CN112784278A - Trusted starting method, device and equipment of computer system - Google Patents

Trusted starting method, device and equipment of computer system Download PDF

Info

Publication number
CN112784278A
CN112784278A CN202011638044.9A CN202011638044A CN112784278A CN 112784278 A CN112784278 A CN 112784278A CN 202011638044 A CN202011638044 A CN 202011638044A CN 112784278 A CN112784278 A CN 112784278A
Authority
CN
China
Prior art keywords
verification
signature
core component
application program
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011638044.9A
Other languages
Chinese (zh)
Other versions
CN112784278B (en
Inventor
徐牧池
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kedong Guangzhou Software Technology Co Ltd
Original Assignee
Kedong Guangzhou Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kedong Guangzhou Software Technology Co Ltd filed Critical Kedong Guangzhou Software Technology Co Ltd
Priority to CN202011638044.9A priority Critical patent/CN112784278B/en
Publication of CN112784278A publication Critical patent/CN112784278A/en
Application granted granted Critical
Publication of CN112784278B publication Critical patent/CN112784278B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention relates to a trusted starting method, a trusted starting device and trusted starting equipment of a computer system. The method comprises the following steps: determining that the core component obtains credibility and control right, wherein the credibility and the control right are transmitted to the core component through a credible root, firmware and a system kernel in sequence, and the credible root comprises a signature verification public key; the core component carries out hash operation on the application program to obtain a first hash value, the application program is associated with signature information, and the signature information is generated according to a private key; the core component carries out signature verification on the application program, and the signature verification is carried out according to the first hash value, the signature information and the signature verification public key; and when the verification result of the signature verification is verification passing, determining that the starting of the computer system is credible. By doing so, maintenance of a large amount of integrity reference value information of the application program in the trusted root can be avoided, and convenient maintenance of the trusted boot capability during application program upgrading is facilitated.

Description

Trusted starting method, device and equipment of computer system
Technical Field
The present invention relates to the field of computer systems, and in particular, to a trusted boot method, device and apparatus for a computer system.
Background
The current trusted boot technical scheme is based on that hash operation is implemented on key software and hardware (hardware such as a CPU (central processing unit), a memory and the like, and software such as firmware, a system kernel, a system component, an application program and the like) in a computer system to judge whether the hardware meets expectations (is consistent with a reference value) or not, and then layer-by-layer transmission is performed through a trust chain, and finally the whole process from power-on to boot of the application program of the computer system is guaranteed to be safe and trusted.
When a plurality of application programs run on the server, a plurality of corresponding reference values are also stored in the nonvolatile storage area of the trusted root, and at the moment, management and storage of a large number of reference values all put higher requirements on the trusted root.
Disclosure of Invention
The embodiment of the invention aims to solve the problem that a large amount of data needs to be maintained in a trusted root.
To solve the above problem, in a first aspect, an embodiment of the present invention provides a trusted boot method for a computer system, including:
determining that a core component obtains credibility and control right, wherein the credibility and the control right are transmitted to the core component through a credible root, firmware and a system kernel in sequence, and the credible root comprises a signature verification public key;
the core component carries out hash operation on an application program to obtain a first hash value, the application program is associated with signature information, and the signature information is generated according to a private key;
the core component performs signature verification on the application program, wherein the signature verification is performed according to the first hash value, the signature information and the signature verification public key;
and when the verification result of the signature verification is verification passing, determining that the starting of the computer system is credible.
Optionally, the determining the core component obtains credibility and control right, including:
the trusted root carries out integrity check on the firmware;
after the firmware passes the integrity check, transferring the credibility and the control right to the firmware;
the firmware carries out integrity check on the system kernel;
when the system kernel passes the integrity check, the credibility and the control right are transferred to the system kernel;
the system kernel carries out integrity check on the core component;
and when the core component passes the integrity check, the credibility and the control right are transferred to the core component.
Optionally, before the performing the hash operation on the application program by the core component to obtain the first hash value, the method further includes:
determining a pair of a public key and a private key;
storing the public key in a trusted root as a signature verification public key;
generating signature information of the application program by using a private key;
and loading the application program to a specified position of a core component, wherein the application program is associated with the signature information.
Optionally, the generating signature information of the application program by using the private key includes:
performing hash operation on the application program to obtain a second hash value;
and signing the second hash value by using the private key to obtain signature information of the application program.
Optionally, the signature verification of the application by the core component includes:
transmitting the signature verification public key, the signature information and the first hash value into a signature verification interface;
and returning a verification result after the signature verification interface performs signature verification, wherein the verification result comprises verification passing and verification failure.
Optionally, the method further includes:
and when the verification result of the signature verification is verification failure, determining that the starting of the computer system is not credible.
Optionally, the method further includes:
and when the verification result of the integrity verification is verification failure, determining that the starting of the computer system is not credible.
Optionally, the method further includes:
when the boot of the computer system is not trusted, an alert message is sent, the alert message including a number of the computer system and information that causes the untrusted system component to boot.
In a second aspect, an embodiment of the present invention provides a trusted boot apparatus for a computer system, including:
the core component authority determining module is used for determining that the core component obtains credibility and control authority, the credibility and the control authority are transmitted to the core component through a credible root, firmware and a system kernel in sequence, and the credible root comprises a signature verification public key;
the first hash value acquisition module is used for performing hash operation on an application program by the core component to acquire a first hash value, wherein the application program is associated with signature information, and the signature information is generated according to a private key;
the signature verification module is used for performing signature verification on the application program by the core component, and the signature verification is performed according to the first hash value, the signature information and the first hash value;
and the trusted starting determining module is used for determining the starting credibility of the computer system when the verification result of the signature verification is that the verification is passed.
Optionally, the method further includes:
the key pair determining module is used for determining a pair of public key and private key;
the public key storage module is used for storing the public key in a credible root to be used as a signature verification public key;
the signature information generating module is used for generating signature information of the application program by using a private key;
and the application program loading module is used for loading the application program to the specified position of the core component, and the application program is associated with the signature information.
In a third aspect, an embodiment of the present invention provides a trusted boot device of a computer system, including:
one or more processors;
a memory for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a trusted boot method of a computer system as claimed in any one of the first aspects.
The application program is verified in a mode that the signature information of the application program is read from the outside of the trusted root and the public key is obtained from the inside of the trusted root. The authenticity check of the application is accomplished by verifying the signature information of the application, rather than verifying the integrity information of the application. This may avoid maintaining integrity reference value information for a large number of applications in the root of trust. In addition, layer-by-layer credibility check from the hardware credible root to the core component and transmission of the credibility chain ensure the credibility of the equipment starting process.
Drawings
Fig. 1 is a flowchart of a trusted boot method of a computer system according to embodiment 1 of the present invention;
fig. 2 is a flowchart of a method for using verified public and private keys according to embodiment 1 of the present invention;
fig. 3 is a flowchart of a method for signature verification of a core component according to embodiment 1 of the present invention;
fig. 4 is a schematic diagram of a computer system in startup according to embodiment 1 of the present invention;
fig. 5 is a block diagram of a trusted boot apparatus of a computer system according to embodiment 2 of the present invention.
Fig. 6 is a schematic structural diagram of a trusted boot device of a computer system according to embodiment 3 of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example 1
Fig. 1 is a flowchart of a trusted boot method of a computer system according to embodiment 1 of the present invention.
Referring to fig. 1, the method comprises the steps of:
and S10, determining that the core component obtains credibility and control right.
And the credibility and the control right are transmitted to the core component through a credible root, firmware and a system kernel in sequence, wherein the credible root comprises a signature verification public key. The step-by-step transferring process of the credibility and the control right is a process for constructing a trust chain. The trust can be kept from being damaged in a transfer mode, so that various operations in a trusted environment are trusted, and an untrusted entity does not exist, so that the integrity of the platform is not damaged, and the safety of the platform and the application can be well ensured.
The trust chain comprises a trust root, firmware, a system kernel and a core component which transfer credibility and control right step by step, wherein a signature verification public key is stored in the trust root.
The root of trust is physically between the boot processor in the system and the non-volatile ROM or flash memory that contains the initial boot firmware. Thus, before allowing the system to boot, the root of trust may verify the integrity of the firmware when the boot processor reads the firmware. The root of trust may also provide a recovery path if a potential firmware error may pose some threat.
Specifically, when the firmware and the system kernel both pass the integrity check, the credibility and the control right are handed over from the root of trust to the core component through the firmware and the system kernel.
All devices in the work area network share the same key pair to support application signing, application signature verification, and the like. Therefore, the storage management of a large number of key pairs (a public key and a private key which correspond to each other are called a key pair) and certificates in the equipment can be avoided, the complexity of the application signature scheme is further effectively reduced, the requirement on the hardware of the equipment is lower, and the equipment can be applied to industrial control equipment running a real-time operating system.
In general, a device (computing device) can be divided into a hardware layer, a firmware layer, a kernel layer, and a user layer. The hardware layer is stored with a trusted root, the firmware layer is correspondingly provided with firmware required by the equipment, the kernel layer is provided with a system kernel, and the user layer is provided with various application programs selected by a user at the designated position of the core component.
Specifically, after the computing device loaded with the computer system is powered on, the trusted root performs integrity check on the firmware. And when the firmware passes the integrity check, transferring the credibility and the control right to the firmware. The firmware performs integrity checking on the system kernel. And when the system kernel passes the integrity check, transferring the credibility and the control right to the system kernel. And the system kernel carries out integrity check on the core component. And when the core component passes the integrity check, the credibility and the control right are transferred to the core component.
It can be understood that after the computer device is powered on, the CRTM (core of the root of trust for measurement) of the root of trust is started first, integrity check (hash operation is performed and compared with a reference value to determine credibility) is performed on core hardware and firmware (boot loader, etc.) such as the CPU, the memory, etc., and after the trust is determined, the hardware such as the CPU, the memory, etc. is started and control right is transferred to the firmware located in the firmware layer. The system kernel at the kernel layer is subjected to integrity check after the firmware is started, and the system kernel is pulled up to transfer the control right to the system kernel after the system kernel is determined to be trusted. The system kernel can carry out integrity check on the system core component after being started, and can start the core component and transfer the control right to the core component after confirming that the core component is credible.
S20, the kernel component performs hash operation on the application program to obtain a first hash value.
When the computer system loaded with the application program verifies whether the signature of each application program to be started is correct, the computer system also performs hash operation on the application program to be started. After the hash operation, a group of hash values is obtained, and the hash values are determined as first hash values.
Hashing (Hashing) is a method of processing data by associating an item to be retrieved with an index (called a hash, or hash value) for retrieval through a particular function/algorithm (called a Hashing function/algorithm) to generate a data structure (called a hash table) that is easy to search. It is also commonly used as an information security implementation method, in which a data fingerprint (data fingerprint) calculated by Hashing algorithm (Hashing algorithm) in a series of data is often used to identify whether the file and data are tampered or not, so as to ensure that the file and data are provided by the original.
The application program is associated with signature information, and the signature information is generated according to a private key.
Signature information is information written at one end of an application before the application is loaded into a computer system. The signature information is obtained by performing a signature process on the application program before loading. The signature process is to perform hash operation on the application file to obtain a hash value (hereinafter, a second hash value), and then to perform signature on the hash value by using a private key. The second hash value may guarantee the integrity of the application.
Since the hash value of each application is not consistent, the signature information of each application is not the same.
Specifically, signature information of an application to be signed is determined from a user layer of the computer system. Since the signature information need not be stored at the root of trust, but rather outside the root of trust, the signature information may be maintained by the user himself.
In this way, the authenticity check of the application may be achieved by verifying the signature information of the application, rather than verifying the integrity information of the application. This may avoid maintaining integrity reference value information for a large number of applications in the root of trust.
And S30, the core component performs signature verification on the application program.
Specifically, the core component performs signature verification using the signature verification public key, the signature information, and the first hash value.
Signature verification refers to authentication. Public key encryption systems allow anyone to encrypt using a private key when sending information and decrypt using a public signature verification key when receiving information. Of course, the recipient cannot be confident of the true identity of the sender at all, but can only be reasonably confident without the cryptosystem being deciphered.
When sending a message, a sender uses a hash function to generate a message digest from a message text, then a private key of the sender is used to encrypt the digest, the encrypted digest is used as a digital signature of the message and sent to a receiver together with the message, the receiver firstly uses the hash function same as that of the sender to calculate the message digest from the received original message, then uses a public key to decrypt the digital signature attached to the message, and if the two digests are the same, the receiver can confirm that the message is the sender.
Generally, digital signature and verification with a hash algorithm and digital signature and verification based on an asymmetric key encryption system can be included. Take digital signature and verification of hash algorithm as an example. Referring to fig. 3, step S30 further includes the steps of:
and S41, transmitting the signature verification public key, the signature information and the first hash value into a signature verification interface.
And S42, returning a verification result after the signature verification interface performs signature verification, wherein the verification result comprises verification passing and verification failure.
The hash function is a "compression function" by which an input of arbitrary length is converted via a hash function algorithm into an output of fixed length, the hash value of which is a message digest, also known as a digital digest. In the formal digital signature, a sender firstly adopts a Hash algorithm to a sent file to obtain a Message Digest (Message Digest) with a fixed length; then, the message digest is signed by using the private key (SK) of the sender to form the digital signature of the sender. The digital signature is sent to a receiver as a team member together with the original text; the receiver decrypts the digital signature by using the public key of the sender to obtain the digital abstract of the sender, performs hash calculation on the original text by using the same hash function to obtain a new message abstract, and finally compares the message abstract with the received message abstract.
The signature verification interface processes and compares the received signature verification public key, the signature information and the first hash value, and returns a verification result. The verification result includes verification pass and verification fail. And when the verification result of the signature verification is verification failure, determining that the starting of the computer system is not credible. And when the verification result of the integrity verification is verification failure, determining that the starting of the computer system is not credible. When the boot of the computer system is not trusted, an alert message is sent, the alert message including a number of the computer system and information that causes the untrusted system component to boot.
The alert information includes the number of the computer system and information of the system component that caused the untrusted activation.
The warning information can be sent to the computer equipment set as the server in the local area network, or sent to the appointed mailbox in a mail mode, or sent to the appointed communication equipment in a short message mode.
The embodiment of the invention provides a mode of reading the signature information of the application program from the outside of the trusted root and acquiring the signature verification public key from the inside of the trusted root so as to verify the application program. The authenticity check of the application is accomplished by verifying the signature information of the application, rather than verifying the integrity information of the application. This may avoid maintaining integrity reference value information for a large number of applications in the root of trust.
And S40, when the verification result of the signature verification is verification passing, determining that the starting of the computer system is credible.
The hash value (hash value) calculated by the hash algorithm has the property of being irreversible (it cannot be calculated back to the original value).
In the prior art, an application program running on a computer system has a need for updating, at this time, a reference value stored in a nonvolatile storage area of a trusted root needs to be changed, and when the nonvolatile storage area in the trusted root is operated in an existing network environment, there are risks in terms of safety and operability. Meanwhile, there is a need to add a new application program on the computer system, at this time, a corresponding reference value needs to be stored in the nonvolatile storage area of the root of trust, and at the same time, configuration needs to be changed in the application measurement program to complete measurement of the new program (at this time, the reference value corresponding to the application measurement program also needs to be updated therewith), so that the operation is very complicated, and the implementation is hardly possible particularly in a deployed existing network environment.
By adopting the method for verifying the signature information, the signature information of the application program does not need to be stored in a trusted root and does not need to be specially protected, because the application program cannot be started successfully when the signature information or the application program is tampered.
Further, when an application running on the server needs to be upgraded, it is difficult to safely update the application reference value in the nonvolatile storage area in the current network environment. When the method is adopted, the change process can be completed only by changing the corresponding signature information on the storage space (outside the credible root) of the equipment when the application program is newly added or upgraded, and the method is very flexible and convenient.
The embodiment of the invention provides a mode of reading the signature information of the application program from the outside of the trusted root and acquiring the public key from the inside of the trusted root to verify the application program. The authenticity check of the application is accomplished by verifying the signature information of the application, rather than verifying the integrity information of the application. This may avoid maintaining integrity reference value information for a large number of applications in the root of trust.
On the basis of the foregoing embodiment, referring to fig. 2, before the performing the hash operation on the application program by the core component to obtain the first hash value, the method further includes:
and S61, determining a pair of a public key and a private key.
The trusted third party is responsible for generating and managing the key pair. The private key and the application signature tool are provided for the device owner to use for application signature, and the public key is imported into a root of trust of each device in the work area network to support the core component to check and sign the application program. Therefore, the key management function is independently maintained and managed by a trusted third party, and the equipment owner only needs to use the key management function according to an agreed process. This enhances the security of the password (the key used to apply the signature can be considered secure when the key managed by the trusted third party is not compromised) while also reducing the difficulty of use for the owner of the device.
In the prior art, there are many practical cases of using signature verification technology for application programs, such as Google Play application signature function provided for Android operating system, signature tool SignTool provided for Windows operating system, and many application signature functions applied to secure operating system. However, these solutions have the following problems:
the realization is complex, the requirement on computing resources is high, and meanwhile, the method depends on an identity certificate issued by an authority mechanism and is difficult to be applied to the field of industrial control;
different public and private keys and certificates are distributed aiming at different application programs, so that the certificates of all the application programs need to be prestored in an operating system to finish signature authentication. Therefore, when the application program is upgraded or newly installed, the corresponding information such as the certificate and the like needs to be adjusted in the computer system, and the process is complex and the flexibility is poor.
And S62, storing the public key in the credible root as the signature verification public key.
And S63, generating signature information of the application program by using the private key.
And performing hash operation on the application program to obtain a second hash value.
The second hash value is a corresponding hash value obtained after the application program is subjected to hash operation before the application program is loaded into the computing device.
And signing the second hash value by using the private key to obtain signature information of the application program.
And S64, loading the application program to the specified position of the core component, wherein the application program is associated with the signature information.
The program used is loaded to the core component, and at this time signature information is also loaded to the core component.
Referring to fig. 4, taking a computer device, a trusted third party, and an application developer as examples, the trusted boot of the computer system is specifically described as follows:
the trusted third party generates a key pair (comprising a public key and a private key), the private key is issued to the application developer, and the public key is stored in a trusted root of a hardware layer of the computer device and is used as a signature verification public key of the private key.
And the application program developer develops the application program, signs the application program needing to be loaded by the equipment by using the private key and generates signature information. And loading the application program containing the signature information to the specified position of the core component.
Passing through trust metrics and chains of trust (passing control). After the core component is started, a public key stored in the trust root is used for verifying whether the signature of each application program to be started is correct, and if the signature of each application program to be started is correct, the application program is credible. This completes the trusted verification of the device from power-on to the entire start-up process of the application.
By adopting the scheme, the device owner is responsible for ensuring that each application program to be run is safe and credible (strict code check, virus scanning, vulnerability mining and the like), and signs the credible application programs by using a private key and an application signature tool provided by a credible third party (the device owner needs to be managed safely), and the signed credible application programs are added into the system space of the device according to an agreed flow and are loaded and run when the device is started. Therefore, when the requirement of adding or upgrading the application program exists in the working area network, the equipment owner does not need any third party support, and the application program signature can be completed flexibly and quickly only by using the application signature tool and the existing private key to complete the application program signature and update the application program signature into the equipment.
By the scheme, the safety and the credibility of the equipment terminal and the application program running on the equipment terminal can be ensured, the malicious starting of the illegal application program can be actively prevented, and the normal running of the whole regional work network is effectively protected.
Example 2
Fig. 5 is a block diagram of a trusted boot apparatus of a computer system according to embodiment 2 of the present invention.
Referring to fig. 5, the apparatus includes:
the core component authority determining module 10 is used for determining that the core component obtains credibility and control authority, the credibility and the control authority are transmitted to the core component through a credible root, firmware and a system kernel in sequence, and the credible root comprises a signature verification public key;
a first hash value obtaining module 20, configured to perform a hash operation on an application program by the core component to obtain a first hash value, where the application program is associated with signature information, and the signature information is generated according to a private key;
a signature verification module 30, configured to perform signature verification on the application program by the core component, where the signature verification is performed according to the first hash value, the signature information, and the first hash value;
and the trusted boot determining module 40 is used for determining that the boot of the computer system is trusted when the verification result of the boot verification is verification passing.
The embodiment of the invention provides a mode of reading the signature information of the application program from the outside of the trusted root and acquiring the public key from the inside of the trusted root to verify the application program. The authenticity check of the application is accomplished by verifying the signature information of the application, rather than verifying the integrity information of the application. This may avoid maintaining integrity reference value information for a large number of applications in the root of trust.
On this basis, the core component determination module 10 includes:
the firmware integrity check submodule is used for carrying out integrity check on the firmware by the trusted root;
the firmware control right acquisition module is used for transferring the credibility and the control right to the firmware after the firmware passes the integrity verification;
the system kernel integrity check submodule is used for the firmware to carry out integrity check on the system kernel;
the system kernel control right acquisition module is used for transferring the credibility and the control right to the system kernel after the system kernel passes the integrity check;
the core component integrity checking submodule is used for the system kernel to carry out integrity checking on the core component;
and the core component control right acquisition module is used for transferring the credibility and the control right to the core component after the core component passes the integrity check.
On this basis, still include:
the key pair determining module is used for determining a pair of public key and private key;
the public key storage module is used for storing the public key in a credible root to be used as a signature verification public key;
the signature information generating module is used for generating signature information of the application program by using a private key;
and the application program loading module is used for loading the application program to the specified position of the core component, and the application program is associated with the signature information.
On the basis, the signature information generation module comprises:
the second hash value obtaining submodule is used for carrying out hash operation on the application program to obtain a second hash value;
and the signature information acquisition sub-module uses the private key to sign the second hash value so as to acquire the signature information of the application program.
On this basis, the signature verification module 30 includes:
the interface signature verification execution submodule is used for transmitting the signature verification public key, the signature information and the first hash value into a signature verification interface;
and the verification result determining submodule is used for returning a verification result after the verification interface performs verification, and the verification result comprises verification passing and verification failure.
On this basis, still include:
a first untrusted determining unit, configured to determine that the boot of the computer system is untrusted when a verification result of the signature verification is a verification failure.
On this basis, still include:
and the alarm information sending unit is used for sending alarm information when the starting of the computer system is not trusted, wherein the alarm information comprises the number of the computer system and information which causes the starting of the untrusted system component.
The structure of the trusted boot apparatus of the computer system provided in this embodiment can be used to execute the trusted boot method of the computer system provided in embodiment 1, and has corresponding functions and advantages.
Example 3
Fig. 6 is a schematic structural diagram of a trusted boot device of a computer system according to embodiment 3 of the present invention.
As shown in fig. 6, the trusted boot device of the computer system includes: a processor 50, a memory 51, an input device 52, and an output device 53. The number of processors 50 in the trusted boot device of the computer system may be one or more, and one processor is taken as an example in fig. 6. The amount of the memory 51 in the trusted boot device of the computer system may be one or more, and one memory is taken as an example in fig. 6. The processor 50, the memory 51, the input device 52 and the output device 53 of the trusted boot device of the computer system may be connected by a bus or other means, as exemplified by the bus connection in fig. 6. The trusted boot device of the computer system can be a computer, a server and the like. In this embodiment, a trusted boot device of a computer system is taken as a server for detailed description.
The memory 51 is used as a computer readable storage medium, and can be used for storing software programs, computer executable programs, and modules, such as program instructions/modules corresponding to the trusted boot method of the computer system according to any embodiment of the present invention (for example, a core component authority module, a first hash value obtaining module, a signature verifying module, and a trusted boot determining module in a trusted boot device of the computer system). The memory 51 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the device, and the like. Further, the memory 51 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 51 may further include memory 51 located remotely from the processor 50, which may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input means 52 may be used for receiving input numeric or character information and generating key signal inputs related to settings and function control of an authentic activation device of the computer system, and may also be a camera for acquiring images and a sound pickup device for acquiring audio data. The output device 53 may include an audio device such as a speaker. It should be noted that the specific composition of the input device and the output device can be set according to actual conditions.
The processor 50 executes various functional applications of the device and data processing by executing software programs, instructions and modules stored in the memory, namely, implements the trusted boot method of the computer system described above.
Although the invention has been described in detail hereinabove by way of general description, specific embodiments and experiments, it will be apparent to those skilled in the art that many modifications and improvements can be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.

Claims (10)

1. A trusted boot method for a computer system, comprising:
determining that a core component obtains credibility and control right, wherein the credibility and the control right are transmitted to the core component through a credible root, firmware and a system kernel in sequence, and the credible root comprises a signature verification public key;
the core component carries out hash operation on an application program to obtain a first hash value, the application program is associated with signature information, and the signature information is generated according to a private key;
the core component performs signature verification on the application program, wherein the signature verification is performed according to the first hash value, the signature information and the signature verification public key;
and when the verification result of the signature verification is verification passing, determining that the starting of the computer system is credible.
2. The trusted boot method of claim 1, wherein said determining that the core component gains trustworthiness and control comprises:
the trusted root carries out integrity check on the firmware;
after the firmware passes the integrity check, transferring the credibility and the control right to the firmware;
the firmware carries out integrity check on the system kernel;
when the system kernel passes the integrity check, the credibility and the control right are transferred to the system kernel;
the system kernel carries out integrity check on the core component;
and when the core component passes the integrity check, the credibility and the control right are transferred to the core component.
3. The trusted boot method of claim 2, wherein before the hash operation is performed on the application by the core component to obtain the first hash value, further comprising:
determining a pair of a public key and a private key;
storing the public key in a trusted root as a signature verification public key;
generating signature information of the application program by using a private key;
and loading the application program to a specified position of a core component, wherein the application program is associated with the signature information.
4. The trusted boot method of claim 3, wherein generating signature information for the application using the private key comprises:
performing hash operation on the application program to obtain a second hash value;
and signing the second hash value by using the private key to obtain signature information of the application program.
5. The trusted boot method of claim 4, wherein the signature verification of the application by the core component comprises:
transmitting the signature verification public key, the signature information and the first hash value into a signature verification interface;
and returning a verification result after the signature verification interface performs signature verification, wherein the verification result comprises verification passing and verification failure.
6. The trusted boot method of any one of claims 5, further comprising:
and when the verification result of the signature verification is verification failure, determining that the starting of the computer system is not credible.
7. The trusted boot method of any one of claims 6, further comprising:
and when the verification result of the integrity verification is verification failure, determining that the starting of the computer system is not credible.
8. The trusted boot method of claim 7, further comprising:
when the boot of the computer system is not trusted, an alert message is sent, the alert message including a number of the computer system and information that causes the untrusted system component to boot.
9. A trusted boot device for a computer system, comprising:
the core component authority determining module is used for determining that the core component obtains credibility and control authority, the credibility and the control authority are transmitted to the core component through a credible root, firmware and a system kernel in sequence, and the credible root comprises a signature verification public key;
the first hash value acquisition module is used for performing hash operation on an application program by the core component to acquire a first hash value, wherein the application program is associated with signature information, and the signature information is generated according to a private key;
the signature verification module is used for performing signature verification on the application program by the core component, and the signature verification is performed according to the first hash value, the signature information and the first hash value;
and the trusted starting determining module is used for determining the starting credibility of the computer system when the verification result of the signature verification is that the verification is passed.
10. A trusted boot device of a computer system, the device comprising:
one or more processors;
a memory for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-8.
CN202011638044.9A 2020-12-31 2020-12-31 Trusted starting method, device and equipment of computer system Active CN112784278B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011638044.9A CN112784278B (en) 2020-12-31 2020-12-31 Trusted starting method, device and equipment of computer system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011638044.9A CN112784278B (en) 2020-12-31 2020-12-31 Trusted starting method, device and equipment of computer system

Publications (2)

Publication Number Publication Date
CN112784278A true CN112784278A (en) 2021-05-11
CN112784278B CN112784278B (en) 2022-02-15

Family

ID=75755014

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011638044.9A Active CN112784278B (en) 2020-12-31 2020-12-31 Trusted starting method, device and equipment of computer system

Country Status (1)

Country Link
CN (1) CN112784278B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113609529A (en) * 2021-07-16 2021-11-05 苏州浪潮智能科技有限公司 Method and system for secure supply of computer firmware
CN114065218A (en) * 2021-11-19 2022-02-18 山东方寸微电子科技有限公司 SoC system chip safe starting method
CN114065180A (en) * 2021-11-26 2022-02-18 国网宁夏电力有限公司信息通信公司 Perception equipment safety verification system based on trusted computing 3.0
CN114201747A (en) * 2021-11-29 2022-03-18 海光信息技术股份有限公司 Dynamic measurement root implementation method, device, system and storage medium
CN114764347A (en) * 2022-04-14 2022-07-19 重庆长安汽车股份有限公司 Program verification system and method of multi-core controller and storage medium
CN114845298A (en) * 2022-03-29 2022-08-02 国网山东省电力公司经济技术研究院 Aerial optical cable monitoring and transmitting system based on trusted WLAN
CN115292746A (en) * 2022-07-28 2022-11-04 南京国电南自电网自动化有限公司 Credible compiling and running method for application program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7210034B2 (en) * 2003-01-30 2007-04-24 Intel Corporation Distributed control of integrity measurement using a trusted fixed token
US20080184040A1 (en) * 2004-07-08 2008-07-31 Bade Steven A Method for extending the crtm in a trusted platform
CN109522721A (en) * 2017-09-19 2019-03-26 中国科学院沈阳自动化研究所 A kind of starting method of the Industry Control credible embedded platform based on TPM
CN111026419A (en) * 2019-11-08 2020-04-17 深圳市有方科技股份有限公司 Application program upgrading method, device and system of single chip microcomputer

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7210034B2 (en) * 2003-01-30 2007-04-24 Intel Corporation Distributed control of integrity measurement using a trusted fixed token
US20080184040A1 (en) * 2004-07-08 2008-07-31 Bade Steven A Method for extending the crtm in a trusted platform
CN109522721A (en) * 2017-09-19 2019-03-26 中国科学院沈阳自动化研究所 A kind of starting method of the Industry Control credible embedded platform based on TPM
CN111026419A (en) * 2019-11-08 2020-04-17 深圳市有方科技股份有限公司 Application program upgrading method, device and system of single chip microcomputer

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113609529A (en) * 2021-07-16 2021-11-05 苏州浪潮智能科技有限公司 Method and system for secure supply of computer firmware
CN113609529B (en) * 2021-07-16 2023-07-18 苏州浪潮智能科技有限公司 Method and system for safely supplying computer firmware
CN114065218A (en) * 2021-11-19 2022-02-18 山东方寸微电子科技有限公司 SoC system chip safe starting method
CN114065218B (en) * 2021-11-19 2024-04-12 山东方寸微电子科技有限公司 SoC system chip safe starting method
CN114065180A (en) * 2021-11-26 2022-02-18 国网宁夏电力有限公司信息通信公司 Perception equipment safety verification system based on trusted computing 3.0
CN114201747A (en) * 2021-11-29 2022-03-18 海光信息技术股份有限公司 Dynamic measurement root implementation method, device, system and storage medium
CN114845298A (en) * 2022-03-29 2022-08-02 国网山东省电力公司经济技术研究院 Aerial optical cable monitoring and transmitting system based on trusted WLAN
CN114845298B (en) * 2022-03-29 2023-11-28 国网山东省电力公司经济技术研究院 Overhead optical cable monitoring and transmitting system based on trusted WLAN
CN114764347A (en) * 2022-04-14 2022-07-19 重庆长安汽车股份有限公司 Program verification system and method of multi-core controller and storage medium
CN115292746A (en) * 2022-07-28 2022-11-04 南京国电南自电网自动化有限公司 Credible compiling and running method for application program

Also Published As

Publication number Publication date
CN112784278B (en) 2022-02-15

Similar Documents

Publication Publication Date Title
CN112784278B (en) Trusted starting method, device and equipment of computer system
US10721080B2 (en) Key-attestation-contingent certificate issuance
CN109313690B (en) Self-contained encrypted boot policy verification
US10790976B1 (en) System and method of blockchain wallet recovery
CN107077574B (en) Trust service for client devices
US8874922B2 (en) Systems and methods for multi-layered authentication/verification of trusted platform updates
US7770000B2 (en) Method and device for verifying the security of a computing platform
JP6371919B2 (en) Secure software authentication and verification
US20170235957A1 (en) Controlled secure code authentication
CN101199159A (en) Secure boot
EP2278514A1 (en) System and method for providing secure virtual machines
US20220114249A1 (en) Systems and methods for secure and fast machine learning inference in a trusted execution environment
US8607065B2 (en) Trusted and confidential remote TPM initialization
JP2004280284A (en) Control processor, electronic equipment, and program starting method for electronic equipment, and system module updating method for electronic equipment
US20180241560A1 (en) Device attestation
CN112511306A (en) Safe operation environment construction method based on mixed trust model
CN109302442B (en) Data storage proving method and related equipment
CN116881936A (en) Trusted computing method and related equipment
CN116484379A (en) System starting method, system comprising trusted computing base software, equipment and medium
EP4016342A1 (en) Method and system with multiple heterogeneous tee implementations
CN115834149A (en) Numerical control system safety protection method and device based on state cryptographic algorithm
EP3891630B1 (en) Method for end entity attestation
CN113868628A (en) Signature verification method and device, computer equipment and storage medium
CN117556430B (en) Safe starting method, device, equipment and storage medium
CN116561820B (en) Trusted data processing method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant