A method and device for obtaining the trusted state of the platform where the virtual machine is located

Abstract

The present invention provides a method and device for obtaining the trusted state of the platform where the virtual machine is located, including: adding PCRs for the virtual trusted root; dividing the added PCRs into platform resources, and setting the platform domain authorization value in the platform resources to random value and send the random value to the platform for storage; in response to the platform starting and the stored random value matching the current platform domain authorization value, the computing node hardware platform integrity information in the physical root of trust of the computing node where the virtual machine is located is passed to In the added PCR; comparing the hardware platform integrity information with the platform's baseline value; in response to matching the hardware platform integrity information with the platform's baseline value, determining that the platform is authentic. The present invention can effectively solve the problem of synchronous update of the trusted state information of the computing node where the virtual machine is located during the migration process of the virtual machine, improve the usability of the virtual root of trust in the cloud computing scene and enhance the security value of the virtual root of trust, and at the same time alleviate Trust issues between cloud tenants and cloud service providers.

Description

technical field [0001] This field relates to the computer field, and more specifically relates to a method and a device for obtaining a trusted state of a platform where a virtual machine is located. Background technique [0002] Cloud computing has become the main way to provide infrastructure in the field of information technology. However, the trust between virtual machine (cloud host) tenants and cloud service providers is still the focus of consideration for users to choose cloud services. Trusted computing technology has become a solution to this problem. One of the main means. Virtual machine tenants can obtain the trusted state information of the platform where the virtual machine is located through the root of trust of the virtual machine. Migration due to reasons such as balance and computing node maintenance needs, which leads to the need to update the trusted state stored in the root of trust of the cloud host along with the migration of the root of trust. [0...

AI Technical Summary

Problems solved by technology

[0004] 1) Part of the virtual root of trust implementation and application does not include the trusted state information of the computing node where it is located, resulting in virtual machine tenants being unable to obtain the trusted state information of the computing node where it is located through a secure means, and the tenant has nothing about the trusted status of the computing node where it is located Know;

[0005] 2) Part of the virtual root of trust implementation and application extends the trust status information of the computing node where the virtual machine is located to PCR0~7 of the virtual root of trust, which is consistent with the PCR (platform configuration register) used by the virtual machine's own firmware, resulting in hot In the migration scenario, the trusted state of the computing node cannot be directly updated (the virtual machine needs to be restarted to update, which will cause the interruption of tenant business);

[0006] 3) The creation and initialization process of the virtual root of trust of the virtual machine in the existing implementation and application does not detect the trust status of the target computing node, which may lead to security risks in the initialization process of the virtual root of trust;

[0007] 4) In the existing virtual machine migration scheme equipped with a virtual root of trust, only the trusted state of the target computing node is verified

Images