CN107665308A - For building and keeping the TPCM systems and correlation method of credible running environment - Google Patents
For building and keeping the TPCM systems and correlation method of credible running environment Download PDFInfo
- Publication number
- CN107665308A CN107665308A CN201610604485.4A CN201610604485A CN107665308A CN 107665308 A CN107665308 A CN 107665308A CN 201610604485 A CN201610604485 A CN 201610604485A CN 107665308 A CN107665308 A CN 107665308A
- Authority
- CN
- China
- Prior art keywords
- hashed value
- code
- hash values
- case
- reference hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The present invention relates to a kind of TPCM systems for being used to building and keeping credible running environment, including:Power control unit, it is connected with power supply, wherein providing standby voltage using the operating voltage as TPCM systems from power supply to the power control unit;Start code metric module, it is connected by the startup code flash memory of master bus and computer motherboard and controls its power supply, the module be configured as after the TPCM system electrifications from start read in code flash memory start code and generate the first hashed value of the startup code and its compared with the first reference Hash values and at the two it is consistent in the case of to the power control unit send power on signal;Platform environment metric module;And dynamic measurement module.The invention further relates to a kind of method.By the present invention, the reliability of credible platform can be improved, reduce cost, and prevent that starting code chip distorts hardware and prevent from building credible running environment with tampered hardware simultaneously, and dynamic ensures credible running environment.
Description
Technical field
Present invention relates in general to information security field, is used to building and keeping credible operation ring in particular to one kind
TPCM (the Trusted Platform Control Module credible platforms control module) systems in border and a kind of corresponding side
Method.
Background technology
Credible platform module (Trusted Platform Module, TPM) is a kind of hardware device, and it is with calculating owner
Plate is connected, for verifying identity and handling the variable used by computer in trusted computation environment.TPM and it is stored therein
Data generally separate with all other component of computer.
Credible platform module of the prior art is a separate modular by the domination of mainboard, therefore it can not ensure to lead
The integrality of the startup code (such as bios code) of plate in itself.And become increasingly susceptible to attack and distort in mainboard startup code
Today, traditional TPM cannot be guaranteed the credibility of computer platform.The energy of the credible monitoring of dynamical system can not be provided
Power, the credibility of real-time guard computer running environment.
In addition, credible platform module of the prior art due to not possessing to such as bios code, Android key generation mostly
Code etc startup code level safety verification and the important portion to such as USB interface, hard disk, internal memory etc can not be prevented well
Part distorts replacement.It can not prevent that credible running environment or dynamic realtime are built using the hardware device having been tampered with is led to
The modification of Installed System Memory is crossed, this will bring larger threat to the reliability of hardware and the security of system.
In addition, in the prior art, it is general to monitor that running environment is pacified using the software application of such as antivirus software etc
Entirely, monitor malicious is invaded, but is needed to take a large amount of cpu resources in software view monitoring and be scanned comparison, just because of right
CPU and Installed System Memory dependence, the virus injection of hardware platform aspect can not ought be prevented at all.Even if ignoring disadvantage mentioned above, by
In lacking the support of bottom credible base, securing software is susceptible to virus attack in itself and malice is distorted, therefore such operation
Environmental monitoring means still unsatisfactorily ensure safe running environment.
The content of the invention
From prior art, task of the invention is to design three based on three stages of generalized computing machine startup optimization
Bar physical channel metric module, referred to as the tunnel scheme of three rank three, that is to say, that, there is provided one kind is used to building and keeping credible operation ring
The TPCM systems in border and a kind of correlation method, using the TPCM systems or this method, can with low installation cost and hardware into
Local mode is established and monitors its credible platform operation conditions in real time, prevents bottom from starting the malice of code chip store code and usurping
Change, the chain-of-trust provided for system since first cpu instruction is established, and prevents use through usurping in system starting process
The hardware changed builds credible running environment, and believable secure operating environment can be dynamically protected in system operation.
In the first aspect of the present invention, the task passes through a kind of TPCM systems for being used to building and keeping credible running environment
To solve, the TPCM systems include:
Power control unit, it is connected with power supply, wherein from power supply to the power control unit provide standby power with
As the operating voltage of TPCM systems, and power control unit is configured as receiving electricity from startup code metric module
Indicate power supply to electric on the power module of computer motherboard during signal;
Start code metric module, it is connected by the startup code flash memory of master bus and computer motherboard and controls institute
State and start the power supply of code flash memory, the startup code metric module is configured as after TPCM system electrifications dodging from startup code
Middle read is deposited to start code and generate the first hashed value of the startup code and hash the first hashed value and the first reference
Value compares and sent in the case where the first hashed value is consistent with the first reference Hash values to the power control unit
Electric signal;
Platform environment metric module, it is connected by low speed subordinate bus with system for computer, platform environment measurement
Module is configured as:
On the power module of computer motherboard by trusted boot code collecting platform information and institute is generated after electricity
State the second hashed value of platform information;
Second hashed value is compared with the second reference Hash values and in the second hashed value and the second reference Hash values one
Read operation system loads code in the case of cause;
Generate the 3rd hashed value of operating system loading code and by the 3rd hashed value compared with the 3rd reference Hash values
Compared with and the 3rd hashed value it is consistent with the 3rd reference Hash values in the case of run operating system loading code;And
Read operation system kernel and generate the 4th hashed value of operating system nucleus and by the 4th hashed value and the
Four reference Hash values compare and run operating system in the case that the 4th hashed value is consistent with the 4th reference Hash values
And computer is set to enter credible mode of operation;And
Dynamic measurement module, it is connected by high speed master bus with dynamic memory, the dynamic measurement module by with
It is set to:
Actively dynamically read from dynamic memory and instruct storage region content, for example, operating system nucleus code and
Generate the 5th hashed value of operating system nucleus;And
5th hashed value is compared with the 5th reference Hash values and in the 5th hashed value and the 5th reference Hash values one
Computer is maintained in credible mode of operation in the case of cause.
By the TPCM systems for being used to build and keep credible running environment according to the present invention, can at least realize following
Advantage:(1) individually powered via corresponding controlling bus interface, control flash memory by the startup code metric module by TPCM, can
To allow TPCM prior to starting electricity on code flash memory, and due to only to start code flash memory, such as BIOS flash memory individually power supply and
Be not to it is whole start labeling scheme, such as BIOS circuits are powered, can effectively prevent because electric energy pours in down a chimney from labeling scheme is started
Electricity in the mistake of other insincere hardware devices is caused to other hardware devices, so as to improve the reliability for realizing credible platform;
(2) in the present invention, monitored by using the running environment of hardware-level, the operation ring of safety can be ensured from hardware view
Border, therefore because compared with software, hardware is more difficult to tamper, system safety higher compared with software supervision means can be achieved
Property;(3) in the present invention, TPCM Drams module is carried out actively using the master control function of bus to Installed System Memory data content
Directly read, and transferred without system CPU, prevent the reading to internal memory via CPU, unloading, make present in transmission process
Disadvantage forges risk;(4) active Dram (module) monitoring process substantially performs unrelated with CPU, is entirely one autonomous anti-
Imperial behavior, this greatly reduces the occupancy of the consumption particularly cpu resource of system resource;(5) in the present invention, TPCM is using
Cross the equipment that last stage trust is examined and the trusted operating system kernel or trusted software base program of real-time guard collect computer
Physical features carry out dynamic monitoring in real time, there is any extraction or not clear beyond expected abnormal behaviour, such as specific USB device
The access of USB device, TPCM will be reported according to Preservation tactics, cut off its physical interface, or even be shut down by force, real-time guard
The credible performing environment of system.
It should be noted here that the term " computer " in the application should broadly understand, it covers server, desk-top
Computer, laptop computer, personal digital assistant, tablet PC, intelligent terminal etc. electronic equipment.It is for example, of the invention
Technical scheme can apply the various computing devices of x86 frameworks, PowerPC frameworks, MIPS frameworks and ARM frameworks, Qi Tashe
Standby is also what is be contemplated that.
Provided in the expansion scheme of the present invention, the startup code includes:BIOS generations in the case of x86 frameworks
The startup code started in the case of code, MIPS frameworks or ARM frameworks in the case of code, PowerPC frameworks.Pass through the extension
Scheme, it is possible to achieve the believable running environment of component in various different framework computing devices.For example, PowerPC framework situations
Under startup code and ARM frameworks in the case of startup code be stored in start in code flash memory or firmware and be used for hardware
The startup code of the bottom function such as electricity.
Provided in the expansion scheme of the present invention, the platform information includes one or more of the following:
CPU hardware information, dynamic memory hardware information, hard disk hardware information, north and south bridge chip hardware information, sound card hardware information,
Video card hardware information, network interface card hardware information, USB device hardware information and the guidance information of hard disk boot section.Pass through the extension
Scheme, it can prevent from starting code chip to the important hardware device of computer and distorting and preventing using for boot section
The important hardware device that is tampered and boot section build credible running environment.
Being provided in another expansion scheme of the present invention, the platform information can bind different users, such as under
One or more of row items:CPU hardware information, dynamic memory hardware information, hard disk hardware information, north and south bridge chip are hard
Part information, sound card hardware information, video card hardware information, network interface card hardware information, USB device hardware information and hard disk boot section
Guidance information.By the expansion scheme, can strictly control the binding relationship between hardware device and user, build towards
Running environment that different user is credible.
The present invention another expansion scheme in provide, start code metric module be additionally configured to the first hashed value with
Computer is set to enter untrusted mode of operation or make electricity under computer or restart in the case that first reference Hash values are inconsistent;
And/or
Platform environment metric module is additionally configured in the case where the second hashed value and the second reference Hash values are inconsistent
And/or dissipated in the case where the 3rd hashed value and the 3rd reference Hash values are inconsistent and/or in the 4th hashed value and the 4th reference
Computer is set to enter untrusted mode of operation or make electricity under computer or restart in the case that train value is inconsistent;And/or
Dynamic measurement module is additionally configured to make meter in the case where the 5th hashed value and the 5th reference Hash values are inconsistent
Calculation machine enters untrusted mode of operation or makes electricity under computer or restart.
Pass through the expansion scheme, it is possible to achieve abnormality processing flow, wherein keeper or user can select as needed
Processing operation to abnormal conditions, such as computer is entered non-possible op pattern or is made electricity under computer or restart.
Provided in the another expansion scheme of the present invention, the code that starts is the x86 BIOS generations in the case of ATX frameworks
Code, and the power control unit is additionally configured to:
ATX power supply of the ATX power supplys to computer motherboard is indicated when receiving power on signal from startup code metric module
Module provides standby voltage (5VSB) and releases the locking to PW-OK signals, and
After PS-ON signals are received from the ATX power modules, PS-ON signals are sent to ATX power supplys so as to calculate
Mainboard enters running status.
By the expansion scheme, upper electricity that can easily by controlling the clock signal of ATX power supplys to realize to mainboard
Control, without being modified to mainboard.Provided in the preferred scheme of the present invention, in labeling scheme is started is to open
Diode is provided with the connection of dynamic code flash memory power supply for unidirectionally being powered to starting code flash memory.It is preferred by this
Scheme, it can be dodged with being realized with a low cost the unidirectional power supply to starting code flash memory so as to be better protected from electric energy from code is started
Deposit and pour in down a chimney to other hardware devices.
The present invention another expansion scheme in provide, actively measured for server system control method it is similar, it is necessary to
Increase measurement control before being performed to BMC (Baseboard Management Controller baseboard management controllers) upper electricity,
Measurement confirmation is carried out using the foregoing method that control is measured to starting to having BMC and starting the two panels flash chip of code
Afterwards, electrifying control circuit (such as CPLD) is notified to carry out power supply.By that analogy, the method can be used to polylith flash memory core
Piece carries out measurement control.It can be measurement and power supply that be concurrent or having priority continuous relationship to measure control process
Process.
Provided in another preferred scheme of the present invention, dynamic measurement module is additionally configured to:
Instruction is assigned by trusted software base and requires that TPCM dynamic measurement modules obtain application program from system storage
Key code or critical data and the 6th hashed value for generating the key code;And
6th hashed value is compared with the 6th reference Hash values and in the 6th hashed value and the 6th reference Hash values not
Prompting is issued the user with the case of consistent or computer is entered untrusted mode of operation.
