Unlock instant, AI-driven research and patent intelligence for your innovation.

Trusted verification method and system for starting loader under full virtualization environment

A boot loader, full virtualization technology, applied in the field of trusted verification, can solve problems such as difficulty in integrity verification

Active Publication Date: 2012-10-24
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF6 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In a fully virtualized environment, first of all, the boot loader is also used to load the guest operating system when the virtual machine is started. However, how to verify the integrity of the boot loader itself needs to be solved urgently; secondly, the code of the boot loader itself is very delicate, for example, a A boot loader called GRUB has only 512 bytes of Stage1 and Start function code after compilation, and it is more difficult to perform integrity verification in such a delicately designed code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trusted verification method and system for starting loader under full virtualization environment
  • Trusted verification method and system for starting loader under full virtualization environment
  • Trusted verification method and system for starting loader under full virtualization environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0068] Specific embodiments of the present invention are given below, and the present invention is described in detail in conjunction with the accompanying drawings.

[0069] In order to solve the above-mentioned technical problems, a method for authenticating virtual machine boot loaders based on local BIOS interrupt calls in a fully virtualized environment is provided.

[0070] The boot loader is GRUB, and the full virtualization environment is a full virtualization environment supported by Xen.

[0071] In a fully virtualized environment, the code of each functional stage of the boot loader GRUB is limited by the number of bytes. That is, Stage1 of GRUB and Start of GRUB are only 512 bytes after compilation. After installing GRUB using MBR, Stage1 is installed on 0 plane 0 channel This sector is also known as the master boot sector. This sector does not belong to any partition before all system partitions. It consists of the master boot record (size is 446 bytes), disk part...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a trusted verification method and a system for starting a loader under a full virtualization environment. The method includes the following steps: step one, deploying and generating a trusted reference value linked list; step two, copying the linked list to a designated position of the memory of an unprivileged domain virtual machine when the unprivileged domain virtual machine is started; step three, verifying Stage 1 of GRUB of the unprivileged domain virtual machine in Rombios of the unprivileged domain virtual machine; step four, verifying Start of the GRUB of the unprivileged domain virtual machine through the Stage 1 of the GRUB of the unprivileged domain virtual machine; step five, verifying Stage1_5 of the GRUB of the unprivileged domain virtual machine through the Start of the GRUB of the unprivileged domain virtual machine; and step six, verifying Stage2 of the GRUB of the unprivileged domain virtual machine through the Stage1_5 of the GRUB of the unprivileged domain virtual machine, wherein the Stage1_5 and the Stage2 are starting stages of the GRUB.

Description

technical field [0001] The invention relates to trusted verification, in particular to a method for realizing trusted verification based on BIOS interrupt call in a full virtualization environment, and belongs to the field of trusted computing. Background technique [0002] Full Virtualization (Full Virtualization), also known as the original virtualization technology, this technology uses a virtual machine to coordinate the guest operating system and the original hardware, and some protected instructions are captured and processed by the virtual machine management program (Hypervisor). The operating speed of full virtualization is better than that of hardware simulation. The biggest feature is that the guest operating system does not need any modification, so all software based on the guest operating system can run in the full virtualization environment without modification. Based on this advantage, integrating trusted verification technology into the full virtualization en...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F9/455
Inventor 高云伟薛栋梁邬小龙孙毓忠
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI