Trusted computer system and trusted boot method based on secure cryptographic chip

A computer system and cryptographic chip technology, applied in computer security devices, computing, instruments, etc., can solve problems such as being tampered with, not providing a protection mechanism for metric benchmark values, and CRTM residency

Inactive Publication Date: 2017-10-24
THE PLA INFORMATION ENG UNIV
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The trusted boot mechanism based on TPM enhances the security of the system, but there are still some problems, such as: TPM exists as a peripheral of the system, it is always a passive device, and may be bypassed; CRTM resides outside the TPM , is not protected by TPM, and may be tampered with; and does not provide a protection mechanism for measuring benchmark values, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trusted computer system and trusted boot method based on secure cryptographic chip
  • Trusted computer system and trusted boot method based on secure cryptographic chip
  • Trusted computer system and trusted boot method based on secure cryptographic chip

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] Embodiment one, see Figure 1~3 As shown, a trusted computer system based on a secure cryptographic chip, its hardware components include a main platform and a secure cryptographic chip, the secure cryptographic chip is responsible for the trusted guidance of the main platform and provides measurement services for the main platform, and the main platform is responsible for daily processing ;The main platform includes the main processor, internal memory, external memory, bus and external devices. The main processor includes an instruction cache unit and a data cache unit. It has an additional passive working state and abides by the startup agreement. The main processor in the passive working state receives Push data from the security cryptographic chip and store it in the instruction cache unit, and receive the wake-up signal from the security cryptographic chip to switch itself to the normal working state. After entering the normal working state, the main processor obeys...

Embodiment 2

[0045] Embodiment 2 is basically the same as Embodiment 1, except that the security cryptographic chip is connected to the main processor through a communication channel. Communication channels include dedicated channel SPI bus and high-speed channel PCI-E bus. The security encryption chip communicates with the main processor through the SPI bus, and pushes the trusted measurement core root CRTM of the main platform to the instruction cache unit of the main processor; the main processor communicates with the security encryption chip through the PCI-E bus to complete the communication between the two. Transmission of large amounts of data, such as bootloader loading, trusted measurement of files, and data encryption and decryption.

[0046] The security cryptographic chip includes on-chip processor, cryptographic coprocessor, RAM, NandFlash and I / O bus. The on-chip processor is responsible for interacting with the main processor and coordinating the internal work of the secure...

Embodiment 3

[0049] Embodiment three, see Figure 4 As shown, a trusted booting method of a trusted computer system based on a security cryptographic chip specifically includes the following steps:

[0050] Step 1. After the trusted computer system is powered on, the main processor enters a passive working state;

[0051] Step 2. The security cryptographic chip starts to run first, and enters the active working mode; the secure cryptographic chip processor loads the firmware system of the secure cryptographic chip from NandFlash into the built-in RAM of the secure cryptographic chip and executes it, and the security cryptographic chip and the SPI bus Initialize, after the initialization is complete, read the trusted measurement core root CRTM of the main platform from the NandFlash, and push the CRTM to the main processor through the SPI bus;

[0052] Step 3. The main processor receives the pushed CRTM and stores it in the instruction cache unit;

[0053] Step 4. After the security encry...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a trusted computer system based on a safe password chip and a trusted guiding method thereof. The system comprises a main platform and the safe password chip. The main platform comprises a main processor, an internal memory, an external memory, a bus and an external device. The main processor comprises a command cache unit, a data cache unit, an executing unit and a second-level cache unit. According to the trusted computer system and the trusted guiding method, when the system is started, the safe password chip runs before the main processor runs, pushes a CRTM to the command cache unit and awakes the main processor; the main processor performs execution from the CRTM, measures and loads a guide program, an operating system, an application program and the like through the safe password chip and builds a trusted chain; the safe password chip participates in the whole trusted guiding process and can not be bypassed; the CRTM is retained inside the safe password chip, other programs running on the main processor can not meet the CRTM and can also not analyze and distort the CRTM, the safer effect is achieved, and the system is more stable.

Description

technical field [0001] The invention relates to the field of computer system security, in particular to a trusted computer system based on a secure cryptographic chip and a trusted guidance method thereof. Background technique [0002] The main job of a computer system is to execute programs. Before execution, the program is a file residing in external storage, such as a disk, CD, Flash Memory, etc., including program codes, data, etc. When executing, program files, data files, etc. are transferred into the memory. Under normal circumstances, the files residing in the external memory should be stable, the program code and its configuration parameters should remain unchanged, and the behavior of the program should be exactly the same every time it is executed. However, due to defects in design or implementation, programs may modify files intentionally or unintentionally; malicious software such as viruses and Trojan horses may intentionally tamper with files. Changes in fil...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/572G06F21/575G06F2221/034
Inventor 郭玉东周少皇王立新董卫宇何红旗魏小峰林键
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap