Unlock instant, AI-driven research and patent intelligence for your innovation.

Trusted verification method and system for boot loader in full virtualization environment

A boot loader and full virtualization technology, applied in the field of trusted verification, can solve problems such as difficulties in integrity verification

Active Publication Date: 2014-10-08
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In a fully virtualized environment, first of all, the boot loader is also used to load the guest operating system when the virtual machine is started. However, how to verify the integrity of the boot loader itself needs to be solved urgently; secondly, the code of the boot loader itself is very delicate, for example, a A boot loader called GRUB has only 512 bytes of Stage1 and Start function code after compilation, and it is more difficult to perform integrity verification in such a delicately designed code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trusted verification method and system for boot loader in full virtualization environment
  • Trusted verification method and system for boot loader in full virtualization environment
  • Trusted verification method and system for boot loader in full virtualization environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0068] The specific embodiments of the present invention are given below, and the present invention is described in detail with reference to the accompanying drawings.

[0069] In order to solve the above technical problems, a method for authenticating a virtual machine boot loader based on a local BIOS interrupt call in a fully virtualized environment is provided.

[0070] The boot loader is GRUB, and the fully virtualized environment is a fully virtualized environment supported by Xen.

[0071] The code of each functional stage of the boot loader GRUB in a fully virtualized environment is limited by the number of bytes, that is, GRUB's Stage1 and GRUB's Start are only 512 bytes after being compiled. After installing GRUB using MBR, Stage1 is installed on side 0 and channel 0 This sector is also called the master boot sector. This sector does not belong to any partition before all system partitions. It consists of the master boot record (size 446 bytes), the disk partition table (si...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a trusted verification method and a system for starting a loader under a full virtualization environment. The method includes the following steps: step one, deploying and generating a trusted reference value linked list; step two, copying the linked list to a designated position of the memory of an unprivileged domain virtual machine when the unprivileged domain virtual machine is started; step three, verifying Stage 1 of GRUB of the unprivileged domain virtual machine in Rombios of the unprivileged domain virtual machine; step four, verifying Start of the GRUB of the unprivileged domain virtual machine through the Stage 1 of the GRUB of the unprivileged domain virtual machine; step five, verifying Stage1_5 of the GRUB of the unprivileged domain virtual machine through the Start of the GRUB of the unprivileged domain virtual machine; and step six, verifying Stage2 of the GRUB of the unprivileged domain virtual machine through the Stage1_5 of the GRUB of the unprivileged domain virtual machine, wherein the Stage1_5 and the Stage2 are starting stages of the GRUB.

Description

Technical field [0001] The invention relates to credible verification, in particular to a method for realizing credible verification based on BIOS interrupt calling in a full virtualized environment, and belongs to the field of trusted computing. Background technique [0002] Full virtualization (Full Virtualization), also known as raw virtualization technology, uses virtual machines to coordinate guest operating systems and raw hardware. Some protected instructions are captured and processed by a hypervisor. The running speed of full virtualization is better than hardware simulation. The biggest feature is that the guest operating system does not need to be modified, so all the software based on the guest operating system can run in a fully virtualized environment without modification. Based on this advantage, integrating trusted verification technology into a fully virtualized environment is a key means to solve the security, integrity, and credibility of software operation in ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/44G06F9/455
Inventor 高云伟薛栋梁邬小龙孙毓忠
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI