A startup measurement method and device using oprom mechanism

A measurement method and mechanism technology, applied in computer security devices, instruments, calculations, etc., can solve problems such as security verification, inability to perform start-up measurement, and inability to achieve computer equipment start-up measurement adaptation, so as to improve safety performance and ensure safety credible effect

Active Publication Date: 2021-04-20
BEIJING KEXIN HUATAI INFORMATION TECH
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this startup measurement method does not perform security verification on the BIOS, and only performs an overall measurement on the operating system
In addition, this startup measurement method needs to modify the BIOS firmware program to realize it. For computer equipment that has been shipped but has not modified the BIOS firmware program, startup measurement cannot be performed, and startup measurement adaptation for all computer equipment cannot be achieved.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A startup measurement method and device using oprom mechanism
  • A startup measurement method and device using oprom mechanism
  • A startup measurement method and device using oprom mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] Based on the above-mentioned trusted computing platform, for allowing the situation of directly modifying the BIOS firmware program, the present invention provides a startup measurement method, including:

[0062] S101. After the trusted computing platform is powered on, the TPCM is started before the CPU of the computing subsystem, and the TPCM measures the BIOS of the computing subsystem.

[0063] S102. If the measurement result is credible, start the CPU and load the BIOS. During the execution of the BIOS, the measurement agent module in the BIOS (the TSB in the protection subsystem is implanted into the agent in the computing subsystem) first intercepts the loading of the OSLoader code, then reads the OSLoader code and its related information from the hard disk, and Send it to TPCM for measurement.

[0064] S103. If the measurement result of the OSLoader is credible, the BIOS loads and executes the OSLoader. Afterwards, the measurement proxy module in OSLoader fir...

Embodiment 2

[0069] For the situation that the BIOS firmware program is not allowed to be directly modified or the BIOS modification is not applicable in the actual scene, the present invention provides a startup measurement method using the OPROM mechanism.

[0070] A startup measurement method using the OPROM mechanism can be applied to the trusted computing platform described above. The trusted computing platform includes: a parallel computing subsystem and a protection subsystem, the computing subsystem is used to complete computing tasks, and the protection subsystem The system is used to actively measure and control the computing subsystem according to the trusted policy through the trusted platform control module; the computing subsystem and the protection subsystem have a security isolation mechanism and interact through a dedicated access channel;

[0071] Such as figure 2 As shown, the startup measurement method in this embodiment includes:

[0072] S1. After the trusted comput...

Embodiment 3

[0081] For the situation that the BIOS firmware program is not allowed to be directly modified or the BIOS modification is not applicable in the actual scene, the present invention proposes a startup measurement method using the OPROM mechanism.

[0082] A startup measurement method using the OPROM mechanism, applied to a trusted computing platform, the trusted computing platform includes: a parallel computing subsystem and a protection subsystem, the computing subsystem is used to complete the computing task, and the protection subsystem is used to pass the trusted The platform control module performs active measurement and active control on the computing subsystem according to the trusted policy; the computing subsystem and the protection subsystem have a security isolation mechanism, and interact through a dedicated access channel;

[0083] Startup measurement methods include:

[0084] S101. After the trusted computing platform is powered on, the trusted platform control mo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a startup measurement method and device using an OPROM mechanism. The method includes: after the trusted computing platform is powered on, the trusted platform control module in the protection subsystem is started before the CPU in the computing subsystem, and the protection subsystem The system uses the trusted platform control module as the root of trust to measure the BIOS firmware program of the computing subsystem. If the measurement result of the BIOS firmware program is credible, the OSLoader code of the computing subsystem is checked by using the OPROM mechanism during the execution of the BIOS firmware program. Perform measurement. If the measurement result of the OSLoader code is credible, continue to measure the operating system and applications of the computing subsystem until the trust chain of the computing subsystem is established. The startup measurement method provided by the present invention utilizes the OPROM mechanism to realize the startup measurement of the computer equipment without modifying the BIOS, and the startup measurement method can be adapted to all computer equipment.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a startup measurement method and device using an OPROM mechanism. Background technique [0002] In order to ensure the safe startup and operation of the computer, it is usually necessary to perform trusted measurement on the computer startup process, that is, before loading and executing the next-stage startup object, it is necessary to measure the next-stage startup object, for example, the BIOS needs to measure the next-stage OS To measure. [0003] In the prior art, the BIOS firmware program of the computer is usually modified to enable the computer to have a Secure Boot function, and the Secure Boot function is used to implement security verification of the operating system during the computer startup process. However, this startup measurement method does not perform security verification on the BIOS, and only performs an overall measurement on the operating system...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/575
Inventor 孙瑜王强王涛李春艳
Owner BEIJING KEXIN HUATAI INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap