CN117744088A - Virtual machine trusted starting method based on TPCM under ARM architecture - Google Patents
Virtual machine trusted starting method based on TPCM under ARM architecture Download PDFInfo
- Publication number
- CN117744088A CN117744088A CN202311731108.3A CN202311731108A CN117744088A CN 117744088 A CN117744088 A CN 117744088A CN 202311731108 A CN202311731108 A CN 202311731108A CN 117744088 A CN117744088 A CN 117744088A
- Authority
- CN
- China
- Prior art keywords
- measurement
- kvm
- virtual machine
- uefi
- starting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- JBWKIWSBJXDJDT-UHFFFAOYSA-N triphenylmethyl chloride Chemical compound C=1C=CC=CC=1C(C=1C=CC=CC=1)(Cl)C1=CC=CC=C1 JBWKIWSBJXDJDT-UHFFFAOYSA-N 0.000 title claims abstract 15
- 230000008569 process Effects 0.000 claims abstract description 27
- 238000005259 measurement Methods 0.000 claims description 172
- 230000006870 function Effects 0.000 claims description 57
- 238000012545 processing Methods 0.000 claims description 29
- 238000005192 partition Methods 0.000 claims description 8
- 238000005315 distribution function Methods 0.000 claims description 5
- 238000012546 transfer Methods 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 102100033668 Cartilage matrix protein Human genes 0.000 description 1
- 101001018382 Homo sapiens Cartilage matrix protein Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a virtual machine trusted starting method based on TPCM under ARM architecture, relating to the technical field of virtualization and trusted computing. Executing a QEMU command on a host machine to start a virtual machine, loading initial UEFI firmware into a QEMU process space by the QEMU, simulating Flash equipment for the virtual machine, executing a virtual machine starting command, entering the virtual machine to run, and sequentially starting UEFI, boot Loader and OS Kernel to realize the trusted starting of the virtual machine. The method provides a virtual machine trusted starting method based on hardware TPCM under ARM architecture, and the safety of the starting process is effectively ensured.
Description
Technical Field
The invention relates to the technical field of virtualization and trusted computing, in particular to a virtual machine trusted starting method based on TPCM (Trusted Platform Control Module ) under ARM (Advanced RISC Machine, advanced reduced instruction set machine) architecture.
Background
The trusted computing technology is used as an important information security technology based on a non-tamperable physical security chip, and can establish a trust chain from loading to running of a system through a trusted measurement mechanism so as to ensure that the system or software runs in a trusted state expected by a design target. In particular, the TPM2.0 specification proposed by the international Trusted computing group (Trusted Computing Group, TCG) uses a Trusted platform module (Trusted PlatformModule, TPM) as a root of trust, and ensures the system reliability through progressive measurement of the system. However, in the TPM2.0 specification, the TPM is designed as a passive component, lacking active control over platform security. In addition, the trusted metric root (Core Root of Trust for Measurement, CRTM) is stored as a software module in the BIOS (Basic Input Output System, computer software) outside the TPM, and is vulnerable to malicious attacks. Therefore, in combination with national conditions and state of the art, shen Changxiang institutes put forward the idea of trusted computing 3.0, namely, a trusted platform control module (TPCM, trusted PlatformControl Module) is used as a trust root to completely separate a computing component from a protecting component, the TPCM is used as a core of the protecting component to start before the computing component, and the computing component is actively measured and controlled, so that the trusted guarantee of the full life cycle of the computing component is realized.
The prior disclosed virtual machine trusted starting method based on TPCM mainly has the following problems.
(1) Most of the research on trusted starting of the virtual machine is directed at an X86 architecture server, and 16-bit X86 BIOS simulation software, namely SeaBIOS, is adopted as virtual machine starting firmware, however, seaBIOS cannot provide starting support for the virtual machine of ARM architecture.
(2) The existing research for realizing the trusted starting of the virtual machine based on the TPCM of the host machine is generally based on a virtual trusted platform control module vTPCM simulated by software, and the virtual trusted platform control module vTPCM runs on an application layer of a computing component and has a certain security risk.
Disclosure of Invention
In the prior art, unified extensible firmware interface (Unified Extensible Firmware Interface, UEFI) is a new firmware interface specification, and almost all architecture operating systems support booting from UEFI, and EDK II is one of the most commonly used open source implementations of UEFI specification, and can be used to replace SeaBIOS as the boot firmware of an ARM virtual machine. After the SeaBIOS is replaced by the UEFI, the measurement information of each stage of starting the virtual machine can be acquired in the kernel layer, and the TPCM is fully utilized for protection, so that the trusted starting of the virtual machine under the ARM architecture is realized.
Aiming at the problems, the invention provides a virtual machine trusted starting method based on TPCM under ARM architecture. First, by inserting measurement hooks at each stage of virtual machine startup, the important components and configurations loaded during virtual machine startup are measured. And secondly, using a system call and a virtual machine exit mechanism to transfer the measurement information into the kernel. And finally, performing safety protection on the measurement information of the virtual machine by utilizing the TPCM, and finally realizing the trusted starting of the virtual machine based on the TPCM under the ARM architecture.
The method comprises the following steps:
s1: in the KVM module, a metric information data structure, an IOCTL (Input/Output Control, a system call for device Input Output operation) identifier and an HVC (Hypervisor Virtualization Code ) call processing function descriptor are added; registering a new system call processing function in the IOCTL system call distribution function, and adding a processing function corresponding to the HVC call processing function descriptor;
s2: metrics for loading initial UEFI firmware phase: in QEMU (Quick EMULATOR, virtual operating system simulator), adding UEFI firmware measurement hook, performing SM3 (a cryptographic hash function standard) measurement on virtual machine boot firmware of ARM architecture, and transmitting measurement information into KVM (Kernel-based Virtual Machine );
s3: metrics for UEFI firmware platform initialization phase: adding a measurement hook into the EDK II, measuring a module and configuration information loaded by a PEIM module (Pre-EFIInitialization Module ), a UEFI driver, a UEFI application program, an option ROM, a boot policy, an ACPI (Advanced Configuration and Power Interface ) table, a GPT (GUID Partition Table, globally unique identification partition table) partition table and other initialization stages, and transmitting the measurement information into the KVM; adding the measurement service of SM3 and the exit service of the virtual machine in EDK II;
s4: metrics for the load operating system boot stage: adding a measurement hook in the BDS (Boot Device Select, starting device selection) stage, measuring the SHIM component before the control right is transferred to the SHIM (First-Stage UEFI Bootloader, UEFI First-stage director), and transmitting measurement information into the KVM to finish measurement of the SHIM component; adding GRUB (GRand Unified Bootloader, multiple operating system bootstrap) measurement hook to measure GRUB code and configuration information thereof in SHIM, and transmitting measurement information into KVM to complete measurement of component GRUB;
s5: metrics for the kernel phase of the loading operating system: in the GRUB, an OS Kernel measurement hook is added, an SM3 measurement service interface measurement OS Kernel (operating system Kernel) code and configuration are called, a KVM exit service interface data structure is called, and measurement information is transmitted into the KVM;
s6: using TPCM protection metric information: adding a measurement log record function in the KVM, and storing measurement values of all components in the starting process of the virtual machine into a protection storage area corresponding to the TPCM by calling the TPCM interface;
s7: executing a virtual machine starting command, and sequentially starting UEFI, boot Loader and OS Kernel to realize the trusted starting of the virtual machine.
Preferably, S1 specifically includes:
s11: adding a measurement information data structure kvm_sm3_measurement_info comprising UUID (Universally Unique Identifier, universal unique identification code) of the virtual machine, the type of data to be measured, description information of the data to be measured and corresponding SM3 algorithm measurement values in the KVM module so as to identify measurement information of each stage of starting the virtual machine;
s12: in the KVM module, an IOCTL system call identifier KVM_SM3_UEFI_MEASURE is added, and a new system call processing function is registered in the IOCTL system call distribution function kvm_dev_ioct; the system call processing function is used for converting the received measurement information data structure pointer to acquire the data content in kvm_sm3_measurement_info corresponding to the measurement information;
s13: in the KVM module, adding an HVC call processing function descriptor ARM_SMCCC_KVM_MEASURE; and adding corresponding processing functions for fetching the metric information from the virtual machine registers and writing the return values back to the registers.
Preferably, S2 specifically includes:
s21: adding a measurement information data structure kvm_ioctl_sm3_measurement_info comprising a UUID of the virtual machine, a type of data to be measured, description information of the data to be measured and a corresponding SM3 algorithm measurement value into the QEMU;
s22: in QEMU, loading UEFI firmware into a memory, simulating flash equipment, adding a measurement hook function, and carrying out SM3 algorithm measurement on the UEFI firmware by introducing OpenSSL cipher library support;
s23: filling a measurement information data structure kvm_ioctl_sm3_measurement_info, and acquiring a UUID of the virtual machine, a type of data to be measured, description information of the data to be measured and an SM3 algorithm measurement value obtained by performing SM3 algorithm measurement on UEFI firmware from a global variable;
s24: invoking IOCTL system invokes to enter EL2 exception level, and the measurement information is transmitted into KVM.
Preferably, S3 specifically includes:
s31: adding measurement information for describing the subsequent starting stage of the virtual machine, wherein the measurement information comprises a measurement information data structure kvm_ hvc _sm3_measurement_info of a type of data to be measured, description information of the data to be measured and a corresponding SM3 algorithm measurement value;
s32: adding a measurement hook in the SEC stage, the PEI stage and the DXE stage, and intercepting and measuring a module to be loaded or key configuration, wherein the module comprises a PEIM module, a UEFI driver, a UEFI application program and an optional ROM, and the key configuration comprises a virtual machine starting strategy, an ACPI table and a GPT partition table;
s33: adding an SM3 library module for adding a KVM exit function handle_kvm_exit by using an SM3 algorithm in the SEC stage and the PEI stage and transmitting measurement information to the KVM;
s34: in the Arm architecture package description file of the UEFI, an SM3 hash driving module CryptoDxe for installing an SM3 metric service Protocol and a KVM exit driving module ArmHvcDxe for installing a KVM exit service Protocol are added.
Preferably, S4 specifically includes:
s41: adding a metric hook function for measuring SHIM components before control is transferred to SHIM and transmitting metric information into KVM during BDS phase of UEFI;
s42: in the SHIM component, an SM3 service algorithm identifier for calling an SM3 service interface provided by UEFI to carry out GRUB measurement and a KVM exit service interface for calling the UEFI are added, and measurement information is transmitted to enter a KVM service calling algorithm identifier of a KVM module;
s43: in the SHIM component, a GRUB metric hook function is added for measuring GRUB code and configuration files prior to GRUB running.
Preferably, S5 specifically includes:
s51: in the GRUB component, an SM3 service algorithm identifier for calling an SM3 service interface provided by UEFI to carry out GRUB measurement and a KVM exit service interface for calling the KVM exit service interface provided by UEFI are added, and measurement information is transmitted to enter a KVM service calling algorithm identifier of a KVM module;
s52: in the GRUB component, a metric hook function is added for measuring OS Kernel related components and configuration information before the GRUB transfers control to the OS Kernel.
Preferably, S6 specifically includes:
s61: in the KVM module, a measurement log record function vm_measurement_info_log ()' for recording measurement logs of each component in the starting process of the virtual machine acquired by the KVM is added;
s62: and adding a TPCM interface calling function for expanding the measurement values of each component into the protection storage area corresponding to the TPCM in the starting process of the virtual machine in the KVM module.
Therefore, the technical scheme provided by the invention is that by modifying the components of each stage of the virtual machine starting, the measurement hooks are inserted before the components of each stage of the virtual machine starting are loaded, the important components and configuration loaded in the virtual machine starting process are measured, and measurement information is generated; by utilizing a system call and a virtual machine exit mechanism, a kernel KVM module successfully acquires measurement information of each stage of virtual machine starting by adding a new system call and a new virtual machine exit event processing function; and the virtual machine measurement value is expanded into the TPCM by adding the TPCM interface calling and measurement log recording functions, so that the safety protection of measurement information of each stage of virtual machine starting is realized, the trusted starting of the virtual machine based on the TPCM under the ARM architecture is finally realized, and the trusted starting of each stage of the virtual machine is ensured. On the other hand, the method is based on hardware implementation, and the starting process is safer.
In short, after the SeaBIOS is replaced by the UEFI with higher safety and stronger compatibility, the measurement information of each component in the trusted starting process of the virtual machine is acquired in the kernel layer by utilizing the virtual machine exit mechanism and the system call mechanism, and finally the protection is carried out through the protection component in the host double-system structure, so that the safety of the starting process of the virtual machine is ensured.
Drawings
FIG. 1 is a schematic diagram of a QEMU/KVM virtual machine startup process according to the present invention.
Fig. 2 is a timing diagram illustrating the measurement of initial UEFI firmware according to the present invention.
Fig. 3 is a schematic timing diagram illustrating the operation of measuring the initial stage component of the UEFI platform according to the present invention.
FIG. 4 is a timing diagram illustrating the measurement of an OS boot according to the present invention.
FIG. 5 is a timing diagram illustrating the measurement of an operating system kernel according to the present invention.
Detailed Description
The present invention will be described in further detail below with reference to the drawings and the specific examples.
A specific startup flow of the QEMU/KVM virtual machine is shown in FIG. 1. Firstly, executing a QEMU command on a host machine to start a virtual machine, loading initial UEFI firmware into a QEMU process space by the QEMU, simulating Flash equipment for the virtual machine, and finally entering the virtual machine to run, and starting UEFI, bootLoader and OS Kernel in sequence.
Examples
Step 1: virtual machine startup can be divided into four phases, loading initial UEFI firmware, UEFI firmware platform initialization, loading operating system boot (BootLoader), and loading operating system Kernel (OS Kernel). In order to acquire the measurement information in the process of starting the virtual machine in the kernel, IOCTL system call and a new virtual machine exit event processing support function are added in the KVM module, so that support is provided for each component to transmit the measurement information to the KVM in the process of starting the virtual machine. The method comprises the following steps:
step 1.1: in order to identify the information of the measurement data in each stage of the virtual machine starting, a measurement information data structure kvm_sm3_measurement_info is added in the KVM module, wherein the data structure comprises a UUID of the virtual machine, a type of the data to be measured, description information of the data to be measured and a corresponding SM3 algorithm measurement value.
The corresponding structure is as follows:
struct kvm_sm3_measure_info {
__u8 uuid[4];
__u64 sm3_hash[4];
__u8 measured_type;
__u64 measured_desc;
};
step 1.2: in the KVM module, IOCTL system calls and corresponding processing functions are added to provide support for QEMU measurement initial UEFI firmware. Specifically, the IOCTL system call identifier KVM_SM3_UEFI_MEASURE is added; registering a new system call processing function in the IOCTL system call distribution function kvm_dev_ioctl, wherein the processing function converts the received measurement information data structure pointer to acquire the address content of measurement information kvm_sm3_measurement_info.
The IOCTL identifier is specifically:
#define KVM_SM3_MEASURE _\
IOWR(KVMIO,0X10,struct kvm_sm3_measure_info)
step 1.3: in the ARM architecture, the virtual machine may trigger a virtual machine exit event through an HVC instruction implementation. In the KVM module, HVC calling processing function descriptors and corresponding processing functions are added to provide a support for transferring measurement information for the subsequent stage of virtual machine starting. Specifically, adding an HVC call processing function descriptor ARM_SMCCC_KVM_MEASURE; and adding a corresponding processing function, taking out the measurement information from the virtual machine register, and writing the return value back to the register.
Step 2: for the measurement of loading initial UEFI firmware stage, SM3 measurement is carried out on virtual machine guide firmware of ARM architecture by adding UEFI firmware measurement hooks in QEMU, and measurement information is transmitted into KVM, so that the credibility of the initial running firmware of the virtual machine is ensured; a detailed procedure for initial UEFI firmware metrics is shown in fig. 2.
The step 2 is specifically as follows:
step 2.1: a metric information data structure kvm_ioctl_sm3_measure_info is added to the QEMU, wherein the data structure comprises a virtual machine UUID, a data type to be measured, data description information to be measured and corresponding SM3 algorithm metric values.
Step 2.2: after QEMU loads UEFI firmware into memory and simulates flash equipment, a measurement hook function is added, and SM3 algorithm measurement is carried out on the UEFI firmware by introducing OpenSSL cipher library support.
Step 2.3: filling a metric information data structure kvm_ioctl_sm3_measure_info, acquiring a UUID of the virtual machine from the global variable, and obtaining the type of the data to be measured, the description information of the data to be measured and the metric value of the SM3 algorithm in the corresponding step 2.2.
Step 2.4: the call IOCTL system call enters the EL2 exception level for passing metric information into KVM.
Step 3: for the measurement of the initialization stage of the UEFI firmware platform, a measurement hook is added in the EDK II, and the measurement PEIM module, the UEFI driver, the UEFI application program, the option ROM, the boot strategy, the ACPI table, the GPT partition table and other modules and configuration information loaded in the initialization stage are used for ensuring the trust of key components of the initialization stage of the UEFI platform by transmitting the measurement information into the KVM. In addition, SM3 measurement service and KVM exit service implementation are added, and service interface support and trusted starting support are provided for a subsequent operating system guide to be loaded and an operating system kernel; a detailed process of measuring important components of the UEFI platform initialization phase is shown in fig. 3.
The step 3 is specifically as follows:
step 3.1: the metric information data structure kvm_ hvc _sm3_measure_info is added and is used for describing the metric information of the subsequent stage of starting the virtual machine, and the data structure comprises the type of data to be measured, the descriptive information of the data to be measured and the corresponding SM3 algorithm metric value.
Step 3.2: and a measurement hook is added in the SEC stage, the PEI stage and the DXE stage, a module to be loaded or a key configuration is intercepted and measured, the measured module comprises a PEIM module, a UEFI driver, a UEFI application program and an optional ROM, and the key configuration comprises a virtual machine starting strategy, an ACPI table and a GPT partition table.
Step 3.3: the SM3 library module is used for adding a KVM exit function handle_kvm_exit by using an SM3 algorithm in the SEC stage and the PEI stage and used for transmitting measurement information to the KVM.
Step 3.4: adding an SM3 hash driving module CryptoDxe in an Arm architecture package description file of UEFI, wherein the driving module is used for installing an SM3 measurement service Protocol; a KVM exit driving module ArmHvcDxe is added, and the driving module is used for installing a KVM exit service Protocol.
Step 4: for metrics of the load operating system boot stage, metrics are needed because the operating system boot is typically split into two steps, corresponding to SHIM and GRUB components, respectively. For the measurement of the component SHIM, a measurement hook is added in the BDS stage, and before the control right is transferred to the SHIM, the SHIM component is measured and measurement information is transmitted into the KVM, so that the credibility of the SHIM is ensured; for the measurement of the component GRUB, GRUB measurement hooks are added in the SHIM, GRUB codes and configuration information thereof are measured, and the measurement information is transmitted into the KVM, so that the reliability of the GRUB is ensured. The detailed process of making metrics for an operating system director is shown in fig. 4.
The step 4 is specifically as follows:
step 4.1: adding a metric hook function at the BDS stage of the UEFI for measuring the SHIM component and transmitting the metric information into the KVM before transferring control to the SHIM;
step 4.2: adding an SM3 service algorithm identifier in the SHIM component, wherein the SM3 service algorithm identifier is used for calling an SM3 service interface provided by UEFI to carry out GRUB measurement; and adding a KVM service calling algorithm identifier for calling a KVM exit service interface provided by UEFI and transmitting the measurement information into the KVM module.
Step 4.3: in the SHIM component, a GRUB metric hook function is added for measuring GRUB code and configuration files before GRUB runs.
Step 5: for the measurement of the Kernel stage of the loading operating system, an OS Kernel measurement hook is added in the GRUB, SM3 measurement service interface measurement OS Kernel code and configuration are called, a KVM exit service interface data structure is called, and measurement information is transmitted into the KVM. A detailed process for measuring for an operating system kernel is shown in fig. 5.
The step 5 specifically comprises the following steps:
step 5.1: adding an SM3 service algorithm identifier in the GRUB component, wherein the SM3 service algorithm identifier is used for calling an SM3 service interface provided by UEFI to carry out GRUB measurement; and adding a KVM service calling algorithm identifier for calling a KVM exit service interface provided by UEFI and transmitting the measurement information into the KVM module.
Step 5.2: a measurement hook function is added in the GRUB component for measuring the OS Kernel related component and configuration information before the GRUB transfers control to the OS Kernel.
Step 6: and adding a measurement log record function into the KVM by using the TPCM protection measurement information, and storing the measurement values of all components in the starting process of the virtual machine into a protection storage area corresponding to the TPCM by calling the TPCM interface, thereby ensuring that the measurement values of all components in the starting process are not tampered.
The step 6 specifically comprises the following steps:
step 6.1: in the KVM module, a measurement log recording function vm_measure_info_log () is added and is used for recording measurement logs of all components in the starting process of the virtual machine obtained by the KVM;
step 6.2: and adding a TPCM interface calling function in the KVM module, wherein the TPCM interface calling function is used for expanding the measurement values of each component in the starting process of the virtual machine into a protection storage area corresponding to the TPCM.
Step 7: and finally, executing a virtual machine starting command, entering the virtual machine to run, and sequentially starting the UEFI, the Boot Loader and the OS Kernel to realize the trusted starting of the virtual machine.
Therefore, the technical scheme provided by the invention is that by modifying the components of each stage of the virtual machine starting, the measurement hooks are inserted before the components of each stage of the virtual machine starting are loaded, the important components and configuration loaded in the virtual machine starting process are measured, and measurement information is generated; by utilizing a system call and a virtual machine exit mechanism, a kernel KVM module successfully acquires measurement information of each stage of virtual machine starting by adding a new system call and a new virtual machine exit event processing function; and the virtual machine measurement value is expanded into the TPCM by adding the TPCM interface calling and measurement log recording functions, so that the safety protection of measurement information of each stage of virtual machine starting is realized, the trusted starting of the virtual machine based on the TPCM under the ARM architecture is finally realized, and the trusted starting of each stage of the virtual machine is ensured. On the other hand, the method is based on hardware implementation, and the starting process is safer.
In short, after the SeaBIOS is replaced by the UEFI with higher safety and stronger compatibility, the measurement information of each component in the trusted starting process of the virtual machine is acquired in the kernel layer by utilizing the virtual machine exit mechanism and the system call mechanism, and finally the protection is carried out through the protection component in the host double-system structure, so that the safety of the starting process of the virtual machine is ensured.
On the basis of obtaining the beneficial effects, the following technical effects are also achieved: in the KVM module, the added measurement information data structure can identify the information of measurement data in each stage of virtual machine starting, the added IOCTL system call and the corresponding processing function can provide support for the QEMU measurement initial UEFI firmware, the added HVC call processing function descriptor and the corresponding processing function can provide support for transferring measurement information in the subsequent stage of virtual machine starting; SM3 measurement is carried out on the virtual machine guide firmware of the ARM framework, and measurement information is transmitted into the KVM, so that the credibility of the initial running firmware of the virtual machine can be ensured; the SM3 measurement service and the KVM exit service are added to provide service interface support for the subsequent to-be-loaded operating system guide and the operating system kernel; the measurement hook is added in the BDS stage, the SHIM component is measured before the control right is transferred to the SHIM, and the measurement information is transmitted into the KVM, so that the trust of the SHIM can be ensured; the GRUB measurement hook is added in the SHIM, the GRUB code and configuration information thereof are measured, and the measurement information is transmitted into the KVM, so that the reliability of the GRUB can be ensured.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (7)
1. The trusted starting method of the virtual machine based on TPCM under ARM architecture is characterized by comprising the following steps:
s1: adding a measurement information data structure, an IOCTL system call identifier and an HVC call processing function descriptor in the KVM module; registering a new system call processing function in the IOCTL system call distribution function, and adding a processing function corresponding to the HVC call processing function descriptor;
s2: metrics for loading initial UEFI firmware phase: in QEMU, UEFI firmware measurement hooks are added, SM3 measurement is carried out on virtual machine boot firmware of ARM architecture, and measurement information is transmitted into KVM;
s3: metrics for UEFI firmware platform initialization phase: adding a measurement hook in the EDK II, measuring a module and configuration information loaded in the steps of a PEIM module, a UEFI driver, a UEFI application program, an optional ROM, a boot strategy, an ACPI table, a GPT partition table and other initialization stages, and transmitting the measurement information into the KVM; adding the measurement service of SM3 and the exit service of the virtual machine in EDK II;
s4: metrics for the load operating system boot stage: adding a measurement hook in the BDS stage, measuring the SHIM component before the control right is transferred to the SHIM, and transmitting measurement information into the KVM to finish the measurement of the SHIM component; adding GRUB measurement hook measurement GRUB codes and configuration information thereof into the SHIM, and transmitting measurement information into the KVM to finish measurement of the component GRUB;
s5: metrics for the kernel phase of the loading operating system: in the GRUB, an OS Kernel measurement hook is added, an SM3 measurement service interface measurement OS Kernel code and configuration are called, a KVM exit service interface data structure is called, and measurement information is transmitted into the KVM;
s6: using TPCM protection metric information: adding a measurement log record function in the KVM, and storing measurement values of all components in the starting process of the virtual machine into a protection storage area corresponding to the TPCM by calling the TPCM interface;
s7: executing a virtual machine starting command, and sequentially starting the UEFI, the Boot Loader and the OS Kernel to realize the trusted starting of the virtual machine.
2. The method for trusted starting up of a virtual machine based on TPCM in ARM architecture as claimed in claim 1, wherein said S1 comprises:
s11: adding a measurement information data structure comprising UUID of the virtual machine, data type to be measured, description information of the data to be measured and corresponding SM3 algorithm measurement value in the KVM module, so as to identify measurement information of each stage of starting of the virtual machine;
s12: in the KVM module, an IOCTL system call identifier KVM_SM3_UEFI_MEASURE is added, and a new system call processing function is registered in the IOCTL system call distribution function kvm_dev_ioct; the system call processing function is used for converting the received measurement information data structure pointer to acquire the data content in kvm_sm3_measurement_info corresponding to the measurement information;
s13: in the KVM module, adding an HVC call processing function descriptor ARM_SMCCC_KVM_MEASURE; and adding corresponding processing functions for fetching the metric information from the virtual machine registers and writing the return values back to the registers.
3. The method for trusted starting up of a virtual machine based on TPCM in ARM architecture as claimed in claim 1, wherein said S2 comprises:
s21: adding a measurement information data structure kvm_ioctl_sm3_measurement_info comprising a UUID of the virtual machine, a type of data to be measured, description information of the data to be measured and a corresponding SM3 algorithm measurement value into the QEMU;
s22: in QEMU, loading UEFI firmware into a memory, simulating flash equipment, adding a measurement hook function, and carrying out SM3 algorithm measurement on the UEFI firmware by introducing OpenSSL cipher library support;
s23: filling a measurement information data structure kvm_ioctl_sm3_measurement_info, and acquiring a UUID of the virtual machine, a type of data to be measured, description information of the data to be measured and an SM3 algorithm measurement value obtained by performing SM3 algorithm measurement on UEFI firmware from a global variable;
s24: invoking IOCTL system invokes to enter EL2 exception level, and the measurement information is transmitted into KVM.
4. The method for trusted starting up of a virtual machine based on TPCM in ARM architecture as claimed in claim 1, wherein said S3 comprises:
s31: adding measurement information for describing the subsequent starting stage of the virtual machine, wherein the measurement information comprises a measurement information data structure kvm_ hvc _sm3_measurement_info of a type of data to be measured, description information of the data to be measured and a corresponding SM3 algorithm measurement value;
s32: adding a measurement hook in the SEC stage, the PEI stage and the DXE stage, and intercepting and measuring a module to be loaded or key configuration, wherein the module comprises a PEIM module, a UEFI driver, a UEFI application program and an optional ROM, and the key configuration comprises a virtual machine starting strategy, an ACPI table and a GPT partition table;
s33: adding an SM3 library module for adding a KVM exit function handle_kvm_exit by using an SM3 algorithm in the SEC stage and the PEI stage and transmitting measurement information to the KVM;
s34: in the Arm architecture package description file of the UEFI, an SM3 hash driving module CryptoDxe for installing an SM3 metric service Protocol and a KVM exit driving module ArmHvcDxe for installing a KVM exit service Protocol are added.
5. The method for trusted starting up of a virtual machine based on TPCM in ARM architecture as claimed in claim 1, wherein said S4 comprises:
s41: adding a metric hook function for measuring SHIM components before control is transferred to SHIM and transmitting metric information into KVM during BDS phase of UEFI;
s42: in the SHIM component, an SM3 service algorithm identifier for calling an SM3 service interface provided by UEFI to carry out GRUB measurement and a KVM exit service interface for calling the UEFI are added, and measurement information is transmitted to enter a KVM service calling algorithm identifier of a KVM module;
s43: in the SHIM component, a GRUB metric hook function is added for measuring GRUB code and configuration files prior to GRUB running.
6. The method for trusted starting up of a virtual machine based on TPCM in ARM architecture as claimed in claim 1, wherein said S5 comprises:
s51: in the GRUB component, an SM3 service algorithm identifier for calling an SM3 service interface provided by UEFI to carry out GRUB measurement and a KVM exit service interface for calling the KVM exit service interface provided by UEFI are added, and measurement information is transmitted to enter a KVM service calling algorithm identifier of a KVM module;
s52: in the GRUB component, a metric hook function is added for measuring OS Kernel related components and configuration information before the GRUB transfers control to the OS Kernel.
7. The method for trusted starting up of a virtual machine based on TPCM in ARM architecture as claimed in claim 1, wherein said S6 comprises:
s61: in the KVM module, a measurement log record function vm_measurement_info_log ()' for recording measurement logs of each component in the starting process of the virtual machine acquired by the KVM is added;
s62: and adding a TPCM interface calling function for expanding the measurement values of each component into the protection storage area corresponding to the TPCM in the starting process of the virtual machine in the KVM module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311731108.3A CN117744088A (en) | 2023-12-15 | 2023-12-15 | Virtual machine trusted starting method based on TPCM under ARM architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311731108.3A CN117744088A (en) | 2023-12-15 | 2023-12-15 | Virtual machine trusted starting method based on TPCM under ARM architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117744088A true CN117744088A (en) | 2024-03-22 |
Family
ID=90255693
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311731108.3A Pending CN117744088A (en) | 2023-12-15 | 2023-12-15 | Virtual machine trusted starting method based on TPCM under ARM architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117744088A (en) |
-
2023
- 2023-12-15 CN CN202311731108.3A patent/CN117744088A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109992972B (en) | Method and system for establishing trust chain in cloud environment | |
| US9075995B2 (en) | Dynamically loaded measured environment for secure code launch | |
| JP5512610B2 (en) | Method, system, and machine-readable storage medium for permitting or blocking access to memory from non-firmware agent | |
| US7752428B2 (en) | System and method for trusted early boot flow | |
| US7937575B2 (en) | Information processing system, program product, and information processing method | |
| US7984286B2 (en) | Apparatus and method for secure boot environment | |
| US6978018B2 (en) | Technique to support co-location and certification of executable content from a pre-boot space into an operating system runtime environment | |
| CN112800429B (en) | Method for protecting driver in UEFI BIOS firmware system based on basicity | |
| US20150135311A1 (en) | Virtual machine validation | |
| US8327415B2 (en) | Enabling byte-code based image isolation | |
| US20090031202A1 (en) | Methods, Systems, and Computer Program Products for Class Verification | |
| EP1485797B1 (en) | Boot process | |
| WO2012084837A1 (en) | Virtual machine validation | |
| US10430589B2 (en) | Dynamic firmware module loader in a trusted execution environment container | |
| CN106778249B (en) | Method and system for constructing trusted execution environment of Java program | |
| CN111966470B (en) | Loading method and device of virtual machine monitor and electronic equipment | |
| US11416614B2 (en) | Statistical detection of firmware-level compromises | |
| CN117744088A (en) | Virtual machine trusted starting method based on TPCM under ARM architecture | |
| US20230031974A1 (en) | Enabling spi firmware updates at runtime | |
| WO2018054466A1 (en) | Virtualization of a trusted computing base | |
| WO2023045744A1 (en) | Reinforcement method, registration method, running method, electronic device and storage medium | |
| US20240160431A1 (en) | Technologies to update firmware and microcode | |
| US20230385046A1 (en) | Method and System for Repairing Device Tree, and Computer-Readable Storage Medium | |
| US20230401316A1 (en) | Pre-authorized virtualization engine for dynamic firmware measurement | |
| US20220197673A1 (en) | Binary Image Publication by Firmware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |