A Computer Bios Design Method Based on Authentication and Credibility Metrics

Abstract

The invention discloses a computer BIOS design method based on authentication and trusted measurement. The method comprises the steps that S01, the serial number of an SSD is read after a BIOS is initialized, whether the SSD is an encrypted SSD or not is judged, and if yes, an encryption key of the encrypted SSD is generated and the next step is executed; if not, the next step is executed; S02, ahard disk admission password is generated, whether the admission password is placed or not is selected according to whether a hard disk is in a locked mode or not, and the admission password is verified; S03, a local authentication strategy is read after verification; S04, identity authentication is performed according to the acquired authentication strategy, if the authentication is successful, the next step is executed, and if the authentication fails, re-authentication is conducted; S05, an IO port strategy and trusted measurement are started. According to the scheme, hard disk identification is introduced in the BIOS stage, and the safety of a computer can be improved by means of an authentication strategy acquisition module, an identity authentication module, an IO port strategy application module and a trusted measurement module.

Description

technical field [0001] The invention relates to one, in particular to a computer BIOS design method based on authentication and credibility measurement. Background technique [0002] Computer booting mainly goes through two processes, the BIOS boot process and the operating system boot process. After the user enters the user name and password of the operating system, any function provided by the system can be used. For ordinary users, these functions are enough to meet the needs of life and production, but in some special fields, such as national defense and party and government departments with high security levels, these functions obviously cannot meet the high requirements for security. For example, an ordinary PC does not provide an alarm when the host is unpacked, and does not provide an alarm when the hard disk or optical drive is replaced, or the contents of the hard disk are changed. Confidential information, causing heavy losses to the country. In addition, identi...

AI Technical Summary

Problems solved by technology

For ordinary users, these functions are enough to meet the needs of life and production, but in some special fields, such as national defense and party and government departments with high security levels, these functions obviously cannot meet the high requirements for security

For example, an ordinary PC does not provide an alarm when the host is unpacked, and does not provide an alarm when the hard disk or optical drive is replaced, or the contents of the hard disk are changed. Confidential information, causing heavy losses to the country

In addition, identity authentication is limited to operating system login authentication. Once criminals crack administrator or user passwords, important information will be exposed.

Images