CN201203868Y - Credible platform module - Google Patents
Credible platform module Download PDFInfo
- Publication number
- CN201203868Y CN201203868Y CNU2008201087426U CN200820108742U CN201203868Y CN 201203868 Y CN201203868 Y CN 201203868Y CN U2008201087426 U CNU2008201087426 U CN U2008201087426U CN 200820108742 U CN200820108742 U CN 200820108742U CN 201203868 Y CN201203868 Y CN 201203868Y
- Authority
- CN
- China
- Prior art keywords
- module
- data
- tpcm
- platform
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
A trusted platform module relates to a information safety domain. The trusted platform module TPM is the trusted root of the trusted computer platform and is core module of trusted computation. The utility model provides a new trusted platform module, aiming at the problem of the formation of the core root of trust of measurement CRTM and information chain establishment in the TPM chip and a measurement mode of initiative mode based on the trusted platform module is also provided and the trusted measurement root of the platform is designed in the trusted platform module, so as to solve the trusted root safety danger due to BIOS falsification and a trust chain of initiative mode is established using the module as the trusted root. The module is a trusted platform control module TPCM for realizing the control function of trusted root in the whole platform.
Description
Technical field
The utility model relates to information security field, relates in particular to a kind of credible platform module.
Background technology
The basic thought of the Trusted Computing that international Trusted Computing tissue T CG is proposed is: make up a trusted root (Root oftrust), and from trusted root, method with hash tolerance is set up the trust chain that can verify, from the hardware platform to BIOS, operating system, arrive application again, the first level verification one-level, thus this trust is expanded to whole computer system, guarantee that computer system is credible.
TCG has released the series of canonical based on credible platform module TPM (Trusted P1atform modules), is trusted root with TPM, sets up the trust chain from the bottom hardware to operating system, forms credible platform.
Provide three root of trusts in the TCG standard, trusted storage root, credible report root and credible tolerance root, preceding two roots are placed in the credible platform module TPM chip, but credible tolerance root is placed among the BIOS, in engineering practice, this mode has caused problems such as BIOS distorts, root of trust foundation.
Trusted root
In the TCG system, trusted root is unconditionally trusted, and system does not detect the behavior of trusted root, so whether trusted root is really credible, is the credible key of system.This minimizes with regard to the function that requires trusted root, should have the trusted on the mathematical meaning in theory, hardware based physical protection on the Project Realization.Document [2] provides three root of trusts:
The root that is used to measure trust (Root of Trust for Measurement, RTM), i.e. confidence level amount root;
The root trust that is used to store (Root of Trust for Storage, RTS), promptly credible storage root;
The root trust that is used to report (Root of Trust for Report, RTR), promptly credible report root;
RTM is the starting point of an integrity measurement, can carry out the computing engines of reliable integrity measurement.
RTS can preserve the correct record of integrity information summary and the calculating unit of informative abstract sequence.
RTR is the calculating unit that can correctly report the reliability of information that RTS preserves.
Wherein, trusted storage root and credible report root are stored among the credible platform module TPM that can not distort.Core is credible, and tolerance root CRTM is stored in the basic input-output system BIOS, that is to say that CRTM and RTM be not in TPM.And credible tolerance root is a vitals of setting up chain-of-trust, and the credible of it is the believable foundation of total system, leave CRTM in modification that BIOS may cause virus and rogue program, thereby the destruction that causes whole root of trust causes the inefficacy of trust chain.
Credible tolerance root is stored in the security that has reduced system among the BIOS that can revise.Because trust chain is a unidirectional delivery chain, any one node goes wrong therebetween, the capital causes whole trusted environment to set up failure, therefore, the tolerance velamen is distorted in case this is credible, then can't in this trusted terminal system, set up trusted computation environment, cause the trusted terminal system to have potential safety hazard.
The utility model content
The purpose of this utility model is to provide a kind of credible platform module (TPCM) Trusted Platform ControlModule, and based on the active measure of credible platform module.Credible platform module is a kind of being integrated in the credible calculating platform, is used to set up and ensure the hardware core module of trusting source point, and functions such as integrity measurement, safe storage, credible report and cryptographic service are provided for Trusted Computing.
For achieving the above object, the technical solution of the utility model specifically is achieved in that
A kind of credible platform module is characterized in that: comprise control module and active metric element.Metric element initiatively wherein, it comprises Data access module, data resolution module, hash algorithm module and synchronous clock module, is to be used for after TPCM powers on, and initiatively reads outside information to be measured, and finishes the tolerance work to described information; Wherein control module comprises control and executive module and state detection module, how is used for determining the hardware device of computer system is carried out hardware controls, and sends control signal to hardware device.
Data access module: be connected by the memory bank of credible platform module chip pin with outside expansion.After powering on, the outside memory bank of expanding of credible platform module is carried out the control operation of data read.
Data resolution module: link to each other with Data access module, be responsible for the data content that realization communications protocol and reading of data access modules collect, and can be by the data of hash computing module direct control with the data-switching one-tenth that collects.
Hash algorithm module: the main performance element that is the tolerance computing.It links to each other with data resolution module, and the data after the conversion of data parsing module are carried out the Hash Value computing, generates metric or reference metric value.
Synchronous clock module: be connected by the memory bank of credible platform module chip pin with outside expansion.Be responsible for to being provided synchronous clock by the exterior storage of active reading of data.
Control and executive module: be directly connected to the enable signal input end of hardware resource, be responsible for sending control signal to hardware resource.
State detection module: the duty of being responsible for real-time detection hardware resource.
Described credible platform module (TPCM) carries out the active measure, may further comprise the steps:
A) main frame power supply, credible platform module TPCM and BIOS chip power on prior to other hardware cells on the mainboard simultaneously, carry out the initialization module code;
B) the TPCM executing state is checked, judges whether to be in disabled status; State detection module is by hardware asset information and current user mode on the communication bus collection PC simultaneously;
C) if TPCM is in enabled state, then the control and executive module of TPCM will be sent switching command to signal switch unit, prepare to carry out the active metric operations, and the synchronous clock module provides the synchronous working clock to the BIOS chip simultaneously; Control and executive module thinks that the BIOS chip sends enable signal, and Data access module is read the key code among the BIOS, after data resolution module is resolved, gives the hash algorithm module and measures and store the tolerance result; If BIOS tolerance is unsuccessful, then control and executive module is sent steering order to signal switching signal device, after switch unit switches to normal startup mode, the platform controlled starting, TPCM enters the failure treatment scheme, by predetermined operating strategy or by platform management person's execute-in-place, select to enter the untrusted mode of operation: platform descends electricity or restarts;
D) if TPCM is correct to the key code tolerance result of BIOS, then the control and executive module of TPCM is sent switching signal to signal switch unit, and signal switch unit is sent the platform power on signal, and platform powers on, and BIOS starts execution; Be in disabled status if determine TPCM, signal switch unit is carried out blocked operation, and then platform normally powers on, and BIOS starts, and system starts and the kernel loads step through MBR successively without the tolerance link, makes platform enter the untrusted mode of operation;
E) key code among the BIOS is finished the tolerance to other partial codes of BIOS and MBR, and will measure the result and be stored among the TPCM;
F) if MBR is measured successfully, then MBR starts;
G) MBR measures OS Loader, will measure the result and be stored among the TPCM;
H) if OS Loader is measured successfully, then the OS kernel is loaded;
I) system enters credible mode of operation.
Described credible platform module is characterized in that the integrity measurement root is placed on TPCM inside, realizes by hardware and firmware are collaborative, is used to realize the active metric operations to credible calculating platform and credible accounting system.Behind the TPCM power-up initializing, at first will be according to credible integrity measurement function, before the CPU on the credible calculating platform powers on, initiatively to the firmware that is stored in bios code among the BOOTROM, peripheral hardware equipment, operating system interior each several part successively step by step carry out integrity checking, do not distorted hardware device not by illegal replacement to guarantee the software code that platform starts in the chain, thereafter CPU powers on, and reads bios code.And in the initialization external unit, the external unit of formulating is carried out integrality, marginal testing, realize credible function of reporting; When active tolerance stage and normal computer operation switched between the stage, need realize by signal switch unit.
Implementation result:
The utility model has designed credible platform module, and (Trus tedPlatformmodules, TPCM), it has realized the function of TPM, and credible tolerance root RTM is implanted among the TPCM.Like this, three root of trusts that TPM proposed all are stored in the chip with physical protection, prevent that the external world from distorting trusted root, and therefore, its credibility is more secure.
At trust chain initiatively measurement pattern has been proposed aspect setting up.Designing independently, insulating power supply is TPCM and CPU power supply, allow TPCM start prior to CPU, make TPCM run on aggressive mode, the start-up code (Boot Block) of BIOS is carried out integrity verification, realized the characteristic of credible platform module as the root of trust of whole platform.
Compare with the TPM scheme of TCG, the TPCM scheme has not only improved the credibility of chip, has also embodied the controllability of trusted root.In the scheme of this paper, TPCM is the unique root of trust of platform, thus give tacit consent to credible (axiomatically trusted) have only the TPCM chip; In the TCG scheme, except that TPM require acquiescence credible, (CoreRoot of Trusted Measurement, CRTM) acquiescence is credible, and CRTM comprises BIOS, keyboard etc. also to require the credible tolerance root of core.Obviously, the TPCM scheme is safer.
Description of drawings:
Fig. 1 TPCM forms structural drawing
Fig. 2 TPCM internal firmware composition diagram
Fig. 3 TPCM is credible tolerance process flow diagram
Fig. 4 TPCM detailed operation process flow diagram
Other common apparatus reset timing relation of Fig. 5 TPCM and mainboard
Fig. 6 signal switch unit connection layout
Embodiment
TPCM hardware is formed structure
Credible platform module adopts classical SOC design proposal, mainly finishes the basic function (see figure 1) of TPCM.Chip internal realizes comprising CPU, non-volatile memory cells, volatile memory cell, randomizer, cryptographic algorithm engine, key generator, timer, control module, active metric element, input and output bridge-jointing unit and bus controller, these functional units is mapped to the reference address space of microprocessor in the sheet by the unification of input and output bridge-jointing unit.In addition, chip is provided with various control device interface except that the LPC controller, to adapt to different main board bus.
Metric element initiatively wherein, it comprises Data access module, data resolution module, hash algorithm module and synchronous clock module, is to be used for after TPCM powers on, and initiatively reads outside information to be measured, and finishes the tolerance work to described information; Wherein control module comprises control and executive module and state detection module, how is used for determining the hardware device of computer system is carried out hardware controls, and sends control signal to hardware device.
The module implementation method:
1) Data access module: this module adopts hardware mode to realize, mainly is responsible for finishing the accessing operation of TPCM active to outside data back.Form switching control part, the Data Control reading section mainly comprise the master slave mode of LPC communication bus, read the quantity control section, read sequential control part etc.This module I/O port mainly comprises enable signal port, input/output signal port, look-at-me port etc.
2) data resolution module: this module adopts hardware mode to realize, link to each other with Data access module, be responsible for the data content that realization communications protocol and reading of data access modules collect, and can be by the data of hash computing module direct control with the data-switching one-tenth that collects.Communications protocol partly is based on the communications protocol that realizes self-defining credible platform control module on the LPC communications protocol basis, and this part comprises data parsing operation and data encapsulation operation.Data parsing operation mainly be carry out that classification of Data, invalid data are filtered, the format conversion of data, data combination etc.Data encapsulation operation is the data that will handle according to the encapsulation that packages of self-defining communications protocol.This module I/O port mainly comprises enable signal port, input/output signal port, function selecting port etc.
3) hash algorithm module: this module adopts hardware mode to realize, is the main performance element of tolerance computing.It links to each other with data resolution module, and the data after the conversion of data parsing module are carried out the Hash Value computing, generates metric or reference metric value.Module I/O port mainly comprises enable signal port, input/output signal port, look-at-me port etc.
4) synchronous clock module: be connected by the memory bank of credible platform module chip pin with outside expansion.Be responsible for to being provided the work clock synchronous with credible platform module by the exterior storage of active reading of data.Synchronizing clock signals can produce by credible platform module is inner, also can take from outside branch signal.
5) control and executive module: be directly connected to the enable signal input end of hardware resource, be responsible for sending control signal to hardware resource.Can carry out that hardware resource enables and the operations such as switching controls of forbidding, signal switch unit.Mainly comprise and the enable signal control port of associated devices, interruptive port, data communication port etc.
6) state detection module: the duty of being responsible for real-time detection hardware resource.User mode and relevant information by SMBUS bus interface inquiry hardware resource.
The TPCM firmware is formed formation
The TPCM firmware is the core control program of chip internal, mainly is responsible for the ancillary hardware unit and realizes the Trusted Computing function, and the mode with software administers and maintains hardware resource simultaneously.The TPCM basic function is realized that by internal firmware its firmware comprises five part (see figure 2)s:
● initialization module: be responsible for module is carried out initialization, module self check etc.
● the input and output driver module: the driving function storehouse of input and output in the module, be responsible for the bus controller of credible platform module inside.
● active metric module: be responsible for initiatively metric element of control, to the active tolerance of Boot ROM.
● command process module: be responsible for the instruction that external entity sends is resolved and carried out.
● access control module: be responsible for Auxiliary Control Element, realize the access control and the duty of hardware resource are detected.
Tolerance flow process that TPCM is credible
Tolerance flow process (see figure 3) that TPCM is credible:
A) main frame power supply, TPCM and BIOS chip power on prior to other hardware cells on other mainboards simultaneously, carry out the initialization module code.
B) the TPCM executing state is checked, judges whether to be in disabled status.The status checking module is passed through I simultaneously
2C or SMbus bus are collected hardware asset information and the current user mode on the PC.
C) if TPCM is in enabled state, then the control and executive module of TPCM will be sent switching command to signal switch unit, prepare to carry out the active metric operations, and the synchronous clock module provides the synchronous working clock to the BIOS chip simultaneously.Control and executive module thinks that the BIOS chip sends enable signal, and Data access module is read the key code among the BIOS, after data resolution module is resolved, gives the hash algorithm module and measures and store the tolerance result.If BIOS tolerance is unsuccessful, then control and executive module is sent steering order to signal switching signal device, after switch unit switches to normal startup mode, the platform controlled starting, TPCM enters the failure treatment scheme, by predetermined operating strategy or by platform management person's execute-in-place, selection enters untrusted mode of operation or the following electricity of platform or restarts.
D) if TPCM is correct to the key code tolerance result of BIOS, then the control and executive module of TPCM is sent switching signal to signal switch unit, and signal switch unit is sent the platform power on signal, and platform powers on, and BIOS starts execution.Be in disabled status if determine TPCM, signal switch unit is carried out blocked operation, and then platform normally powers on, and BIOS starts, and system starts and the kernel loads step through MBR successively without the tolerance link, makes platform enter the untrusted mode of operation.
E) key code among the BIOS is finished the tolerance to other partial codes of BIOS and MBR, and will measure the result and be stored among the TPCM.
F) if MBR is measured successfully, then MBR starts.
G) MBR measures OS Loader, will measure the result and be stored among the TPCM.
H) if OS Loader is measured successfully, then the OS kernel is loaded.
I) system enters credible mode of operation.
TPCM detailed operation flow process
TPCM detailed operation flow process is divided into three part (see figure 4)s: credible mode of operation flow process, abnormality processing workflow and untrusted mode of operation flow process.
1) finishes a series of actions of initialization self check, tolerance, authentication binding, transmission credible calculating platform enabling signal after TPCM normally starts, begin to enter credible mode of operation.
2) receive instruction: TPCM receives instruction by bus controller and data resolution module.If do not receive instruction then be in and wait for the reception command status.
3) password is judged: instruction set is partly instructed to be needed could carry out by authorizing password to judge.If do not judge by password, then should be to credible calculating platform link order failure answer signal, dress is changed to idle waiting and is received command status.
4) instruction is resolved: by the command process module in data resolution module and the firmware, the refinement analysis is carried out in the instruction that receives, converted to reusable primitive operation.
5) access authoritychecking:, need to check the rights of using of active user to this equipment if instruct in the time of to use hardware device.Can continue to carry out by the instruction of checking, the instruction that fails inspection can not be carried out, and to credible calculating platform link order failure answer signal.
6) instruction is carried out: carry out all primitive operations that comprise by the instruction of checking.
7) return success and reply: after all primitive operations that instruction comprises are all complete, should send the instruction answer signal that runs succeeded to credible calculating platform.
8) the TPCM power down is judged: after running succeeded answer signal to credible calculating platform transmission instruction, should do the TPCM power down and judge.If the power down request is arranged, then the control and executive module of TPCM inside should be sent blocked operation to signal switch unit, and carries out platform and TPCM power-down operation, withdraws from last.If there is not the power down request, then should gets back to and wait for the reception command status.
The abnormality processing workflow:
Behind the TPCM electrifying startup,, should carry out error status inspection, initialization self check, tolerance EMM1, authentication bindings when being in the function enabled state.If aforesaid operations has any one can not finish, then should finish abnormality processing work according to following flow process:
1) be in error status: TPCM needs to check whether TPCM is in error status after starting, if at error status, then needs to preserve audit log, and transfers to the keeper and handle mistake.
2) need to carry out initialization and initiatively self check work after initialization, self check: TPCM starts, and preserve audit log.Wherein self check work must comprise initiatively and passive two kinds of self test modes.
3) tolerance BIOS key code: the credible tolerance root RTM among the TPCM initiatively carries out integrity measurement to the key code among the BIOS, preserves metrics logs.
4) whether authentication binding: needing to authenticate current place platform after TPCM starts is object bound in credible calculating platform bindings last time.If not, then provide error signal, and preserve audit log.
5) preserve Fail Type: if one of above-mentioned four kinds of situations then should be preserved Fail Type and audit log.
6) platform enabling signal: after preserving Fail Type, should send enabling signal to platform, TPCM also can close other parts except that mouse/keypad/display on the platform at this moment, further controls the startup environment of platform.
7) show failure information: after platform starts, and carries out BIOS, should show Fail Type information to the user according to the Fail Type of preserving.
8) keeper's login: after showing failure information, need the keeper to login failure information is handled.
9) abnormality processing operation: carry out corresponding abnormality processing operation according to failure cause by the keeper.
10) forbidding TPCM: when the keeper can not in time handle failure information, can send the function deactivation operation of TPCM by the keeper.Behind the function forbidding, the startup flow process of system does not change.
11) if carried out the TPCM deactivation operation, then should send the TPCM disable signal to credible calculating platform.And be shown to the user by BIOS.
12) platform, TPCM are restarted: the keeper can carry out the platform power down, TPCM restarts operation.
Behind the TPCM electrifying startup,, then should finish function disabled status or error status treatment scheme according to following flow process when being in the function disabled status or being in error status:
1) platform enabling signal: after TPCM was in the function disabled status or is in error status, the TPCM control and executive module was sent the normal enabling signal of platform to signal switch unit and credible calculating platform.
2) user's login: credible calculating platform BIOS starts, system prompt user login.If that login is the keeper, then can enter into enabled state setting operation flow process to TPCM.If whether domestic consumer login then can be selected to continue to start, enter into untrusted operating system, or platform, all power down of TPCM, and log off.If keeper login then can select whether to enable TPCM, and carry out the platform power down, TPCM restarts, or platform, all power down of TPCM, and log off.
The design of TPCM power supply
In order to realize initiatively metric function, improved the power supply power supply subsystem of mainboard, designed the feed circuit that TPCM isolates, and existing platform motherboard startup sequential has been adjusted (see figure 5).
Behind the computer starting, TPCM, BIOS and system clock power on CPU earlier simultaneously.Earlier initial start code (Boot Block) and the motherboard hardware equipment of Boot ROM is carried out integrity measurement by TPCM.After credible tolerance root RTM among the TPCM finishes tolerance, send switching signal to signal switch unit and normally start.This moment, signal switch unit was sent comprehensive power supply signal to power-supply controller of electric, started common apparatus such as CPU, chipset and dynamic storage, realized that normal boot-strap starts.
Engineering experiment shows that improvement project is little to the modification coverage of mainboard, and the cost expense is very little, and amended mainboard and former mainboard can be compatible fully.
The signal switch unit design
In the computing machine normal work stage, credible platform module, BIOS are regarded as controlled plant with respect to computer motherboard, directly are controlled by computer equipment controller (see figure 6).And the stage of initiatively measuring in the computer starting process, the credible platform control module is taken as control end, and BIOS is taken as the controlled plant of TPCM, accepts active tolerance and the detection of TPCM.Just there is in two working stages the switching problem of two main ends of control like this between credible platform control module and the computer equipment controller.
In order to solve the switching problem that exists between TPCM and the computer equipment controller, just need signal switch unit of design by TPCM control, connect computer equipment controller, TPCM, BIOS and power-supply controller of electric respectively, be responsible for providing when switching the switching and the anti-interference function of signal two stages.Its connection that mainly connects comprises: data line, address wire and control line (comprising that TPCM is separately to BIOS synchronizing clock signals line that provides and the signal wire that is connected to power-supply controller of electric).
Specific requirement:
1) should be consistent in the communications protocol of initiatively measuring stage TPCM use with the communications protocol that BIOS adopts.
2) communication speed between TPCM and the BIOS is in the working range of both sides' chip operation, the synchronous clock adaptive setting that can provide according to TPCM.Be commonly defined as 33MHZ.
3) in each stage, signal switch unit should guarantee that synchronization can only have a main control end to exist.
4) when arbitrary main control end was worked, signal switch unit should guarantee that normal communication is not subjected to the cross talk effects of external circuit.
5) enable under the prerequisite in the TPCM function, signal switch unit is communicated with TPCM during the acquiescence computer starting with BIOS, and for thinking that power-supply controller of electric sends comprehensive power supply signal.
Be that with the TPM difference TPCM is independent of the system CPU power supply, starts prior to CPU so can be used as main equipment.She Ji purpose has two like this: the one, and credible tolerance root can design in TPCM inside, provides credible tolerance root based on hardware level by TPCM, is the starting point chain that breaks the wall of mistrust with TPCM; The 2nd, TPCM is independent of system CPU, to tolerance, monitoring and the record of credible platform environment.
Claims (1)
1. a credible platform module is characterized in that: comprise control module and active metric element; Wherein initiatively metric element is realized by hardware, comprise Data access module, data resolution module, hash algorithm module and synchronous clock module, be to be used for after credible platform module powers on, initiatively read outside information to be measured, and finish tolerance work described information; Wherein control module comprises control and executive module and state detection module, how is used for determining the hardware device of computer system is carried out hardware controls, and sends control signal to hardware device;
Data access module: be connected by the memory bank of credible platform module chip pin with outside expansion; After powering on, the outside memory bank of expanding of credible platform module is carried out the control operation of data read;
Data resolution module: link to each other with Data access module, be responsible for the data content that realization communications protocol and reading of data access modules collect, and can be by the data of hash computing module direct control with the data-switching one-tenth that collects;
Hash algorithm module: be the main performance element of tolerance computing, link to each other, the data after the conversion of data parsing module are carried out the Hash Value computing, generate metric or reference metric value with data resolution module;
Synchronous clock module: be connected by the memory bank of credible platform module chip pin with outside expansion; Be responsible for to being provided synchronous clock by the exterior storage of active reading of data;
Control and executive module: be directly connected to the enable signal input end of the hardware device in the computer system, be responsible for sending control signal to hardware device;
State detection module: the duty of being responsible for the hardware device in the real-time detection computations machine system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2008201087426U CN201203868Y (en) | 2008-06-20 | 2008-06-20 | Credible platform module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2008201087426U CN201203868Y (en) | 2008-06-20 | 2008-06-20 | Credible platform module |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201203868Y true CN201203868Y (en) | 2009-03-04 |
Family
ID=40426180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNU2008201087426U Expired - Lifetime CN201203868Y (en) | 2008-06-20 | 2008-06-20 | Credible platform module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201203868Y (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392032A (en) * | 2017-08-07 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and system credible checking BIOS |
| TWI687837B (en) * | 2018-12-18 | 2020-03-11 | 英業達股份有限公司 | Hardware structure of a trusted computer and trusted booting method for a computer |
| CN111382433A (en) * | 2018-12-29 | 2020-07-07 | 龙芯中科技术有限公司 | Module loading method, device, equipment and storage medium |
| US10783253B2 (en) | 2018-12-13 | 2020-09-22 | Inventec (Pudong) Technology Corporation | Hardware structure of a trusted computer and trusted booting method for a computer |
| CN114095227A (en) * | 2021-11-15 | 2022-02-25 | 许昌许继软件技术有限公司 | Credible authentication method and system for data communication gateway and electronic equipment |
-
2008
- 2008-06-20 CN CNU2008201087426U patent/CN201203868Y/en not_active Expired - Lifetime
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392032A (en) * | 2017-08-07 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and system credible checking BIOS |
| US10783253B2 (en) | 2018-12-13 | 2020-09-22 | Inventec (Pudong) Technology Corporation | Hardware structure of a trusted computer and trusted booting method for a computer |
| TWI687837B (en) * | 2018-12-18 | 2020-03-11 | 英業達股份有限公司 | Hardware structure of a trusted computer and trusted booting method for a computer |
| CN111382433A (en) * | 2018-12-29 | 2020-07-07 | 龙芯中科技术有限公司 | Module loading method, device, equipment and storage medium |
| CN111382433B (en) * | 2018-12-29 | 2022-12-13 | 龙芯中科技术股份有限公司 | Module loading method, device, equipment and storage medium |
| CN114095227A (en) * | 2021-11-15 | 2022-02-25 | 许昌许继软件技术有限公司 | Credible authentication method and system for data communication gateway and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100568254C (en) | A kind of credible platform module and active measure thereof | |
| CN101281577B (en) | Dependable computing system capable of protecting BIOS and method of use thereof | |
| CN100454324C (en) | Embed type platform guiding of credible mechanism | |
| CN105205401B (en) | Trusted computer system and its trusted bootstrap method based on security password chip | |
| CN101515316B (en) | Trusted computing terminal and trusted computing method | |
| JP5270377B2 (en) | Platform boot with bridge support | |
| CN102012979B (en) | Embedded credible computing terminal | |
| CN102509046B (en) | The operating system effectively measured with the overall situation of dormancy support is started | |
| CN201203868Y (en) | Credible platform module | |
| CN104850792A (en) | Establishment method and apparatus of trust chain of server | |
| CN105718806A (en) | Method for achieving trusted active measurement based on domestic BMC and TPM2.0 | |
| CN107665308B (en) | TPCM system for building and maintaining trusted operating environment and corresponding method | |
| CN103186434A (en) | Method and system for recovering basic input/output system | |
| CN110334522A (en) | Start the method and device of measurement | |
| CN110119623A (en) | A kind of credible main board implementation method for realizing that firmware is actively measured using TPCM | |
| WO2020231418A1 (en) | Update signals | |
| CN101303716B (en) | Embedded system recuperation mechanism based on TPM | |
| CN104346572B (en) | A kind of general external intelligent terminal secure operating environment construction method | |
| CN110096882B (en) | Safety measurement method in equipment operation process | |
| CN206649517U (en) | Server credible platform measures control system and the server including the system | |
| CN110610091A (en) | Security PXE method based on domestic network platform | |
| CN110119625A (en) | A kind of trusted computing method | |
| CN108629185A (en) | Server credible platform measures control system and its operation method | |
| CN115906046A (en) | Trusted computing system and measurement method based on trusted computing system | |
| CN201247468Y (en) | Credible calculating system for protecting BIOS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information |
Inventor after: Shen Changxiang Inventor after: Mao Junjie Inventor after: Zhuang Junxi Inventor after: Jiang Guangzhi Inventor after: Liu Xiangang Inventor after: Sun Yu Inventor after: Li Chen Inventor after: Liu Zhijun Inventor before: Mao Junjie Inventor before: Zhuang Junxi Inventor before: Jiang Guangzhi Inventor before: Liu Xiangang Inventor before: Sun Yu Inventor before: Li Chen Inventor before: Liu Zhijun |
|
| CB03 | Change of inventor or designer information | ||
| CX01 | Expiry of patent term |
Granted publication date: 20090304 |
|
| CX01 | Expiry of patent term |