CN117992969B - Trusted system integrity verification method and device and electronic equipment - Google Patents
Trusted system integrity verification method and device and electronic equipment Download PDFInfo
- Publication number
- CN117992969B CN117992969B CN202410397780.1A CN202410397780A CN117992969B CN 117992969 B CN117992969 B CN 117992969B CN 202410397780 A CN202410397780 A CN 202410397780A CN 117992969 B CN117992969 B CN 117992969B
- Authority
- CN
- China
- Prior art keywords
- check value
- application software
- verification
- root
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 156
- 238000000034 method Methods 0.000 title claims abstract description 77
- 230000008569 process Effects 0.000 claims abstract description 46
- 238000011900 installation process Methods 0.000 claims description 11
- 238000013524 data verification Methods 0.000 claims description 5
- 238000009434 installation Methods 0.000 abstract description 13
- 230000000750 progressive effect Effects 0.000 abstract 1
- 238000004364 calculation method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 238000005259 measurement Methods 0.000 description 5
- 230000006399 behavior Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 239000003153 chemical reaction reagent Substances 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000000691 measurement method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a trusted system integrity checking method and device and electronic equipment, belonging to the technical field of system security, wherein the method comprises the following steps: in the process of system installation, signature verification is carried out on the image files of the system; calculating a first root check value of the system according to hash values corresponding to all first starting items in the system; checking preset files in the system to obtain a first check value of each preset file; storing the first root check value and the first check value of each preset file into a trusted hardware storage area; when the system is started for the first time, the credibility of the system is checked successively according to a first root check value and a first check value stored in the hardware access area, and the system is started successfully under the condition that the check is passed. The invention can carry out all-round integrity check on the system, and the check process is progressive layer by layer and is buckled ring by ring, so that the integrity check of the system is credible and safe.
Description
Technical Field
The present invention relates to the field of system security technologies, and in particular, to a trusted system integrity verification method and apparatus, and an electronic device.
Background
TC (Trusted Computing ) is a technology that is driven and developed by TCG (Trusted Computing Group ). One of its core goals is to ensure the integrity of the system and applications, thereby determining the trusted state that the system or software is running in the design goals desire. Based on cryptographic technology, the chip is used as a trust root, and the main board is used as a platform, and generally consists of an operating system, a BIOS and a special chip on the main board.
The purpose of the trusted computing is to radically stop the source of viruses. The method is a technology combining software and hardware, and a trusted hardware device is introduced into a platform to serve as a trusted root, so that an effective way is provided for establishing a trusted computing environment. The method not only inherits the traditional technology and application, but also reflects the current application requirements and technical characteristics, integrates the modern management concept and the human social trust mechanism, becomes a new element in the field of information security, and is continuously explored and developed in practice. Trust is not equivalent to security, but is the basis for security because security schemes, policies, can further ensure security purposes only if run in an untampered environment. By ensuring the integrity of the system and the application, the correct software stack can be ensured to be used, and the software stack can be found out in time after being attacked and changed. In general, incorporating trusted verification in systems and applications can reduce the likelihood of attacks due to the use of unknown or tampered systems and applications.
The trusted root is the trusted root, is used as a trusted base point in a trusted computer system and is an anchor node of system trust, the reliability of codes is measured and recorded from the trusted root through an integrity measurement and an integrity storage technology, a trusted source of an information system trusted environment is constructed, the trusted measurement is expanded from the trusted root to the whole system, and finally, the chain transmission of trust is realized. The trusted root is the measurement basis of the integrity of all system behaviors, the security and high performance of the trusted root are the basis of the trust of the whole trust chain, the trusted root has very special positions in the system, and the security problem of the trusted root can be avoided to the greatest extent only by containing the basic functions related to the security of the system. Because improper behavior in the trusted root is undetectable, the trusted root is a system element that must be trusted, typically with a trusted hardware chip as the trusted root of the computer system. The platform is ensured to be trusted by using an algorithm and a secret key which are implanted in trusted hardware by a chip manufacturer and an integrated special microcontroller to measure and verify an application software stack.
The existing system integrity measurement method mainly focuses on static integrity measurement of the system, focuses on safety hardware, and has poor flexibility.
Disclosure of Invention
The invention aims to provide a trusted system integrity checking method and device and electronic equipment, which can solve the problem of poor flexibility in system integrity measurement in the prior art.
In order to solve the technical problems, the invention provides the following technical scheme:
the embodiment of the invention provides a trusted system integrity checking method, which comprises the following steps:
in the system installation process, signature verification is carried out on the image file of the system;
Under the condition that signature verification is passed, calculating a first root verification value of the system according to hash values corresponding to all first starting items in the system, wherein the first starting items are part or all of all the starting items in the system;
checking preset files in the system to obtain a first check value of each preset file;
storing the first root check value and the first check value of each preset file into a trusted hardware storage area;
When the system is started for the first time, the credibility of the system is checked successively according to the first root check value stored in the hardware access area and the first check value of each preset file, and the system is started successfully under the condition that the verification is passed.
Optionally, when the system is started for the first time, the step of sequentially checking the reliability of the system according to the first root check value stored in the hardware access area and the first check value of each preset file includes:
when a system is started for the first time, calculating a second root check value according to hash values corresponding to the first starting items in the system;
comparing whether the first root check value stored in the hardware access area is the same as the second root check value;
If the preset files are the same, checking the preset files in the system to obtain a second checking value of each preset file;
correspondingly comparing whether the first check value and the second check value corresponding to each preset file are the same or not;
If yes, the system is determined to be credible.
Optionally, after the step of successfully starting the system in the case of verification pass, the method further comprises:
in the process of installing the application software, carrying out credibility verification on the application software installation package;
Under the condition that the trusted verification is passed, calculating a third root verification value of the application software according to hash values corresponding to a second starting item and a first loading item of the application software, wherein the second starting item is part or all of all starting items in the application software, and the first loading item is part or all of all loading items in the application software;
storing the third root check value to a trusted hardware storage area;
When the application software is started for the first time, the credibility of the application software is checked according to the third root check value stored in the hardware access area, and the application software is started successfully under the condition that the check is passed.
Optionally, the step of verifying the credibility of the application software according to the third root check value stored in the hardware access area when the application software is started for the first time includes:
When the application software is started for the first time, calculating a fourth root check value of the application software;
comparing whether the third root check value and the fourth root check value stored in the hardware access area are the same;
If the application software is the same, the application software is determined to be trusted, and the application software is started.
Optionally, after the step of starting the application software, the method further comprises:
in the running process of the application software, checking the data of the same area of each process and checking the process memory code segments;
and under the condition that the data verification and the code segment verification are passed, keeping the application software to normally operate.
Optionally, the step of storing the first root check value and the first check value of each preset file in a trusted hardware storage area includes:
carrying out signature verification on the first root check value through a public and private key generated by the trusted root;
storing the first root check value to a trusted hardware storage area under the condition that the first root check value signature verification is passed;
Carrying out signature verification on the first check value of the preset file through a public and private key generated by the trusted root;
and storing the first check value to a trusted hardware storage area under the condition that the first check value signature passes verification.
The embodiment of the invention also provides a trusted system integrity checking device, which comprises:
The first verification module is used for carrying out signature verification on the image file of the system in the system installation process;
The first computing module is used for computing a first root check value of the system according to the hash value corresponding to each first starting item in the system under the condition that signature check is passed, wherein the first starting items are part or all of each starting item in the system;
the second checking module is used for checking preset files in the system to obtain a first checking value of each preset file;
the first storage module is used for storing the first root check value and the first check value of each preset file into a trusted hardware storage area;
And the third verification module is used for sequentially verifying the credibility of the system according to the first root verification value stored in the hardware access area and the first verification value of each preset file when the system is started for the first time, and the system is started successfully under the condition that verification is passed.
Optionally, the third verification module includes:
the first sub-module is used for calculating a second root check value according to the hash value corresponding to each first starting item in the system when the system is started for the first time;
The second sub-module is used for comparing whether the first root check value stored in the hardware access area is the same as the second root check value;
the third sub-module is used for checking the preset files in the system if the preset files are the same, so as to obtain a second checking value of each preset file;
A fourth sub-module, configured to correspondingly compare whether the first check value and the second check value corresponding to each preset file are the same;
and the fifth sub-module is used for determining that the system is credible if yes.
Optionally, the apparatus further comprises:
the fourth verification module is used for carrying out trusted verification on the application software installation package in the application software installation process after the system is successfully started;
the second computing module is used for computing a third root check value of the application software according to hash values corresponding to a second starting item and a first loading item of the application software under the condition that the trusted check is passed, wherein the second starting item is part or all of each starting item in the application software, and the first loading item is part or all of each loading item in the application software;
the second storage module is used for storing the third root check value into a trusted hardware storage area;
and a fifth verification module, configured to verify the credibility of the application software according to the third root verification value stored in the hardware access area when the application software is started for the first time, and if the verification is passed, the application software is started successfully.
Optionally, the fifth verification module includes:
a sixth sub-module, configured to calculate a fourth root check value of the application software when the application software is started for the first time;
a seventh sub-module, configured to compare whether the third root check value stored in the hardware access area is the same as the fourth root check value;
and the eighth sub-module is used for determining that the application software is credible and starting the application software if the application software is the same.
Optionally, the apparatus further comprises:
The sixth verification module is used for verifying the data of the same area of each process and verifying the process memory code segment in the running process of the application software after the application software is started;
And the control module is used for keeping the application software to normally operate under the condition that the data check and the code segment check are passed.
Optionally, the first storage module is specifically configured to:
carrying out signature verification on the first root check value through a public and private key generated by the trusted root;
storing the first root check value to a trusted hardware storage area under the condition that the first root check value signature verification is passed;
Carrying out signature verification on the first check value of the preset file through a public and private key generated by the trusted root;
and storing the first check value to a trusted hardware storage area under the condition that the first check value signature passes verification.
The embodiment of the invention provides electronic equipment, which comprises a processor, a memory and a program or an instruction stored on the memory and capable of running on the processor, wherein the program or the instruction realizes the steps of any one of the trusted system integrity verification methods when being executed by the processor.
The embodiment of the invention provides a readable storage medium, wherein a program or an instruction is stored on the readable storage medium, and the program or the instruction realizes the steps of any one of the trusted system integrity verification methods when being executed by a processor.
The technical scheme provided by the invention has the beneficial effects that at least:
In the trusted system integrity verification method provided by the embodiment of the invention, signature verification is carried out on the mirror image file of the system in the system installation process; under the condition that signature verification passes, calculating a first root verification value of the system according to hash values corresponding to all first starting items in the system; checking preset files in the system to obtain a first check value of each preset file; storing the first root check value and the first check value of each preset file into a trusted hardware storage area; when the system is started for the first time, the credibility of the system is checked successively according to the first root check value stored in the hardware access area and the first check value of each preset file, and the system is started successfully under the condition that the verification is passed. The verification process is gradually carried out layer by layer from system installation to system starting, and the verification process is buckled, so that the integrity verification of the system is credible and safe.
In addition, the trusted system integrity checking method provided by the embodiment of the invention not only performs trusted checking from system installation to system starting, but also performs omnibearing integrity checking on the system from software installation to software starting, thereby further improving the credibility and safety of the system integrity checking.
Drawings
FIG. 1 is a flow chart showing the steps of a trusted system integrity verification method in accordance with an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating a system installation integrity check in accordance with an embodiment of the present invention;
FIG. 3 is a schematic diagram showing the root check value calculation principle according to an embodiment of the present invention;
FIG. 4 is a system boot integrity verification schematic diagram illustrating an embodiment of the present invention;
FIG. 5 is a diagram illustrating a virtual memory structure created by an application program according to an embodiment of the present invention;
fig. 6 is a block diagram illustrating the structure of a trusted system integrity check apparatus in accordance with an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages to be solved more apparent, the following detailed description will be given with reference to the accompanying drawings and specific embodiments.
The following describes in detail the trusted system integrity verification scheme provided by the embodiment of the invention through specific embodiments and application scenarios thereof with reference to the accompanying drawings.
The invention aims to provide a quick integrity verification method based on a trusted root, which can effectively verify dynamic and static security of a system and software and can improve verification efficiency. As shown in fig. 1, the trusted system integrity verification method according to the embodiment of the present invention includes the following steps:
step 101: in the system installation process, signature verification is carried out on the image files of the system.
The trusted system integrity verification method provided by the embodiment of the invention can be applied to the electronic equipment, a computer program corresponding to the trusted system integrity verification method is stored in a storage medium of the electronic equipment, and a processor executes the computer program to carry out complete and reliable verification on the system.
When the system is installed on the equipment, the source safety of the system must be ensured, otherwise, the whole trusted foundation does not exist, the system installation integrity check is as shown in fig. 2, the image file of the system has a signature check process, if the signature check is not passed, the system cannot be installed on the equipment, and the whole flow is terminated; if the signature verification passes, execution proceeds to step 102 and subsequent flows.
Step 102: and under the condition that the signature verification is passed, calculating a first root verification value of the system according to hash values corresponding to all the first starting items in the system.
The first starting item is part or all of all starting items in the system. In the actual implementation process, those skilled in the art may set the number of the first startup items and specify which startup items are specific according to the requirements, which is not particularly limited in the embodiment of the present invention.
When the system is first installed on the device, the hash value corresponding to each first starting item is calculated to obtain a root check value according to the root check value calculation principle shown in fig. 3I.e., the first root check value, and store the first root check value to a secure trusted hardware storage area of the device.
As shown in fig. 3, when the first root check value is calculated, the hash value corresponding to each first starting item is used as the value of the bottommost node, a group of values of every two bottom nodes is calculated to obtain the hash value corresponding to the node of the previous layer, and the hash values corresponding to the nodes of the topmost layer are calculated layer by layer until the hash value corresponding to the node of the topmost layer is obtained as the first root check value.
Step 103: and checking preset files in the system to obtain a first check value of each preset file.
Checking some important files in the system and obtaining first check values corresponding to the first preset files, such asAnd storing the data in a safe and reliable hardware storage area of the device.
The number of preset files, specifically referred to files, may be flexibly set by those skilled in the art, and the embodiment of the present invention is not particularly limited.
Step 104: and storing the first root check value and the first check value of each preset file into a trusted hardware storage area.
The manner of optionally storing the first root check value, the first check value of each preset file, in the trusted hardware storage area may be as follows:
Carrying out signature verification on the first root check value through a public and private key generated by the trusted root; storing the first root check value to a trusted hardware storage area under the condition that the signature verification of the first root check value passes; carrying out signature verification on a first check value of a preset file through a public and private key generated by a trusted root; and storing the first check value to a trusted hardware storage area under the condition that the first check value signature passes verification.
In a specific implementation process, in order to prevent a check value used as a comparison from being modified, in the embodiment of the invention, signature verification is performed on the check value written into a safe and reliable hardware storage area every time, and the verification mode is that a public and private key pair generated by a group of trusted roots is used for verificationTo be carried out in the presence of a reagent,Signing the newly written check value, internal to the deviceFor verification of the signature, if the signature verification is performed by writing a new verification value into a trusted hardware storage area, the behavior can be used for a scene that the system update and the software update cause the integrity verification value to change.
Step 105: when the system is started for the first time, the credibility of the system is checked successively according to the first root check value stored in the hardware access area and the first check value of each preset file, and the system is started successfully under the condition that the verification is passed.
In an alternative embodiment, when the system is started for the first time, according to the first root check value stored in the hardware access area and the first check value of each preset file, the following manner of checking the reliability of the system sequentially may be as follows:
when the system is started for the first time, calculating a second root check value according to hash values corresponding to all first starting items in the system; comparing whether the first root check value and the second root check value stored in the hardware access area are the same; if the preset files are the same, checking the preset files in the system to obtain a second check value of each preset file; correspondingly comparing whether the first check value and the second check value corresponding to each preset file are the same or not; if yes, the system is determined to be reliable.
System start-up integrity check as shown in fig. 4, first, when the system is started up, a preset start-up item for checking is used to calculate a second root check value according to the mode of fig. 3Or a part of the starting items can be randomly selected to be substituted into the tree to calculate a second root check value, and then the calculated second root check value is calculatedAnd a first root check value stored into the hardware storage areaComparing, if the two are inconsistent, failing to start the system; if the two are consistent, checking some important files in the system, namely preset files, to obtain second check values corresponding to the preset files, and simultaneously, checking the second check values with the first check values stored in the hardware storage areaAnd comparing, wherein the system is started successfully only when the check values corresponding to the preset files are consistent, otherwise, the system is failed to start.
In the alternative embodiment, the trusted verification is performed layer by layer from system installation to system starting, so that the reliability and efficiency of verification can be improved.
In an alternative implementation, after the verification of system installation and system start-up is completed, the verification of the installed application software may also be performed, which specifically includes the following steps:
After the system is successfully started under the condition that the verification is passed, the method can further comprise the following steps:
step one, in the installation process of application software, performing credibility verification on an application software installation package;
The application software installation integrity check is similar to the system installation integrity check in fig. 2, the software of the official edition needs to be downloaded for installation, if the application software installation package is not passed in the installation process, the application software cannot be installed on the equipment, and the whole process is terminated; and if the credibility check of the application program installation package is passed, continuing to execute the second step and the subsequent flow.
And step two, under the condition that the trusted verification passes, calculating a third root verification value of the application software according to the hash value corresponding to the second starting item and the first loading item of the application software.
The second starting item is part or all of each starting item in the application software, and the first loading item is part or all of each loading item in the application software. In the actual implementation process, those skilled in the art may set the number of second startup items and specify which startup items are specific according to the requirements, which is not particularly limited in the embodiment of the present invention.
When the application software is first installed on the device, the hash values corresponding to the second startup items and the loading items are calculated into root check values according to the root check value calculation principle (hash tree) shown in fig. 3I.e., the third root check value, and store the third root check value to a secure trusted hardware storage area of the device.
And step three, storing the third root check value into a trusted hardware storage area.
For the storage of the third root check value, the public-private key pair generated based on the trusted root can also be stored in the same way as the storage of the first root check valueTo be carried out in the presence of a reagent,Signing the third root check value, internal to the deviceAnd verifying the signature, and if the signature verification is performed, writing a third root check value into a trusted hardware storage area.
And step four, when the application software is started for the first time, checking the credibility of the application software according to a third root check value stored in the hardware access area, and successfully starting the application software under the condition that the check is passed.
In an alternative embodiment, when the application software is started for the first time, the manner of checking the trustworthiness of the application software according to the third root check value stored in the hardware access area may be as follows:
firstly, calculating a fourth root check value of the application software when the application software is started for the first time; the fourth root check value may be characterized as The calculation mode of the fourth root check value is identical to the calculation mode of the third root check value.
Secondly, comparing whether a third root check value (also called as a root check value stored during software initialization) stored in the hardware access area is the same as a fourth root check value; if the application software is the same, determining that the application software is credible, and starting the application software; if the application software is different, the application software is determined to be not trusted, and the application software is forbidden to be started.
The application software operation creates a virtual memory as shown in fig. 5, and in the embodiment of the present invention, the integrity dynamic verification in the application software operation process is divided into two parts: kernel memory check and process memory check. For checking the kernel memory, the embodiment of the invention checks the data of the same region of each process to prevent the kernel region from being tampered. For process memory verification, the embodiment of the invention mainly verifies the code segment to prevent an attacker from modifying the code in the code segment to cause abnormal operation of the process.
In an alternative embodiment, after the application software is started, an integrity dynamic verification process in the running process of the application software is specifically as follows:
In the running process of the application software, checking the data of the same area of each process and checking the process memory code segment; and under the condition that the data verification and the code segment verification are passed, the normal operation of the application software is kept. And stopping the operation of the application software under the condition that any one part or both parts of the data verification and the code segment verification are not passed.
In the trusted system integrity verification method provided by the embodiment of the invention, signature verification is carried out on the mirror image file of the system in the system installation process; under the condition that signature verification passes, calculating a first root verification value of the system according to hash values corresponding to all first starting items in the system; checking preset files in the system to obtain a first check value of each preset file; storing the first root check value and the first check value of each preset file into a trusted hardware storage area; when the system is started for the first time, the credibility of the system is checked successively according to the first root check value stored in the hardware access area and the first check value of each preset file, and the system is started successfully under the condition that the verification is passed. The verification process is gradually carried out layer by layer from system installation to system starting, and the verification process is buckled, so that the integrity verification of the system is credible and safe.
In addition, the trusted system integrity checking method provided by the embodiment of the invention not only performs trusted checking from system installation to system starting, but also performs omnibearing integrity checking on the system from software installation to software starting, thereby further improving the credibility and safety of the system integrity checking.
Fig. 6 is a block diagram illustrating a trusted system integrity check apparatus in accordance with an embodiment of the present invention.
The trusted system integrity checking device provided by the embodiment of the invention comprises the following functional modules:
The first verification module 601 is configured to perform signature verification on an image file of the system in a system installation process;
the first calculation module 602 is configured to calculate a first root check value of the system according to hash values corresponding to first startup items in the system when signature verification passes, where the first startup items are part or all of the startup items in the system;
A second checking module 603, configured to check preset files in the system to obtain a first check value of each preset file;
A first storage module 604, configured to store the first root check value and the first check value of each preset file to a trusted hardware storage area;
and a third verification module 605, configured to, when the system is started for the first time, sequentially verify the reliability of the system according to the first root verification value stored in the hardware access area and the first verification value of each preset file, where the system is started successfully when verification passes.
Optionally, the third verification module includes:
the first sub-module is used for calculating a second root check value according to the hash value corresponding to each first starting item in the system when the system is started for the first time;
The second sub-module is used for comparing whether the first root check value stored in the hardware access area is the same as the second root check value;
the third sub-module is used for checking the preset files in the system if the preset files are the same, so as to obtain a second checking value of each preset file;
A fourth sub-module, configured to correspondingly compare whether the first check value and the second check value corresponding to each preset file are the same;
and the fifth sub-module is used for determining that the system is credible if yes.
Optionally, the apparatus further comprises:
the fourth verification module is used for carrying out trusted verification on the application software installation package in the application software installation process after the system is successfully started;
the second computing module is used for computing a third root check value of the application software according to hash values corresponding to a second starting item and a first loading item of the application software under the condition that the trusted check is passed, wherein the second starting item is part or all of each starting item in the application software, and the first loading item is part or all of each loading item in the application software;
the second storage module is used for storing the third root check value into a trusted hardware storage area;
and a fifth verification module, configured to verify the credibility of the application software according to the third root verification value stored in the hardware access area when the application software is started for the first time, and if the verification is passed, the application software is started successfully.
Optionally, the fifth verification module includes:
a sixth sub-module, configured to calculate a fourth root check value of the application software when the application software is started for the first time;
a seventh sub-module, configured to compare whether the third root check value stored in the hardware access area is the same as the fourth root check value;
and the eighth sub-module is used for determining that the application software is credible and starting the application software if the application software is the same.
Optionally, the apparatus further comprises:
The sixth verification module is used for verifying the data of the same area of each process and verifying the process memory code segment in the running process of the application software after the application software is started;
And the control module is used for keeping the application software to normally operate under the condition that the data check and the code segment check are passed.
Optionally, the first storage module is specifically configured to:
carrying out signature verification on the first root check value through a public and private key generated by the trusted root;
storing the first root check value to a trusted hardware storage area under the condition that the first root check value signature verification is passed;
Carrying out signature verification on the first check value of the preset file through a public and private key generated by the trusted root;
and storing the first check value to a trusted hardware storage area under the condition that the first check value signature passes verification.
The trusted system integrity verification device provided by the embodiment of the invention performs signature verification on the mirror image file of the system in the system installation process; under the condition that signature verification passes, calculating a first root verification value of the system according to hash values corresponding to all first starting items in the system; checking preset files in the system to obtain a first check value of each preset file; storing the first root check value and the first check value of each preset file into a trusted hardware storage area; when the system is started for the first time, the credibility of the system is checked successively according to the first root check value stored in the hardware access area and the first check value of each preset file, and the system is started successfully under the condition that the verification is passed. The verification process is gradually carried out layer by layer from system installation to system starting, and the verification process is buckled, so that the integrity verification of the system is credible and safe.
In addition, the trusted system integrity verification device provided by the embodiment of the invention not only performs trusted verification from system installation to system starting, but also performs omnibearing integrity verification on the system from software installation to software starting, thereby further improving the credibility and safety of the system integrity verification.
The trusted system integrity verification device shown in fig. 6 provided by the embodiment of the present invention can implement each process implemented by the method embodiment of fig. 1, and in order to avoid repetition, a description is omitted here.
Optionally, the embodiment of the present invention further provides an electronic device, including a processor, a memory, and a program or an instruction stored in the memory and capable of running on the processor, where the program or the instruction when executed by the processor implements each process executed by the trusted system integrity verification apparatus, and the process can achieve the same technical effect, and is not repeated herein.
It should be noted that, the electronic device in the embodiment of the present invention includes the server described above.
Wherein the processor is a processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium such as a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk or an optical disk, and the like.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.
Claims (6)
1. A method for verifying the integrity of a trusted system, comprising:
in the system installation process, signature verification is carried out on the image file of the system;
Under the condition that signature verification is passed, calculating a first root verification value of the system according to hash values corresponding to all first starting items in the system, wherein the first starting items are part or all of all the starting items in the system;
checking preset files in the system to obtain a first check value of each preset file;
storing the first root check value and the first check value of each preset file into a trusted hardware storage area;
When the system is started for the first time, the credibility of the system is checked successively according to the first root check value stored in the hardware storage area and the first check value of each preset file, and the system is started successfully under the condition that the verification is passed;
in the process of installing the application software, carrying out credibility verification on the application software installation package;
Under the condition that the trusted verification is passed, calculating a third root verification value of the application software according to hash values corresponding to a second starting item and a first loading item of the application software, wherein the second starting item is part or all of all starting items in the application software, and the first loading item is part or all of all loading items in the application software;
storing the third root check value to a trusted hardware storage area;
When the application software is started for the first time, verifying the credibility of the application software according to the third root verification value stored in the hardware storage area, and successfully starting the application software under the condition that verification is passed;
in the running process of the application software, checking the data of the same area of each process and checking the process memory code segments;
under the condition that data verification and code segment verification are both passed, keeping the application software to normally run;
the step of verifying the credibility of the application software according to the third root check value stored in the hardware storage area when the application software is started for the first time includes:
when the application software is started for the first time, calculating a fourth root check value of the application software;
Comparing whether the third root check value and the fourth root check value stored in the hardware storage area are the same;
If the application software is the same, the application software is determined to be trusted, and the application software is started.
2. The method according to claim 1, wherein the step of successively checking the trustworthiness of the system according to the first root check value stored in the hardware storage area and the first check value of each of the preset files when the system is started for the first time, comprises:
when a system is started for the first time, calculating a second root check value according to hash values corresponding to the first starting items in the system;
Comparing whether the first root check value stored in the hardware storage area is identical to the second root check value;
If the preset files are the same, checking the preset files in the system to obtain a second checking value of each preset file;
correspondingly comparing whether the first check value and the second check value corresponding to each preset file are the same or not;
If yes, the system is determined to be credible.
3. The method of claim 1, wherein storing the first root check value, the first check value for each of the preset files, to a trusted hardware storage area comprises:
carrying out signature verification on the first root check value through a public and private key generated by the trusted root;
storing the first root check value to a trusted hardware storage area under the condition that the first root check value signature verification is passed;
Carrying out signature verification on the first check value of the preset file through a public and private key generated by the trusted root;
and storing the first check value to a trusted hardware storage area under the condition that the first check value signature passes verification.
4. A trusted system integrity verification apparatus, comprising:
The first verification module is used for carrying out signature verification on the image file of the system in the system installation process;
The first computing module is used for computing a first root check value of the system according to the hash value corresponding to each first starting item in the system under the condition that signature check is passed, wherein the first starting items are part or all of each starting item in the system;
the second checking module is used for checking preset files in the system to obtain a first checking value of each preset file;
the first storage module is used for storing the first root check value and the first check value of each preset file into a trusted hardware storage area;
the third verification module is used for verifying the credibility of the system successively according to the first root verification value stored in the hardware storage area and the first verification value of each preset file when the system is started for the first time, and the system is started successfully under the condition that verification is passed;
the fourth verification module is used for carrying out trusted verification on the application software installation package in the application software installation process after the system is successfully started;
the second computing module is used for computing a third root check value of the application software according to hash values corresponding to a second starting item and a first loading item of the application software under the condition that the trusted check is passed, wherein the second starting item is part or all of each starting item in the application software, and the first loading item is part or all of each loading item in the application software;
the second storage module is used for storing the third root check value into a trusted hardware storage area;
A fifth verification module, configured to verify, when the application software is started for the first time, the credibility of the application software according to the third root verification value stored in the hardware storage area, and if the verification is passed, the application software is started successfully;
The sixth verification module is used for verifying the data of the same area of each process and verifying the process memory code segment in the running process of the application software after the application software is started;
The control module is used for keeping the application software to normally run under the condition that data verification and code segment verification are both passed;
wherein the fifth verification module includes:
a sixth sub-module, configured to calculate a fourth root check value of the application software when the application software is started for the first time;
A seventh sub-module, configured to compare whether the third root check value and the fourth root check value stored in the hardware storage area are the same;
and the eighth sub-module is used for determining that the application software is credible and starting the application software if the application software is the same.
5. The apparatus of claim 4, wherein the third verification module comprises:
the first sub-module is used for calculating a second root check value according to the hash value corresponding to each first starting item in the system when the system is started for the first time;
The second sub-module is used for comparing whether the first root check value stored in the hardware storage area is the same as the second root check value;
the third sub-module is used for checking the preset files in the system if the preset files are the same, so as to obtain a second checking value of each preset file;
A fourth sub-module, configured to correspondingly compare whether the first check value and the second check value corresponding to each preset file are the same;
and the fifth sub-module is used for determining that the system is credible if yes.
6. An electronic device comprising a processor, a memory and a program or instruction stored on the memory and executable on the processor, the program or instruction being executable by the processor to implement the method of any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410397780.1A CN117992969B (en) | 2024-04-03 | 2024-04-03 | Trusted system integrity verification method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410397780.1A CN117992969B (en) | 2024-04-03 | 2024-04-03 | Trusted system integrity verification method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117992969A CN117992969A (en) | 2024-05-07 |
| CN117992969B true CN117992969B (en) | 2024-08-02 |
Family
ID=90887771
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410397780.1A Active CN117992969B (en) | 2024-04-03 | 2024-04-03 | Trusted system integrity verification method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117992969B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112784278A (en) * | 2020-12-31 | 2021-05-11 | 科东(广州)软件科技有限公司 | Trusted starting method, device and equipment of computer system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3026557A1 (en) * | 2014-11-28 | 2016-06-01 | Thomson Licensing | Method and device for providing verifying application integrity |
-
2024
- 2024-04-03 CN CN202410397780.1A patent/CN117992969B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112784278A (en) * | 2020-12-31 | 2021-05-11 | 科东(广州)软件科技有限公司 | Trusted starting method, device and equipment of computer system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117992969A (en) | 2024-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7594124B2 (en) | Cross validation of data using multiple subsystems | |
| US8250373B2 (en) | Authenticating and verifying an authenticable and verifiable module | |
| US20050198051A1 (en) | Portion-level in-memory module authentication | |
| WO2021249359A1 (en) | Data integrity protection method and apparatus | |
| US20060026569A1 (en) | Portion-level in-memory module authentication | |
| US11886593B2 (en) | Verification of a provisioned state of a platform | |
| TW201519100A (en) | System and method for auto-enrolling option ROMs in a UEFI secure boot database | |
| JP2014513348A (en) | System and method for processing a request to change a system security database and firmware storage in an integrated extended firmware interface compliant computing device | |
| US20050198507A1 (en) | Import address table verification | |
| CN113343234B (en) | Method and device for carrying out credible check on code security | |
| CN110334515B (en) | Method and device for generating measurement report based on trusted computing platform | |
| CN115062307B (en) | Open POWER-based program integrity checking method, system, terminal and storage medium | |
| CN114818012B (en) | Linux file integrity measuring method based on white list | |
| CN113486360A (en) | RISC-V based safe starting method and system | |
| CN113553115B (en) | Starting method based on heterogeneous multi-core chip and storage medium | |
| CN112511306A (en) | Safe operation environment construction method based on mixed trust model | |
| KR20130051225A (en) | Apparatus and method for guarantee security in heterogeneous computing environment | |
| CN111241548B (en) | Computer starting method | |
| CN113448681B (en) | Registration method, equipment and storage medium of virtual machine monitor public key | |
| CN112463224A (en) | System start control method, device, equipment and readable storage medium | |
| CN117992969B (en) | Trusted system integrity verification method and device and electronic equipment | |
| EP3176723A1 (en) | Computer system and operating method therefor | |
| CN117009976A (en) | Firmware loading control method, device and chip | |
| CN113127015B (en) | Mounting method and device and electronic equipment | |
| Jyothi et al. | Tpm based secure boot in embedded systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |