Trusted computing terminal and trusted computing method

Abstract

The embodiment of the invention discloses a trusted computing terminal, which comprises a trusted platform control module TPCM, a central processing unit CPU and an initialization program loading module, wherein the TPCM is used for irreversibly storing a core reliable measure root to measure a code of the initialization program loading module and send an indication that the measurement is finished; the CPU is used for loading and carrying out codes in the initialization program load module after receiving the indication that the measurement of the initialization program loading module by the TPCM is finished; and the initialization program loading module is used for storing initialization program codes of the trusted computing terminal. The embodiment of the invention discloses a trusted computing method simultaneously. The technical proposal disclosed by the embodiment of the invention can establish a trusted computing environment and can extend the trusted computing environment to an OS layer of an operating system.

Description

technical field [0001] The invention relates to the field of information security, in particular to a trusted computing terminal and a trusted computing method. Background technique [0002] As a new development direction in the field of information security, trusted computing has attracted more and more attention from companies and research institutions. The main goal of a trusted computing system is to build a computing environment that users can expect, so as to ensure that computing resources will not be maliciously tampered with or stolen. [0003] The trusted computing system determined by the Trusted Computing Group (Trusted Computing Group, TCG) mainly ensures the security of the entire computer system by enhancing the security of the existing terminal architecture. The main idea is to introduce a trusted architecture on the terminal hardware platform, and improve the security of the trusted computing system through the security features provided by the trusted arch...

AI Technical Summary

Problems solved by technology

figure 2 In addition to executing the execution processes ②, ④, and ⑥, the trusted terminal system shown in the work also executes the measurement processes ①, ③, and ⑤. However, how to implement the measurement processes ①, ③, and ⑤ is specified in the TCG specification no specific method

[0008] It can be seen from the above scheme that, according to the TCG specification, the establishment of a trusted computing environment depends on an unalterable root of trust and a chain of trust based on the root of trust. However, in the TCG trusted terminal system currently used in the industry, the trusted measurement root stores In the modifiable BIOS, because the trust chain is a one-way transmission chain, any problem in any node will cause the failure of the entire trust environment establishment. Therefore, once the trusted measurement root is tampered with, the trusted terminal cannot The establishment of a trusted computing environment in the system leads to security risks in the trusted terminal system

[0009] In the existing trusted terminal system, the TPM is placed on the LPC bus of the South Bridge as a slave device of the South Bridge chip, and is started by the South Bridge chip. Therefore, it is impossible to start the South Bridge chip itself and before the start actions to provide a trusted computing environment; and, the TCG specification only provides the trusted transfer process below the operating system (Operating System, OS) layer, but does not give a specific implementation method of trust transfer, and cannot provide a trusted computing environment for the OS layer. The above calculations provide a trusted computing environment

Images