By the preferred scheme, it can additionally ensure the reliability of each software run in credible running environment, from
And better ensure that the security of running environment.Here, trusted software base for example can be a kind of basic management software program, its
Effect is to extract the key code of each application program, and carries out monitoring control to software and system according to management strategy.Other
In embodiment, software base can be implemented as the independent management software by the credible protection of TPCM modules.In further embodiments,
Can to load and run trusted software base, (i.e. the CPU core be exclusively used in loading and run using the separate CPU core in multi-core CPU
Trusted software base), thus independently (i.e. with other software and hardwares of system isolator) implement the dynamic of trusted computation environment
Monitoring.Operating system and application software kernel ensure that its is credible and secure by the trusted software base.In some other embodiments,
Also trusted software base and operating system nucleus binding can be turned into trusted operating system, application software and trusted context is carried out real
When monitoring management.
Provided in the expansion scheme of the present invention, platform environment metric module is by low speed slave unit bus with calculating
Machine system connects.By the expansion scheme, it can simply realize that necessity between platform metrics module and each hardware communicates.It is low
Fast slave unit bus for example can be spi bus, I2C buses, serial ports, or even GPIO etc..
Provided in another expansion scheme of the present invention, dynamic measurement module is connected by high-speed bus with system.Pass through
The expansion scheme, it can simply realize that necessity between dynamic measurement module and dynamic memory communicates.The high-speed bus example
It such as can be usb bus.
Provided in the preferred scheme of the present invention, dynamic measurement module is connected by high speed master bus and dynamic memory
Connect.Pass through the expansion scheme, it is possible to achieve dynamic measurement module carries out active access to dynamic memory.The high speed master bus
Such as can be PCIe buses etc..
Provided in the preferred scheme of the present invention, startup code metric module is additionally configured to the authority according to user
Information configures access rights of the user to physical port., can be reliably by being used as trusted root by the preferred scheme
TPCM systems set access claim of the user to physical port, so as to by starting code system, operating system or soft
Part etc. these can not information source set access privilege to compare, realize higher safety and reliability.
Provided in another preferred scheme of the present invention, platform environment module is additionally configured to hard by the way that user is bound
Part configuration information compared with collected platform information relatively come judge the user whether Internet access this computer platform either
It is no to have the right into the credible mode of operation of this computer platform.By the preferred scheme, user's access right can be reliably achieved
Item management.
In the second aspect of the present invention, foregoing task is used for by TPCM system constructings by one kind and keeps credible operation
The method of environment solves, wherein the TPCM systems are connected simultaneously by the startup code flash memory of master bus and computer motherboard
To the startup code flash memory power supply, wherein this method comprises the following steps:
The operating voltage of TPCM systems is provided by power supply;
Controlled after TPCM system electrifications by TPCM systems and start the power supply of code flash memory and from code flash memory is started
Read the first hashed value for starting code and generating the startup code;
First hashed value is compared with the first reference Hash values and in the first hashed value and the first reference Hash values one
Make in the case of cause electric on the power module of computer motherboard;
Collecting platform information and the second hashed value for generating the platform information;
Second hashed value is compared with the second reference Hash values and in the second hashed value and the second reference Hash values one
Read operation system loads code in the case of cause;
Generate the 3rd hashed value of operating system loading code and by the 3rd hashed value compared with the 3rd reference Hash values
Compared with and the 3rd hashed value it is consistent with the 3rd reference Hash values in the case of run operating system loading code;
Read operation system kernel and generate the 4th hashed value of operating system nucleus and by the 4th hashed value and the
Four reference Hash values compare and run operating system in the case that the 4th hashed value is consistent with the 4th reference Hash values
And computer is set to enter credible mode of operation;
Dynamically read operation system kernel and the 5th hashed value of operating system nucleus is generated from dynamic memory;
And
5th hashed value is compared with the 5th reference Hash values and in the 5th hashed value and the 5th reference Hash values one
Computer is set to be maintained in credible mode of operation in the case of cause.
By method according to the invention it is possible to realize the advantages of identical with the TPCM systems according to the present invention, Neng Gouti
Height establishes the reliability of credible platform, reduces installation cost and hardware cost, while preventing that starting code chip distorts firmly
Part simultaneously prevents from building credible running environment using tampered hardware, and can dynamically ensure safe running environment.
Provided in the expansion scheme of the present invention, the startup code includes:BIOS generations in the case of x86 frameworks
All computer starting codes of code, PowerPC frameworks or ARM frameworks, MIPS frameworks etc.., can be with by the expansion scheme
Realize the believable running environment of component in various different framework computing devices.For example, the startup generation in the case of PowerPC frameworks
Code and the startup code in the case of ARM frameworks, which are stored in startup code flash memory or firmware, is used for the bottom such as electricity on hardware
The startup code of function.
Provided in the expansion scheme of the present invention, the platform information includes one or more of the following:
CPU hardware information, dynamic memory hardware information, hard disk hardware information, north and south bridge chip hardware information, sound card hardware information,
Video card hardware information, network interface card hardware information, USB device hardware information and the guidance information of hard disk boot section.Pass through the extension
Scheme, it can prevent from starting code chip to the important hardware device of computer and distorting and preventing using for boot section
The important hardware device that is tampered and boot section build credible running environment.
At least one provided in another expansion scheme of the present invention, this method also comprises the following steps:
Computer is set to enter untrusted mode of operation in the case where the first hashed value and the first reference Hash values are inconsistent
Or make electricity under computer or restart;
In the case where the second hashed value and the second reference Hash values are inconsistent and/or in the 3rd hashed value and the 3rd reference
Enter computer in the case that hashed value is inconsistent and/or in the case where the 4th hashed value and the 4th reference Hash values are inconsistent
Enter untrusted mode of operation or make electricity under computer or restart;And
Computer is set to enter untrusted mode of operation in the case where the 5th hashed value and the 5th reference Hash values are inconsistent
Or make electricity under computer or restart.
Pass through the expansion scheme, it is possible to achieve abnormality processing flow, wherein keeper or user can select as needed
Processing operation to abnormal conditions, such as computer is entered non-possible op pattern or is made electricity under computer or restart.
Provided in the preferred scheme of the present invention, this method also comprises the following steps:
The key code of application program is obtained from dynamic memory by trusted software base and generates the crucial generation
6th hashed value of code;And
6th hashed value is compared with the 6th reference Hash values and in the 6th hashed value and the 6th reference Hash values not
Prompting is issued the user with the case of consistent or computer is entered untrusted mode of operation.
By the preferred scheme, it can additionally ensure the reliability of each software run in credible running environment, from
And better ensure that the security of running environment.Here, trusted software base for example can be a kind of software program, its effect is to carry
The key code of each application program is taken, and monitoring control is carried out to software and system according to management strategy.In other embodiments,
Software base can be implemented as basic software, firmware or specialized hardware.In some embodiments, it is also possible to using in multi-core CPU
Separate CPU core loads and run trusted software base, thus independently (i.e. with the other software and hardwares of system isolator) real
Apply the dynamic monitoring of trusted computation environment.
Brief description of the drawings
The present invention is expanded on further with reference to specific embodiment below in conjunction with the accompanying drawings.
Fig. 1 shows the block diagram of the system environments of the TPCM systems according to the present invention;And
Fig. 2 shows the flow chart of the method according to the invention.
Embodiment
Fig. 1 shows the block diagram of the system environments of the TPCM systems 100 according to the present invention.System environments in Fig. 1 includes
Power network 104, ATX power supplys 103, computer motherboard 106 and TPCM systems 100.Herein, it is noted that although the implementation of the present invention
Example is with x86 frameworks, that is, includes the computer of BIOS flash memory and exemplify, but the invention is not restricted to this, but can be with
Applied to the computer based on other frameworks such as PowerPC frameworks, ARM frameworks, MIPS.It should also be noted that in the diagram, it is
Other parts are eliminated for the sake of simple.
Power network 104 is used to power to power supply 103, and power supply 103 is, for example, ATX power supplys, and power network 104 is, for example, 220V alternating currents
Net.It should be pointed out that although system environments includes power network herein, in other embodiments, system environments can also include other confessions
Electric equipment, such as battery.
Power supply 103 is used to obtain electric energy from power network 104 and be supplied into TPCM modules 100 and computer motherboard 106, must
Electric energy is changed when wanting, such as AC-DC conversion or curtage conversion.Power supply 103 can include SECO
Circuit 105, it is configured as sending and receiving for upper electric clock signal.
Computer motherboard 106 includes power module 107, flash memory 108, dynamic memory 113 and hard disk 114.It should be pointed out that
Some parts are illustrate only herein, and other parts are omitted.Power module 107 is configured as connecing from sequential control circuit 105
Time receiving sequential signal to computer motherboard 106 to carry out upper electricity.Start code flash memory 108 and be stored with startup code, such as BIOS generations
The code of code or other hardware controls for the bottom.In the embodiment based on other frameworks, store and be used in flash memory 108
The startup code of the bottom function such as electricity on hardware.
Power control unit 101 is included according to the TPCM systems 100 of the present invention, starts code metric module 102, platform degree
Measure module 111 and dynamic measurement module 112.
Power control unit 101 is connected with power supply 103, is treated wherein being provided from power supply 103 to the power control unit 101
Electromechanics presses (such as 5VSB) 110 using the operating voltage as TPCM systems 100.Standby voltage 110 is, for example, 5V DC voltages.It is described
Power control unit 101 is configured as indicating power supply 103 to meter when receiving power on signal from startup code metric module 102
Calculate electricity on the power module 107 of mainboard 106.For example, power control unit 101 can be with the sequential control circuit of power supply 103
105 connections and obtain standby voltage 110 from sequential control circuit 105, and power module 107 is from sequential control circuit 105
Receive the power on signal.
Start code metric module 102 to be connected with startup code flash memory 108 by master bus 109, such as spi bus and only
Only powered to startup code flash memory 108, the supply voltage is, for example, 3.3V DC voltages.In one embodiment, can open
Diode is set in the connection for flash memory power supply in dynamic labeling scheme for unidirectionally being supplied starting code flash memory 108
Electricity, wherein by the unidirectional power supply, electric energy can be better protected from and poured in down a chimney from flash memory 108 to other hardware devices, such as hard
Disk 114 and dynamic memory 113 (such as internal memory, including SDRAM, DDR etc.).So, it is possible to prevent from entirely starting generation
Distorting for hardware device is caused due to the startup code of malice after electricity on code chip.The startup code metric module 102
It is configured as in TPCM systems 100 after electricity reading from flash memory 108 and starts code and generate the of the startup code
One hashed value simultaneously compares the first hashed value and in the first hashed value and the first reference Hash values with the first reference Hash values
In the case of consistent power on signal is sent to the power control unit 101.Here, wherein described startup code is optionally and deposited
Store up key code in startup code in BIOS flash memory, for example for controlling startup code electric on each hardware, but
Complete startup code can be measured.Of course, it is also contemplated that other startup generations for starting code, being for example related to security of system
Code.It alternatively can be additionally configured to perform abnormality processing flow, hashed first in addition, starting code metric module 102
Make in the case that value and the first reference Hash values are inconsistent computer enter untrusted mode of operation or make under computer electricity or
Restart.Under untrusted mode of operation, limit the operation of application and the access rights of user and using other safety measures come pair
Resisting can not information source.
It can be additionally configured to configure user couple according to the authority information of user in addition, starting code metric module 102
The access rights of physical port.For example, start code metric module 102 optionally right after code is measured to starting
Respective physical port is powered.So as to prevent from having no right to access from root.
Platform metrics module 111 (is herein hard disk by low speed slave unit bus (being herein I2C buses) and hardware device
114) connect.Herein, it is noted that platform metrics module 111 can also be total by other low speed slave unit buses, such as SPI
Line is connected with other hardware devices, such as CPU, internal memory, hard disk, north and south bridge chip, sound card, video card, network interface card, USB device etc.
To obtain the hardware information of these hardware devices.
Platform metrics module 111 is configured as performing following action:
(1) collecting platform information, such as the hardware of hard disk 114 after electricity on the power module 107 of computer motherboard 106
Guidance information in information and its boot section, and the second hashed value of the platform information is generated, it should be noted here that
In other embodiments, platform information can also be other information, such as CPU hardware information, dynamic memory (such as internal memory) hardware
Information, hard disk hardware information, north and south bridge chip hardware information, sound card hardware information, video card hardware information, network interface card hardware information with
And USB device hardware information;
(2) the second hashed value is compared with the second reference Hash values and in the second hashed value and the second reference Hash values
Read operation system loads code in the case of consistent;
(3) the 3rd hashed value of operating system loading code is generated and by the 3rd hashed value and the 3rd reference Hash values phase
Compare and operating system loading code is run in the case where the 3rd hashed value is consistent with the 3rd reference Hash values, wherein passing through
Metric analysis is carried out to operating system loading code, can be prevented because performing the loading code of malice and loading error opening position
Operating system, and operating system at errors present is likely to by distorting;And
(4) read operation system kernel and generate the 4th hashed value of operating system nucleus and by the 4th hashed value with
4th reference Hash values compare and the operation operation system in the case that the 4th hashed value is consistent with the 4th reference Hash values
Unite and computer is entered credible mode of operation, wherein by carrying out metric analysis to operating system nucleus, can prevent from running
Tampered operating system, so as to threaten system safe.
In addition, platform environment metric module 111 alternatively can be additionally configured to execution abnormality processing flow, i.e. second
It is in the case that hashed value and the second reference Hash values are inconsistent and/or inconsistent in the 3rd hashed value and the 3rd reference Hash values
In the case of and/or the 4th hashed value and the 4th reference Hash values it is inconsistent in the case of computer is entered untrusted Working mould
Formula makes electricity under computer or restarted.
In addition, access privilege management can also be realized by platform environment metric module 111, i.e. by by user's
Hardware configuration information compared with collected platform information relatively come judge the user whether can access this computer platform or
Whether the credible mode of operation of this computer platform can be entered, such as:Party A-subscriber has CD-ROM drive but does not have USB interface, such as
Fruit platform environment metric module 111 is found after collected platform information is checked:This computer platform without CD-ROM drive or
With USB interface, then judge that party A-subscriber haves no right to access this platform or haves no right to access the credible mode of operation of this platform, so as to right
Electricity or entrance untrusted pattern under computer platform.
Dynamic measurement module 112 is connected to dynamic memory by high speed master bus (being herein PCIe buses) 116
113.It should be pointed out that in other embodiments, other high speed master bus, such as PCIe buses etc. can also be used, in addition
If it is less demanding to security protection rank, and ignore in the case of dynamic monitoring influences to caused by system resource, can also
Computer system, such as usb bus etc. are connected using non-master bus.
Dynamic measurement module 112 is configured as performing following action:
(1) dynamically read operation system kernel and the 5th of operating system nucleus is generated from dynamic memory 113
Hashed value;And
(2) the 5th hashed value is compared with the 5th reference Hash values and in the 5th hashed value and the 5th reference Hash values
Computer is maintained in credible mode of operation in the case of consistent.
Here, " dynamic is read " refers to read in real time when needed, such as regularly or according to request etc. read
Take.
By dynamically metric analysis operating system nucleus, can verification operation system at any time integrality, to grasp
Even if perform processing after being tampered or destroying as system.
Dynamic measurement module 112 alternatively can be additionally configured to perform following action:
(3) key code of application program is obtained from dynamic memory by trusted software base and generates the key
6th hashed value of code, wherein trusted software base for example can be a kind of software programs, and it is each application program of extraction that it, which is acted on,
Key code, and monitoring control is carried out to software and system according to management strategy.In other embodiments, software base can be real
Software, firmware or specialized hardware based on existing;And
(4) the 6th hashed value is compared with the 6th reference Hash values and in the 6th hashed value and the 6th reference Hash values
Prompting is issued the user with the case of inconsistent or computer is entered untrusted mode of operation.
The key code applied by metric analysis, can additionally ensure each software run in credible running environment
Reliability, so as to better ensure that the security of running environment.And because dynamic measurement module 112 is from hardware view pair
What operating system nucleus and the key code of application program were measured, thus with purely system security monitoring implemented in software
Mode, which is compared, possesses higher reliability and security.In a preferred embodiment, dynamic measurement module 112 passes through at a high speed
The master control function of bus directly reads Installed System Memory, and is transferred without CPU.The reading via CPU to internal memory can so be prevented
Take, thus prevent unloading, cheating present in transmission process from forging risk, while the consumption for being also greatly reduced system resource is special
It is not the occupancy of cpu resource.Dram (module) monitoring process of dynamic measurement module 112 is substantially unrelated with CPU execution,
It is entirely an Autonomous Defense behavior.
It should be pointed out that power control unit 101, startup code metric module 102, platform metrics module 111 and Dynamic Degree
Amount module 112 both can also use field programmable gate array by being programmed to processor or microcontroller to realize
(FPGA) or the hardware such as application specific integrated circuit (ASIC) is realized.
By the TPCM systems for being used to build and keep credible running environment according to the present invention, can at least realize following
Advantage:(1) individually powered via corresponding controlling bus interface, control flash memory by the startup code metric module by TPCM, can
To allow TPCM prior to starting electricity on code flash memory, and due to only to start code flash memory, such as BIOS flash memory individually power supply and
Be not to it is whole start labeling scheme, such as BIOS circuits are powered, can effectively prevent because electric energy pours in down a chimney from labeling scheme is started
Electricity in the mistake of other insincere hardware devices is caused to other hardware devices, so as to improve the reliability for realizing credible platform;
(2) in the present invention, monitored by using the running environment of hardware-level, the operation ring of safety can be ensured from hardware view
Border, therefore because compared with software, hardware is more difficult to tamper, system safety higher compared with software supervision means can be achieved
Property;(3) in preferred scheme of the present invention, TPCM Drams module is using the master control function of bus to Installed System Memory data content
Actively directly read, and transferred without system CPU.Prevent the reading to internal memory via CPU, unloading, in transmission process
Risk is forged in existing cheating;(4) Dram (module) monitoring process substantially with CPU perform it is unrelated, be entirely one from
The main act of defense.This greatly reduces the occupancy of the consumption particularly cpu resource of system resource;(5) in the present invention, TPCM is utilized
The trusted operating system kernel or trusted software base program for having been subjected to last stage trust inspection and real-time guard collect computer
Equipment physical features carry out dynamic monitoring in real time, have it is any beyond expected abnormal behaviour, such as specific USB device extraction or
The access of not clear USB device, TPCM will be reported according to Preservation tactics, even shut off its physical interface, real-time guard system
Credible performing environment.
Fig. 2 shows the flow chart 200 of the method according to the invention.
In step 202, the operating voltage (such as 5VSB) of TPCM systems 100 is provided by power supply 103.The operating voltage is for example
For 5V DC voltages.
In step 204, powered after TPCM system electrifications by TPCM systems 100 to flash memory 108 and from flash memory 108
Read the first hashed value for starting code and generating the startup code.
In step 206, the first hashed value is compared with the first reference Hash values and in the first hashed value and the first ginseng
Examine hashed value it is consistent in the case of make electricity on the power module 107 of computer motherboard 106.
In step 208, collecting platform information and the second hashed value for generating the platform information.The platform information example
One or more of the following can such as be included:CPU hardware information, dynamic memory (such as internal memory) hardware information, hard disk
Hardware information, north and south bridge chip hardware information, sound card hardware information, video card hardware information, network interface card hardware information, USB device are hard
Part information and the guidance information of hard disk boot section.
In step 210, the second hashed value is compared with the second reference Hash values and in the second hashed value and the second ginseng
Examine hashed value it is consistent in the case of read operation system loads code.
In step 212, generate the 3rd hashed value of operating system loading code and refer to the 3rd hashed value and the 3rd
Hashed value compares and the operation operating system loading code in the case where the 3rd hashed value is consistent with the 3rd reference Hash values.
In step 214, read operation system kernel and the 4th hashed value of operating system nucleus is generated and by the 4th
Hashed value is transported compared with the 4th reference Hash values and in the case that the 4th hashed value is consistent with the 4th reference Hash values
Row operating system simultaneously makes computer enter credible mode of operation.So far, the credible working environment of computer has been set up.
In step 216, operating system nucleus is dynamically obtained from dynamic memory (such as internal memory) and generates operation system
5th hashed value of system kernel.
In step 218, the 5th hashed value is compared with the 5th reference Hash values and in the 5th hashed value and the 5th ginseng
Examine hashed value it is consistent in the case of computer is maintained in credible mode of operation.
Here, this method can also alternatively include (not shown):Obtained by trusted software base from dynamic memory
The key code of application program and the 6th hashed value for generating the key code;And
6th hashed value is compared with the 6th reference Hash values and in the 6th hashed value and the 6th reference Hash values not
Prompting is issued the user with the case of consistent or computer is entered untrusted mode of operation.
In addition, the method according to the invention can also include abnormality processing flow, in specifically comprising the following steps
It is one or more:
Computer is set to enter untrusted mode of operation in the case where the first hashed value and the first reference Hash values are inconsistent
Or make electricity under computer or restart;
In the case where the second hashed value and the second reference Hash values are inconsistent and/or in the 3rd hashed value and the 3rd reference
Enter computer in the case that hashed value is inconsistent and/or in the case where the 4th hashed value and the 4th reference Hash values are inconsistent
Enter untrusted mode of operation or make electricity under computer or restart;And
Computer is set to enter untrusted mode of operation in the case where the 5th hashed value and the 5th reference Hash values are inconsistent
Or make electricity under computer or restart.
Although some embodiments of the present invention are described in present specification, to art technology
Personnel are it is readily apparent that these embodiments are merely possible to shown in example.It is it may occur to persons skilled in the art that numerous
Flexible program, alternative solution and improvement project without beyond the scope of this invention.Appended claims are intended to limit this hair
Bright scope, and thereby cover method and structure of these claims and its in the range of equivalents in itself.
Claims (16)
1. a kind of TPCM systems for being used to building and keeping credible running environment, including:
Power control unit, it is connected with power supply, wherein from power supply to the power control unit provide standby power using as
The operating voltage of TPCM systems, and power control unit is configured as receiving power on signal from startup code metric module
When indicate power supply to electric on the power module of computer motherboard;
Start code metric module, it is connected by the startup code flash memory of master bus and computer motherboard and controls described open
Dynamic code flash memory power supply, the startup code metric module are configured as after TPCM system electrifications from code flash memory is started
Read and start code and generate the first hashed value of the startup code and by the first hashed value and the first reference Hash values phase
Compare and telecommunications is sent to the power control unit in the case where the first hashed value is consistent with the first reference Hash values
Number;
Platform environment metric module, its hardware connection corresponding to computer, the platform environment metric module are configured as:
On the power module of computer motherboard after electricity collecting platform information and generate the platform information second hash
Value;
Second hashed value is compared with the second reference Hash values and consistent in the second hashed value and the second reference Hash values
In the case of read operation system loads code;
Generate the 3rd hashed value of operating system loading code and the 3rd hashed value compares simultaneously with the 3rd reference Hash values
And operating system loading code is run in the case where the 3rd hashed value is consistent with the 3rd reference Hash values;And
Read operation system kernel and generate the 4th hashed value of operating system nucleus and by the 4th hashed value with the 4th ginseng
Hashed value is examined to compare and run operating system in the case that the 4th hashed value is consistent with the 4th reference Hash values and make
Computer enters credible mode of operation;And
Dynamic measurement module, it is connected with dynamic memory, and the dynamic measurement module is configured as:
Dynamically read operation system kernel and the 5th hashed value of operating system nucleus is generated from dynamic memory;And
5th hashed value is compared with the 5th reference Hash values and consistent in the 5th hashed value and the 5th reference Hash values
In the case of computer is maintained in credible mode of operation.
2. TPCM systems according to claim 1, the startup code includes:Bios code in the case of x86 frameworks,
The startup started in the case of code or ARM frameworks started in the case of code, MIPS frameworks in the case of PowerPC frameworks
Code and for the firmware code in server baseboard management controller.
3. TPCM systems according to claim 1, wherein the platform information includes one or more of the following:
CPU hardware information, dynamic memory hardware information, hard disk hardware information, north and south bridge chip hardware information, sound card hardware information,
Video card hardware information, network interface card hardware information, USB device hardware information and the guidance information of hard disk boot section.
4. TPCM systems according to claim 1, it is additionally configured to wherein starting code metric module in the first hashed value
With the first reference Hash values it is inconsistent in the case of computer is entered untrusted mode of operation or make under computer electricity or again
Open;And/or
Platform environment metric module be additionally configured to the second hashed value and the second reference Hash values it is inconsistent in the case of and/or
In the case where the 3rd hashed value and the 3rd reference Hash values are inconsistent and/or in the 4th hashed value and the 4th reference Hash values not
Computer is set to enter untrusted mode of operation or make electricity under computer or restart in the case of consistent;And/or
Dynamic measurement module is additionally configured to make computer in the case where the 5th hashed value and the 5th reference Hash values are inconsistent
Into untrusted mode of operation or make under computer electricity or restart.
5. TPCM systems according to claim 1, wherein the code that starts is the bios code in the case of x86 frameworks,
And the power control unit is additionally configured to:
Indicate that power supply provides to the power module of computer motherboard when receiving power on signal from startup code metric module to treat
Electromechanics is pressed and releases the locking to PW-OK signals, and
After PS-ON signals are received from the power module, PS-ON signals are sent to power supply so that computer motherboard enters
Running status.
6. TPCM systems according to claim 1, wherein in labeling scheme is started to start the power supply of code flash memory
Diode is provided with connection for unidirectionally being powered to starting code flash memory.
7. TPCM systems according to claim 1, wherein dynamic measurement module are additionally configured to:
The key code of application program is obtained from dynamic memory by trusted software base and generates the key code
6th hashed value;And
6th hashed value is compared and inconsistent in the 6th hashed value and the 6th reference Hash values with the 6th reference Hash values
In the case of issue the user with prompting or computer is entered untrusted mode of operation.
8. TPCM systems according to claim 1, wherein platform environment metric module pass through low speed slave unit bus and meter
The corresponding hardware connection of calculation machine.
9. TPCM systems according to claim 1, wherein dynamic measurement module pass through high speed master bus and dynamic memory
Device connects.
10. TPCM systems according to claim 1, wherein startup code metric module is additionally configured to the power according to user
Limit information configures access rights of the user to physical port.
11. TPCM systems according to claim 1, wherein platform environment metric module are additionally configured to by by user's
Hardware configuration information compared with collected platform information relatively come judge the user whether this computer platform of Internet access or
Whether have the right into the credible mode of operation of this computer platform.
12. a kind of be used for by TPCM system constructings and the method for keeping credible running environment, wherein the TPCM systems pass through
The startup code flash memory of master bus and computer motherboard connects and to the startup code flash memory power supply, this method includes following
Step:
The operating voltage of TPCM systems is provided by power supply;
Controlled after TPCM system electrifications by TPCM systems and start the power supply of code flash memory and read from code flash memory is started
Start code and generate the first hashed value of the startup code;
First hashed value is compared with the first reference Hash values and consistent in the first hashed value and the first reference Hash values
In the case of make electricity on the power module of computer motherboard;
Collecting platform information and the second hashed value for generating the platform information;
Second hashed value is compared with the second reference Hash values and consistent in the second hashed value and the second reference Hash values
In the case of read operation system loads code;
Generate the 3rd hashed value of operating system loading code and the 3rd hashed value compares simultaneously with the 3rd reference Hash values
And operating system loading code is run in the case where the 3rd hashed value is consistent with the 3rd reference Hash values;
Read operation system kernel and generate the 4th hashed value of operating system nucleus and by the 4th hashed value with the 4th ginseng
Hashed value is examined to compare and run operating system in the case that the 4th hashed value is consistent with the 4th reference Hash values and make
Computer enters credible mode of operation;
Dynamically read operation system kernel and the 5th hashed value of operating system nucleus is generated from dynamic memory;And
5th hashed value is compared with the 5th reference Hash values and consistent in the 5th hashed value and the 5th reference Hash values
In the case of computer is maintained in credible mode of operation.
13. according to the method for claim 12, the startup code includes:Bios code in the case of x86 frameworks,
The startup code started in the case of code or ARM frameworks in the case of PowerPC frameworks.
14. according to the method for claim 12, wherein the platform information includes one or more of the following:
CPU hardware information, dynamic memory hardware information, hard disk hardware information, north and south bridge chip hardware information, sound card hardware information,
Video card hardware information, network interface card hardware information, USB device hardware information and the guidance information of hard disk boot section.
15. according to the method for claim 12, this method at least one also comprises the following steps:
The first hashed value and the first reference Hash values it is inconsistent in the case of make computer enter untrusted mode of operation or
Make electricity under computer or restart;
Hashed in the case where the second hashed value and the second reference Hash values are inconsistent and/or in the 3rd hashed value and the 3rd reference
Be worth it is inconsistent in the case of and/or in the case where the 4th hashed value and the 4th reference Hash values are inconsistent to enter computer non-
Credible mode of operation makes electricity under computer or restarted;And
The 5th hashed value and the 5th reference Hash values it is inconsistent in the case of make computer enter untrusted mode of operation or
Make electricity under computer or restart.
16. according to the method for claim 12, this method also comprises the following steps:
The key code of application program is obtained from dynamic memory by trusted software base and generates the key code
6th hashed value;And
6th hashed value is compared and inconsistent in the 6th hashed value and the 6th reference Hash values with the 6th reference Hash values
In the case of issue the user with prompting or computer is entered untrusted mode of operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610604485.4A CN107665308B (en) | 2016-07-28 | 2016-07-28 | TPCM system for building and maintaining trusted operating environment and corresponding method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610604485.4A CN107665308B (en) | 2016-07-28 | 2016-07-28 | TPCM system for building and maintaining trusted operating environment and corresponding method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107665308A true CN107665308A (en) | 2018-02-06 |
CN107665308B CN107665308B (en) | 2023-04-07 |
Family
ID=61115561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610604485.4A Active CN107665308B (en) | 2016-07-28 | 2016-07-28 | TPCM system for building and maintaining trusted operating environment and corresponding method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107665308B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109871695A (en) * | 2019-03-14 | 2019-06-11 | 沈昌祥 | A kind of credible calculating platform of calculating and the parallel dual Architecture of protection |
CN110287047A (en) * | 2019-06-03 | 2019-09-27 | 北京可信华泰信息技术有限公司 | A kind of trusted status detection method |
CN110321714A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | The dynamic measurement method and device of credible calculating platform based on dual Architecture |
CN110795742A (en) * | 2018-08-02 | 2020-02-14 | 阿里巴巴集团控股有限公司 | Measurement processing method and device for high-speed cryptographic operation, storage medium and processor |
CN111967016A (en) * | 2020-07-28 | 2020-11-20 | 中国长城科技集团股份有限公司 | Dynamic monitoring method of baseboard management controller and baseboard management controller |
CN112231704A (en) * | 2020-07-28 | 2021-01-15 | 宫本宁 | Trusted network environment protection method, apparatus and computer readable storage medium |
CN112311718A (en) * | 2019-07-24 | 2021-02-02 | 华为技术有限公司 | Method, device and equipment for detecting hardware and storage medium |
CN112347468A (en) * | 2020-11-05 | 2021-02-09 | 中国电子信息产业集团有限公司 | Memory data updating method, device, equipment and storage medium |
CN113157400A (en) * | 2021-05-17 | 2021-07-23 | 北京冲量在线科技有限公司 | Multi-party unsupervised learning joint modeling method based on X86 computing chip |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101295340A (en) * | 2008-06-20 | 2008-10-29 | 北京工业大学 | Credible platform module and active measurement method thereof |
CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
US20130263205A1 (en) * | 2012-03-29 | 2013-10-03 | Cisco Technology, Inc. | System and method for trusted platform attestation |
CN105608386A (en) * | 2016-03-11 | 2016-05-25 | 成都三零嘉微电子有限公司 | Trusted computing terminal integrity measuring and proving method and device |
-
2016
- 2016-07-28 CN CN201610604485.4A patent/CN107665308B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
CN101295340A (en) * | 2008-06-20 | 2008-10-29 | 北京工业大学 | Credible platform module and active measurement method thereof |
CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
US20130263205A1 (en) * | 2012-03-29 | 2013-10-03 | Cisco Technology, Inc. | System and method for trusted platform attestation |
CN105608386A (en) * | 2016-03-11 | 2016-05-25 | 成都三零嘉微电子有限公司 | Trusted computing terminal integrity measuring and proving method and device |
Non-Patent Citations (1)
Title |
---|
张兴等: "一种新的可信平台控制模块设计方案", 《武汉大学学报(信息科学版)》 * |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110795742A (en) * | 2018-08-02 | 2020-02-14 | 阿里巴巴集团控股有限公司 | Measurement processing method and device for high-speed cryptographic operation, storage medium and processor |
CN110795742B (en) * | 2018-08-02 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Metric processing method, device, storage medium and processor for high-speed cryptographic operation |
CN109871695A (en) * | 2019-03-14 | 2019-06-11 | 沈昌祥 | A kind of credible calculating platform of calculating and the parallel dual Architecture of protection |
CN110287047A (en) * | 2019-06-03 | 2019-09-27 | 北京可信华泰信息技术有限公司 | A kind of trusted status detection method |
CN110287047B (en) * | 2019-06-03 | 2023-04-25 | 北京可信华泰信息技术有限公司 | Trusted state detection method |
CN110321714B (en) * | 2019-07-08 | 2022-03-29 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device of trusted computing platform based on dual-architecture |
CN110321714A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | The dynamic measurement method and device of credible calculating platform based on dual Architecture |
CN112311718B (en) * | 2019-07-24 | 2023-08-22 | 华为技术有限公司 | Method, device, equipment and storage medium for detecting hardware |
CN112311718A (en) * | 2019-07-24 | 2021-02-02 | 华为技术有限公司 | Method, device and equipment for detecting hardware and storage medium |
CN111967016A (en) * | 2020-07-28 | 2020-11-20 | 中国长城科技集团股份有限公司 | Dynamic monitoring method of baseboard management controller and baseboard management controller |
CN112231704A (en) * | 2020-07-28 | 2021-01-15 | 宫本宁 | Trusted network environment protection method, apparatus and computer readable storage medium |
CN111967016B (en) * | 2020-07-28 | 2024-04-12 | 中国长城科技集团股份有限公司 | Dynamic monitoring method of baseboard management controller and baseboard management controller |
CN112231704B (en) * | 2020-07-28 | 2024-04-30 | 宫本宁 | Trusted network environment protection method, device and computer readable storage medium |
CN112347468A (en) * | 2020-11-05 | 2021-02-09 | 中国电子信息产业集团有限公司 | Memory data updating method, device, equipment and storage medium |
CN113157400B (en) * | 2021-05-17 | 2022-11-22 | 北京冲量在线科技有限公司 | Multi-party unsupervised learning joint modeling method based on X86 computing chip |
CN113157400A (en) * | 2021-05-17 | 2021-07-23 | 北京冲量在线科技有限公司 | Multi-party unsupervised learning joint modeling method based on X86 computing chip |
Also Published As
Publication number | Publication date |
---|---|
CN107665308B (en) | 2023-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107665308A (en) | For building and keeping the TPCM systems and correlation method of credible running environment | |
US10262140B2 (en) | Methods and apparatus to facilitate blockchain-based boot tracking | |
Buhren et al. | One glitch to rule them all: Fault injection attacks against amd's secure encrypted virtualization | |
CN107506663A (en) | Server security based on credible BMC starts method | |
US7945786B2 (en) | Method and apparatus to re-create trust model after sleep state | |
CN102289622B (en) | Trusted startup method based on authentication policy file and hardware information collection | |
Kursawe et al. | Analyzing trusted platform communication | |
US9069953B2 (en) | Method for checking data consistency in a system on chip | |
CN102012979B (en) | Embedded credible computing terminal | |
Wang et al. | Firmware-assisted memory acquisition and analysis tools for digital forensics | |
CN104794393A (en) | Embedded type partition image security certification and kernel trusted boot method and equipment thereof | |
US20220067165A1 (en) | Security measurement method and security measurement device for startup of server system, and server | |
US20110145919A1 (en) | Method and apparatus for ensuring consistent system configuration in secure applications | |
Ling et al. | Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes | |
US9038179B2 (en) | Secure code verification enforcement in a trusted computing device | |
CN102063354A (en) | Pressure test method of server | |
CN103518359A (en) | Method, device and network for achieving attack resistance of cloud computing | |
CN110334522A (en) | Start the method and device of measurement | |
CN111125707A (en) | BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module | |
US8892860B2 (en) | Clearing secure system resources in a computing device | |
Wang et al. | A survey of secure boot schemes for embedded devices | |
CN111046392A (en) | BIOS (basic input output System) credibility measuring method and device and terminal equipment | |
CN114692160A (en) | Processing method and device for safe and trusted starting of computer | |
CN206649517U (en) | Server credible platform measures control system and the server including the system | |
CN108629185A (en) | Server credible platform measures control system and its operation method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |