CN212749835U - Safe credible computer based on domestic TPM encryption module - Google Patents
Safe credible computer based on domestic TPM encryption module Download PDFInfo
- Publication number
- CN212749835U CN212749835U CN202021628249.4U CN202021628249U CN212749835U CN 212749835 U CN212749835 U CN 212749835U CN 202021628249 U CN202021628249 U CN 202021628249U CN 212749835 U CN212749835 U CN 212749835U
- Authority
- CN
- China
- Prior art keywords
- chip
- interface
- domestic
- memory
- encryption module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model provides a safe credible computer based on a domestic TPM encryption module, which comprises a case, a mainboard arranged in the case, a domestic TPM encryption module, a power supply, a memory and a hard disk; the main board includes: the system comprises a domestic Feiteng CPU, a south bridge chip, a north bridge chip, a BIOS chip, a network chip, an IO chip, a serial port chip, a port control chip, a PCIx 16 interface, a PCIx 8 interface, a USB interface, a VGA interface, a DVI-D interface, a network interface, a serial port, a PS/2 interface, an earphone interface and an earphone interface; the domestic TPM encryption module comprises a domestic CPU main control chip, a domestic FPGA coprocessor chip, an EBC Flash memory chip, an EBC RAM memory chip, a TRNG chip, a PCIEx8 interface, a USB interface, a JTAG interface, a UART interface, a crystal oscillator and a passive element.
Description
Technical Field
The utility model relates to a computer, specific theory has related to a safe credible computer based on domestic TPM encryption module.
Background
Domestic autonomous control is a key link of information construction in China and is one of important targets for protecting information safety. In recent years, because of the strong support of China, the field of homemade computers shows a vigorous development trend, the homemade autonomous complete machines are mainly promoted to be developed by the industries such as wave tide, association, Chinese eosin, the great wall of China, Baode and the like, wherein, in the field of homemade autonomous CPU integrated circuits, a plurality of brands such as dragon core, Feiteng, Shenwei, Mega core, Hai Si and the like appear, in the field of homemade operating systems, the winning bid prices of kylin, Galaxy, Chinese Fangde, depth, Hua is Hongmeng and the like appear, in the field of homemade middleware, a plurality of brands such as Dongfong, Kingtai Swallow, Zhongchuang and the like appear, in the field of homemade databases, a plurality of brands such as Renjin, Wuhan Dadream, south David general, Shenzhou general, Henghui brand and the like appear, China has the autonomous controllability from the IT basic facilities (including chips, storage and peripherals) of the homemade computers to the basic software, the conversion from available to good use is realized, and the conversion from main controllable slave planning and basic research and development stage to the formal industry landing propulsion stage in 2018 is realized, so that the domestic substitution is gradually realized from major fields such as party and government, finance, energy, telecommunication and the like. With the advance of domestic substitution, the security threat faced by computers is endless, and as computers bear a large amount of important information, the importance of information security is self-evident, many security problems of computer systems are originated from computer terminals themselves, and domestic products do not have the hidden dangers of "backdoor", and certainly do not completely realize security and credibility, and the development of the security and credibility control of domestic computer terminals is slow at present, and the requirements of the modern society on information security cannot be met.
In summary, IT is imperative to add a secure trusted module to an autonomous controllable computer, and particularly, a technology provided with a domestic TPM encryption module needs to be considered for a domestic computer from an IT infrastructure level, so as to implement an integrated secure trusted computer from bottom hardware, middle layer basic software to upper layer application software.
Disclosure of Invention
The utility model aims at the not enough of prior art, provide a safe credible computer based on domestic TPM encryption module.
In order to realize the purpose, the utility model discloses the technical scheme who adopts is: a safe and reliable computer based on a domestic TPM encryption module comprises a case, a mainboard, the domestic TPM encryption module, a power supply, a memory and a hard disk, wherein the mainboard, the domestic TPM encryption module, the power supply, the memory and the hard disk are arranged in the case;
the case is provided with a fingerprint IC card reader-writer jack, a DVI-D optical drive, an earphone interface and two USB interfaces on an external front panel; the rear panel is provided with a power supply interface, a network interface, a VGA interface, four USB interfaces, an HDMI interface, a serial port and a PS/2 interface;
the main board includes: the system comprises a domestic Feiteng CPU, a south bridge chip, a north bridge chip, a BIOS chip, a network chip, an IO chip, a serial port chip, a port control chip, a PCIx 16 interface, a PCIx 8 interface, a USB interface, a VGA interface, a DVI-D interface, a network interface, a serial port, a PS/2 interface, an earphone interface and an earphone interface;
the domestic Feiteng CPU is respectively connected and communicated with the north bridge chip, the BIOS chip and the memory socket;
the north bridge chip is respectively connected and communicated with the domestic Feiteng CPU, the south bridge chip and the network chip and is used for communicating with the domestic Feiteng CPU and controlling the memory, and data in the memory firstly enters the memory controller of the north bridge chip and then enters the domestic Feiteng CPU for processing;
the BIOS chip is used for storing a basic input and output program, a self-test program after power-on and a system self-starting program of the computer and providing the bottommost and most direct hardware setting and control for the computer;
the PCIEx8 interface is respectively connected with and communicates with the north bridge chip and the BIOS chip to realize the control of the PCIE channel;
the south bridge chip is respectively connected and communicated with the north bridge chip, the port control chip and the IO chip, the IO chip is respectively connected and communicated with the serial port chip and the PS/2 interface, and the serial port chip is connected and communicated with the serial port to realize IO and bus control;
the domestic TPM encryption module comprises a domestic CPU main control chip, a domestic FPGA coprocessor chip, an EBC Flash memory chip, an EBC RAM memory chip, a TRNG chip, a PCIEx8 interface, a USB interface, a JTAG interface, a UART interface, a crystal oscillator and a passive element;
the mainboard is connected with the domestic TPM encryption module through a PCIEx8 interface, the mainboard is connected with a power supply through a power line, the mainboard is connected with a memory through a memory socket, and the mainboard is connected with a hard disk through an SATA interface.
The utility model discloses relative prior art has substantive characteristics and progress, specific theory, the beneficial effects of the utility model mainly have:
1. a domestic autonomous computer hardware platform is formed by adopting basic chips such as a domestic CPU, a memory chip, an FPFA chip, an interface chip, a power supply chip, a crystal oscillator, a passive element and the like, and potential safety hazards and risks caused by adopting a foreign imported chip are reduced.
2. The fingerprint IC card reader-writer interface is arranged, and the identity validity of a user is verified by adopting the fingerprint IC card, so that the illegal access and operation of computer equipment are effectively avoided, and the use safety of the user computer is enhanced.
3. A built-in domestic TPM encryption module is adopted to construct a hardware-to-software integrated safe and feasible dynamic measurement environment, dynamic measurement and integrity protection are carried out on a computer BIOS, a kernel and a program, and potential safety hazards that the computer bottom BIOS and the kernel are maliciously tampered are avoided.
4. The built-in domestic TPM encryption module is adopted, so that a domestic computer can be provided with a built-in domestic cryptographic algorithm module, various cryptographic services such as signature verification, data encryption and decryption, integrity verification, key negotiation and the like based on the domestic cryptographic algorithm are provided, and the safety of various application functions of the computer is enhanced.
5. The built-in domestic TPM encryption module is adopted to provide necessary password infrastructure for terminal security control, so that the security control of a domestic computer terminal can be realized, various peripherals are prevented from illegally accessing the computer, and the security of the computer is effectively enhanced.
Drawings
Fig. 1 is a schematic block diagram of the present invention.
Detailed Description
The technical solution of the present invention will be described in further detail through the following embodiments.
The utility model discloses the technical problem that will solve is:
because the domestic computer realizes domestic autonomy based on foreign technology authorization, an open source system and the like, the adoption of autonomous core software and hardware does not mean safety and credibility, and the following potential safety hazards still exist:
1. the domestic computer lacks a domestic TPM encryption module and does not have basic security hardware;
2. the BIOS, the ROM and the operating system have no safe and trusted mechanism, and are easy to be maliciously tampered or implanted with malicious programs;
3. lack of computer peripherals (including input and output ports such as a USB interface, a network interface and a serial port) and no safety control, which causes unauthorized use or data leakage of the computer;
4. the computer is easy to illegally access and maliciously attack due to the lack of an identity authentication mechanism or means used by the computer daily.
The utility model discloses a solve not enough and the problem that exists among the prior art, provide a safe credible computer based on domestic TPM encryption module, improve computer architecture, increase domestic TPM encryption module, promote the credible safe operation hardware environment of domestic computer. The domestic TPM encryption module adopts an independent packaging form, integrates hardware and firmware together, is internally provided with a domestic security chip, a domestic cryptographic algorithm, a secret key storage module, a security protection module and the like, and has the functions of integrity measurement, identity trusted management, data security protection and the like.
Specifically, as shown in fig. 1, the utility model provides a secure trusted computer based on a domestic TPM encryption module, which is characterized in that the secure trusted computer comprises a case, a mainboard, a domestic TPM encryption module, a power supply, a memory and a hard disk, wherein the mainboard, the domestic TPM encryption module, the power supply, the memory and the hard disk are arranged in the case;
the case is provided with a fingerprint IC card reader-writer jack, a DVI-D optical drive, an earphone interface and two USB interfaces on an external front panel; the rear panel is provided with a power supply interface, a network interface, a VGA interface, four USB interfaces, an HDMI interface, a serial port and a PS/2 interface;
the main board includes: the system comprises a domestic Feiteng CPU, a south bridge chip, a north bridge chip, a BIOS chip, a network chip, an IO chip, a serial port chip, a port control chip, a PCIx 16 interface, a PCIx 8 interface, a USB interface, a VGA interface, a DVI-D interface, a network interface, a serial port, a PS/2 interface, an earphone interface and an earphone interface;
the domestic Feiteng CPU is respectively connected and communicated with the north bridge chip, the BIOS chip and the memory socket;
the north bridge chip is respectively connected and communicated with the domestic Feiteng CPU, the south bridge chip and the network chip and is used for communicating with the domestic Feiteng CPU and controlling the memory, and data in the memory firstly enters the memory controller of the north bridge chip and then enters the domestic Feiteng CPU for processing;
the BIOS chip is used for storing a basic input and output program, a self-test program after power-on and a system self-starting program of the computer and providing the bottommost and most direct hardware setting and control for the computer;
the PCIEx8 interface is respectively connected with and communicates with the north bridge chip and the BIOS chip to realize the control of the PCIE channel;
the south bridge chip is respectively connected and communicated with the north bridge chip, the port control chip and the IO chip, the IO chip is respectively connected and communicated with the serial port chip and the PS/2 interface, and the serial port chip is connected and communicated with the serial port to realize IO and bus control;
the domestic TPM encryption module comprises a domestic CPU main control chip, a domestic FPGA coprocessor chip, an EBC Flash memory chip, an EBC RAM memory chip, a TRNG chip, a PCIEx8 interface, a USB interface, a JTAG interface, a UART interface, a crystal oscillator and a passive element;
the mainboard is connected with the domestic TPM encryption module through a PCIEx8 interface, the mainboard is connected with a power supply through a power line, the mainboard is connected with a memory through a memory socket, and the mainboard is connected with a hard disk through an SATA interface.
The utility model discloses when the computer starts the electricity, domestic TPM encryption module at first goes up the electricity and begins to operate, and the user carries out safe authentication with fingerprint IC card reader-writer that fingerprint IC card inserted the leading panel of computer, and fingerprint IC card built-in user's electronic authentication voucher just can peg graft the back and read user's fingerprint information, and the dual legitimacy of electronic authentication and biological identification fingerprint authentication passes through the back, and the BIOS chip realizes the integrality protection to computer software and hardware through the password service of calling domestic TPM encryption module, the integrality protection adopts domestic autonomous password SM3 algorithm to carry out the integrality measurement to BIOS and kernel, and through the reference value contrast verification measurement result of built-in advance, the security of improvement computer is credible.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention and not to limit it; although the present invention has been described in detail with reference to preferred embodiments, it should be understood by those skilled in the art that: the invention can be modified or equivalent substituted for some technical features; without departing from the spirit of the present invention, it should be understood that the scope of the claims is intended to cover all such modifications and variations.
Claims (1)
1. A safe and reliable computer based on a domestic TPM encryption module is characterized by comprising a case, a mainboard, the domestic TPM encryption module, a power supply, a memory and a hard disk, wherein the mainboard, the domestic TPM encryption module, the power supply, the memory and the hard disk are arranged in the case;
the case is provided with a fingerprint IC card reader-writer jack, a DVI-D optical drive, an earphone interface and two USB interfaces on an external front panel; the rear panel is provided with a power supply interface, a network interface, a VGA interface, four USB interfaces, an HDMI interface, a serial port and a PS/2 interface;
the main board includes: the system comprises a domestic Feiteng CPU, a south bridge chip, a north bridge chip, a BIOS chip, a network chip, an IO chip, a serial port chip, a port control chip, a PCIx 16 interface, a PCIx 8 interface, a USB interface, a VGA interface, a DVI-D interface, a network interface, a serial port, a PS/2 interface, an earphone interface and an earphone interface;
the domestic Feiteng CPU is respectively connected and communicated with the north bridge chip, the BIOS chip and the memory socket;
the north bridge chip is respectively connected and communicated with the domestic Feiteng CPU, the south bridge chip and the network chip and is used for communicating with the domestic Feiteng CPU and controlling the memory, and data in the memory firstly enters the memory controller of the north bridge chip and then enters the domestic Feiteng CPU for processing;
the BIOS chip is used for storing a basic input and output program, a self-test program after power-on and a system self-starting program of the computer and providing the bottommost and most direct hardware setting and control for the computer;
the PCIEx8 interface is respectively connected with and communicates with the north bridge chip and the BIOS chip to realize the control of the PCIE channel;
the south bridge chip is respectively connected and communicated with the north bridge chip, the port control chip and the IO chip, the IO chip is respectively connected and communicated with the serial port chip and the PS/2 interface, and the serial port chip is connected and communicated with the serial port to realize IO and bus control;
the domestic TPM encryption module comprises a domestic CPU main control chip, a domestic FPGA coprocessor chip, an EBC Flash memory chip, an EBC RAM memory chip, a TRNG chip, a PCIEx8 interface, a USB interface, a JTAG interface, a UART interface, a crystal oscillator and a passive element;
the mainboard is connected with the domestic TPM encryption module through a PCIEx8 interface, the mainboard is connected with a power supply through a power line, the mainboard is connected with a memory through a memory socket, and the mainboard is connected with a hard disk through an SATA interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202021628249.4U CN212749835U (en) | 2020-08-07 | 2020-08-07 | Safe credible computer based on domestic TPM encryption module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202021628249.4U CN212749835U (en) | 2020-08-07 | 2020-08-07 | Safe credible computer based on domestic TPM encryption module |
Publications (1)
Publication Number | Publication Date |
---|---|
CN212749835U true CN212749835U (en) | 2021-03-19 |
Family
ID=74986968
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202021628249.4U Active CN212749835U (en) | 2020-08-07 | 2020-08-07 | Safe credible computer based on domestic TPM encryption module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN212749835U (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117395087A (en) * | 2023-12-12 | 2024-01-12 | 湖南博盛芯微电子科技有限公司 | BMC implementation method and system based on domestic processor |
-
2020
- 2020-08-07 CN CN202021628249.4U patent/CN212749835U/en active Active
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117395087A (en) * | 2023-12-12 | 2024-01-12 | 湖南博盛芯微电子科技有限公司 | BMC implementation method and system based on domestic processor |
CN117395087B (en) * | 2023-12-12 | 2024-02-20 | 湖南博盛芯微电子科技有限公司 | BMC implementation method and system based on domestic processor |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN203773424U (en) | Safe and reliable computer based on loongson processor | |
CN201054140Y (en) | Information security control chip | |
KR102102090B1 (en) | Firmware-based trusted platform module for arm® trustzone™ implementations | |
CN101980235B (en) | Safe computing platform | |
CN101794362A (en) | Trusted computation trust root device for computer and computer | |
WO2016209353A1 (en) | Authentication of a multiple protocol connection | |
CN202362788U (en) | Dependable computing device with USB (Universal Serial Bus) interfaces | |
CN101976320B (en) | Credible computer platform | |
CN201820230U (en) | Computer and trusted-computing trusted root equipment for same | |
WO2009064406A1 (en) | Pc on a usb drive or a cell phone | |
CN108629206B (en) | Secure encryption method, encryption machine and terminal equipment | |
CN101276384A (en) | Security control chip and implementing method thereof | |
CN102024115B (en) | Computer with user security subsystem | |
CN103679037A (en) | Asymmetric encryption authentication method and embedded device based on asymmetric encryption authentication | |
CN111125707A (en) | BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module | |
CN212749835U (en) | Safe credible computer based on domestic TPM encryption module | |
CN103617128B (en) | A kind of embedded system and the implementation method of SOS | |
CN201654768U (en) | Active type intelligent security USB (Universal Serial Bus) removable storage equipment | |
CN101799852A (en) | Hardware cryptographic module and method for protecting bank counter sensitive data | |
CN201549223U (en) | Trusted secure portable storage device | |
CN109446813A (en) | A kind of mainboard BIOS is anti-tamper and automatic recovery method | |
KR20140079694A (en) | Automated human interface device operation procedure | |
CN109740349A (en) | Discretionary security portable computing equipment and its starting method based on Loongson processor | |
CN1316327C (en) | Computer lock base on micro-electromechanical system information safety strong chain | |
CN114489251A (en) | Integrated computer based on Feiteng processor |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GR01 | Patent grant | ||
GR01 | Patent grant |