PCR memory modules, For the measurement cryptographic Hash to be stored into the PCR register of the TCM.
  10. 10. according to the system described in claim any one of 6-9, it is characterised in that also include:
    Franchise start code input module, for when it is described measurement cryptographic Hash and the credible benchmark cryptographic Hash it is inconsistent, then prompt Input franchise start code;
    Franchise start code judge module, for judging whether the franchise start code of input is consistent with presetting franchise start code, If it is, activation system.
CN201710521916.5A 2017-06-30 2017-06-30 A kind of system start method and system based on TCM Pending CN107346393A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710521916.5A CN107346393A (en) 2017-06-30 2017-06-30 A kind of system start method and system based on TCM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710521916.5A CN107346393A (en) 2017-06-30 2017-06-30 A kind of system start method and system based on TCM

Publications (1)

Publication Number Publication Date
CN107346393A true CN107346393A (en) 2017-11-14

Family

ID=60256718

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710521916.5A Pending CN107346393A (en) 2017-06-30 2017-06-30 A kind of system start method and system based on TCM

Country Status (1)

Country Link
CN (1) CN107346393A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117643A (en) * 2018-09-05 2019-01-01 郑州云海信息技术有限公司 The method and relevant device of system processing
CN109144584A (en) * 2018-07-27 2019-01-04 浪潮(北京)电子信息产业有限公司 A kind of programmable logic device and its starting method, system and storage medium
CN109558738A (en) * 2018-12-07 2019-04-02 郑州云海信息技术有限公司 A kind of mobile platform is credible control device and its method
CN110457073A (en) * 2019-08-13 2019-11-15 北京工业大学 A kind of credible starting method of the Pre-boot Execution Environment PXE of Shen prestige server
CN110677416A (en) * 2019-09-29 2020-01-10 北京可信华泰信息技术有限公司 Dynamic measurement method and device and trusted computing terminal
CN111262705A (en) * 2020-01-15 2020-06-09 西安理工大学 Method for checking block chain trusted boot
CN111291381A (en) * 2020-01-17 2020-06-16 山东超越数控电子股份有限公司 Method, equipment and medium for building trust chain based on TCM
CN111506897A (en) * 2019-01-30 2020-08-07 阿里巴巴集团控股有限公司 Data processing method and device
CN112257058A (en) * 2020-10-12 2021-01-22 麒麟软件有限公司 Trusted computing verification method and system for operating system
CN113536387A (en) * 2020-04-15 2021-10-22 青岛海信移动通信技术股份有限公司 Terminal and method for detecting integrity of kernel data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101504704A (en) * 2009-03-17 2009-08-12 武汉大学 Star trust chain supporting embedded platform application program integrality verification method
EP2645294A1 (en) * 2012-03-29 2013-10-02 Cisco Technology, Inc. System and method for trusted platform attestation
CN105354497A (en) * 2015-10-26 2016-02-24 浪潮电子信息产业股份有限公司 Computer protection apparatus and method
CN105608386A (en) * 2016-03-11 2016-05-25 成都三零嘉微电子有限公司 Trusted computing terminal integrity measuring and proving method and device
CN106127057A (en) * 2016-06-23 2016-11-16 浪潮电子信息产业股份有限公司 Method for constructing trusted boot control based on TPM

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101504704A (en) * 2009-03-17 2009-08-12 武汉大学 Star trust chain supporting embedded platform application program integrality verification method
EP2645294A1 (en) * 2012-03-29 2013-10-02 Cisco Technology, Inc. System and method for trusted platform attestation
CN105354497A (en) * 2015-10-26 2016-02-24 浪潮电子信息产业股份有限公司 Computer protection apparatus and method
CN105608386A (en) * 2016-03-11 2016-05-25 成都三零嘉微电子有限公司 Trusted computing terminal integrity measuring and proving method and device
CN106127057A (en) * 2016-06-23 2016-11-16 浪潮电子信息产业股份有限公司 Method for constructing trusted boot control based on TPM

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109144584A (en) * 2018-07-27 2019-01-04 浪潮(北京)电子信息产业有限公司 A kind of programmable logic device and its starting method, system and storage medium
CN109117643A (en) * 2018-09-05 2019-01-01 郑州云海信息技术有限公司 The method and relevant device of system processing
CN109117643B (en) * 2018-09-05 2021-05-07 郑州云海信息技术有限公司 System processing method and related equipment
CN109558738A (en) * 2018-12-07 2019-04-02 郑州云海信息技术有限公司 A kind of mobile platform is credible control device and its method
CN111506897A (en) * 2019-01-30 2020-08-07 阿里巴巴集团控股有限公司 Data processing method and device
CN111506897B (en) * 2019-01-30 2023-05-02 阿里巴巴集团控股有限公司 Data processing method and device
CN110457073A (en) * 2019-08-13 2019-11-15 北京工业大学 A kind of credible starting method of the Pre-boot Execution Environment PXE of Shen prestige server
CN110677416A (en) * 2019-09-29 2020-01-10 北京可信华泰信息技术有限公司 Dynamic measurement method and device and trusted computing terminal
CN111262705A (en) * 2020-01-15 2020-06-09 西安理工大学 Method for checking block chain trusted boot
CN111262705B (en) * 2020-01-15 2023-05-09 西安理工大学 Method for checking trusted starting of blockchain
CN111291381A (en) * 2020-01-17 2020-06-16 山东超越数控电子股份有限公司 Method, equipment and medium for building trust chain based on TCM
CN113536387A (en) * 2020-04-15 2021-10-22 青岛海信移动通信技术股份有限公司 Terminal and method for detecting integrity of kernel data
CN113536387B (en) * 2020-04-15 2024-06-04 青岛海信移动通信技术有限公司 Terminal and method for detecting integrity of kernel data
CN112257058A (en) * 2020-10-12 2021-01-22 麒麟软件有限公司 Trusted computing verification method and system for operating system

Similar Documents

Publication Publication Date Title
CN107346393A (en) A kind of system start method and system based on TCM
US20200272739A1 (en) Performing an action based on a pre-boot measurement of a firmware image
CN102541765B (en) Security protection for memory content of processor main memory
CN105205401B (en) Trusted computer system and its trusted bootstrap method based on security password chip
CN107506663A (en) Server security based on credible BMC starts method
CN106384052A (en) Method for realizing BMC U-boot trusted boot control
CN101965570A (en) A computer system comprising a secure boot mechanism
CN101542494A (en) Protecting interfaces on processor architectures
CN105678162B (en) TPM-based operating system secure boot control method
CN105930733A (en) Trust chain construction method and apparatus
CN101983375A (en) Binding a cryptographic module to a platform
CN104008342A (en) Method for achieving safe and trusted authentication through BIOS and kernel
CN104794394B (en) A kind of virtual machine starts the method and device of verification
CN107508801A (en) A kind of file tamper-proof method and device
CN107861793A (en) Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium
CN109117643A (en) The method and relevant device of system processing
CN106547648A (en) Backup data processing method and device
CN107480535A (en) The reliable hardware layer design method and device of a kind of two-way server
CN100334519C (en) Method for establishing credible input-output channels
CN103745166A (en) Method and device for inspecting file attribute value
CN106612183A (en) Cross digital signing method and cross digital signing system for application software under domestic operating system
CN106980800B (en) Measurement method and system for authentication partition of encrypted solid state disk
KR102256249B1 (en) SECURE FIRMWARE UPDATE METHOD OF IoT DEVICE USING AN INTEGRATED SECURITY SoC
CN108270574A (en) A kind of method for secure loading and device of white list library file
CN101147154A (en) Methods, devices and data structures for trusted data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171114