CN114722413B - Method, device, server and medium for establishing security trust chain - Google Patents
Method, device, server and medium for establishing security trust chain Download PDFInfo
- Publication number
- CN114722413B CN114722413B CN202210429038.5A CN202210429038A CN114722413B CN 114722413 B CN114722413 B CN 114722413B CN 202210429038 A CN202210429038 A CN 202210429038A CN 114722413 B CN114722413 B CN 114722413B
- Authority
- CN
- China
- Prior art keywords
- firmware
- key
- public key
- kernel
- root
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 106
- 238000012795 verification Methods 0.000 claims abstract description 72
- 238000005259 measurement Methods 0.000 claims description 16
- 230000002159 abnormal effect Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 abstract description 49
- 238000010586 diagram Methods 0.000 description 13
- 238000012545 processing Methods 0.000 description 9
- 238000010276 construction Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device, a server and a medium for establishing a secure trust chain, and relates to the field of servers. The method comprises the following steps: acquiring a firmware root key public key, a firmware signing key public key, a kernel root key public key and a kernel signing key public key; the method comprises the steps that a firmware root key public key is stored in a secure storage area of a server and firmware at the same time, and a firmware signature key public key is stored in the firmware; carrying out credibility verification on the firmware according to the public key of the firmware root key and the public key of the firmware signature key through a China business encryption algorithm; and verifying the credibility of the kernel of the operating system according to the kernel root key public key and the kernel signature key public key through a China business encryption algorithm. In the method, a secure trust chain of the starting process of the server is established through the China commercial cryptography algorithm at the firmware level and the operating system level of the server, the verification of the credibility in the starting process of the server is realized, and the safety of the server in the starting process is improved.
Description
Technical Field
The present application relates to the field of servers, and in particular, to a method, an apparatus, a server, and a medium for establishing a secure trust chain.
Background
The startup process secure trust chain construction is becoming one of the main security means for servers to ensure that programs, files and data loaded during the startup of the server are legitimate and that the integrity is not compromised. Currently, the security trust chain construction of the industry starting process mainly adopts an international cryptographic algorithm (such as SHA256, SHA384 and the like for integrity, RSA, ECDSA and the like for signature verification). As the Chinese commercial cryptography (SM) enters international standards, the requirements for secure trust chain construction based on the Chinese commercial cryptography are increasing. But the OpenPower platform is used as a key infrastructure of a data center and lacks the construction of a server security trust chain based on a China business encryption algorithm, so that the server is easy to attack in the starting process, and the security is reduced.
Therefore, how to establish a secure trust chain on the OpenPower platform based on the Chinese commercial cryptographic algorithm is a problem to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide a method, a device, a server and a medium for establishing a secure trust chain, which are used for establishing the secure trust chain on an OpenPower platform based on a China commercial cryptography algorithm.
In order to solve the technical problems, the application provides a method for establishing a secure trust chain, which comprises the following steps:
Acquiring a firmware root key public key, a firmware signing key public key, a kernel root key public key and a kernel signing key public key; the public key of the firmware root key is stored in a secure storage area of the server and the firmware at the same time, and the public key of the firmware signature key is stored in the firmware;
carrying out credibility verification on the firmware through a China business encryption algorithm according to the firmware root key public key and the firmware signature key public key;
And carrying out credibility verification on the operating system kernel according to the kernel root key public key and the kernel signature key public key through the Chinese commercial cryptographic algorithm.
Preferably, the verifying the trust of the firmware by the china business cryptographic algorithm according to the firmware root key public key and the firmware signing key public key includes:
Obtaining a firmware root key public key hash value stored in the firmware and a firmware root key public key hash value stored in a secure storage area of the server;
performing first comparison between the firmware root key public key hash value stored in the firmware and the firmware root key public key hash value stored in the secure storage area of the server;
Determining whether root key public key verification in the firmware is passed or not according to a first comparison result;
And if so, performing second comparison on the public key of the firmware root key stored in the secure storage area of the server and the public key of the firmware signature key through the China business encryption algorithm.
Preferably, in the case that it is determined that the root key public key verification in the firmware is not passed according to the first comparison result, further comprising:
and sending out an alarm, recording an abnormal starting event and stopping the starting of the server.
Preferably, after the second comparison between the public key of the firmware root key stored in the secure storage area of the server and the public key of the firmware signing key in the firmware by the chinese commercial cryptographic algorithm, the method further comprises:
Obtaining a second comparison result;
Extracting all information in the firmware when the second comparison result is passing; storing all the information to a hardware trusted root PCR, and recording a measurement log;
Measuring the firmware according to the Chinese commercial cryptographic algorithm under the condition that the second comparison result is not passed; and storing the measurement result to the hardware trusted root PCR, and recording the measurement log.
Preferably, the verifying the trust of the operating system kernel according to the kernel root key public key and the kernel signing key public key by the Chinese commercial cryptographic algorithm includes:
obtaining a trusted key ring and extracting a kernel root key public key from a hardware trusted root;
Performing third comparison on the kernel root key public key and the trusted key ring through the Chinese commercial cryptographic algorithm;
extracting a kernel signature key public key from the trusted key ring under the condition that the third comparison result is passed;
and carrying out credibility verification on the kernel of the operating system through the kernel signing key public key.
Preferably, after the trust verification of the operating system kernel by the kernel signing key public key passes, the method further comprises:
And outputting prompt information for prompting the passing of the verification of the kernel credibility of the operating system.
Preferably, the Chinese commercial cryptographic algorithm is SM2 and/or SM3 algorithm.
In order to solve the technical problem, the present application further provides a device for establishing a secure trust chain, including:
The acquisition module is used for acquiring the firmware root key public key, the firmware signing key public key, the kernel root key public key and the kernel signing key public key; the public key of the firmware root key is stored in a secure storage area of the server and the firmware at the same time, and the public key of the firmware signature key is stored in the firmware;
The first verification module is used for verifying the credibility of the firmware through a Chinese commercial cryptographic algorithm according to the public key of the firmware root key and the public key of the firmware signature key;
And the second verification module is used for verifying the credibility of the operating system kernel according to the kernel root key public key and the kernel signature key public key through the China business encryption algorithm.
In order to solve the above technical problem, the present application further provides a server, including:
A memory for storing a computer program;
And the processor is used for realizing the steps of the method for establishing the safe trust chain when executing the computer program.
In order to solve the above technical problem, the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for establishing a secure trust chain described above.
The application provides a method for establishing a secure trust chain, which comprises the following steps: acquiring a firmware root key public key, a firmware signing key public key, a kernel root key public key and a kernel signing key public key; the method comprises the steps that a firmware root key public key is stored in a secure storage area of a server and firmware at the same time, and a firmware signature key public key is stored in the firmware; carrying out credibility verification on the firmware according to the public key of the firmware root key and the public key of the firmware signature key through a China business encryption algorithm; and verifying the credibility of the kernel of the operating system according to the kernel root key public key and the kernel signature key public key through a China business encryption algorithm. In the method, a secure trust chain of the starting process of the server is established through the China commercial cryptography algorithm at the firmware level and the operating system level of the server, the verification of the credibility in the starting process of the server is realized, and the safety of the server in the starting process is improved.
In addition, the application also provides a device, a server and a computer readable storage medium for establishing the secure trust chain, which correspond to the method for establishing the secure trust chain, and have the same effects.
Drawings
For a clearer description of embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
FIG. 1 is a diagram of a method for establishing a secure trust chain provided by the present application;
FIG. 2 is a schematic diagram of a firmware program or a data Section structure after firmware issue according to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating a firmware program verification and integrity measurement recording process according to an embodiment of the present application;
FIG. 4 is a diagram of a process for verifying the trustworthiness of an operating system boot process according to an embodiment of the present application;
FIG. 5 is a block diagram of an apparatus for establishing a secure trust chain according to an embodiment of the application;
FIG. 6 is a block diagram of a server according to another embodiment of the present application;
Fig. 7 is a schematic diagram of a secure trust chain construction in a server startup process according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. Based on the embodiments of the present application, all other embodiments obtained by a person of ordinary skill in the art without making any inventive effort are within the scope of the present application.
The core of the application is to provide a method, a device, a server and a medium for establishing a secure trust chain, which are used for establishing the secure trust chain on an OpenPower platform based on a China commercial cryptography algorithm.
In order to better understand the aspects of the present application, the present application will be described in further detail with reference to the accompanying drawings and detailed description. FIG. 1 is a method for establishing a secure trust chain according to the present application, comprising:
s10: acquiring a firmware root key public key, a firmware signing key public key, a kernel root key public key and a kernel signing key public key; the public key of the firmware root key is stored in the secure storage area of the server and the firmware at the same time, and the public key of the firmware signature key is stored in the firmware.
To build a server boot process secure trust chain, a key is required to implement. The creation and management of the keys are consistent with the current OpenPower platform Secureboot key management mechanism, two-stage keys are adopted, wherein the two-stage keys comprise a root key (PlatformKey) and a firmware signing key (FIRMWAREKEY), the root key (PlatformKey) is used for signing and verifying the firmware signing key, an SM2 algorithm is adopted, the software is derived by an HSM or other hardware password device, a signing process is carried out in the hardware password device, a private key cannot be derived and can only be destroyed or updated, and the firmware signing key is used for signing a firmware program and is signed by the root key. The secure storage area of the root key import server is identical to the existing Secureboot root key swiping mechanism, except that the content stored in the secure storage area is SM3 (root key public key) result. Fig. 2 is a schematic diagram of a firmware program or a data Section structure after firmware issue according to an embodiment of the present application. In the process of firmware issuing, the firmware program and data (Section) to be signed are determined according to a strategy in the process of compiling the firmware program, the Section selected based on the SM2+SM3 algorithm is signed in the process of compiling, the signature result (containing the integrity information), the public key of the signature key and the public key of the root key are taken as part of the program to be packaged into the firmware code.
The operating system kernel is guaranteed by the operating system providing a secure boot mechanism, which is implemented in part by the operating system providing secure services using firmware. Similar to firmware, the security signature of the kernel of the operating system adopts a two-level Key mechanism, a root Key is generated in a hardware trusted root (OS_ PlatformKey, which is derived by StorageSeed of the trusted root and combined with server hardware information), a private Key cannot be derived, only an OS supervisor or a security manager has access rights, and a kernel signature Key (OS_Key, which is generated by the trusted root and is a subkey of OS_ PlatformKey) is used in the kernel compiling process and is used for signing the kernel. Taking the linux system as an example, a trusted key ring (trusted_key) for signing the kernel is stored in a hardware trusted root (possibly more than one, which may be stored as a list, such as MokList); the trusted_key is protected by the storage root key provided by the hardware trusted root.
S11: and carrying out credibility verification on the firmware according to the public key of the firmware root key and the public key of the firmware signature key through a China business encryption algorithm.
Since the key is used to verify security in server startup, the firmware is trusted in combination with the root key public key and the firmware signature public key present in the firmware. It should be noted that, in the embodiment of the present application, the used chinese commercial cryptography algorithm is not limited. Preferably, the SM2 and SM3 algorithms are selected.
S12: and verifying the credibility of the kernel of the operating system according to the kernel root key public key and the kernel signature key public key through a China business encryption algorithm.
When verifying the trust of the kernel of the operating system, the trust verification is performed according to the kernel root key and the public key of the kernel signature key. Also, the used Chinese commercial cryptography algorithm is not limited herein.
The method for establishing the secure trust chain provided by the embodiment comprises the following steps: acquiring a firmware root key public key, a firmware signing key public key, a kernel root key public key and a kernel signing key public key; the method comprises the steps that a firmware root key public key is stored in a secure storage area of a server and firmware at the same time, and a firmware signature key public key is stored in the firmware; carrying out credibility verification on the firmware according to the public key of the firmware root key and the public key of the firmware signature key through a China business encryption algorithm; and verifying the credibility of the kernel of the operating system according to the kernel root key public key and the kernel signature key public key through a China business encryption algorithm. In the method, a secure trust chain of the starting process of the server is established through the China commercial cryptography algorithm at the firmware level and the operating system level of the server, the verification of the credibility in the starting process of the server is realized, and the safety of the server in the starting process is improved.
In order to make the verification of the credibility of the firmware more accurate, the firmware is verified for a plurality of times through the secret key, so that the security of the server in the starting process is improved. In an implementation, verifying the authenticity of the firmware according to the firmware root key public key and the firmware signature key public key by the Chinese commercial cryptographic algorithm comprises:
obtaining a firmware root key public key hash value stored in firmware and a firmware root key public key hash value stored in a secure storage area of a server;
Performing first comparison between the firmware root key public key hash value stored in the firmware and the firmware root key public key hash value stored in the secure storage area of the server;
determining whether the root key public key verification in the firmware passes or not according to the first comparison result;
if yes, the public key of the firmware root key stored in the secure storage area of the server is compared with the public key of the firmware signing key in a second mode through the China business encryption algorithm.
When loading firmware program or data, firstly, extracting the hash value of the root key public key in the firmware from the code loader information in fig. 2, comparing the hash value with the hash value of the root key public key in the secure storage area of the server, and verifying the integrity of the root key public key in the firmware. If the root public key in the firmware is verified, the integrity and legitimacy of the firmware signing public key (FirmwareKeyPub) is verified using the firmware root public key stored in the secure storage area of the server. The specific verification process is as follows:
The sm2_ VerifyPlatformKeyPub { sm2_ SignPlatformKeyPriv [ SM3 (FirmwareKeyPub) ] } in this embodiment verifies the root key public key in the firmware, then verifies the firmware signing key public key, verifies the trustworthiness of the firmware for multiple times according to the key, and improves the security of the server in the starting process.
On the basis of the foregoing embodiment, in order to facilitate the user to understand whether the root key public key verification in the firmware passes or not and reduce the influence of the abnormal start event on the server as much as possible, as a preferred implementation manner, in a case that it is determined that the root key public key verification in the firmware fails according to the first comparison result, the method further includes:
and sending out an alarm, recording an abnormal starting event and stopping starting the server.
Under the condition that verification is not passed, reminding a user server of potential safety hazards in the starting process by sending out an alarm; by recording the abnormal starting event, the abnormal starting event can be known, so that the abnormal starting event can be processed according to the record, and the abnormal starting is prevented from being performed again in the starting process of the server; by stopping the server start, it is possible to prevent malware and the like from causing greater damage to the server.
According to the method and the device for processing the root key public key, under the condition that the root key public key verification in the firmware is determined to be failed according to the first comparison result, an alarm is sent, an abnormal starting event is recorded, and the server is stopped from starting, so that a user can conveniently know whether the root key public key verification in the firmware is passed or not, and the influence of the abnormal starting event on the server is reduced as much as possible.
In order to facilitate the user to understand the condition of verifying the trust of the firmware and ensure the security of the server in the starting process as much as possible, in an implementation, as a preferred implementation, after the second comparison between the public key of the firmware root key stored in the secure storage area of the server and the public key of the firmware signature key in the firmware by the Chinese commercial cryptographic algorithm, the method further includes:
Obtaining a second comparison result;
extracting all information in the firmware under the condition that the second comparison result is passed; storing all information to a hardware root of trust platform status register (Platform Configuration Register, PCR) and recording a metrics log;
measuring firmware according to the Chinese commercial cryptographic algorithm under the condition that the second comparison result is not passed; the measurement results are stored to the hardware root of trust PCR and the measurement log is recorded.
The second comparison results in passing, i.e., the firmware signing key public key has integrity and legitimacy. For the firmware to pass the credibility verification, namely, the fact that the firmware has no abnormality is indicated, all information in the firmware can be extracted, then all information in the extracted firmware is stored in a hardware credible-heel PCR, and a measurement log is recorded, so that the condition of the firmware can be checked conveniently; and if the second comparison result is that the second comparison result is not passed, the public key of the firmware signing key is not provided with the integrity and the legality. And if the firmware passes the credibility verification, that is, the firmware is abnormal, the firmware is measured according to the Chinese commercial cryptographic algorithm, then the measurement result is stored into a hardware credible root PCR, and a measurement log is recorded. Fig. 3 is a schematic diagram of a firmware program verification and integrity measurement recording process according to an embodiment of the present application. As shown in fig. 3, the process includes:
S13: verifying the root key public key information integrity;
S14: verifying the public key information integrity of the firmware signing key;
S15: verifying the validity and integrity of the firmware based on the public key of the firmware signing key;
s16: and expanding the measurement result and recording a measurement log.
Processing firmware information in different modes under the condition that the credibility of the firmware is verified to pass and not pass respectively, and extracting all information in the firmware under the condition that the information of the firmware signature key is verified to be complete and legal; otherwise, not extracting all information in the firmware, so that the method can ensure the safety of the server in the starting process as far as possible by extracting and storing the correct firmware information; in addition, the user can know the credibility verification condition of the firmware through the measurement log.
In order to ensure the trust of the kernel in the booting process of the operating system as much as possible, the trust verification of the kernel of the operating system according to the kernel root key public key and the kernel signing key public key by the Chinese commercial cryptographic algorithm preferably comprises:
obtaining a trusted key ring and extracting a kernel root key public key from a hardware trusted root;
Thirdly comparing the public key of the kernel root key with the trusted key ring through a Chinese commercial cryptographic algorithm;
Extracting a kernel signature key public key from the trusted key ring under the condition that the third comparison result is passed;
and verifying the trust of the kernel of the operating system through the public key of the kernel signing key.
Fig. 4 is a diagram of a process for verifying the trust of an operating system startup process according to an embodiment of the present application. As shown in fig. 4, when petitboot loads the kernel, the validity and the integrity of the os_ PlatformKey information verification MokList in the hardware trusted root are first extracted, and then the kernel signing key in MokList is extracted to perform trusted verification on the kernel. After the verification of the kernel is passed, a key ring (key) root key is extracted to the kernel, and a central processing unit (Central Processing Unit, CPU) controller is handed over to the operating system.
When the trust verification of the kernel of the operating system is performed, a two-stage key mechanism of a kernel root key public key and a kernel signature key public key is adopted, so that the trust verification of the kernel of the operating system can be more accurate.
In order to facilitate the user to know the verification of the kernel of the operating system, as a preferred implementation manner, after the trust verification of the kernel of the operating system by the public key of the kernel signing key is passed, the method further includes:
And outputting prompt information for prompting the passing of the verification of the trust of the kernel of the operating system.
The content, mode, etc. of the output prompt message are not limited, as long as the verification of the kernel credibility of the operation system can be prompted. In the implementation, the prompt message may be sent out when the kernel verification of the operating system fails, in addition to the prompt message sent out when the kernel verification of the operating system fails; in the above embodiment, in the verification of the credibility of the firmware, prompt information may be given for verification passing or not, so that the user can know whether the server is safe or not in the starting process according to the prompt information. The prompt information output by different verification processes can be the same or different, and preferably, different prompt information is adopted for prompting in order to distinguish different verification processes.
After the trust verification of the kernel of the operating system is passed through the public key of the kernel signing key, the prompt information for prompting the trust verification of the kernel of the operating system is output, so that the user can know the verification condition of the kernel of the operating system.
In practice, the employed chinese commercial key algorithm is not limited. In order to improve the security of the key, the Chinese commercial cryptographic algorithm is preferably SM2 and/or SM3 algorithm.
The SM2 algorithm is asymmetric encryption, is based on error checking and correction (Error Correcting Code, ECC) and is based on discrete logarithm problem of point groups on elliptic curve, and compared with the RSA algorithm, the SM2 password strength of 256 bits is higher than the RSA password strength of 2048 bits; the SM3 hash algorithm is a cryptographic hash algorithm which is autonomously designed in China, is suitable for the generation and verification of digital signatures and verification message authentication codes and the generation of random numbers in commercial cryptographic applications, and can meet the security requirements of various cryptographic applications. In order to ensure the security of the hash algorithm, the length of the hash value generated by the hash algorithm should not be too short, for example, the information digest (MESSAGE DIGEST, MD) 5 outputs a 128-bit hash value, and the output length is too short, which affects the security of the hash algorithm. The output length of the SHA-1 algorithm is 160 bits, and the output length of the SM3 algorithm is 256 bits, so that the safety of the SM3 algorithm is higher than that of the MD5 algorithm and the SHA-1 algorithm.
The adopted Chinese commercial cryptographic algorithm provided by the embodiment is SM2 and/or SM3 algorithm, so that the security of the secret key can be improved, and the credibility verification in the starting process of the server is more accurate.
In the above embodiments, the method for establishing the secure trust chain is described in detail, and the application also provides corresponding embodiments of the device and the server for establishing the secure trust chain. It should be noted that the present application describes an embodiment of the device portion from two angles, one based on the angle of the functional module and the other based on the angle of the hardware.
FIG. 5 is a block diagram of an apparatus for establishing a secure trust chain according to an embodiment of the application. The embodiment is based on the angle of the functional module, and comprises:
an obtaining module 10, configured to obtain a firmware root key public key, a firmware signing key public key, a kernel root key public key, and a kernel signing key public key; the method comprises the steps that a firmware root key public key is stored in a secure storage area of a server and firmware at the same time, and a firmware signature key public key is stored in the firmware;
the first verification module 11 is configured to perform trusted verification on the firmware according to the firmware root key public key and the firmware signature key public key through the chinese commercial cryptographic algorithm;
the second verification module 12 is configured to perform trust verification on the operating system kernel according to the kernel root key public key and the kernel signature key public key through the chinese commercial cryptographic algorithm.
Since the embodiments of the apparatus portion and the embodiments of the method portion correspond to each other, the embodiments of the apparatus portion are referred to the description of the embodiments of the method portion, and are not repeated herein.
The device for establishing the secure trust chain provided by the embodiment obtains the firmware root key public key, the firmware signature key public key, the kernel root key public key and the kernel signature key public key through the obtaining module; the method comprises the steps that a first verification module is used for verifying the credibility of firmware according to a firmware root key public key and a firmware signature key public key through a China business encryption algorithm; and using a second verification module to verify the credibility of the kernel of the operating system according to the kernel root key public key and the kernel signature key public key through a China business encryption algorithm. In the device, a secure trust chain of the starting process of the server is established through the China commercial cryptography algorithm at the firmware level and the operating system level of the server, the verification of the credibility in the starting process of the server is realized, and the safety of the server in the starting process is improved.
Fig. 6 is a block diagram of a server according to another embodiment of the present application. The present embodiment is based on hardware angle, as shown in fig. 6, and the server includes:
a memory 20 for storing a computer program;
a processor 21 for implementing the steps of the method of establishing a secure trust chain as mentioned in the above embodiments when executing a computer program.
The server provided in this embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like.
Processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The Processor 21 may be implemented in at least one hardware form of a digital signal Processor (DIGITAL SIGNAL Processor, DSP), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 21 may also include a main processor, which is a processor for processing data in an awake state, also called CPU, and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a graphics processor (Graphics Processing Unit, GPU) for rendering and drawing of content required to be displayed by the display screen. In some embodiments, the processor 21 may also include an artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) processor for processing computing operations related to machine learning.
Memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing a computer program 201, which, when loaded and executed by the processor 21, is capable of implementing the relevant steps of the method for establishing a secure trust chain disclosed in any one of the foregoing embodiments. In addition, the resources stored in the memory 20 may further include an operating system 202, data 203, and the like, where the storage manner may be transient storage or permanent storage. Operating system 202 may include Windows, unix, linux, among other things. The data 203 may include, but is not limited to, the data referred to above in connection with the method of establishing a secure trust chain, and the like.
In some embodiments, the server may further include a display 22, an input-output interface 23, a communication interface 24, a power supply 25, and a communication bus 26.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is not limiting and may include more or fewer components than illustrated.
The server provided by the embodiment of the application comprises a memory and a processor, wherein the processor can realize the following method when executing a program stored in the memory: the method for establishing the safe trust chain has the same effect.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps as described in the method embodiments above.
It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium for performing all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The computer readable storage medium provided by the application comprises the method for establishing the security trust chain, and the method has the same effects.
In order to enable those skilled in the art to better understand the technical solution of the present application, the following is a further detailed description of the present application with reference to fig. 7, and fig. 7 is a schematic diagram of a server start-up process security trust chain construction provided in an embodiment of the present application. Starting from the power-on of the server 1, loading the CPU to run the SBE, loading the SBE load Hostboot, hostboot to load Skiboot, skiboot to load Skiroot, skiroot to guide and start the whole process, firstly carrying out the credibility verification on the firmware and then carrying out the credibility verification on the kernel of the operating system, so that a safe trust chain is established in the starting process of the server 1. When the credibility of the firmware is verified, firstly storing a public key of a firmware root key in a safe storage area; firmware program or data based on hardware trusted heel pair quantity; starting a process event log by a baseboard management controller (Baseboard Management Controller, BMC) during the verification process; the event log is measured in memory.
The method, the device, the server and the medium for establishing the secure trust chain provided by the application are described in detail. In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the application can be made without departing from the principles of the application and these modifications and adaptations are intended to be within the scope of the application as defined in the following claims.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Claims (9)
1. A method of establishing a secure trust chain, comprising:
Acquiring a firmware root key public key, a firmware signing key public key, a kernel root key public key and a kernel signing key public key; the public key of the firmware root key is stored in a secure storage area of the server and the firmware at the same time, and the public key of the firmware signature key is stored in the firmware;
carrying out credibility verification on the firmware through a China business encryption algorithm according to the firmware root key public key and the firmware signature key public key;
Performing credibility verification on the operating system kernel according to the kernel root key public key and the kernel signature key public key through the Chinese commercial cryptographic algorithm;
The verifying the credibility of the firmware by the Chinese commercial cryptographic algorithm according to the public key of the firmware root key and the public key of the firmware signature key comprises:
Obtaining a firmware root key public key hash value stored in the firmware and a firmware root key public key hash value stored in a secure storage area of the server;
performing first comparison between the firmware root key public key hash value stored in the firmware and the firmware root key public key hash value stored in the secure storage area of the server;
Determining whether root key public key verification in the firmware is passed or not according to a first comparison result;
And if so, performing second comparison on the public key of the firmware root key stored in the secure storage area of the server and the public key of the firmware signature key through the China business encryption algorithm.
2. The method of establishing a secure trust chain according to claim 1, further comprising, in the event that it is determined from the first comparison result that the root key public key verification in the firmware is not passed:
and sending out an alarm, recording an abnormal starting event and stopping the starting of the server.
3. The method of establishing a secure trust chain according to claim 1, further comprising, after the second comparison of the firmware root key public key stored in the secure storage area of the server with the firmware signing key public key in the firmware by the chinese commercial cryptographic algorithm:
Obtaining a second comparison result;
Extracting all information in the firmware when the second comparison result is passing; storing all the information to a hardware trusted root PCR, and recording a measurement log;
Measuring the firmware according to the Chinese commercial cryptographic algorithm under the condition that the second comparison result is not passed; and storing the measurement result to the hardware trusted root PCR, and recording the measurement log.
4. The method of establishing a secure trust chain according to claim 1, wherein said validating the trust of the operating system kernel by the chinese commercial cryptographic algorithm based on the kernel root key public key and the kernel signing key public key comprises:
obtaining a trusted key ring and extracting a kernel root key public key from a hardware trusted root;
Performing third comparison on the kernel root key public key and the trusted key ring through the Chinese commercial cryptographic algorithm;
extracting a kernel signature key public key from the trusted key ring under the condition that the third comparison result is passed;
and carrying out credibility verification on the kernel of the operating system through the kernel signing key public key.
5. The method of establishing a secure trust chain of claim 4, further comprising, after the trust verification of the operating system kernel by the kernel signing key public key passes:
And outputting prompt information for prompting the passing of the verification of the kernel credibility of the operating system.
6. A method of establishing a secure trust chain according to any of claims 1 to 5, wherein the chinese commercial cryptographic algorithm is an SM2 and/or SM3 algorithm.
7. An apparatus for establishing a secure trust chain, comprising:
The acquisition module is used for acquiring the firmware root key public key, the firmware signing key public key, the kernel root key public key and the kernel signing key public key; the public key of the firmware root key is stored in a secure storage area of the server and the firmware at the same time, and the public key of the firmware signature key is stored in the firmware;
The first verification module is used for verifying the credibility of the firmware through a Chinese commercial cryptographic algorithm according to the public key of the firmware root key and the public key of the firmware signature key;
the second verification module is used for verifying the credibility of the operating system kernel according to the kernel root key public key and the kernel signature key public key through the China business encryption algorithm;
the first verification module specifically includes:
Obtaining a firmware root key public key hash value stored in the firmware and a firmware root key public key hash value stored in a secure storage area of the server;
performing first comparison between the firmware root key public key hash value stored in the firmware and the firmware root key public key hash value stored in the secure storage area of the server;
Determining whether root key public key verification in the firmware is passed or not according to a first comparison result;
And if so, performing second comparison on the public key of the firmware root key stored in the secure storage area of the server and the public key of the firmware signature key through the China business encryption algorithm.
8. A server, comprising:
A memory for storing a computer program;
A processor for implementing the steps of the method of establishing a secure trust chain according to any one of claims 1 to 6 when executing said computer program.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, implements the steps of the method of establishing a secure trust chain according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210429038.5A CN114722413B (en) | 2022-04-22 | 2022-04-22 | Method, device, server and medium for establishing security trust chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210429038.5A CN114722413B (en) | 2022-04-22 | 2022-04-22 | Method, device, server and medium for establishing security trust chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114722413A CN114722413A (en) | 2022-07-08 |
| CN114722413B true CN114722413B (en) | 2024-06-25 |
Family
ID=82246337
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210429038.5A Active CN114722413B (en) | 2022-04-22 | 2022-04-22 | Method, device, server and medium for establishing security trust chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114722413B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106452783A (en) * | 2016-09-26 | 2017-02-22 | 上海兆芯集成电路有限公司 | Computer system and safe execution method |
| CN109245899A (en) * | 2018-09-06 | 2019-01-18 | 成都三零嘉微电子有限公司 | One kind being based on the novel trust chain design method of SM9 cryptographic algorithm |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111555881A (en) * | 2020-03-23 | 2020-08-18 | 中安云科科技发展(山东)有限公司 | Method and system for realizing national secret SSL protocol by using SDF and SKF |
| CN112784278B (en) * | 2020-12-31 | 2022-02-15 | 科东(广州)软件科技有限公司 | Trusted starting method, device and equipment of computer system |
-
2022
- 2022-04-22 CN CN202210429038.5A patent/CN114722413B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106452783A (en) * | 2016-09-26 | 2017-02-22 | 上海兆芯集成电路有限公司 | Computer system and safe execution method |
| CN109245899A (en) * | 2018-09-06 | 2019-01-18 | 成都三零嘉微电子有限公司 | One kind being based on the novel trust chain design method of SM9 cryptographic algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114722413A (en) | 2022-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200272739A1 (en) | Performing an action based on a pre-boot measurement of a firmware image | |
| CN106656502B (en) | Computer system and method for secure execution | |
| US10635821B2 (en) | Method and apparatus for launching a device | |
| US20100082960A1 (en) | Protected network boot of operating system | |
| EP3637297A1 (en) | Securing firmware | |
| US9270467B1 (en) | Systems and methods for trust propagation of signed files across devices | |
| CN110874494B (en) | Method, device and system for processing password operation and method for constructing measurement trust chain | |
| US20050166024A1 (en) | Method and apparatus for operating multiple security modules | |
| CN107480535A (en) | The reliable hardware layer design method and device of a kind of two-way server | |
| CN112835628A (en) | Server operating system booting method, device, equipment and medium | |
| CN112511306A (en) | Safe operation environment construction method based on mixed trust model | |
| CN112148314A (en) | Mirror image verification method, device, equipment and storage medium of embedded system | |
| CN107924440B (en) | Method, system, and computer readable medium for managing containers | |
| US11232209B2 (en) | Trojan detection in cryptographic hardware adapters | |
| CN112989362B (en) | CPU trusted starting system and method based on safety chip monitoring | |
| CN114722413B (en) | Method, device, server and medium for establishing security trust chain | |
| CN113906424A (en) | Apparatus and method for disk authentication | |
| CN115618360A (en) | Server tamper-proof safe starting method and device | |
| CN112825093B (en) | Security baseline checking method, host, server, electronic device and storage medium | |
| CN114995918A (en) | Starting method and configuration method and device of baseboard management controller and electronic equipment | |
| EP3891630B1 (en) | Method for end entity attestation | |
| CN114448794A (en) | Method and device for safely upgrading firmware based on trusted root of chip | |
| CN111723379A (en) | Trusted protection method, system, equipment and storage medium for trusted platform zone intelligent terminal | |
| CN117556430B (en) | Safe starting method, device, equipment and storage medium | |
| US12032679B2 (en) | Apparatus and method for disk attestation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |