CN112162781A - Method and device for dual-core secure boot based on trusted root measurement and related products - Google Patents
Method and device for dual-core secure boot based on trusted root measurement and related products Download PDFInfo
- Publication number
- CN112162781A CN112162781A CN202011017943.7A CN202011017943A CN112162781A CN 112162781 A CN112162781 A CN 112162781A CN 202011017943 A CN202011017943 A CN 202011017943A CN 112162781 A CN112162781 A CN 112162781A
- Authority
- CN
- China
- Prior art keywords
- operating system
- root
- application program
- core
- measurement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4411—Configuring for operating with peripheral devices; Loading of device drivers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a method, a device and a related product for dual-core safe starting based on a root of trust measurement, wherein the method comprises the following steps: when the block chain link point is powered on, the operation system of the block chain link point is loaded to the first core of the block chain link point to be started so as to determine the credible root measurement of the operation system; loading the application program of the blockchain node to a second core of the blockchain node for starting so as to determine the credible root measurement of the application program; and respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program. According to the embodiment of the application, the credible state of the block link points can be comprehensively evaluated, the overall time consumption for credible evaluation is reduced, and the timeliness of credible evaluation is improved.
Description
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method and an apparatus for dual-core secure boot based on root-of-trust measurement, and a related product.
Background
In the prior art, when performing a trusted judgment on a block link point, it is mainly determined whether an operating system installed on the block link point is trusted, and the specific process is as follows: and in the process of electrifying the block chain link points but before the operating system is not started, respectively carrying out credibility judgment and transmission of credibility judgment control right on the BIOS, the OS loader and the OS according to the sequence, and starting the operating system if the OS is judged to be credible at last.
However, from a security perspective, for a blockchain node, an operating system is only one factor affecting the security of the blockchain node, after the operating system is started to run, a large number of applications are also run on the blockchain node, whether the applications are trusted or not often affects the security of the blockchain node, and particularly in the internet era, whether the application is trusted or not is actually met in the whole internet environment.
Therefore, a solution is needed to fully evaluate the trusted status of the blockchain node.
Disclosure of Invention
Based on the above problems, embodiments of the present application provide a method, an apparatus, and a related product for dual-core secure boot based on a root of trust metric.
The embodiment of the application discloses the following technical scheme:
1. a method for dual-core secure boot based on a root of trust metric includes:
when a block chain link point is powered on, starting by loading an operating system of a block chain node to a first core of the block chain node to determine a root-of-trust measure of the operating system;
loading an application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
and respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program.
Optionally, in an embodiment of the present application, when a block link node is powered on, the determining a root-of-trust metric of an operating system by loading the operating system of the block link node to a first core of the block link node for booting includes:
extracting an executable file and/or a library file of the operating system;
loading an executable file and/or a library file to a first core of the blockchain node for operation;
calculating a credibility root measurement in the running process of the executable file and/or the library file;
and determining the credible root measurement of the operating system according to the credible root measurement of the executable file and/or the library file.
Optionally, in an embodiment of the present application, the loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes:
extracting an executable file and/or a library file of the application program;
loading the executable file and/or the library file to a second core for running;
calculating a credibility root measurement in the running process of the executable file and/or the library file;
and determining the credibility root measurement of the application program according to the credibility root measurement of the executable file and/or the library file.
Optionally, in an embodiment of the present application, the loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes: creating a first virtual operating system and a second virtual operating system in the second core;
the loading the executable file and/or the library file to the second core for running comprises the following steps: and loading the executable file and/or the library file to the first virtual operating system and/or the second virtual operating system respectively for running.
Optionally, in an embodiment of the present application, the loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program further includes: extracting a configuration file of the application program; and creating a third virtual operating system in the second core;
further comprising: and loading the configuration file to the third virtual operating system for running.
Optionally, in an embodiment of the present application, the extracting an executable file and/or a library file of the application includes: starting a virtual machine monitor, extracting an executable file and/or a library file of the application program through the started virtual machine monitor, and extracting a configuration file of the application program.
Optionally, in an embodiment of the present application, the determining a root-of-trust metric of an operating system by loading the operating system of a blockchain node to a first core of the blockchain node for booting when the blockchain node is powered on includes: when a block chain link point is powered on, loading an operating system of the block chain node to a first core of the block chain node for starting, determining whether a key process called by the operating system in a starting process is registered in a key process list, and if so, calculating a credible root metric of the key process; and determining a trusted root metric of the operating system according to the feasible root metric of the key process.
Optionally, in an embodiment of the present application, the loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes: and loading the application program of the blockchain node to a second core of the blockchain node for starting, determining whether the started application program is registered in a key application program list, and if so, calculating the root-of-trust measurement of the application program.
An apparatus for dual-core secure boot based on root-of-trust metrics, comprising:
the first measurement module is used for loading an operating system of a block chain node to a first core of the block chain node for starting so as to determine a root-of-trust measurement of the operating system when the block chain node is powered on;
a second metric module, configured to load the application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
and the credibility evaluation module is used for evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credibility root measurement of the operating system and the credibility root measurement of the application program.
Optionally, in an embodiment of the present application, the first metric module includes:
the first extraction unit is used for extracting an executable file and/or a library file of the operating system;
the first loading unit is used for loading the executable file and/or the library file to a first core of the blockchain node for running;
the first computing unit is used for computing a credible root measure in the running process of the executable file and/or the library file;
and the first measurement unit is used for determining the credibility root measurement of the operating system according to the credibility root measurement of the executable file and/or the library file.
Optionally, in an embodiment of the present application, the second metrology module includes:
the second extraction unit is used for extracting the executable file and/or the library file of the application program;
the second loading unit is used for loading the executable file and/or the library file to the second core for running;
the second calculation unit is used for calculating the credible root measurement in the running process of the executable file and/or the library file;
and the second measurement unit is used for determining the credibility root measurement of the application program according to the credibility root measurement of the executable file and/or the library file.
Optionally, in an embodiment of the present application, the method further includes: a first creating module for creating a first virtual operating system and a second virtual operating system in the second core;
the second loading unit is further used for loading the executable file and/or the library file to the first virtual operating system and/or the second virtual operating system respectively for running.
Optionally, in an embodiment of the present application, the second metrology module further includes: the third extraction unit is used for extracting the configuration file of the application program;
the device further comprises:
a second creating module for creating a first virtual operating system and a second virtual operating system in the second core;
and the third loading module is used for loading the configuration file to the third virtual operating system for running.
Optionally, in an embodiment of the present application, the second extracting unit is further configured to start a virtual machine monitor, extract an executable file and/or a library file of the application program through the started virtual machine monitor, and extract a configuration file of the application program.
Optionally, in an embodiment of the present application, the first metric module is further configured to, when a block link node is powered on, load an operating system of a block chain node to a first core of the block chain node for starting, and determine whether a key process called by the operating system in a starting process is registered in a key process list, and if so, calculate a root-of-trust metric of the key process; and determining a trusted root metric of the operating system according to the feasible root metric of the key process.
Optionally, in an embodiment of the present application, the second metric module is further configured to load an application program of the blockchain node to a second core of the blockchain node for starting, determine whether the started application program is registered in a key application program list, and if so, calculate a root-of-trust metric of the application program.
A computer storage medium having stored thereon an executable program that when executed performs the method of any of the claims.
An electronic device comprising a trusted computing module, the trusted computing module comprising a memory having an executable program stored thereon and a processor that, when running the executable program, performs the steps of:
when a block chain link point is powered on, starting by loading an operating system of a block chain node to a first core of the block chain node to determine a root-of-trust measure of the operating system;
loading an application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
and respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program.
Optionally, in an embodiment of the present application, the step of, when a block link node is powered on, the processor executing boot by loading an operating system of the block link node to a first core of the block link node to determine a root-of-trust metric of the operating system includes:
extracting an executable file and/or a library file of the operating system;
loading an executable file and/or a library file to a first core of the blockchain node for operation;
calculating a credibility root measurement in the running process of the executable file and/or the library file;
and determining the credible root measurement of the operating system according to the credible root measurement of the executable file and/or the library file.
Optionally, in an embodiment of the present application, the step of loading, by the processor, the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes:
extracting an executable file and/or a library file of the application program;
loading the executable file and/or the library file to a second core for running;
calculating a credibility root measurement in the running process of the executable file and/or the library file;
and determining the credibility root measurement of the application program according to the credibility root measurement of the executable file and/or the library file.
Optionally, in an embodiment of the present application, the step of loading, by the processor, the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes: creating a first virtual operating system and a second virtual operating system in the second core;
the loading the executable file and/or the library file to the second core for running comprises the following steps: and loading the executable file and/or the library file to the first virtual operating system and/or the second virtual operating system respectively for running.
Optionally, in an embodiment of the present application, the step of, when executing the step of loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program, the method further includes: extracting a configuration file of the application program; and creating a third virtual operating system in the second core; and loading the configuration file to the third virtual operating system for running.
Optionally, in an embodiment of the present application, the step of the processor executing to extract the executable file and/or the library file of the application includes: starting a virtual machine monitor, extracting an executable file and/or a library file of the application program through the started virtual machine monitor, and extracting a configuration file of the application program.
Optionally, in an embodiment of the present application, the step of, when a block link node is powered on, the processor executing boot by loading an operating system of the block link node to a first core of the block link node to determine a root-of-trust metric of the operating system includes: when a block chain link point is powered on, loading an operating system of the block chain node to a first core of the block chain node for starting, determining whether a key process called by the operating system in a starting process is registered in a key process list, and if so, calculating a credible root metric of the key process; and determining a trusted root metric of the operating system according to the feasible root metric of the key process.
Optionally, in an embodiment of the present application, the step of loading, by the processor, the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes: and loading the application program of the blockchain node to a second core of the blockchain node for starting, determining whether the started application program is registered in a key application program list, and if so, calculating the root-of-trust measurement of the application program.
A big data trust system comprises a plurality of block chain nodes, wherein each block chain node is provided with a trusted computing module, and the trusted computing module is used for implementing the following steps:
when a block chain link point is powered on, starting by loading an operating system of a block chain node to a first core of the block chain node to determine a root-of-trust measure of the operating system;
loading an application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
and respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program.
According to the technical scheme of the embodiment of the application, when the block chain node is powered on, the operation system of the block chain node is loaded to the first core of the block chain node to be started so as to determine the credible root measurement of the operation system; loading an application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program; according to the root-of-trust measurement of the operating system and the root-of-trust measurement of the application program, the safe starting degree of the operating system and the safe starting degree of the application program are evaluated respectively, so that the credible evaluation of the operating system and the evaluation of the application program can be realized, and the comprehensive evaluation of the credible state of the block chain node can be realized; in addition, no coupling relation exists between the credible evaluation of the operating system and the evaluation of the application program, so that the overall time consumption for credible evaluation is reduced, and the timeliness of credible evaluation is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a schematic diagram of a big data trust system in an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for dual-core secure boot based on a root of trust measurement in an embodiment of the present application;
fig. 3 is a schematic diagram of a preferred flow of S201 in the embodiment of the present application:
fig. 4 is a schematic diagram of a preferred flow of S202 in the embodiment of the present application:
fig. 5 is another preferred flow chart of step S201 in the embodiment of the present application;
fig. 6 is another preferred flow chart of S202 in the embodiment of the present application:
FIG. 7 is a schematic structural diagram of an apparatus for dual-core secure boot based on root-of-trust measurement according to an embodiment of the present application;
FIG. 8 is a schematic structural diagram of a first metrology module in an embodiment of the present application;
FIG. 9 is a schematic diagram of a second metrology module in an embodiment of the present application;
FIG. 10 is a schematic diagram of another configuration of a first metrology module in an embodiment of the present application;
FIG. 11 is a schematic diagram of another structure of a second metrology module in an embodiment of the present application;
FIG. 12 is a schematic structural diagram of an electronic device in an embodiment of the present application;
fig. 13 is a schematic hardware structure diagram of an electronic device in an embodiment of the present application.
Detailed Description
It is not necessary for any particular embodiment of the invention to achieve all of the above advantages at the same time.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
FIG. 1 is a schematic diagram of a big data trust system in an embodiment of the present application; as shown in fig. 1, the big data trust system includes a plurality of block chain nodes, each block chain node is provided with a trusted computing module, and the trusted computing module is configured to implement: when a block chain link point is powered on, starting by loading an operating system of a block chain node to a first core of the block chain node to determine a root-of-trust measure of the operating system; loading an application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program; and respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program.
In this embodiment, the types of the block link points in the big data trust system may be the same or different.
In this embodiment, the first core and the second core may be cores of the same type or the same model, or cores of different types or different models.
In fig. 1 described above, the interaction between block link points is merely an example.
Fig. 2 is a schematic flowchart of a method for dual-core secure boot based on a root of trust measurement in an embodiment of the present application; as shown in fig. 2, the method for dual-core secure boot based on the root of trust metric includes:
s201, when a block chain node is powered on, an operating system of the block chain node is loaded to a first core of the block chain node to be started so as to determine a root of trust measure of the operating system;
in this embodiment, the block link point may belong to a dedicated computer, an Ethernet (Ethernet) switch, an access point (access point), or a network access server.
In this embodiment, the operating system is not particularly limited, and may be a windows system, a linux system, or the like.
In this embodiment, the root-of-trust metric of the operating system of the blockchain node may be calculated based on the static root-of-trust metric. Specifically, a trusted measurement module is configured on a blockchain node as a trusted root, trusted measurement is performed on the trusted measurement to obtain trusted root measurement, a trusted word of the trusted root is obtained through the trusted root measurement, the trusted measurement is performed on the BIOS to obtain the trusted root measurement, the trusted word of the BIOS is obtained through the trusted root measurement, trusted measurement is performed on an OS loader to obtain the trusted root measurement, the trusted word of the BIOS is obtained through the trusted root measurement, the trusted measurement is performed on the OS to obtain the trusted root measurement, the trusted word of the OS is obtained through the trusted root measurement, the operating system is determined to be trusted, and the operating system is started, so that the trusted state of the operating system is accurately evaluated.
Specifically, in the process of obtaining the root-of-trust measure by performing the trust measure, the running process of the used code is monitored, and whether the jump relationship and the like of the function are executed according to the predetermined jump relationship is determined.
Further, the used codes can be subjected to hash operation to obtain hash values, the hash values are compared with the hash values obtained by the hash operation when the codes are executed according to a preset jump relation, and if the hash values are completely the same or the difference is within a receivable range, a credible conclusion is generated, so that the credible state of the operating system is accurately evaluated.
In this embodiment, the step S201 is executed in a kernel mode of the operating system, so that the step S201 is executed in the kernel, thereby ensuring the security of the processing procedure of the step S201.
Alternatively, in other embodiments, a trusted information collection proxy service module, such as a virtual machine monitor, may also be configured to collect running information of the BIOS, the OS Loader, and the OS, respectively, and calculate a trust tracking metric of the BIOS, the OS Loader, and the OS, and if the trust tracking metric indicates that the BIOS, the OS Loader, and the OS are trusted, start the operating system, otherwise, not start the operating system. The dependence on the trust chain is avoided in a non-chain mode, the transmission of the trust relationship is not needed, and whether the operating system is trusted or not is quickly determined.
S202, loading the application program of the blockchain node to a second core of the blockchain node for starting so as to determine the credibility root measurement of the application program;
specifically, in this embodiment, when the application program is loaded to the second core of the block chain node and started, the core file of the application program and the standard integrity data of the core file are extracted, and the standard trust metric digest value corresponding to the integrity data is calculated.
To this end, determining the root-of-trust metric for the application may include the steps of: determining a starting execution event of the application program through the constructed trusted execution environment; under the trigger of the starting execution event, extracting real-time integrity data of the application program, and calculating a real-time credible measurement abstract value of the real-time integrity data; and determining the credibility state of the application program according to the real-time credibility measurement abstract value and the standard credibility measurement abstract value so as to determine whether the application program is tampered.
Specifically, a process creation event in the operating system may be monitored through the built trusted execution environment, and the start execution event of the application program is determined according to the monitored process creation event.
In this embodiment, the hash operation is performed on the integrity data to obtain a real-time credibility measurement digest value.
In this embodiment, the core file includes an executable file and a dynamic library file. In this embodiment, first, hash operation is performed on the integrity data of the executable file to obtain a real-time credible measurement digest value, and the real-time credible measurement digest value is compared with a standard credible measurement digest value corresponding to the integrity data of the executable file during normal operation, and if the real-time credible measurement digest value is consistent with the standard credible measurement digest value, the executable file is credible; and transferring the control right of credibility judgment to the dynamic library file, carrying out Hash operation on the integrity data of the dynamic library file to obtain a real-time credibility measurement abstract value, comparing the real-time credibility measurement abstract value with a standard credibility measurement abstract value corresponding to the integrity data of the dynamic library file in normal operation, and if the real-time credibility measurement abstract value is consistent with the standard credibility measurement abstract value, judging that the dynamic library is credible. If one of the executable file and the dynamic library file is not trusted, the application program can be determined to be not trusted, and only if the executable file and the dynamic library file are both trusted, the application program can be determined to be trusted, namely, not tampered, otherwise, the application program is determined to be not trusted, namely, tampered.
In this embodiment, if the real-time credibility measurement digest value is consistent with the standard credibility measurement digest value, it is indicated that the application program is completely credible, and the farther the real-time credibility measurement digest value is from the standard credibility measurement digest value, the greater the degree of incredibility of the application program is indicated, and the smaller the degree of credibility is.
For this purpose, a confidence threshold may be set, which indicates that the application is not trustworthy if the distance between the real-time confidence measure summary value and the standard confidence measure summary value exceeds the confidence threshold. For the case that the distance between the real-time credibility measurement abstract value and the standard credibility measurement abstract value does not exceed the credibility threshold, a credibility level can be set according to the distance (such as Euclidean distance), such as: fully trusted, substantially trusted, and the like.
S203, respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program.
In this embodiment, if it can be determined that the operating system and the application program can be safely started, for example, completely trusted or substantially trusted, through the root-of-trust metric of the operating system and the root-of-trust metric of the application program, if the safe start is verified and voted through by a certain proportion of the blockchain nodes in the big data trust system, the corresponding blockchain nodes can be considered to be safely driven, and it can be further determined that the blockchain nodes are safe.
Fig. 3 is a schematic diagram of a preferred flow of S201 in the embodiment of the present application: as shown in fig. 3, in step S201, when a block link node is powered on, the step of starting by loading an operating system of the block chain node to a first core of the block chain node to determine a root-of-trust metric of the operating system may include the following steps:
S211A, extracting an executable file and/or a library file of the operating system;
specifically, the executable file and/or library file of the operating system can be extracted according to the execution path of the executable file and/or library file, so that the executable file and/or library file of the operating system can be extracted quickly.
S221, 221A, loading executable files and/or library files to a first core of the blockchain node for running;
in this embodiment, a start loading function in the operating system may be specifically called, so that the executable file and/or the library file are accurately loaded to the first core of the block chain node. For windows, the boot load function is, for example, bootloader.
S231A, calculating a credible root measure in the running process of the executable file and/or the library file;
S241A, determining the credible root measurement of the operating system according to the credible root measurement of the executable file and/or the library file.
In the embodiment, specifically, a hash operation is performed on the integrity data of the executable file to obtain a real-time credibility measurement abstract value, the real-time credibility measurement abstract value is compared with a standard credibility measurement abstract value corresponding to the integrity data of the executable file in normal operation, a credibility root measurement is generated according to the consistency degree, and if the credibility of the executable file is judged according to the credibility root measurement, the executable file is considered to be in a safe starting state; and carrying out Hash operation on the integrity data of the dynamic library file to obtain a real-time credibility measurement abstract value, comparing the real-time credibility measurement abstract value with a standard credibility measurement abstract value corresponding to the integrity data of the dynamic library file in normal operation, generating a credibility root measurement according to the consistency degree, and if the credibility of the dynamic library is judged according to the credibility root measurement, the dynamic library is in a safe starting state. If one of the executable file and the dynamic library file is not trusted, the operating system can be determined to be not safely started, and only if the executable file and the dynamic library file are both trusted, the operating system can be determined to be safely started, namely, not tampered, and can be allowed to run. Otherwise, if the operating system is determined to be not trusted, i.e., not securely booted, its operation may be prohibited.
Specifically, after the root-of-trust metrics of the executable file and/or the library file are measured, statistical analysis may be performed on the root-of-trust metrics to generate a final root-of-trust metric, which is used to represent the trustworthiness of the operating system as a whole, and if it is determined that the operating system is completely or substantially trustworthy through the final root-of-trust metric, it indicates that the executable file and/or the library file in the operating system are in a safe-bootable state as a whole, so as to allow the booting of the operating system, for example, for a windows system, if a boot-up screen is visible to a user, it indicates that the operating system is allowed to be booted and completely booted.
Further, in another embodiment, loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes: creating a first virtual operating system and a second virtual operating system in the second core;
the loading the executable file and/or library file into the second core run may further comprise: and loading the executable file and/or the library file to the first virtual operating system and/or the second virtual operating system respectively for running.
In this embodiment, since the executable file may be loaded to the first virtual operating system and/or the library file may be loaded to the second virtual operating system for operation, the root of trust metrics of the executable file and the library file may be isolated from each other, thereby avoiding crosstalk between them; in addition, the time consumption of the calculation of the credible root measurement can be reduced, and the calculation efficiency is improved.
Further, the loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program may further include: extracting a configuration file of the application program; and creating a third virtual operating system in the second core; and loading the configuration file to the third virtual operating system for running.
The implementation of creating the first-third virtual operating systems described above may be specifically implemented by a virtual machine tool.
Fig. 4 is a schematic diagram of a preferred flow of S202 in the embodiment of the present application: as shown in fig. 4, in step S202, loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program may include the following steps:
S212A, extracting an executable file and/or a library file of the application program;
in this embodiment, an interception request may be generated according to a monitored process creation event; and intercepting the starting execution event of the application program under the triggering of the interception request.
In this embodiment, the path information of the application program is first determined under the trigger of the interception request, and the start execution event of the application program is intercepted according to the path information, so that accurate and fast interception is realized. In this embodiment, a zwcreateprocess function in the operating system may be specifically called to intercept the start execution event of the application program, and the executable file and/or library file of the application program may be extracted according to the intercepted start execution event.
Alternatively, in other embodiments, the created trusted execution environment is hooked to a process creation function in the virtual operating system; therefore, a trusted execution environment of a function is created through a process hooked to an operating system, a starting execution event of the application program is determined, the starting execution event of the application program is intercepted, and an executable file and/or a library file of the application program are/is extracted according to the intercepted starting execution event.
In particular, the kernel of the system may be modified such that a HOOK of the kernel, which is dependent on HOOK, HOOKs the trusted execution environment to a process creation function, such as the zwCreateprocessEX function, in the operating system.
S222A, loading the executable file and/or the library file to a second core for running;
S232A, calculating a credible root measure in the running process of the executable file and/or the library file;
S242A, determining the credibility root measurement of the application program according to the credibility root measurement of the executable file and/or the library file.
Specifically, in this embodiment, in step S212, the step of extracting the executable file and/or the library file of the application program may include: starting a virtual machine monitor, extracting an executable file and/or a library file of the application program through the started virtual machine monitor, and extracting a configuration file of the application program.
In the above embodiment, the operating system is also regarded as a special application program, or called a system-level application program, and the application program running on the operating system after the operating system is started is called a user-level application program. However, from the credibility perspective, since the credible tracking measurement is obtained by performing credible calculation on the executable file and the library file, the consistency of the architecture realized by the credible algorithm is realized, the difficulty in realizing the credible algorithm is reduced, and meanwhile, the credible calculation efficiency can be improved.
Fig. 5 is another preferred flow chart of step S201 in the embodiment of the present application; as shown in fig. 5, in step S201, when the operating system of a block chain node is loaded to the first core of the block chain node for booting to determine the root-of-trust metric of the operating system when the block chain node is powered on, the method may include:
S211B, when the block chain link point is powered on, loading the operating system of the block chain node to the first core of the block chain node for starting;
S221B, determining whether the key process called by the operating system in the starting process is registered in a key process list;
S231B, if the key process called by the operating system in the starting process is registered in a key process list, calculating the credible root measurement of the key process;
S241B, determining the credible root metric of the operating system according to the feasible root metric of the key process.
In this embodiment, the importance analysis may be performed on the key processes that may be invoked according to the starting process of the operating system, and only those key processes that have a large influence on the starting of the operating system are concerned, such as a Session Manager Session management process, a subsystem server process, a user login management process, a Session key generation process, and a ticket (ticket) process granted for interactive client/server authentication. When the trusted computing is carried out, only aiming at the key processes, not aiming at all executable files and library files related to the operating system from the integrity point of view, the trusted computing is more focused, so that the efficiency of the trusted computing can be improved, and whether the operating system is safely started or not can be quickly judged.
Fig. 6 is another preferred flow chart of S202 in the embodiment of the present application: as shown in fig. 6, in step S202, loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program may include the following steps:
S212B, loading the application program of the blockchain node to the second core of the blockchain node for starting;
S222B, determining whether the started application program is registered in a key application program list;
S232B, if yes, calculating the credibility root measurement of the application program.
Similarly, for the above operating system, only the key processes registered in the key process list are subjected to the root-of-trust measurement based on the key process list. And aiming at the application programs, only carrying out credible root measurement on the application programs registered in the key application program list by taking the key application program list as a basis.
It should be noted that the key process list and the key application list are not fixed and may be updated continuously according to the operating system, and the update may be based on big data analysis, for example, after a process with a high virus damage frequency or an exception, the operation of the operating system is seriously affected, and the update may be added to the key process list in real time; similarly, the list of critical applications may also be updated in real-time.
FIG. 7 is a schematic structural diagram of an apparatus for dual-core secure boot based on root-of-trust measurement according to an embodiment of the present application; as shown in fig. 7, it includes:
a first metric module 701, configured to, when a block link node is powered on, determine a root-of-trust metric of an operating system by loading the operating system of the block link node to a first core of the block link node for starting;
a second metric module 702, configured to load the application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
the trusted evaluation module 703 is configured to evaluate the secure boot degree of the operating system and the secure boot degree of the application program according to the root-of-trust metric of the operating system and the root-of-trust metric of the application program, respectively.
For an exemplary explanation of the related art of this embodiment, reference may be made to the embodiment shown in fig. 2.
FIG. 8 is a schematic structural diagram of a first metrology module in an embodiment of the present application; as shown in fig. 8, the first metric module includes:
a first extraction unit 711A, configured to extract an executable file and/or a library file of the operating system;
a first loading unit 721A, configured to load an executable file and/or a library file to a first core of the blockchain node for running;
a first calculating unit 731A, configured to calculate a root of trust metric during running of the executable file and/or the library file;
a first metric unit 741A, configured to determine a root of trust metric of the operating system according to the root of trust metric of the executable file and/or the library file.
For an exemplary explanation of the related art of this embodiment, reference may be made to the embodiment shown in fig. 3.
FIG. 9 is a schematic diagram of a second metrology module in an embodiment of the present application; as shown in fig. 9, the second metric module includes:
a second extracting unit 712A, configured to extract an executable file and/or a library file of the application program;
a second loading unit 722A, configured to load the executable file and/or the library file to the second core for running;
a second calculating unit 732A, configured to calculate a root of trust metric during running of the executable file and/or the library file;
a second metric unit 742A, configured to determine a root of trust metric of the application according to the root of trust metric of the executable file and/or the library file.
Optionally, in an embodiment, the method further includes: a first creating module for creating a first virtual operating system and a second virtual operating system in the second core;
the second loading unit is further used for loading the executable file and/or the library file to the first virtual operating system and/or the second virtual operating system respectively for running.
Optionally, in an embodiment, the second metric module further includes: the third extraction unit is used for extracting the configuration file of the application program; to this end, the apparatus further comprises:
a second creating module for creating a first virtual operating system and a second virtual operating system in the second core;
and the third loading module is used for loading the configuration file to the third virtual operating system for running.
Further, in an embodiment, the second extracting unit is further configured to start a virtual machine monitor, extract an executable file and/or a library file of the application program through the started virtual machine monitor, and extract a configuration file of the application program.
For a detailed exemplary description of this embodiment, reference may be made to the embodiment of fig. 4, which is not described herein again.
FIG. 10 is a schematic diagram of another configuration of a first metrology module in an embodiment of the present application; as shown in fig. 10, the first metric module includes:
a third loading unit 711B, configured to load an operating system of a block chain node to a first core of the block chain node for starting when the block chain link point is powered on;
a critical process determining unit 721B that determines whether a critical process called by the operating system during the boot process is registered in a critical process list;
a third calculating unit 731B, configured to calculate a root-of-trust metric of a key process invoked by the operating system during the boot process when the key process is registered in a key process list;
a third metric unit 741B, configured to determine a root-of-trust metric of the operating system according to the root-of-feasibility metric of the critical process.
For an exemplary explanation of the related art of this embodiment, reference may be made to the embodiment shown in fig. 5.
FIG. 11 is a schematic diagram of another structure of a second metrology module in an embodiment of the present application; as shown in fig. 11, the second metrology module includes:
a fourth loading unit 712B, configured to load the application program of the blockchain node to the second core of the blockchain node for starting;
a key application determination unit 722B for determining whether the application that is started up is registered in a key application list;
a fourth calculating unit 732B, configured to calculate a root-of-trust metric of the started application when the application is registered in the key application list.
An embodiment of the present application further provides a computer storage medium having stored thereon an executable program that, when executed, performs the method of any one of the claims.
For an exemplary explanation of the related art of this embodiment, reference may be made to the embodiment shown in fig. 6.
FIG. 12 is a schematic structural diagram of an electronic device in an embodiment of the present application; as shown in fig. 12, the electronic device includes a trusted computing module, which includes a memory 1201 and a processor 1202, where the memory stores an executable program, and the processor executes the executable program to perform the following steps:
when a block chain link point is powered on, starting by loading an operating system of a block chain node to a first core of the block chain node to determine a root-of-trust measure of the operating system;
loading an application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
and respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program.
Optionally, in an embodiment, the processor performs, when the block link node is powered on, a step of starting by loading an operating system of the block chain node to a first core of the block chain node to determine a root-of-trust metric of the operating system, including:
extracting an executable file and/or a library file of the operating system;
loading an executable file and/or a library file to a first core of the blockchain node for operation;
calculating a credibility root measurement in the running process of the executable file and/or the library file;
and determining the credible root measurement of the operating system according to the credible root measurement of the executable file and/or the library file.
Optionally, in an embodiment, the step of loading, by the processor, the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes:
extracting an executable file and/or a library file of the application program;
loading the executable file and/or the library file to a second core for running;
calculating a credibility root measurement in the running process of the executable file and/or the library file;
and determining the credibility root measurement of the application program according to the credibility root measurement of the executable file and/or the library file.
Optionally, in an embodiment, the step of loading, by the processor, the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes: creating a first virtual operating system and a second virtual operating system in the second core;
the loading the executable file and/or the library file to the second core for running comprises the following steps: and loading the executable file and/or the library file to the first virtual operating system and/or the second virtual operating system respectively for running.
Optionally, in an embodiment, the processor, when executing the step of loading the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program, further includes: extracting a configuration file of the application program; and creating a third virtual operating system in the second core; and loading the configuration file to the third virtual operating system for running.
Optionally, in an embodiment, the step of the processor executing to extract the executable file and/or library file of the application program includes: starting a virtual machine monitor, extracting an executable file and/or a library file of the application program through the started virtual machine monitor, and extracting a configuration file of the application program.
Optionally, in an embodiment, the processor performs, when the block link node is powered on, a step of starting by loading an operating system of the block chain node to a first core of the block chain node to determine a root-of-trust metric of the operating system, including: when a block chain link point is powered on, loading an operating system of the block chain node to a first core of the block chain node for starting, determining whether a key process called by the operating system in a starting process is registered in a key process list, and if so, calculating a credible root metric of the key process; and determining a trusted root metric of the operating system according to the feasible root metric of the key process.
Optionally, in an embodiment, the step of loading, by the processor, the application program of the blockchain node to the second core of the blockchain node for starting to determine the root-of-trust metric of the application program includes: and loading the application program of the blockchain node to a second core of the blockchain node for starting, determining whether the started application program is registered in a key application program list, and if so, calculating the root-of-trust measurement of the application program.
Fig. 13 is a schematic hardware configuration diagram of an electronic device in an embodiment of the present application; as shown in fig. 13, it includes: a processor 1301, a communication interface 1302, a computer readable medium 1303 and a communication bus 1304;
the processor 1301, the communication interface 1302 and the computer readable medium 1303 complete communication with each other through the communication bus 1304;
optionally, the communication interface 1302 may be an interface of a communication module, such as an interface of a GSM module;
the processor 1301 may be specifically configured to run an executable program stored in the memory, so as to perform all or part of the processing steps of any of the above method embodiments.
The electronic device of the embodiments of the present application exists in various forms, including but not limited to:
(1) mobile communication devices, which are characterized by mobile communication capabilities and are primarily targeted at providing voice and data communications. Such terminals include smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) The ultra-mobile personal computer equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include PDA, MID, and UMPC devices, such as ipads.
(3) Portable entertainment devices such devices may display and play multimedia content. Such devices include audio and video players (e.g., ipods), handheld game consoles, electronic books, as well as smart toys and portable car navigation devices.
(4) The server is similar to a general computer architecture, but has higher requirements on processing capability, stability, reliability, safety, expandability, manageability and the like because of the need of providing highly reliable services.
(5) And other electronic devices with data interaction functions.
In embodiments of the present Application, the processor may take the form of, for example, a microprocessor or a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic processor, and an embedded microprocessor, examples of the processor including, but not limited to, the following microprocessors: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory processor may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing a processor as pure computer readable program code, the same functions may be implemented entirely by logically programming method steps such that the processor is in the form of logic gates, switches, application specific integrated circuits, programmable logic processors, embedded microprocessors, etc. Such a processor may thus be regarded as a hardware component and the means for performing the various functions included therein may also be regarded as structures within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
Embodiments of the present application also provide a computer storage medium having stored thereon an executable program that, when executed, performs the method of any one of the claims.
Computer storage media, including permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer storage media does not include transitory computer readable media (transient media) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular transactions or implement particular abstract data types. The application may also be practiced in distributed computing environments where transactions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
It should be noted that, in the present specification, all the embodiments are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described embodiments of the apparatus and system are merely illustrative, and the modules illustrated as separate components may or may not be physically separate, and the components suggested as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for dual-core secure boot based on a root of trust measurement is characterized by comprising the following steps:
when a block chain link point is powered on, starting by loading an operating system of a block chain node to a first core of the block chain node to determine a root-of-trust measure of the operating system;
loading an application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
and respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program.
2. The method of claim 1, wherein upon power up of a block chain node, booting by loading an operating system of the block chain node to a first core of the block chain node to determine a root-of-trust metric for the operating system, comprises:
extracting an executable file and/or a library file of the operating system;
loading an executable file and/or a library file to a first core of the blockchain node for operation;
calculating a credibility root measurement in the running process of the executable file and/or the library file;
and determining the credible root measurement of the operating system according to the credible root measurement of the executable file and/or the library file.
3. The method of claim 1, wherein the loading the application of the blockchain node to the second core of the blockchain node for launch to determine the root-of-trust metric for the application comprises:
extracting an executable file and/or a library file of the application program;
loading the executable file and/or the library file to a second core for running;
calculating a credibility root measurement in the running process of the executable file and/or the library file;
and determining the credibility root measurement of the application program according to the credibility root measurement of the executable file and/or the library file.
4. The method of claim 3, wherein the loading the application program of the blockchain node to the second core of the blockchain node for launch to determine the root-of-trust measure of the application program comprises: creating a first virtual operating system and a second virtual operating system in the second core;
the loading the executable file and/or the library file to the second core for running comprises the following steps: and loading the executable file and/or the library file to the first virtual operating system and/or the second virtual operating system respectively for running.
5. The method of claim 4, wherein the loading the application of the blockchain node to the second core of the blockchain node for launch to determine the root-of-trust metric for the application, further comprises: extracting a configuration file of the application program; and creating a third virtual operating system in the second core; and loading the configuration file to the third virtual operating system for running.
6. The method of claim 5, wherein extracting the executable file and/or library file of the application comprises: starting a virtual machine monitor, extracting an executable file and/or a library file of the application program through the started virtual machine monitor, and extracting a configuration file of the application program.
7. The method of claim 1, wherein the determining the root-of-trust metric for the operating system by booting up an operating system for a blockchain node to a first core of the blockchain node upon power up of the blockchain node comprises: when a block chain link point is powered on, loading an operating system of the block chain node to a first core of the block chain node for starting, determining whether a key process called by the operating system in a starting process is registered in a key process list, and if so, calculating a credible root metric of the key process; and determining a trusted root metric of the operating system according to the feasible root metric of the key process.
8. The method of claim 1, wherein the loading the application of the blockchain node to the second core of the blockchain node for launch to determine the root-of-trust metric for the application comprises: and loading the application program of the blockchain node to a second core of the blockchain node for starting, determining whether the started application program is registered in a key application program list, and if so, calculating the root-of-trust measurement of the application program.
9. A device for dual-core secure boot based on root of trust measurement, comprising:
the first measurement module is used for loading an operating system of a block chain node to a first core of the block chain node for starting so as to determine a root-of-trust measurement of the operating system when the block chain node is powered on;
a second metric module, configured to load the application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
and the credibility evaluation module is used for evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credibility root measurement of the operating system and the credibility root measurement of the application program.
10. An electronic device comprising a trusted computing module, the trusted computing module comprising a memory and a processor, the memory having an executable program stored thereon, the processor executing the executable program to perform the steps of:
when a block chain link point is powered on, starting by loading an operating system of a block chain node to a first core of the block chain node to determine a root-of-trust measure of the operating system;
loading an application program of the blockchain node to a second core of the blockchain node for starting to determine a root-of-trust metric of the application program;
and respectively evaluating the safe starting degree of the operating system and the safe starting degree of the application program according to the credible root measurement of the operating system and the credible root measurement of the application program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011017943.7A CN112162781B (en) | 2020-09-24 | 2020-09-24 | Method and device for dual-core security initiation based on trusted root metric and related products |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011017943.7A CN112162781B (en) | 2020-09-24 | 2020-09-24 | Method and device for dual-core security initiation based on trusted root metric and related products |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112162781A true CN112162781A (en) | 2021-01-01 |
| CN112162781B CN112162781B (en) | 2023-07-18 |
Family
ID=73863724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011017943.7A Active CN112162781B (en) | 2020-09-24 | 2020-09-24 | Method and device for dual-core security initiation based on trusted root metric and related products |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112162781B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113536317A (en) * | 2021-06-17 | 2021-10-22 | 杭州加速科技有限公司 | Method and system for enhancing safety of ATE (automatic test equipment) testing machine |
| CN113642006A (en) * | 2021-08-30 | 2021-11-12 | 南方电网数字电网研究院有限公司 | Safe starting method of dual-core relay protection system |
| CN114327791A (en) * | 2022-03-03 | 2022-04-12 | 阿里云计算有限公司 | Virtualization-based trusted computing measurement method, device, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101504704A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Star trust chain supporting embedded platform application program integrality verification method |
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN106548063A (en) * | 2016-11-01 | 2017-03-29 | 广东浪潮大数据研究有限公司 | A kind of credible tolerance methods, devices and systems |
| CN109241745A (en) * | 2018-08-28 | 2019-01-18 | 全球能源互联网研究院有限公司 | A kind of credible starting method and device of computing platform |
| CN110147674A (en) * | 2019-04-08 | 2019-08-20 | 全球能源互联网研究院有限公司 | A kind of trusted system environment construction method and device of charging control unit |
-
2020
- 2020-09-24 CN CN202011017943.7A patent/CN112162781B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN101504704A (en) * | 2009-03-17 | 2009-08-12 | 武汉大学 | Star trust chain supporting embedded platform application program integrality verification method |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN106548063A (en) * | 2016-11-01 | 2017-03-29 | 广东浪潮大数据研究有限公司 | A kind of credible tolerance methods, devices and systems |
| CN109241745A (en) * | 2018-08-28 | 2019-01-18 | 全球能源互联网研究院有限公司 | A kind of credible starting method and device of computing platform |
| CN110147674A (en) * | 2019-04-08 | 2019-08-20 | 全球能源互联网研究院有限公司 | A kind of trusted system environment construction method and device of charging control unit |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113536317A (en) * | 2021-06-17 | 2021-10-22 | 杭州加速科技有限公司 | Method and system for enhancing safety of ATE (automatic test equipment) testing machine |
| CN113642006A (en) * | 2021-08-30 | 2021-11-12 | 南方电网数字电网研究院有限公司 | Safe starting method of dual-core relay protection system |
| CN114327791A (en) * | 2022-03-03 | 2022-04-12 | 阿里云计算有限公司 | Virtualization-based trusted computing measurement method, device, equipment and storage medium |
| WO2023165367A1 (en) * | 2022-03-03 | 2023-09-07 | 阿里云计算有限公司 | Virtualization-based trusted computing measurement method and apparatus, device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112162781B (en) | 2023-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112162781B (en) | Method and device for dual-core security initiation based on trusted root metric and related products | |
| US11861372B2 (en) | Integrity manifest certificate | |
| CN102141942B (en) | A kind of monitoring and protection method of equipment and device | |
| US11714910B2 (en) | Measuring integrity of computing system | |
| US20160065573A1 (en) | Trusted Application Migration Across Computer Nodes | |
| CN108111464B (en) | Data verification method and device | |
| CN113065140A (en) | Embedded safety protection system and method for chip control protection device | |
| CN103488937A (en) | Measuring method, electronic equipment and measuring system | |
| CN112162782B (en) | Method, device and related product for determining application program trusted state based on trusted root dynamic measurement | |
| US9811447B2 (en) | Generating a fingerprint representing a response of an application to a simulation of a fault of an external service | |
| CN113448681B (en) | Registration method, equipment and storage medium of virtual machine monitor public key | |
| CN113419905A (en) | Method and device for realizing credible verification and security module | |
| CN111967016A (en) | Dynamic monitoring method of baseboard management controller and baseboard management controller | |
| CN115130114B (en) | Gateway secure starting method and device, electronic equipment and storage medium | |
| CN113569232A (en) | Credibility measuring method and device for container and data system | |
| CN115879064A (en) | Program running method and device, processor, chip and electronic equipment | |
| CN114153503A (en) | BIOS control method, device and medium | |
| US10776490B1 (en) | Verifying an operating system during a boot process using a loader | |
| CN108875363B (en) | Method and device for accelerating virtual execution, electronic equipment and storage medium | |
| CN112214759A (en) | Behavior authority distribution method and device for application program based on credible root measurement and related products | |
| CN112202875A (en) | Method and device for safety detection based on block link point weight and related product | |
| CN112804203B (en) | Authentication method and device for internet nodes and related products | |
| CN108875361A (en) | A kind of method, apparatus of monitoring programme, electronic equipment and storage medium | |
| CN114186207A (en) | Data sharing method and device | |
| CN113190869B (en) | TEE-based mandatory access control security enhancement framework performance evaluation method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |