Method and device for obtaining credible state of platform where virtual machine is located

Abstract

The invention provides a method and a device for obtaining the credible state of a platform where a virtual machine is located. The method comprises the steps of adding a PCR to a virtual credible root; dividing the added PCR into platform resources, setting a platform domain authorization value in the platform resources as a random value, and sending the random value to a platform for storage; responding to platform starting and matching the stored random value with the current platform domain authorization value, and transmitting the computing node hardware platform integrity information inthe computing node physical trusted root where the virtual machine is located to the added PCR; comparing the integrity information of the hardware platform with a reference value of the platform; inresponse to conforming the hardware platform integrity information to a reference value of the platform, determining a fact that the platform is trusted. According to the method, the problem of synchronous updating of the trusted state information of the computing node where the virtual machine is located in the virtual machine migration process can be effectively solved, the usability of the virtual trusted root in a cloud computing scene is improved, the safety value of the virtual trusted root is enhanced, and meanwhile the trust problem between a cloud tenant and a cloud service provider can be relieved.

Description

technical field [0001] This field relates to the computer field, and more specifically relates to a method and a device for obtaining a trusted state of a platform where a virtual machine is located. Background technique [0002] Cloud computing has become the main way to provide infrastructure in the field of information technology. However, the trust between virtual machine (cloud host) tenants and cloud service providers is still the focus of consideration for users to choose cloud services. Trusted computing technology has become a solution to this problem. One of the main means. Virtual machine tenants can obtain the trusted state information of the platform where the virtual machine is located through the root of trust of the virtual machine. Migration due to reasons such as balance and computing node maintenance needs, which leads to the need to update the trusted state stored in the root of trust of the cloud host along with the migration of the root of trust. [0...

AI Technical Summary

Problems solved by technology

[0004] 1) Part of the virtual root of trust implementation and application does not include the trusted state information of the computing node where it is located, resulting in virtual machine tenants being unable to obtain the trusted state information of the computing node where it is located through a secure means, and the tenant has nothing about the trusted status of the computing node where it is located Know;

[0005] 2) Part of the virtual root of trust implementation and application extends the trust status information of the computing node where the virtual machine is located to PCR0~7 of the virtual root of trust, which is consistent with the PCR (platform configuration register) used by the virtual machine's own firmware, resulting in hot In the migration scenario, the trusted state of the computing node cannot be directly updated (the virtual machine needs to be restarted to update, which will cause the interruption of tenant business);

[0006] 3) The creation and initialization process of the virtual root of trust of the virtual machine in the existing implementation and application does not detect the trust status of the target computing node, which may lead to security risks in the initialization process of the virtual root of trust;

[0007] 4) In the existing virtual machine migration scheme equipped with a virtual root of trust, only the trusted state of the target computing node is verified

Images