Safe starting method based on X86 architecture

A secure boot and architecture technology, applied in the field of data security, can solve the problems that the validity of the kernel and initramfs cannot be guaranteed, it is not applicable to PC or server, and it is not applicable to the X86 platform, so as to prevent others from tampering with the kernel and initramfs without authorization

Active Publication Date: 2021-03-12
KYLIN CORP
View PDF13 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This will lead to the fact that although the secure boot function is turned on, the validity of the kernel and initramfs cannot be guaranteed
[0004] There are also methods to achieve secure boot without using the SecureBoot function of UEFI software, some are embedded-oriented, and are not suitable for X86 platforms, and some require other special chips and special processors, and are not suitable for common PCs or servers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to have a further understanding of the technical solution and beneficial effects of the present invention, the technical solution of the present invention and its beneficial effects will be described in detail below.

[0021] The general idea of ​​the present invention is to increase the trusted root certificate generated by itself for the server, and use the root certificate to regenerate the kernel and initramfs, import the trusted root certificate into the machine, and open the SecureBoot function.

[0022] After enabling SecureBoot, the verification process is as follows:

[0023] (1) The firmware verifies the bootloader (shim-signed) in the first stage, and the verified key is stored in the DB.

[0024] (2) The first-stage bootloader (shim-signed) verifies the second-stage bootloader (grub2-efi-x64).

[0025] (3) The bootloader (grub2-efi-x64) of the second stage calls the shim interface to verify the signature of the kernel.

[0026] (4) Kernel verifica...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a safe starting method based on an X86 architecture. The safe starting method comprises the following steps: S1, generating a trusted root certificate and a kernel rpm packetsigned by the certificate by utilizing a compiling machine; and S2, importing the trusted root certificate by using the test machine, and opening a SecureBoot function. According to the invention, a SecureBoot function in UEFI software under an X86 platform is used, and a kernel source code packet is recompiled by using a self-made root certificate and a signature, so that the effectiveness of a Linux kernel and initramfs in a PC or a server is ensured, and when the kernel or the initramfs are modified, a system cannot be accessed, and the effect of preventing others from privately tampering the kernel and initramfs is achieved.

Description

technical field [0001] The present invention relates to the technical field of data security, in particular to a secure startup method based on an X86 architecture. Background technique [0002] The server operating systems of the X86 architecture are usually open source Linux operating systems, such as CentOS, Fedora, and Ubuntu. Both the Linux kernel and initramfs are open source and may be tampered with, which will cause a greater security risk to the server. In order to avoid this security risk, an X86 platform with a secure boot function is required to actively measure the linux kernel and initramfs when booting to ensure the security of the server operating system. [0003] The UEFI software developed by Intel Corporation replaces the BIOS. The SecureBoot function provided by UEFI software is used to ensure the validity of the linux kernel and initramfs. However, most X86-based motherboards use Microsoft Root of Trust and Fedora Root of Trust when they leave the fac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F8/41
CPCG06F21/575G06F8/41
Inventor 郭皓吴春光刘步权齐璇战茅
Owner KYLIN CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap