CN109598125B - Safe starting method - Google Patents
Safe starting method Download PDFInfo
- Publication number
- CN109598125B CN109598125B CN201811435130.2A CN201811435130A CN109598125B CN 109598125 B CN109598125 B CN 109598125B CN 201811435130 A CN201811435130 A CN 201811435130A CN 109598125 B CN109598125 B CN 109598125B
- Authority
- CN
- China
- Prior art keywords
- tpcm
- hard disk
- bios
- computer system
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Abstract
According to the safety authentication method, the configuration items about the TPCM are added in the BIOS, so that the user identity authentication is realized in the BIOS starting stage.
Description
Technical Field
The invention relates to the field of computer security, in particular to a secure starting method.
Background
The development of the trusted computing technology has entered the 3.0 era, the trusted computing technology has been changed from a passive defense technology to an active immunity technology, and compared with the trusted computing technology of passive defense, the trusted 3.0 formed dual-system architecture can utilize tpcm (trusted Platform Control module) to perform active measurement and active monitoring on the system, thereby avoiding the bypass of the trusted mechanism of the passive defense tpm (trusted Platform Control module) by the system. Active monitoring can be performed through access control policies deployed in various controllers, and any modification to an access control policy can be deployed into a controller only after the trustworthiness of the access control policy is confirmed through a trustworthiness measurement mechanism. Therefore, even if the CPU or the operating system exists in a backdoor, an attacker is difficult to tamper the access control strategy by utilizing the vulnerabilities, the passive defense is changed into the active immunity, and the safety of the system is enhanced.
However, the trusted measurement system in the prior art can only ensure the security of the computer system, and there is a risk of being stolen by others, and the secure boot method of the computer in the prior art usually only lets the user input a user name and a password when the computer is powered on, and this method cannot ensure the security of the computer system.
Disclosure of Invention
The invention provides a safe starting method which is suitable for carrying out safe authentication on a computer system and can greatly improve the safety of the computer system compared with the safe starting method in the prior art.
The invention provides a safe starting method which is characterized by comprising the following steps:
step 1: and (3) electrifying and starting the system, carrying out active security measurement on the computer system by utilizing the TPCM, and entering the step 2 if the measurement is passed, or entering the step 3 if the measurement is not passed.
Step 2: changing TPCM configuration item in BIOS to realize user ID authentication in BIOS starting stage, if authentication is passed, then computer system is started normally, otherwise, entering step 3;
and step 3: and reporting abnormal information and forbidding the computer system to start.
Preferably, the changing the TPCM configuration item in the BIOS to implement the user identity authentication in the BIOS start-up phase includes:
adding 'administeror password' in TPCM configuration item in BIOS, so that Administrator can realize user identity authentication in BIOS starting phase by configuring the configuration item.
Preferably, before the step 1, the method further comprises:
and identifying the identity of an operator through the biological identification equipment, if the identity passes the identification, performing active security measurement on the computer system by using the TPCM, and otherwise, reporting abnormal information and forbidding the operator to operate the TPCM.
Preferably, the recognizing the identity of the operator by the biometric device includes:
the system is connected with the TPCM through an external biological recognition device, and prompts an operator to input biological information for safety verification after the TPCM is electrified and started and before the active safety measurement function is formally started.
Preferably, the biological information comprises one or more of the following biological information in combination:
fingerprint information, sclera information, and face information.
The invention also provides a trusted control method based on the trusted hard disk, which is characterized by comprising the following steps:
step 1, electrifying a trusted hard disk, measuring other hardware in a system where the trusted hard disk is located by using a TPCM (tire pressure monitor) module embedded in a hard disk chip in the trusted hard disk, entering step 2 if the measurement result of the other hardware is normal, and alarming if the measurement result of the other hardware is abnormal;
step 2, electrifying other hardware, measuring software in a system where the credible hard disk is located after the system where the credible hard disk is located is started, entering step 3 if the measurement result of the software is normal, and alarming if the measurement result of the software is abnormal;
and 3, the system where the trusted hard disk is located normally operates, when the system where the trusted hard disk is located performs read/write operation on the trusted hard disk, the TPCM embedded in a hard disk chip in the trusted hard disk is utilized to perform decoding/encryption on the data which is cached in the system where the trusted hard disk is located and needs to be read/written, and then the data which is cached in the system where the trusted hard disk is located and needs to be read/written is read/written to the trusted hard disk.
Preferably, the other hardware in the system where the trusted hard disk is located includes: a BMC chip and a BIOS chip;
the software in the system where the trusted hard disk is located comprises: MBR, OS LOADER, and OS KERNEL.
Preferably, the decrypting/encrypting the data which is cached in the system where the trusted hard disk is located and needs to be read/written by using the TPCM module embedded in the hard disk chip of the trusted hard disk includes:
and the system where the trusted hard disk is located calls a TCM module of a TPCM module embedded in a hard disk chip in the trusted hard disk to decrypt/encrypt data to be read/written by the trusted hard disk in the system where the trusted hard disk is located.
Preferably, the trusted hard disk is an IDE hard disk, a PIDE hard disk, an SCSI hard disk, an SATA hard disk, an SAS hard disk or an SSD hard disk.
Preferably, the SSD hard disk supports an m.2 interface, an SAS interface, an SATA interface, and/or an M.P interface.
Preferably, the alarm comprises: and lightening an indicator lamp, sounding an alarm, and prompting printing error information or shutdown by a printing interface.
According to the safety authentication method, the configuration items about the TPCM are added in the BIOS, so that the user identity authentication is realized in the BIOS starting stage.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
fig. 1 is a flowchart of a secure boot method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a secure boot method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a secure boot method according to a third embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will now be described in detail with reference to the accompanying drawings.
The safety starting method is applied to a computer system, the computer system has the function of active safety measurement, and the function of active safety measurement is realized by adding a TPCM safety chip in the computer system.
The TPCM is used for carrying out active safety measurement on each main firmware and components of the computer system in the process of powering on and starting the computer system, wherein the main firmware and the components comprise BIOS firmware, BMC firmware, a designated hard disk partition and the like, if the active measurement result is normal, the computer system is allowed to be normally started, and otherwise, the computer system is forbidden to be normally started.
Example one
Based on the computer system, the present embodiment provides a secure boot method, a flowchart of which is shown in fig. 1, and the method includes the following steps:
step 1: after the system is powered on and started, the identity of an operator is identified through the biological identification equipment, if the identity passes the step 2, otherwise, the step 3 is carried out.
Specifically, in order to realize the active security measurement of the computer system, the TPCM security chip needs to be powered on and started before the computer system is started.
Specifically, in order to avoid the TPCM being stolen and tampered by people, the TPCM is connected with a biological identification device such as an external USBKey and a fingerprint acquisition instrument, and after the TPCM is electrified and started and before an active security measurement function is formally started, an operator is prompted to enter biological information for security verification.
Preferably, the biological information includes fingerprint information, sclera information, face information, and the like.
Step 2: and the TPCM formally enters a working state and carries out active safety measurement on the computer system.
Specifically, the content of the active security metric includes integrity check of BIOS firmware, BMC firmware, a designated hard disk partition, and the like.
And step 3: and reporting abnormal information, and forbidding an operator to operate the TPCM.
Specifically, if the identity authentication of the operator fails, the computer system is proved to have risks of being stolen and information falsified, and in this case, the computer system automatically enables the TPCM to enter a locked state and controls the TPCM to be powered off.
According to the safe starting method in the embodiment, when the computer system is started, the TPCM safety chip is authenticated by using the biological information of an operator, if the authentication is passed, the TPCM is used for carrying out active safety measurement on the computer system, otherwise, the operator is prohibited from operating the TPCM safety chip.
Example two
The present embodiment provides another secure boot method based on the first embodiment, and a flowchart thereof is shown in fig. 2, where the method includes:
step 1: and (3) electrifying and starting the system, carrying out active security measurement on the computer system by utilizing the TPCM, and entering the step 2 if the measurement is passed, or entering the step 3 if the measurement is not passed.
Specifically, the content of the active security metric is as described above, and is not described herein again.
Step 2: and (3) changing the TPCM configuration item in the BIOS to realize the user identity authentication in the BIOS starting stage, if the authentication is passed, normally starting the computer system, otherwise, entering the step 3.
Specifically, the changing of the TPCM configuration item in the BIOS includes adding an administeror password to the TPCM configuration item in the BIOS, so that an Administrator can configure the configuration item to realize user identity authentication at the BIOS startup stage.
And step 3: and reporting abnormal information and forbidding the computer system to start.
Specifically, if the identity authentication of the operator fails, the computer system is proved to have risks of being stolen and information falsified, and in this case, the computer system automatically enables the TPCM to enter a locked state and controls the TPCM to be powered off.
Preferably, the method in this embodiment may be combined with the method in the first embodiment, so as to obtain a method capable of performing biometric authentication on the TPCM and performing user identity security authentication in the BIOS stage at the same time, where the process of performing user identity authentication in the BIOS stage is located after the process of performing biometric authentication on the TPCM.
The secure boot method in this embodiment implements user identity authentication at the BIOS boot stage by adding a configuration item related to the TPCM to the BIOS, and can prevent the computer system from being stolen and information falsified, thereby improving the security of the computer system.
EXAMPLE III
In this embodiment, another secure boot method is proposed based on the secure boot methods in the first and second embodiments, preferably, a flow of the secure boot method in this embodiment may be implemented alone, or may be combined with the method flows in the first and second embodiments, and a flow chart of the method is shown in fig. 3, where the secure boot method in this embodiment includes:
step 1: and (3) electrifying and starting the system, carrying out active security measurement on the computer system by the TPCM, and entering the step (2) if the measurement is passed, or entering the step (3).
Step 2: and a login dialog box is added in the OPROM, and the personnel identity authentication is realized in the OPROM when the trusted hard disk is started.
Specifically, an "administeror password" field is added in a TPCM configuration item in the OPROM, so that a manager can configure the configuration item to realize user identity authentication at a trusted hard disk boot stage.
And step 3: and reporting abnormal information and forbidding the computer system to start.
Specifically, if the identity authentication of the operator fails, the computer system is proved to have risks of being stolen and information falsified, and in this case, the computer system automatically enables the TPCM to enter a locked state and controls the TPCM to be powered off.
Preferably, before step 1, the TPCM may be authenticated by using the biometric information according to the method in the first embodiment, and between step 1 and step 2, the authentication of the user may be completed in the BIOS booting stage according to the method in the second embodiment.
The technical scheme of the embodiment can complete user identity authentication at the starting stage of the trusted hard disk, so that the behaviors that the computer equipment is stolen and information is tampered are avoided, and the embodiment can be combined with the first embodiment and the second embodiment, so that an all-around computer system safe starting method is provided for a user, and the safety of the computer system is greatly improved.
Example four
The invention also provides a trusted control method based on the trusted hard disk, which is characterized by comprising the following steps:
step 1, electrifying a trusted hard disk, measuring other hardware in a system where the trusted hard disk is located by using a TPCM (tire pressure monitor) module embedded in a hard disk chip in the trusted hard disk, entering step 2 if the measurement result of the other hardware is normal, and alarming if the measurement result of the other hardware is abnormal;
step 2, electrifying other hardware, measuring software in a system where the credible hard disk is located after the system where the credible hard disk is located is started, entering step 3 if the measurement result of the software is normal, and alarming if the measurement result of the software is abnormal;
and 3, the system where the credible hard disk is located normally runs, when the system where the credible hard disk is located performs read/write operation on the credible hard disk, the TPCM embedded in a hard disk chip in the credible hard disk is utilized to cache the TPCM in the credible hard disk
And reading/writing the data which needs to be read/written by the trusted hard disk to the trusted hard disk after the data which needs to be read/written by the trusted hard disk in the system is decoded/encrypted.
Preferably, the other hardware in the system where the trusted hard disk is located includes: a BMC chip and a BIOS chip;
the software in the system where the trusted hard disk is located comprises: MBR, OS LOADER, and OS KERNEL.
Preferably, the decrypting/encrypting the data which is cached in the system where the trusted hard disk is located and needs to be read/written by using the TPCM module embedded in the hard disk chip of the trusted hard disk includes:
and the system where the trusted hard disk is located calls a TCM module of a TPCM module embedded in a hard disk chip in the trusted hard disk to decrypt/encrypt data to be read/written by the trusted hard disk in the system where the trusted hard disk is located.
Preferably, the trusted hard disk can be an IDE hard disk, a PIDE hard disk, an SCSI hard disk, an SATA hard disk, an SAS hard disk and/or an SSD hard disk.
Preferably, the trusted hard disk supports an m.2 interface, an SAS interface, an SATA interface, and/or an M.P interface.
Preferably, the alarm comprises: and lightening an indicator lamp, sounding an alarm, and prompting printing error information or shutdown by a printing interface.
Through the technical scheme in the embodiment, other hardware in the system and software in the system where the trusted hard disk is located can be measured by using the TPCM embedded in the trusted hard disk, and in the normal operation process of the system where the trusted hard disk is located, the TPCM embedded in the trusted hard disk can be used for controlling the trusted reading and writing of data in the trusted hard disk.
In the embodiments provided in the present invention, it should be understood that the disclosed method and terminal can be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
In addition, the technical solutions in the above several embodiments can be combined and replaced with each other without contradiction.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of modules or means recited in the system claims may also be implemented by one module or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (3)
1. A secure boot method, comprising:
identifying the identity of an operator through biological identification equipment, if the identity passes the identification, performing active security measurement on a computer system by using the TPCM, and otherwise, reporting abnormal information and forbidding the operator to operate the TPCM;
step 1: starting a system by electrifying, carrying out active security measurement on the computer system by utilizing the TPCM, entering a step 2 if the measurement is passed, and entering a step 3 if the measurement is not passed;
step 2: changing TPCM configuration items in BIOS to realize user identity authentication in BIOS starting stage, if authentication is passed, normally starting computer system, adding login dialog box in OPROM, and realizing personnel identity authentication in OPROM when trusted hard disk is started; otherwise, entering step 3;
and step 3: reporting abnormal information, and forbidding the computer system to start;
the changing of the TPCM configuration item in the BIOS to realize the user identity authentication in the BIOS starting stage comprises the following steps:
adding 'administeror password' in a TPCM configuration item in the BIOS, so that an Administrator realizes the user identity authentication in the BIOS starting stage by configuring the configuration item.
2. A secure boot method as recited in claim 1, wherein said identifying an identity of the operator with the biometric device comprises:
the system is connected with the TPCM through an external biological recognition device, and prompts an operator to input biological information for safety verification after the TPCM is electrified and started and before the active safety measurement function is formally started.
3. A secure boot method as defined in claim 2, wherein said biometric information comprises a combination of one or more of the following biometric information:
fingerprint information, sclera information, and face information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811435130.2A CN109598125B (en) | 2018-11-28 | 2018-11-28 | Safe starting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811435130.2A CN109598125B (en) | 2018-11-28 | 2018-11-28 | Safe starting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109598125A CN109598125A (en) | 2019-04-09 |
| CN109598125B true CN109598125B (en) | 2021-05-14 |
Family
ID=65960461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811435130.2A Active CN109598125B (en) | 2018-11-28 | 2018-11-28 | Safe starting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109598125B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112130903B (en) * | 2020-09-18 | 2023-07-14 | 山东云海国创云计算装备产业创新中心有限公司 | CMOS information clearing method, device and computer readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN201408535Y (en) * | 2009-05-11 | 2010-02-17 | 方正科技集团苏州制造有限公司 | Trusted hard disk facing to trusted computation cryptograph supporting platform |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN103534976A (en) * | 2013-06-05 | 2014-01-22 | 华为技术有限公司 | Data security protection method, server, host, and system |
| CN106295352A (en) * | 2016-07-29 | 2017-01-04 | 北京三未信安科技发展有限公司 | The method of credible tolerance, main frame and system under basic input output system environment |
| CN106934268A (en) * | 2017-03-31 | 2017-07-07 | 山东超越数控电子有限公司 | A kind of method that encrypting fingerprint is realized in BIOS |
| JP2017157018A (en) * | 2016-03-02 | 2017-09-07 | 株式会社リコー | Information processing device, information processing method, information processing program, and trusted platform module |
-
2018
- 2018-11-28 CN CN201811435130.2A patent/CN109598125B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN201408535Y (en) * | 2009-05-11 | 2010-02-17 | 方正科技集团苏州制造有限公司 | Trusted hard disk facing to trusted computation cryptograph supporting platform |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN103534976A (en) * | 2013-06-05 | 2014-01-22 | 华为技术有限公司 | Data security protection method, server, host, and system |
| JP2017157018A (en) * | 2016-03-02 | 2017-09-07 | 株式会社リコー | Information processing device, information processing method, information processing program, and trusted platform module |
| CN106295352A (en) * | 2016-07-29 | 2017-01-04 | 北京三未信安科技发展有限公司 | The method of credible tolerance, main frame and system under basic input output system environment |
| CN106934268A (en) * | 2017-03-31 | 2017-07-07 | 山东超越数控电子有限公司 | A kind of method that encrypting fingerprint is realized in BIOS |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109598125A (en) | 2019-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10516533B2 (en) | Password triggered trusted encryption key deletion | |
| CN109614799B (en) | Information authentication method | |
| US11176255B2 (en) | Securely booting a service processor and monitoring service processor integrity | |
| US7917741B2 (en) | Enhancing security of a system via access by an embedded controller to a secure storage device | |
| US20190073478A1 (en) | Hardware-enforced firmware security | |
| CN109815698B (en) | Method and non-transitory machine-readable storage medium for performing security actions | |
| US9455955B2 (en) | Customizable storage controller with integrated F+ storage firewall protection | |
| RU2321055C2 (en) | Device for protecting information from unsanctioned access for computers of informational and computing systems | |
| JP5551130B2 (en) | Encapsulation of reliable platform module functions by TCPA inside server management coprocessor subsystem | |
| EP3125149B1 (en) | Systems and methods for securely booting a computer with a trusted processing module | |
| CN107665316B (en) | Computer BIOS design method based on authentication and credibility measurement | |
| JP2005301564A (en) | Information processor equipped with security function | |
| US11513698B2 (en) | Root of trust assisted access control of secure encrypted drives | |
| US10783088B2 (en) | Systems and methods for providing connected anti-malware backup storage | |
| CN109583169B (en) | Security authentication method | |
| CN109583214B (en) | Safety control method | |
| CN109117643A (en) | The method and relevant device of system processing | |
| US10460110B1 (en) | Systems and methods for unlocking self-encrypting data storage devices | |
| CN109598125B (en) | Safe starting method | |
| CN109583197B (en) | Trusted overlay file encryption and decryption method | |
| CN109598119B (en) | Credible encryption and decryption method | |
| Zhao et al. | Gracewipe: Secure and Verifiable Deletion under Coercion. | |
| CN109583196B (en) | Key generation method | |
| CN109598150B (en) | Key using method | |
| JP2007241800A (en) | Removable memory unit and computer device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |