CN111045744B - System credibility verification starting method and device - Google Patents
System credibility verification starting method and device Download PDFInfo
- Publication number
- CN111045744B CN111045744B CN201911301758.8A CN201911301758A CN111045744B CN 111045744 B CN111045744 B CN 111045744B CN 201911301758 A CN201911301758 A CN 201911301758A CN 111045744 B CN111045744 B CN 111045744B
- Authority
- CN
- China
- Prior art keywords
- trusted
- computing system
- common
- kernel
- image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012795 verification Methods 0.000 title claims abstract description 27
- 238000005259 measurement Methods 0.000 claims abstract description 50
- 230000015654 memory Effects 0.000 claims description 25
- 230000000977 initiatory effect Effects 0.000 claims description 8
- 238000013468 resource allocation Methods 0.000 claims description 5
- 238000012546 transfer Methods 0.000 claims description 4
- 230000003068 static effect Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method and a device for starting the trusted verification of a system, which are applied to an embedded operating system, wherein the method comprises the following steps: performing trusted measurement on a system BIOS; when the system BIOS is trusted, transferring the first control right of the first kernel to the system BIOS; performing trusted measurement on a trusted computing system image through the system BIOS; when the trusted computing system image is trusted, loading the trusted computing system image, and transferring the first control right to the trusted computing system to start the trusted computing system; performing a trusted metric on the common computing system image; and when the common computing system image is trusted, loading the common computing system image, and transferring the second control right of the second kernel to the common computing system to start the common computing system. The invention ensures the safe starting of the system by verifying the trusted computing system and the common computing system respectively.
Description
Technical Field
The invention relates to the technical field of operating system security, in particular to a method and a device for starting system trusted verification.
Background
The novel informatization environments such as cloud computing, big data, industrial control, internet of things and the like need to be based on safe and reliable conditions and development, and reliable measurement, identification and control are required. The adoption of the safe trusted system can ensure the credibility of the system, the credibility of the resource allocation, the credibility of the operation behavior, the credibility of the data storage and the credibility of the policy management, thereby achieving the purpose of actively defending.
The trusted security system in the related art is designed based on the physical architecture of a trusted computing system and a common computing system, wherein the trusted computing system and the common computing system are two independent computers. In the field of embedded operating systems, such as automotive electronics, power relay protection devices and the like, a common architecture of multiple operating systems running on different CPU cores of the same computer simultaneously is that, currently, no solution of a trusted security system exists for the situation.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to overcome the defect that a trusted security system with multiple operating systems running on the same processor in the prior art is not available, so as to provide a method and a device for starting the trusted verification of the system.
According to a first aspect, an embodiment of the present invention discloses a method for starting trusted authentication of a system, which is applied to an embedded operating system, and includes the following steps: performing trusted measurement on a system BIOS; when the system BIOS is trusted, transferring the first control right of the first kernel to the system BIOS; performing trusted measurement on a trusted computing system image through the system BIOS; when the trusted computing system image is trusted, loading the trusted computing system image, and transferring the first control right to the trusted computing system to start the trusted computing system; performing a trusted metric on the common computing system image; and when the common computing system image is trusted, loading the common computing system image, and transferring the second control right of the second kernel to the common computing system to start the common computing system.
With reference to the first aspect, in a first implementation manner of the first aspect, before the performing the trusted measurement on the system BIOS, the method further includes: performing resource allocation on the trusted computing system and the common computing system according to hardware resources of the trusted computing system and the common computing system; and compiling the trusted computing system and the common computing system into a trusted computing system image and a common computing system image respectively.
With reference to the first implementation manner of the first aspect, in a second implementation manner of the first aspect, when the system BIOS is not trusted, the system BIOS is not loaded, and the trusted measurement is performed on the system BIOS again.
With reference to the first implementation manner of the first aspect, in a third implementation manner of the first aspect, when the trusted computing system image is not trusted, the trusted computing system image is not loaded, and the trusted computing system image is subjected to a trusted metric again.
With reference to the first implementation manner of the first aspect, in a fourth implementation manner of the first aspect, when the common computing system image is not trusted, the common computing system image is not loaded, and the trusted measurement is performed on the common computing system image again.
With reference to any implementation manner of the first aspect to the fourth implementation manner of the first aspect, in a fifth implementation manner of the first aspect, the trusted computing system communicates with the common computing system through a preset shared memory.
According to a second aspect, the embodiment of the invention also discloses a trusted verification starting device of the system, which is applied to an embedded operating system and comprises: the first measurement module is used for carrying out credibility measurement on the system BIOS; the first transfer module is used for transferring the first control right of the first kernel to the system BIOS when the system BIOS is trusted; the second measurement module is used for carrying out trusted measurement on the trusted computing system image through the system BIOS; the first loading module is used for loading the trusted computing system image when the trusted computing system image is trusted, transferring the first control right to the trusted computing system and starting the trusted computing system; the third measurement module is used for carrying out credibility measurement on the common computing system image; and the second loading module is used for loading the common computing system image when the common computing system image is trusted, transferring the second control right of the second kernel to the common computing system, and starting the common computing system.
According to a third aspect, an embodiment of the present invention further discloses an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the one processor to cause the at least one processor to perform the method of trusted verification initiation of a system as described in the first aspect or any implementation of the first aspect.
According to a fourth aspect, the embodiment of the present invention further discloses an electronic device, a computer readable storage medium, on which computer instructions are stored, which instructions, when executed by a processor, implement a method for starting trusted verification of a system according to the first aspect or any implementation of the first aspect.
The technical scheme of the invention has the following advantages:
the invention provides a system credibility verification starting method, which is applied to an embedded operating system, and is characterized in that by carrying out credibility measurement on a system BIOS, when the system BIOS is credible, a first control right of a first kernel is handed over to the system BIOS, the credibility measurement is carried out on a credible computing system mirror image through the system BIOS, when the credible computing system mirror image is credible, the credible computing system is loaded, the first control right is handed over to the credible computing system, the credibility is carried out on a common computing system mirror image, when the common computing system mirror image is credible, the common computing system mirror image is loaded, and a second control right of a second kernel is handed over to the common computing system, and the common computing system is started. The invention ensures the safe starting of the system by verifying the trusted computing system and the common computing system respectively.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a specific example of a trusted verification initiation method of the system in embodiment 1 of the present invention;
FIG. 2 is a diagram illustrating a specific example of communication of a trusted agent under multiple cores in an embodiment of the present invention;
FIG. 3 is a schematic block diagram of a specific example of a trusted authentication initiation apparatus of a system according to embodiment 2 of the present invention;
fig. 4 is a diagram showing an example of an electronic device in embodiment 3 of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made apparent and fully in view of the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In addition, the technical features of the different embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
Example 1
The embodiment provides a trusted verification starting method of a system, which is applied to an embedded operating system, as shown in fig. 1, and comprises the following steps:
s11: the system BIOS is trusted.
The BIOS is a ROM program solidified on a main board in the computer, and stores the most important basic input and output program, the boot self-checking program and the system self-starting program of the computer, and mainly provides the bottommost and most direct hardware setting and control for the computer; the trusted measurement is to collect state information of the measurement object at a certain time point so as to check whether the current state of the measurement object accords with expectations or not, and the trusted measurement is used for measuring and evaluating the coincidence degree of expected description and actual behavior of the system, and the trusted platform control module performs the trusted measurement on the BIOS so as to check whether the BIOS accords with expectations or not.
S12: when the system BIOS is trusted, the first control right of the first kernel is handed over to the system BIOS.
Illustratively, as shown in fig. 2, the first kernel refers to a trusted computing kernel CPU0 of the trusted computing system, the first control right refers to the control right of the trusted computing kernel CPU0, when the system BIOS is trusted, the control right of the trusted computing kernel CPU0 is given to the BIOS, and the BIOS performs a trusted measurement on the trusted computing system.
S13: and carrying out trusted measurement on the trusted computing system image through the system BIOS.
Illustratively, the trusted metric method may be a static integrity metric, and the hash value of the trusted computing system image is computed using a hash function, and compared to a pre-stored reference hash value, to determine whether the trusted computing system image meets expectations.
S14: and when the trusted computing system image is trusted, loading the trusted computing system image, and transferring the first control right to the trusted computing system to start the trusted computing system.
Illustratively, when the trusted computing system image is trusted, the trusted computing system image is loaded, control of the common kernel is handed over to the trusted computing system, and the trusted computing system is booted.
S15: the trust metric is performed for a common computing system image. The specific implementation manner is described in the above step S13, and will not be described herein.
S16: and when the common computing system image is trusted, loading the common computing system image, and transferring the second control right of the second kernel to the common computing system to start the common computing system.
The second kernel refers to a general computing kernel CPU1 of the general computing system, the second control right refers to the control right of the general computing kernel CPU1, when the general computing system image is trusted, the general computing system image is loaded, the control right of the general computing kernel CPU1 is handed to the general computing system, the general computing system is started, so that all operating systems of the system are started, after the system is started, decoupling of the trusted computing system and the general computing system is realized through a trusted agent, and a function of calling trusted services to the trusted computing system by the general computing system is realized.
The invention provides a system credibility verification starting method, which is applied to an embedded operating system, and is characterized in that by carrying out credibility measurement on a system BIOS, when the system BIOS is credible, a first control right of a first kernel is handed over to the system BIOS, the credibility measurement is carried out on a credible computing system mirror image through the system BIOS, when the credible computing system mirror image is credible, the credible computing system is loaded, the first control right is handed over to the credible computing system, the credibility is carried out on a common computing system mirror image, when the common computing system mirror image is credible, the common computing system mirror image is loaded, and a second control right of a second kernel is handed over to the common computing system, and the common computing system is started. The invention ensures the safe starting of the system by verifying the trusted computing system and the common computing system respectively.
As an optional implementation manner of the present application, before step S11, the method for starting trusted verification of a system according to the embodiment of the present invention further includes:
firstly, distributing resources of the trusted computing system and the common computing system according to hardware resources of the trusted computing system and the common computing system.
By way of example, a system user may implement allocation of hardware resources such as CPU, memory space, peripheral I/O, etc. by adding and modifying different drivers at system start-up.
Secondly, the trusted computing system and the ordinary computing system are compiled into a trusted computing system image and an ordinary computing system image respectively.
The trusted computing system and the common computing system are compiled into single binary image files according to a certain format, namely the trusted computing system image and the common computing system image, so that the trusted computing system image and the common computing system image are convenient to download and use by users.
As an optional embodiment of the present application, step S12 further includes:
and when the system BIOS is not trusted, not loading the system BIOS and carrying out the trusted measurement on the system BIOS again.
Illustratively, checking whether the system BIOS is trusted or not, if the check is not passed, the system BIOS is not loaded, and the system BIOS is checked again.
As an optional embodiment of the present application, step S14 further includes:
and when the trusted computing system image is not trusted, not loading the trusted computing system image, and carrying out the trusted measurement on the trusted computing system image again.
Illustratively, checking whether the trusted computing system image is trusted or not, if the check is not passed, not loading the trusted computing system image, and re-checking the trusted computing system image.
As an optional embodiment of the present application, step S16 further includes:
and when the common computing system image is not trusted, not loading the common computing system image, and carrying out the trusted measurement on the common computing system image again.
Illustratively, before the trusted kernel wakes up the normal kernel, checking whether the normal computing system image is trusted or not, if the normal computing system image is not passed, loading the normal computing system image, and re-checking the normal computing system image.
As an optional implementation manner of the present application, after step S16, the method for starting trusted verification of a system according to the embodiment of the present invention further includes:
the trusted computing system communicates with the common computing system through a preset shared memory.
Illustratively, the inter-CPU core trusted agent may communicate a variety of communication content and message types, such as those in table 1 below and those in table 2 below. In the embodiment of the invention, the verification result calculated by the trusted kernel informs the common kernel in the inter-kernel interrupt mode, and then reads the verification result through the shared memory, so that communication is more efficient without depending on hardware peripherals.
TABLE 1
TABLE 2
| Message type | Description of the invention |
| Submitting static metric content completion notifications | Asynchronous notification trusted systems (kernels) may start static metrics |
| Returning static metric result notifications | Asynchronous notification of generic system static metric results |
| Submitting dynamic metric content completion notifications | Asynchronous notification trusted systems (kernels) can start dynamic metrics |
| Returning dynamic metric results notifications | Asynchronous notification of generic system dynamic metrics results |
| Rights check transaction commit complete notification | Asynchronous notification trusted systems (kernels) may start the permission check |
| Returning rights check result notifications | Asynchronous notification of whether a resource access object in a generic system has access to a resource |
Example 2
The embodiment of the invention also provides a device for starting the trusted verification of the system, as shown in fig. 3, comprising:
a first measurement module 21, configured to perform a trusted measurement on a system BIOS; the specific implementation manner is shown in step S11 in embodiment 1, and will not be described herein.
A first handing over module 22, configured to hand over the first control right of the first kernel to the system BIOS when the system BIOS is trusted; the specific implementation manner is shown in step S12 in embodiment 1, and will not be described herein.
A second measurement module 23, configured to perform a trusted measurement on a trusted computing system image through the system BIOS; the specific implementation manner is shown in step S13 in embodiment 1, and will not be described herein.
A first loading module 24, configured to load the trusted computing system image when the trusted computing system image is trusted, and transfer the first control right to the trusted computing system, and start the trusted computing system; the specific implementation manner is shown in step S14 in embodiment 1, and will not be described herein.
A third measurement module 25, configured to perform a trusted measurement on the common computing system image; the specific implementation manner is shown in step S15 in embodiment 1, and will not be described herein.
And the second loading module 26 is configured to load the normal computing system image when the normal computing system image is trusted, and transfer the second control right of the second kernel to the normal computing system, and start the normal computing system. The specific implementation manner is shown in step S16 in embodiment 1, and will not be described herein.
The invention provides a system credibility verification starting device, which is applied to an embedded operating system, and is characterized in that by carrying out credibility measurement on a system BIOS, when the system BIOS is credible, a first control right of a first kernel is handed over to the system BIOS, the credibility measurement is carried out on a credible computing system mirror image through the system BIOS, when the credible computing system mirror image is credible, the credible computing system is loaded, the first control right is handed over to the credible computing system, the credibility is carried out on a common computing system mirror image, when the common computing system mirror image is credible, the common computing system mirror image is loaded, and a second control right of a second kernel is handed over to the common computing system, and the common computing system is started. The invention ensures the safe starting of the system by verifying the trusted computing system and the common computing system respectively.
As an optional embodiment of the present application, the apparatus further comprises:
and the resource allocation module is used for allocating resources to the trusted computing system and the common computing system according to the hardware resources of the trusted computing system and the common computing system. The specific implementation manner is shown in the steps corresponding to embodiment 1, and will not be described herein.
And the compiling module is used for compiling the trusted computing system and the common computing system into a trusted computing system image and a common computing system image respectively. The specific implementation manner is shown in the steps corresponding to embodiment 1, and will not be described herein.
As an optional embodiment of the present application, the apparatus further comprises:
and the first re-measurement module is used for not loading the system BIOS and re-carrying out the trusted measurement on the system BIOS when the system BIOS is not trusted. The specific implementation manner is shown in the steps corresponding to embodiment 1, and will not be described herein.
As an optional embodiment of the present application, the apparatus further comprises:
and the second re-measurement module is used for not loading the trusted computing system image when the trusted computing system image is not trusted, and re-measuring the trusted computing system image. The specific implementation manner is shown in the steps corresponding to embodiment 1, and will not be described herein.
As an optional embodiment of the present application, the apparatus further comprises:
and the third re-measurement module is used for not loading the ordinary computing system image and re-carrying out the trusted measurement on the ordinary computing system image when the ordinary computing system image is not trusted. The specific implementation manner is shown in the steps corresponding to embodiment 1, and will not be described herein.
As an optional embodiment of the present application, the apparatus further comprises:
and the communication module is used for communicating the trusted computing system and the common computing system through a preset shared memory. The specific implementation manner is shown in the steps corresponding to embodiment 1, and will not be described herein.
Example 3
The embodiment of the present invention further provides an electronic device, as shown in fig. 4, which may include a processor 31 and a memory 32, where the processor 31 and the memory 32 may be connected by a bus or other means, and in fig. 4, the connection is exemplified by a bus.
The processor 31 may be a central processing unit (Central Processing Unit, CPU). The processor 31 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or a combination thereof.
The memory 32 is used as a non-transitory computer readable storage medium for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules (e.g., the first metrology module 21, the first handover module 22, the second metrology module 23, the first loading module 24, the third metrology module 25, and the second loading module 26 shown in fig. 3) corresponding to the trusted verification starting method of the system in the embodiment of the present invention. The processor 31 executes various functional applications of the processor and data processing, i.e. implements the trusted verification initiation method of the system in the above-described method embodiments, by running non-transitory software programs, instructions and modules stored in the memory 32.
The memory 32 may include a storage program area that may store an operating system, at least one application program required for functions, and a storage data area; the storage data area may store data created by the processor 31, etc. In addition, the memory 32 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 32 may optionally include memory located remotely from processor 31, which may be connected to processor 31 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 32 and when executed by the processor 31 perform a trusted verification initiation method of the system in the embodiment shown in fig. 1.
The specific details of the electronic device may be understood correspondingly with respect to the corresponding related descriptions and effects in the embodiment shown in fig. 1, which are not repeated herein.
Example 4
The embodiment of the invention also provides a computer storage medium, which stores computer executable instructions, and the computer executable instructions can execute the method for starting the trusted verification of the system in any of the method embodiments. Wherein the storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
It is apparent that the above examples are given by way of illustration only and are not limiting of the embodiments. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. While still being apparent from variations or modifications that may be made by those skilled in the art are within the scope of the invention.
Claims (7)
1. A system credibility verification starting method is applied to an embedded operating system and is characterized by comprising the following steps:
performing trusted measurement on a system BIOS;
when the system BIOS is trusted, transferring the first control right of the first kernel to the system BIOS;
performing trusted measurement on a trusted computing system image through the system BIOS;
when the trusted computing system image is trusted, loading the trusted computing system image, and transferring the first control right to the trusted computing system to start the trusted computing system;
performing a trusted metric on the common computing system image;
when the common computing system image is trusted, loading the common computing system image, transferring the second control right of the second kernel to the common computing system, and starting the common computing system;
before the trusted measurement is performed on the system BIOS, the method further comprises:
performing resource allocation on the trusted computing system and the common computing system according to hardware resources of the trusted computing system and the common computing system;
compiling the trusted computing system and the common computing system into a trusted computing system image and a common computing system image respectively;
before a trusted kernel starts a common kernel, checking whether a mirror image of the common computing system is trusted or not, wherein the trusted computing system and the common computing system communicate through a preset shared memory, the first kernel refers to the trusted computing kernel of the trusted computing system, the second kernel refers to the common computing kernel of the common computing system, and a checking result of the trusted kernel is informed of the common kernel in a mode of inter-kernel interrupt.
2. The method of claim 1, wherein the system BIOS is not loaded and trusted metrics are re-performed on the system BIOS when the system BIOS is not trusted.
3. The method of claim 1, wherein when the trusted computing system image is not trusted, not loading the trusted computing system image and re-performing a trusted metric on the trusted computing system image.
4. The method of claim 1, wherein the normal computing system image is not loaded and trusted metrics are re-performed on the normal computing system image when the normal computing system image is not trusted.
5. A trusted authentication initiation device of a system, applied to an embedded operating system, comprising:
the first measurement module is used for carrying out credibility measurement on the system BIOS;
the first transfer module is used for transferring the first control right of the first kernel to the system BIOS when the system BIOS is trusted;
the second measurement module is used for carrying out trusted measurement on the trusted computing system image through the system BIOS;
the first loading module is used for loading the trusted computing system image when the trusted computing system image is trusted, transferring the first control right to the trusted computing system and starting the trusted computing system;
the third measurement module is used for carrying out credibility measurement on the common computing system image;
the second loading module is used for loading the common computing system image when the common computing system image is trusted, transferring the second control right of the second kernel to the common computing system and starting the common computing system;
the resource allocation module is used for allocating resources to the trusted computing system and the common computing system according to hardware resources of the trusted computing system and the common computing system;
the compiling module is used for compiling the trusted computing system and the common computing system into a trusted computing system mirror image and a common computing system mirror image respectively;
the verification module is used for verifying whether the mirror image of the common computing system is trusted or not before the common kernel is started by the trusted kernel, the trusted computing system and the common computing system communicate through a preset shared memory, the first kernel refers to the trusted computing kernel of the trusted computing system, the second kernel refers to the common computing kernel of the common computing system, and a verification result of the trusted kernel is notified to the common kernel in a kernel interrupt mode.
6. An electronic device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the one processor to cause the at least one processor to perform the trusted verification initiation method of the system of any one of claims 1 to 4.
7. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement a method of trusted verification initiation of a system as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911301758.8A CN111045744B (en) | 2019-12-17 | 2019-12-17 | System credibility verification starting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911301758.8A CN111045744B (en) | 2019-12-17 | 2019-12-17 | System credibility verification starting method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111045744A CN111045744A (en) | 2020-04-21 |
| CN111045744B true CN111045744B (en) | 2024-03-08 |
Family
ID=70235255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911301758.8A Active CN111045744B (en) | 2019-12-17 | 2019-12-17 | System credibility verification starting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111045744B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN101877040A (en) * | 2009-12-07 | 2010-11-03 | 中国航天科工集团第二研究院七○六所 | High-reliability computing platform |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN103593622A (en) * | 2013-11-05 | 2014-02-19 | 浪潮集团有限公司 | FPGA-based design method of safe and trusted computer |
| CN104156659A (en) * | 2014-08-14 | 2014-11-19 | 电子科技大学 | Embedded system secure start method |
| CN105608385A (en) * | 2015-12-29 | 2016-05-25 | 南京理工大学 | Trusted starting method of embedded equipment based on embedded trusted computing module |
| CN109871694A (en) * | 2019-03-14 | 2019-06-11 | 沈昌祥 | A kind of staticametric method based on dual Architecture credible calculating platform |
| CN109918916A (en) * | 2019-03-14 | 2019-06-21 | 沈昌祥 | A kind of Dual system credible accounting system and method |
| CN110175457A (en) * | 2019-04-08 | 2019-08-27 | 全球能源互联网研究院有限公司 | A kind of dual Architecture trusted operating system and method |
| CN110263545A (en) * | 2019-05-22 | 2019-09-20 | 西安理工大学 | A kind of start-up course integrity measurement detection method based on android system |
| CN110321712A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | The staticametric method and device of credible calculating platform based on dual Architecture |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7716494B2 (en) * | 2004-07-15 | 2010-05-11 | Sony Corporation | Establishing a trusted platform in a digital processing system |
-
2019
- 2019-12-17 CN CN201911301758.8A patent/CN111045744B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN101877040A (en) * | 2009-12-07 | 2010-11-03 | 中国航天科工集团第二研究院七○六所 | High-reliability computing platform |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN103593622A (en) * | 2013-11-05 | 2014-02-19 | 浪潮集团有限公司 | FPGA-based design method of safe and trusted computer |
| CN104156659A (en) * | 2014-08-14 | 2014-11-19 | 电子科技大学 | Embedded system secure start method |
| CN105608385A (en) * | 2015-12-29 | 2016-05-25 | 南京理工大学 | Trusted starting method of embedded equipment based on embedded trusted computing module |
| CN109871694A (en) * | 2019-03-14 | 2019-06-11 | 沈昌祥 | A kind of staticametric method based on dual Architecture credible calculating platform |
| CN109918916A (en) * | 2019-03-14 | 2019-06-21 | 沈昌祥 | A kind of Dual system credible accounting system and method |
| CN110175457A (en) * | 2019-04-08 | 2019-08-27 | 全球能源互联网研究院有限公司 | A kind of dual Architecture trusted operating system and method |
| CN110263545A (en) * | 2019-05-22 | 2019-09-20 | 西安理工大学 | A kind of start-up course integrity measurement detection method based on android system |
| CN110321712A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | The staticametric method and device of credible calculating platform based on dual Architecture |
Non-Patent Citations (2)
| Title |
|---|
| Performing Trusted Computing Actively Using Isolated Security Processor;Jia, XQ 等;PROCEEDINGS OF THE 1ST WORKSHOP ON SECURITY-ORIENTED DESIGNS OF COMPUTER ARCHITECTURES AND PROCESSORS;20180101;全文 * |
| 王天舒 等."嵌入式系统可信启动机制设计与实现".《计算机测量与控制》.2015,(第04期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111045744A (en) | 2020-04-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107729041B (en) | Application program hot updating method, device, terminal and storage medium | |
| AU2017290741B2 (en) | Secure booting of virtualization managers | |
| EP3479224B1 (en) | Memory allocation techniques at partially-offloaded virtualization managers | |
| US8539245B2 (en) | Apparatus and method for accessing a secure partition in non-volatile storage by a host system enabled after the system exits a first instance of a secure mode | |
| CN108462760B (en) | Electronic device, automatic cluster access domain name generation method and storage medium | |
| KR100855803B1 (en) | Cooperative embedded agents | |
| EP2831722B1 (en) | Method and system for verifying proper operation of a computing device after a system change | |
| US11281768B1 (en) | Firmware security vulnerability verification service | |
| US20160275290A1 (en) | Dynamic Firmware Module Loader in a Trusted Execution Environment Container | |
| US20210303691A1 (en) | Ip independent secure firmware load | |
| CN110851188A (en) | Domestic PLC trusted chain implementation device and method based on binary architecture | |
| US11886350B2 (en) | System memory context determination for integrity monitoring and related techniques | |
| CN111177703B (en) | Method and device for determining data integrity of operating system | |
| CN105471614A (en) | Overload protection method and device and server | |
| CN111045744B (en) | System credibility verification starting method and device | |
| CN110442380B (en) | Data preheating method and computing equipment | |
| CN115827522A (en) | BIOS setting method, BIOS chip and electronic equipment | |
| CN107360167B (en) | Authentication method and device | |
| CN111897728B (en) | Interface debugging method and related equipment | |
| CN108959405B (en) | Strong consistency reading method of data and terminal equipment | |
| CN109472148B (en) | Method, device and storage medium for loading hot patch | |
| CN111736869A (en) | Version updating method of server-side interface and calling method of server-side interface | |
| CN111680334A (en) | Disk security access method, device, equipment and medium | |
| CN110908725A (en) | Application program starting method and device, electronic equipment and readable medium | |
| CN115695454B (en) | Data storage method, device and equipment of MEC host and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |