A method for realizing safe and trusted authentication through bios and kernel
A core and trusted technology, applied in the direction of computer security devices, instruments, platform integrity maintenance, etc., can solve the problems of lack of security management mechanism, lack of upper-level operating system protection, etc.
Active Publication Date: 2017-12-15
SHANDONG CHAOYUE DATA CONTROL ELECTRONICS CO LTD
View PDF6 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
In practical application, this method has some defects, including the lack of flexible security management mechanism and the lack of protection of the upper operating system
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0017] As shown in the attached figure, the specific operation steps are as follows:
[0018] 1. Add the DXE driver to the UEFI BIOS source code, compile the BIOS source code to generate an executable ROM file.
[0019] 2. Update the newly compiled BIOS file to the system Firmware.
[0020] 3. Add the code to authenticate the BIOS signature in the Linux kernel, and update the operating system kernel.
[0021] 4. Start the system and enter the operating system.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides a method for achieving safe and trusted authentication through BIOS and a kernel. The method comprises the steps of: adding a private key for decrypting the signature of an operating system kernel into NVSTORAGE area of the BIOS, adding a virtual device driver into UEFIBIOS, loading the virtual device driver into a UEFI operating environment in the initial stage of a DXE period, subsequently asymmetrically encrypting the signature of the BIOS by using the DXE driver, storing the encrypted result into a pre-defined reserved memory area, loading the operating system kernel file into an internal memory after self-check of the BIOS is completed, obtaining the encrypted signature of the kernel code through searching iconic characters, visiting NVSTORAGE by UEFIBIOS to read the private key stored therein, decrypting the system signature by the private key, if the decrypted signature is trusted, the BISO jumping to the kernel core to turning over right of control to the operating system, otherwise, prompting that the operating system of the user is not authenticated, and prompting the user whether to continue the operation.
Description
technical field [0001] The invention relates to the field of computer application technology, in particular to a method for realizing safe and credible authentication through BIOS and kernel. Background technique [0002] The development of information security technology is not only based on the security mechanism at the operating system level, but also further extended to the firmware layer. The firmware BIOS is at the bottom of the computer system. If the BIOS is attacked and modified by malicious code, it will cause the computer system to completely collapse, or cause the computer system to be controlled by malicious people from the bottom. In order to solve the security problem faced by the BIOS system, the industry has proposed the concept of trusted computing. The new version of the UEFI standard adds definitions of services such as trusted boot, digital signature, and digital digest. These definitions conform to the trusted platform specification developed by the Tr...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06F21/62
CPCG06F21/575G06F21/62
Inventor 赵瑞东李萌刘毅枫耿士华鄢建龙
Owner SHANDONG CHAOYUE DATA CONTROL ELECTRONICS CO LTD