A UEFI trusted support system and control method thereof

Abstract

The invention discloses a unified extensible firmware interface (UEFI) trusted supporting system and a method for controlling the same. The UEFI trusted supporting system comprises UEFI trusted supporting system firmware and a trusted platform control module (TPCM), wherein the UEFI trusted supporting system firmware is stored on a nonvolatile memory and connected with the TPCM by a system bus; and the TPCM is connected with a trusted computation platform by the system bus. The method for controlling the UEFI trusted supporting system comprises the following steps of: firstly, loading a driver for the TPCM; secondly, sequentially authenticating the identity of users, performing measurement validation on a basis input/output system (BIOS), the characteristic data of hardware and a master boot record (MBR) / operating system (OS) Loader/OS Kernel, controlling different hardware peripheral interfaces according to an I/O strategy of the users, and performing safety guide setting on the system by a safety guide module; and finally, controlling by the BIOS or the OS. By the system and the method, trusted computation, the configuration management of the TPCM, the backup/recovery of the BIOS/MBR/OS Loader/OS Kernel and the physical protection of key data are realized on a firmware layer. The invention can be simultaneously applied to a Linux system which opens source codes and a Windows system which does not open the source codes, so that a fault does not occur in a trust chain between BIOS firmware and OS software, and the safety of a computer and the friendliness of human-computer interaction are improved.

Description

technical field [0001] The invention belongs to the field of information security, and in particular relates to a trusted support system and a method thereof which are applied to a trusted computing platform and comply with UEFI interface specifications. The system uses TPCM hardware management, authentication, storage, password and other services to realize trusted support function modules such as trusted authentication, trusted measurement, trusted recovery, configuration management, and secure boot, and completes the transfer of trust chain from TPCM to BIOS and from TPCM to BIOS. The process by which the BIOS is passed to the OS. technical background [0002] The International Trusted Computing Group (TCG) stipulates that Trusted Platform Module (TPM) is the hardware basis of trusted computing, and proposes a method of using TPM and BIOS as the root of trust to realize trusted computing. Aiming at the security flaws of the TPM root of trust measurement, experts and scho...

AI Technical Summary

Problems solved by technology

[0008] The above patents describe in detail the hardware and firmware architecture of TPCM designed to realize the active measurement function, and only propose the use of TPCM for BIOS measurement and BIOS for MBR measurement, but do not give how to make full use of various trusted services of TPCM. Realize the measurement and verification of BIOS and OS at the firmware layer Improve the architecture of the trusted support system and its trusted control method for trust chain transfer, e

Images