CN109117643A - The method and relevant device of system processing - Google Patents

The method and relevant device of system processing Download PDF

Info

Publication number
CN109117643A
CN109117643A CN201811034733.1A CN201811034733A CN109117643A CN 109117643 A CN109117643 A CN 109117643A CN 201811034733 A CN201811034733 A CN 201811034733A CN 109117643 A CN109117643 A CN 109117643A
Authority
CN
China
Prior art keywords
tpcm
file destination
file
cryptographic hash
starts
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811034733.1A
Other languages
Chinese (zh)
Other versions
CN109117643B (en
Inventor
程学超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201811034733.1A priority Critical patent/CN109117643B/en
Publication of CN109117643A publication Critical patent/CN109117643A/en
Application granted granted Critical
Publication of CN109117643B publication Critical patent/CN109117643B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present application discloses a kind of system processing method and relevant device, for when receiving system enabling signal, file needed for system starting is measured, when only measuring successfully, ability activation system, to realize the Documents Metric before system starting, the credibility of the system of starting ensure that.The embodiment of the present application method includes: to obtain target data when credible platform control device TPCM receives system enabling signal, which is used to indicate the storage location of file destination, which is critical file required when the system starts;The TPCM measures the file destination;Fail if being measured to the file destination, TPCM output warning;If measuring successfully to the file destination, which starts the system.

Description

The method and relevant device of system processing
Technical field
A kind of method and relevant device handled this application involves data security arts more particularly to system.
Background technique
In cloud computing era, ubiquitous information has become the critical asset of country, enterprises and individuals, provides one Reliable calculating environment has become override consideration to ensure the confidentiality, integrality and reliability of information.In order to mention The security performance of high system, starts with from Computer Architecture, by being embedded in credible chip, to guarantee the credibility of host.
Currently, credible platform module (trusted platform module, TPM) and credible password module (trusted Cryptography module, TCM) two kinds of credible chips have become the core component of a variety of trusted services and application.In system After starting, according to the call instruction of system, file used in system is measured, to guarantee that this document is not repaired maliciously Change, and then guarantees the credibility of the system.
, can only be according to the call instruction of system due to the credible chip that the prior art provides, it is passive to carry out to system file Therefore measurement before system starting, can not measure the file that system uses, thus not can guarantee the system of starting It is credible.
Summary of the invention
The embodiment of the present application provides a kind of system processing method and relevant device, for receiving system enabling signal When, file needed for system starting is measured, when only measuring successfully, ability activation system is opened to realize in system Documents Metric before dynamic, ensure that the credibility of the system of starting.
In a first aspect, the embodiment of the present application provides a kind of system processing method, this method comprises:
When credible platform control device TPCM receives system enabling signal, target data is obtained, which uses In the storage location of instruction file destination, which is critical file required when the system starts;
The TPCM measures the file destination;
Fail if being measured to the file destination, TPCM output warning;
If measuring successfully to the file destination, which starts the system.
Second aspect, the embodiment of the present application provide a kind of credible platform control device, which includes:
Acquiring unit, for obtaining target data when receiving system enabling signal, which is used to indicate mesh The storage location of file is marked, which is critical file required when the system starts;
Metric element, for being measured to the file destination;
Output unit, for when measuring failure to the file destination, output to be alerted;
Start unit, for starting the system when measuring successfully to the file destination.
The third aspect, the embodiment of the present application provide a kind of terminal, which includes credible platform control device TPCM and be System,
The TPCM, for obtaining target data when receiving system enabling signal, which is used to indicate target The storage location of file, the file destination are critical file required when the system starts, and are measured to the file destination, when When measuring failure to the file destination, output warning;
The system, for executing start-up operation according to the file destination when the TPCM measures successfully the file destination.
Fourth aspect, the embodiment of the present application provide a kind of computer program product, which is characterized in that the computer program produces Product are performed the step of for executing system processing method described in above-mentioned first aspect.
5th aspect, the embodiment of the present application provide a kind of computer readable storage medium, which is characterized in that the computer can The instruction that system processing is stored in storage medium is read, when run on a computer, so that computer executes above-mentioned first Described in aspect the step of system processing method.
Eighth aspect, this application provides a kind of chip systems, which includes processor, for supporting network to set It is standby to realize function involved in above-mentioned aspect, for example, for example sending or handling data and/or letter involved in the above method Breath.In a kind of possible design, the chip system further includes memory, and the memory must for saving the network equipment The program instruction and data wanted.The chip system, can be made of chip, also may include chip and other discrete devices.
As can be seen from the above technical solutions, the embodiment of the present application has the advantage that
After credible platform control device TPCM receives system enabling signal, system starting is got according to target data The critical file of Shi Suoxu, and the critical file is measured, if measurement failure, exports warning, only measures successfully When, ability activation system ensure that the credibility of the system of starting to realize the Documents Metric before system starting.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram of computer equipment provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of system processing method provided by the embodiments of the present application;
Fig. 3 is another flow diagram of system processing method provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of credible platform control device provided by the embodiments of the present application;
Fig. 5 is a kind of structural schematic diagram of terminal provided by the embodiments of the present application.
Specific embodiment
The embodiment of the present application provides a kind of system processing method and relevant device, for receiving system enabling signal When, file needed for system starting is measured, when only measuring successfully, ability activation system is opened to realize in system Documents Metric before dynamic, ensure that the credibility of the system of starting.
Description and claims of this specification and term " first ", " second ", " third ", " in above-mentioned attached drawing The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein Or the sequence other than the content of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that Cover it is non-exclusive include, for example, containing the process, method, system, product or equipment of a series of steps or units need not limit In step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, produce The other step or units of product or equipment inherently.
It include credible platform control device (trusted in the computer equipment 10 of the embodiment of the present application application referring to Fig. 1 Platform control module, TPCM) 100 and system 110, wherein credible platform control device 100 is used to calculate Machine equipment 10, which is established and ensured, trusts source point, provides a systems such as integrity measurement, secure storage, credible report and cryptographic service The function of column trust computing, including to system 110 starting, used in operational process to file measure, to guarantee The confidence level of system 110, the above-mentioned metric operations carried out to file are referred to as the authentication to the corresponding system of file.
In the embodiment of the present application, credible platform control device 100 may include enforcement engine, non-volatile memories (non- Volatile storage, NV) space, platform configuration register (platform configuration register, PCR), Volatile memory, key generator, cryptographic algorithm engine, randomizer and input-output unit, each function It is connected between unit by communication bus.Wherein, enforcement engine is the operation execution unit of TPCM, nonvolatile storage space, puts down Platform configuration register and volatile memory are to store the storage unit of permanent data, and key generator and cryptographic algorithm draw It holds up.In the embodiment of the present invention, the region of target data storage is non-volatile memory cells and platform configuration register, Qi Tagong Details are not described herein again for the effect of energy unit.
In the embodiment of the present application, TPCM100 can be embodied in be hardware and firmware set, can use independent Packing forms, can also using for specific integrated circuit (application specific integrated circuits, ) or modes and the other types core such as field programmable gate array (field programmable gate array, FPGA) ASIC Piece integrates, and realizes function.
In the embodiment of the present application, system 110 refer to insertion credible platform control device 100 computer equipment 10 on transport Capable system, wherein computer equipment 10 can be the cloud storage equipment for being stored with country, enterprise and personal important information, It is also possible to personal or privately owned local memory device.System 110 may include basic input output system (basic input Output system, BIOS) or operating system etc., specifically herein without limitation.
The method of data processing in the present invention is explained below, referring to Fig. 2, system provided in an embodiment of the present invention One embodiment of processing method may include:
201, when TPCM receives system enabling signal, target data is obtained.
In the present embodiment, after the computer equipment where TPCM starts, TPCM can receive electric signal, namely should , can be with the starting permission of adapter system when TPCM receives system enabling signal, the NV using the starting permission from the TPCM is empty Between middle acquisition target data, which is used to indicate the storage location of file destination, which is to be stored in system In file, required critical file when can be for system starting.
In the present embodiment, target data can be the store path of file destination, or the filename of file destination, The information of the storage location of file destination can also can be indicated for other, specifically herein without limitation.
In the present embodiment, file destination can be kernel file, as an example, then should since system may include BIOS File destination required necessary file when can start for BIOS;As another example, file destination also may include BIOS With all files etc. required when os starting, the file that objectives file includes, herein without limitation.
202, the TPCM measures the file destination, fails if measuring to the file destination, thens follow the steps 203; If measuring successfully to the file destination, 204 are thened follow the steps.
In the present embodiment, TPCM is after using authority acquiring to target data is started, from the storage location of the file destination Place can read file destination, which can measure the file destination to judge whether the file destination is illegal Altered, and then judges whether the system for executing start-up operation using the file destination is credible.
In the present embodiment, to file destination carry out measurement refer to that the file destination before starting system and system are in can The file destination stored under letter state compares, to judge whether the file destination is illegally altered.
In the present embodiment, measuring to file destination can be for before system starting, available be in system can The file destination stored under letter state the file destination that obtains and the file destination stored under trusted status will carry out pair before starting Than so that whether the file destination stored in system was illegally altered before judging system starting;File destination is measured It can also be to carry out Hash operation to the file destination that gets before system starting, and obtain from the space NV of TPCM the Two cryptographic Hash, second cryptographic Hash are to carry out what Hash operation obtained to the file destination when the system is in trusted status Cryptographic Hash, by judging whether the first cryptographic Hash and the second cryptographic Hash unanimously judge whether file destination was illegally altered; File destination can also be measured by other means, specifically no longer be repeated one by one herein.
203, TPCM output warning.
In the present embodiment, fail if TPCM measures file destination, TPCM can export warning, to inform ownership goal File is illegally altered, and current system is in insincere state.Wherein, the mode for exporting warning can be one prompting bullet of output Frame;Or voice prompting is issued, as an example, for example issuing the sound prompting of " current system is insincere ";Can also be Certain sound is issued, as an example, such as the sound for issuing " serge serge serge " when measuring failure, the side of specific output warning Formula is in combination with actual conditions flexible setting, herein without limitation.
204, the TPCM starts the system.
In the present embodiment, if TPCM measures successfully file destination, prove that the system is in trusted status, which can To start the system.
In the present embodiment, after credible platform control device TPCM receives system enabling signal, obtained according to target data Critical file required when system starting is got, and the critical file is measured, if measurement failure, exports warning, When only measuring successfully, ability activation system ensure that the system of starting to realize the Documents Metric before system starting It is credible.
Based on 2 described embodiment of earlier figures, referring to Fig. 3, system processing method provided by the embodiments of the present application it is another A kind of embodiment may include:
301, when TPCM receives system enabling signal, target data is obtained.
In the present embodiment, step 301 is similar with step 201 in aforementioned embodiment illustrated in fig. 2, no longer repeats herein.
302, the TPCM carries out Hash operation to the file destination, obtains the first cryptographic Hash.
In the present embodiment, which can be right namely in the state of not knowing whether system is credible before system starting Critical file needed for BIOS system starting carries out Hash operation, to obtain the first cryptographic Hash of the file destination.
In the present embodiment, file destination can be one, or it is multiple, when file destination is multiple, can obtain Obtain corresponding multiple first cryptographic Hash of multiple file destinations.
303, the TPCM judges whether first cryptographic Hash consistent with the second cryptographic Hash, if first cryptographic Hash and this second Cryptographic Hash is inconsistent, thens follow the steps 304;If first cryptographic Hash is consistent with second cryptographic Hash, 307 are thened follow the steps.
In the present embodiment, the second cryptographic Hash can be previously stored in the space NV of the TPCM, second cryptographic Hash be When the system is in trusted status, the obtained cryptographic Hash of Hash operation carried out to the file destination, the TPCM may determine that this Whether one cryptographic Hash is consistent with the second cryptographic Hash, to judge that the file destination before system starting and system are under trusted status Whether file destination is consistent, namely judges before system starts, and whether which is illegally altered.In the application by pair Judge whether file destination is illegally altered than cryptographic Hash, reduces the consumption that file compares the brought time in detail, improve The speed of system starting process.
It, then, can be in difference when file destination is multiple since the space NV of TPCM can be to be multiple in the present embodiment The space NV in store the second cryptographic Hash of corresponding file destination, can be from corresponding thus when reading the second cryptographic Hash NV is read in space, avoids obscuring between multiple second cryptographic Hash.
304, first cryptographic Hash is stored in platform configuration register by the TPCM.
In the present embodiment, if the TPCM first can breathe out this when first cryptographic Hash and second cryptographic Hash are inconsistent Uncommon value is stored in platform configuration register.Due to needing to analyze file destination after file destination is illegally altered To obtain the insincere reason of system, the first cryptographic Hash when system is in insincere state is stored, when the first Hash When being worth inconsistent with the second cryptographic Hash again, the first cryptographic Hash stored in available platform configuration register is conducive to mention Height can also be improved analysis speed to the correctness of the insincere analysis of causes of system.
305, TPCM output warning.
In the present embodiment, step 307 is similar with step 203 in aforementioned embodiment illustrated in fig. 2, no longer repeats herein.
306, TPCM prompt input password, and judge whether the password of input and preset password are consistent, if input is close Code is consistent with preset password, then enters step 307;If the password of input is inconsistent with preset password, 308 are entered step.
In the present embodiment, it can be previously stored with password in the space NV of the TPCM, it is special which is referred to as starting Weighted code, under the first cryptographic Hash and the different situation of the second cryptographic Hash, which can prompt input password, and judge to input Password and the starting privilege code it is whether consistent, if unanimously, the provable user be superuser.
In the present embodiment, the mode of TPCM prompt input password can play frame for output, as an example, in for example showing Hold for the bullet frame of " please input and start franchise code ";It may be voice prompting, as an example, for example exporting " fingerprint please be input " Voice reminder can also prompt input password by other means, specifically should flexibly set in conjunction with actual conditions, herein not one by one It repeats.
In the present embodiment, which can be the combination of number, or text and number combinatorics on words, it can be with It can also be the finger print information etc. of superuser, specifically herein without limitation for number, the combination of letter and punctuation mark.
In the present embodiment, the space NV (NV, Non-volatile Storage, non-volatile memories) in TCM is one Safe space, the data stored in the space NV are all encrypted from master encryption algorithm by State Commercial Cryptography Administration and are stored, therefore are stored in NV The data in space will not be securely and reliably tampered.In the present embodiment by target data and/or second cryptographic Hash and/or should Preset password is stored in the space NV, to ensure that above-mentioned data are not tampered, and then guarantee the accurate of measurement results and It is credible.
It is understood that the present embodiment do not limit step 304, step 305 and step 306 execute sequence, can be with Step 304 is first carried out, then executes step 305, is executing step 306;Step 305 can also be first carried out, then executes step 304, Step 306 is executed again;It can also be to first carry out step 306, then execute step 304, then execute step 305, can also be step 304, any other sequence of step 305 and step 306, is no longer repeated one by one herein.
307, the TPCM powers on the BIOS.
In the present embodiment, since BIOS can be run on a BIOS chip, when the first cryptographic Hash and the second cryptographic Hash When consistent namely the BIOS is in trusted status, then the TPCM powers on the chip where the BIOS;When first cryptographic Hash with Second cryptographic Hash is inconsistent, but the password inputted is consistent with preset password namely user is by way of inputting franchise start code Activation system, then the TPCM can also power on the chip where the BIOS, since the TPCM had been sent from warning alert, then User can delete the illegal file being tampered after entering BIOS system manually.
In the present embodiment, due to first having to complete the starting of BIOS in system starting process, when TPCM only starts BIOS Necessary critical file is measured, if critical file needed for BIOS starting is measured successfully, i.e., first starts BIOS, to keep away The critical file needed for starting all systems is exempted to measure, has saved the time of system starting process, improve and be The rate of system starting.
308, the TPCM executes other programs.
Fig. 4 is a kind of structural schematic diagram of credible platform control device provided by the embodiments of the present application, credible platform control Device 400 may include:
Acquiring unit 401, for when receiving system enabling signal, obtaining target data, the target data is for referring to Show the storage location of file destination, which is critical file required when the system starts;
Metric element 402, for being measured to the file destination;
Output unit 403, for when measuring failure to the file destination, output to be alerted;
Start unit 404, for starting the system when measuring successfully to the file destination.
In a kind of possible implementation, metric element 402 is specifically used for:
The TPCM carries out Hash operation to the file destination, obtains the first cryptographic Hash;The TPCM judges first cryptographic Hash Whether consistent with the second cryptographic Hash, which is to breathe out when the system is in trusted status to the file destination The cryptographic Hash that uncommon operation obtains;If first cryptographic Hash and second cryptographic Hash are inconsistent, which is determined to target text Part measurement failure.
In a kind of possible implementation, output unit 403 is specifically used for: failing when the TPCM measures the file destination When, prompt input password;
Start unit 404 is specifically used for: under the password of input and preset password unanimous circumstances, which starts this and is System.
In a kind of possible implementation, which includes the space non-volatile memories NV, the target data and/or this Two cryptographic Hash and/or the preset password are stored in the space NV.
In a kind of possible implementation, which includes platform configuration register PCR, credible platform control device 400 Can also include:
Storage unit 405, if inconsistent for first cryptographic Hash and second cryptographic Hash, the TPCM is by first Hash Value is stored in the PCR.
In a kind of possible implementation, which includes basic input-output system BIOS, which includes should Critical file BIOS required when starting, start unit 404 are specifically used for:
The TPCM powers on the BIOS.
It is real shown in the process and earlier figures 2 and Fig. 3 that each unit executes in credible platform control device 400 in the present embodiment Apply in example that process performed by credible platform control device TPCM is similar, details are not described herein again.
In the present embodiment, after acquiring unit 401 receives system enabling signal, system is got according to target data and is opened Required critical file, metric element 402 can measure the critical file when dynamic, if measurement failure, by exporting The output warning of unit 403, when only measuring successfully, just by 404 activation system of start unit, to realize before system starting Documents Metric, ensure that the credibility of the system of starting.
Fig. 5 is a kind of structural schematic diagram of terminal provided by the embodiments of the present application, and terminal 50 may include credible platform control Device 500 processed and system 510,
Credible platform control device 500 may include acquiring unit 5001, metric element 5002, output unit 5003 and open Moving cell 5004, system 510 may include running unit 5101:
Wherein, when receiving system enabling signal, acquiring unit 501 obtains target data, and the target data is for referring to Show the storage location of file destination, which is critical file required when the system 510 starts;Metric element 502 is right The file destination is measured;When metric element 502 measures failure to the file destination, the output warning of output unit 503;When When metric element 502 measures successfully to the file destination, start unit 504 starts the system 510;
Running unit 5101 executes starting behaviour after start unit 504 triggers system start-up operation, according to the file destination Make.
In a kind of possible implementation, metric element 502 is specifically used for:
The TPCM carries out Hash operation to the file destination stored in the system 510, obtains the first cryptographic Hash;The TPCM sentences Whether first cryptographic Hash of breaking is consistent with the second cryptographic Hash, which is when the system is in trusted status, to this File destination carries out the cryptographic Hash that Hash operation obtains;If first cryptographic Hash and second cryptographic Hash are inconsistent, the TPCM It determines to measure the file destination and fail.
In a kind of possible implementation, output unit 403 is specifically used for: failing when the TPCM measures the file destination When, prompt input password;
Start unit 404 is specifically used for: under the password of input and preset password unanimous circumstances, which starts this and is System.
In a kind of possible implementation, which includes the space non-volatile memories NV, the target data and/or this Two cryptographic Hash and/or the preset password are stored in the space NV.
In a kind of possible implementation, which includes platform configuration register PCR, credible platform control device 500 Can also include: storage unit 505, if for first cryptographic Hash and second cryptographic Hash it is inconsistent, the TPCM by this first Cryptographic Hash is stored in the PCR.
In a kind of possible implementation, which includes basic input-output system BIOS, which includes should Critical file BIOS required when starting, start unit 504 are specifically used for: the TPCM powers on the BIOS.
In the present embodiment, process that each unit in the credible platform control device 500 that terminal 50 includes executes with it is aforementioned Fig. 2 is similar with process performed by credible platform control device TPCM in embodiment illustrated in fig. 3, and details are not described herein again.
In the present embodiment, after acquiring unit 5001 receives system enabling signal, system is got according to target data Required critical file when starting, metric element 5002 can measure the critical file, if measurement failure, by defeated The output of unit 5003 warning out when only measuring successfully, is just triggered the start-up operation of system, and then by transporting by start unit 5004 Row unit 5101 executes start-up operation, to realize the Documents Metric before system starting, ensure that the system of starting can Letter property.
A kind of computer product is also provided in the embodiment of the present application, which is performed for executing such as Described in earlier figures 3 and embodiment illustrated in fig. 4 the step of system processing method.
A kind of computer readable storage medium is also provided in the embodiment of the present application, is stored in the computer readable storage medium There is the instruction of data cached processing, when run on a computer, so that computer is executed as shown in earlier figures 3 and Fig. 4 in fact The step of applying system processing method described in example.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey The medium of sequence code.

Claims (10)

1. a kind of system processing method, which is characterized in that the described method includes:
When credible platform control device TPCM receives system enabling signal, target data is obtained, the target data is used for Indicate the storage location of file destination, the file destination is critical file required when the system starts;
The TPCM measures the file destination;
Fail if being measured to the file destination, the TPCM output warning;
If measuring successfully to the file destination, the TPCM starts the system.
2. the method according to claim 1, wherein the TPCM measures the file destination, comprising:
The TPCM carries out Hash operation to the file destination, obtains the first cryptographic Hash;
The TPCM judges whether first cryptographic Hash is consistent with the second cryptographic Hash, and second cryptographic Hash is in the system When in trusted status, the cryptographic Hash that Hash operation obtains is carried out to the file destination;
If first cryptographic Hash and second cryptographic Hash are inconsistent, the TPCM is determined to measure the file destination and be lost It loses.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
Fail if the TPCM measures the file destination, prompts input password;
Under the password of input and preset password unanimous circumstances, the TPCM starts the system.
4. according to the method described in claim 3, it is characterized in that, the TPCM include the space non-volatile memories NV, it is described Target data and/or second cryptographic Hash and/or the preset password are stored in the space NV.
5. according to the method described in claim 2, it is characterized in that, the TPCM includes platform configuration register PCR, the side Method further include:
If first cryptographic Hash and second cryptographic Hash are inconsistent, first cryptographic Hash is stored in described by the TPCM In PCR.
6. method described in -5 any claims according to claim 1, which is characterized in that the system is defeated comprising inputting substantially System bios out, the file destination include critical file required when the BIOS starts,
The TPCM starts the system, comprising:
The TPCM powers on the BIOS.
7. a kind of credible platform control device TPCM, which is characterized in that the TPCM includes:
Acquiring unit, for obtaining target data when receiving system enabling signal, the target data is used to indicate target The storage location of file, the file destination are critical file required when the system starts;
Metric element, for being measured to the file destination;
Output unit, for when measuring failure to the file destination, output to be alerted;
Start unit, for starting the system when measuring successfully to the file destination.
8. a kind of terminal, which is characterized in that the terminal includes credible platform control device TPCM and system,
The TPCM, for obtaining target data when receiving system enabling signal, the target data is used to indicate target The storage location of file, the file destination are critical file required when the system starts, and are carried out to the file destination Measurement, when measuring failure to the file destination, output warning;
The system, for executing starting according to the file destination when the TPCM measures successfully the file destination Operation.
9. a kind of computer program product, which is characterized in that the computer program product is performed for executing such as right It is required that the described in any item system processing methods of 1-6.
10. a kind of computer readable storage medium, which is characterized in that be stored at system in the computer readable storage medium The instruction of reason, when run on a computer, so that computer executes at the described in any item systems of the claims 1-6 Reason method.
CN201811034733.1A 2018-09-05 2018-09-05 System processing method and related equipment Active CN109117643B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811034733.1A CN109117643B (en) 2018-09-05 2018-09-05 System processing method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811034733.1A CN109117643B (en) 2018-09-05 2018-09-05 System processing method and related equipment

Publications (2)

Publication Number Publication Date
CN109117643A true CN109117643A (en) 2019-01-01
CN109117643B CN109117643B (en) 2021-05-07

Family

ID=64858620

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811034733.1A Active CN109117643B (en) 2018-09-05 2018-09-05 System processing method and related equipment

Country Status (1)

Country Link
CN (1) CN109117643B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177752A (en) * 2019-12-20 2020-05-19 全球能源互联网研究院有限公司 Credible file storage method, device and equipment based on static measurement
CN111506897A (en) * 2019-01-30 2020-08-07 阿里巴巴集团控股有限公司 Data processing method and device
CN113468615A (en) * 2021-06-24 2021-10-01 邦彦技术股份有限公司 Credibility measurement method, credibility chip, logic controller and credibility measurement system
CN113486353A (en) * 2021-06-24 2021-10-08 邦彦技术股份有限公司 Credibility measuring method, system, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106127057A (en) * 2016-06-23 2016-11-16 浪潮电子信息产业股份有限公司 Method for constructing trusted boot control based on TPM
EP3125149A1 (en) * 2005-01-07 2017-02-01 Microsoft Technology Licensing, LLC Systems and methods for securely booting a computer with a trusted processing module
CN107346393A (en) * 2017-06-30 2017-11-14 浪潮(北京)电子信息产业有限公司 A kind of system start method and system based on TCM
CN207731274U (en) * 2018-01-29 2018-08-14 北京可信华泰信息技术有限公司 A kind of credible platform control device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3125149A1 (en) * 2005-01-07 2017-02-01 Microsoft Technology Licensing, LLC Systems and methods for securely booting a computer with a trusted processing module
CN106127057A (en) * 2016-06-23 2016-11-16 浪潮电子信息产业股份有限公司 Method for constructing trusted boot control based on TPM
CN107346393A (en) * 2017-06-30 2017-11-14 浪潮(北京)电子信息产业有限公司 A kind of system start method and system based on TCM
CN207731274U (en) * 2018-01-29 2018-08-14 北京可信华泰信息技术有限公司 A kind of credible platform control device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111506897A (en) * 2019-01-30 2020-08-07 阿里巴巴集团控股有限公司 Data processing method and device
CN111506897B (en) * 2019-01-30 2023-05-02 阿里巴巴集团控股有限公司 Data processing method and device
CN111177752A (en) * 2019-12-20 2020-05-19 全球能源互联网研究院有限公司 Credible file storage method, device and equipment based on static measurement
CN113468615A (en) * 2021-06-24 2021-10-01 邦彦技术股份有限公司 Credibility measurement method, credibility chip, logic controller and credibility measurement system
CN113486353A (en) * 2021-06-24 2021-10-08 邦彦技术股份有限公司 Credibility measuring method, system, equipment and storage medium
CN113468615B (en) * 2021-06-24 2023-08-01 邦彦技术股份有限公司 Trusted measurement method, trusted chip, logic controller and trusted measurement system
CN113486353B (en) * 2021-06-24 2023-08-01 邦彦技术股份有限公司 Trusted measurement method, system, equipment and storage medium

Also Published As

Publication number Publication date
CN109117643B (en) 2021-05-07

Similar Documents

Publication Publication Date Title
US10516533B2 (en) Password triggered trusted encryption key deletion
US20200272739A1 (en) Performing an action based on a pre-boot measurement of a firmware image
CN109117643A (en) The method and relevant device of system processing
JP4855679B2 (en) Encapsulation of reliable platform module functions by TCPA inside server management coprocessor subsystem
US8966642B2 (en) Trust verification of a computing platform using a peripheral device
US9270467B1 (en) Systems and methods for trust propagation of signed files across devices
CN103124973B (en) The use of interactive component during proving bootup process
CN109614799B (en) Information authentication method
US9641330B2 (en) Trusted tamper reactive secure storage
CN101542494A (en) Protecting interfaces on processor architectures
CN104462965A (en) Method for verifying integrity of application program and network device
WO2019209630A1 (en) File processing method and system, and data processing method
CN101983375A (en) Binding a cryptographic module to a platform
CN107346393A (en) A kind of system start method and system based on TCM
Wang et al. A survey of secure boot schemes for embedded devices
Dave et al. Care: Lightweight attack resilient secure boot architecture with onboard recovery for risc-v based soc
CN112511306A (en) Safe operation environment construction method based on mixed trust model
CN106980800B (en) Measurement method and system for authentication partition of encrypted solid state disk
US20200117795A1 (en) System and method for generating and authenticating a trusted polymorphic and distributed unique hardware identifier
US10192047B2 (en) Provisioning of identity information
CN111177703A (en) Method and device for determining data integrity of operating system
US11374745B1 (en) Key usage tracking using TPM
CN117610083A (en) File verification method and device, electronic equipment and computer storage medium
CN109583169B (en) Security authentication method
CN109583197B (en) Trusted overlay file encryption and decryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant