A method for implementing a uefi-based trusted log

Abstract

The application discloses a kind of implementation methods of UEFI-based trusted log, comprising the following steps: step one, when UEFI executes external program, first verify the integrity of external program, and generate measurement information, then add measurement information to the trusted log corresponding to this start, to update the data in UEFI trusted log database;Step two, UEFI realizes an interface in SETUP, shows trusted start log to user, trusted start log includes the start log of the whole life cycle of device, each start log shows all measurement results in each start process.The application can retain the flexibility of UEFI while also ensuring security. Users can also explicitly know which module's measurement is not passed by viewing the log. Users can also further intuitively view the trusted start log of the whole device cycle through the UEFI SETUP interface.

Description

Technical Field

[0001] This invention relates to a method for implementing a trusted log based on UEFI. Background Technology

[0002] Trusted computing is a mechanism that ensures security by verifying platform integrity through the transmission of a trusted chain. After each entity is verified, a metric is written to the corresponding platform configuration register (PCR), and the correctness of the metric sequence is determined by verifying the accumulated PCR values. However, this method cannot meet the following requirements: 1. In UEFI-based BIOS, the modules running during startup often change, resulting in different startup paths each time. 2. When a startup sequence fails, it is impossible to determine which module's metric failed. 3. Users cannot intuitively see the entire trusted startup metric process. Summary of the Invention

[0003] To overcome the technical problem that current trusted computing on UEFI has difficulty in accurately displaying module metrics during the startup process, this invention provides a method for implementing trusted logs based on UEFI that ensures both the flexibility of UEFI and the security and ease of viewing.

[0004] To achieve the above-mentioned technical objectives, the technical solution of the present invention is as follows:

[0005] An implementation method for a trusted log based on UEFI includes the following steps:

[0006] When UEFI executes each external program during the boot process, it first verifies the integrity of the external program, then performs measurement to generate measurement information, and adds the measurement information to the trusted log corresponding to this boot, thereby updating the data in the UEFI trusted log database; the measurement refers to the signature verification of asymmetric encryption.

[0007] The data in the UEFI trusted log database is displayed in the UEFI settings interface to show the trusted logs to users. The displayed content includes trusted logs for the entire lifecycle of the device. The trusted logs for each device startup show all the measurement results during the startup process.

[0008] In the aforementioned method for implementing a trusted log based on UEFI, step one involves verifying the integrity of the external program through the verification interface of the TCM security chip.

[0009] In the aforementioned method for implementing a trusted log based on UEFI, in step one, the measurement information is added to the trusted log through the relevant interface of the UEFI trusted log proxy module.

[0010] The aforementioned method for implementing a UEFI-based trusted log includes a UEFI trusted log proxy module that provides an interface for writing trusted logs to a UEFI trusted log database; wherein the interface includes:

[0011] 1) Create a new trusted log node: After each startup, UEFI will call the interface to create a log node for this startup. The created trusted log node will temporarily only contain one metric: TCM metric for UEFI, that is, TCM verifies the signature of the UEFI file;

[0012] 2) Add measurement information: After each new measurement is initiated, the measurement information generated by this measurement is added to the current trusted log node through the interface.

[0013] The described method for implementing a UEFI-based trusted log involves storing the UEFI trusted log database based on the UEFI Variable area. Before storage, the trusted logs must be signed using an asymmetric encryption algorithm. The asymmetric encryption algorithm used here ensures that the signed data is tamper-proof and non-repudiable.

[0014] The aforementioned method for implementing a trusted log based on UEFI includes measuring external programs and generating measurement information that includes the measurement initiator, the object being measured, the time, and the measurement result.

[0015] The aforementioned method for implementing a trusted log based on UEFI includes a measurement initiator (TCM, UEFI, or GRUB), a measurement object (UEFI, any external EFI program, or system kernel), a measurement time (the specific date and time of the measurement), and a measurement result (whether the measurement passed or failed). The measurement process includes two parts: calculating the hash and decrypting the signature and comparing the hash. When TCM measures UEFI, TCM completes the entire measurement process. When UEFI measures an external EFI program or GRUB measures the system kernel, UEFI or GRUB calculates the hash, and then TCM performs the decryption of the signature and comparison of the hash.

[0016] The aforementioned method for implementing trusted logs based on UEFI derives its measurement results through the following methods:

[0017] If the TCM determines that the signature of the object being measured is correct, the measurement passes; otherwise, the measurement fails. When initiating the measurement command, the hash value and signature of the file need to be passed to the TCM as parameters.

[0018] The aforementioned method for implementing a trusted log based on UEFI involves a trusted log generated by the TCM from the results of each UEFI measurement and stored within the TCM for UEFI to retrieve. The trusted log contains information including: a startup sequence number and a measurement result. The startup sequence number indicates how many startups occurred within the device's lifecycle, and the measurement result records whether the measurement was successful.

[0019] The aforementioned method for implementing a trusted log based on UEFI involves sending a command to the TCM after initializing the TCM during UEFI runtime to obtain the TCM measurement log. Based on the obtained information, UEFI generates a trusted log node for this startup, including the startup sequence number obtained directly from the TCM and the number of logs. The number of logs includes the number of measurements initiated during this startup process, and the information for each measurement is stored in a separate measurement information.

[0020] The technical advantages of this invention are as follows: Because UEFI-based BIOS often involves modules that change during the boot process, resulting in different boot paths each time, this invention ensures security while maintaining the flexibility of UEFI. Users can also clearly identify which module failed the measurement by viewing the logs. Furthermore, users can visually view the trusted boot logs for the entire device lifecycle through the UEFISETUP interface.

[0021] The invention will now be further described with reference to the accompanying drawings. Attached Figure Description

[0022] Figure 1 This is a schematic diagram of the process of the present invention. Detailed Implementation

[0023] This embodiment provides specific implementation steps for a UEFI-based trusted log implementation method, wherein the trusted chain, i.e., the metric, is set as follows:

[0024] (1) TCM acts as a trusted root to verify UEFI. If the verification passes, the CPU powers on and runs UEFI.

[0025] (2) UEFI verifies the signatures of any external EFI files, including OSLoader (grub), PCIeOpRom, and other EFI programs (including UEFI update programs, UEFI test and debug programs, etc.).

[0026] (3) OSLoader (grub) verifies the kernel file.

[0027] Specifically, the measurement (i.e. the signature verification process) is an asymmetric encryption signature verification, which includes two parts: calculating the hash and decrypting the signature and comparing the hash.

[0028] 2. The TCM generates a log for each UEFI measurement result and stores it internally, waiting for the UEFI to retrieve it. The main information included in the TCM trusted log is as follows:

[0029] (1) Startup sequence number: indicates the Nth start within the device's lifecycle.

[0030] (2) Measurement results (indicating whether the measurement was successful or not).

[0031] 3. During UEFI runtime, after initializing the TCM, a command is sent to the TCM to obtain the TCM metric log. Based on the obtained information, the UEFI generates a trusted log node for this startup, which mainly includes:

[0032] (1) Startup serial number: Use the value obtained directly from TCM.

[0033] (2) Number of logs: The number of times a metric is initiated during this startup process (the number of logs is 1 when a trusted log is created). The information for each metric is stored in a separate “metric information”.

[0034] (3) The data in “Measurement Information” includes:

[0035] ①Measure Initiator: The entity that initiates this measure. Currently, the entities that can initiate measures are TCM, UEFI, and GRUB.

[0036] ② The objects being measured: UEFI, any external EFI program, and the system kernel can all be objects being measured.

[0037] ③ Log time: The date and time when this metric occurred and the specific time of the metric.

[0038] ④ Measurement result: whether the measurement passed.

[0039] When TCM measures UEFI, the entire measurement process is completed by TCM. When UEFI measures an external EFI program or GRUB measures the system kernel, UEFI or GRUB calculates the hash, and then TCM decrypts the signature and compares the hash. Therefore, in any measurement process, TCM is used to verify whether the hash matches the signature and returns the verification result to the initiator. The hash calculation for external EFI programs and the system kernel is performed by UEFI and GRUB respectively, making the measurement faster than if TCM performed it entirely; and due to the trust chain, this process is also reliable.

[0040] The specific measurement result is obtained by TCM verifying whether the HASH matches the signature. This is the standard process for verifying signatures in asymmetric encryption. The signature is a HASH of the measured object that is encrypted with a key. During the verification, the signature is decrypted using the private key to obtain the HASH within the signature. The decrypted HASH is compared with the input HASH. If they match, the verification passes; otherwise, the verification fails.

[0041] 4. After the trusted log is generated in the previous step, UEFI writes the log to the "UEFI Trusted Log Database" through the "UEFI Trusted Log Proxy Module". This "UEFI Trusted Log Proxy Module" is implemented based on a common software architecture, which separates log operations from log storage.

[0042] 5. When UEFI executes any external program, it first verifies the integrity of the external program by calling the TCM verification interface. Referring to section (3) of step 3, a "metric information" is generated. Through the relevant interface of the "UEFI Trusted Log Agent Module", the "metric information" is added to the "trusted log" corresponding to this boot, and finally the data in the "UEFI Trusted Log Database" is updated. The trusted log after each boot contains all the metric information of the entire boot process, and the result of each metric exists separately. This solves the technical problems of UEFI-based BIOS, where the modules running during the boot process often change, resulting in different boot paths each time; and when a boot sequence problem occurs, it is impossible to determine which module failed the metric.

[0043] 6. UEFI implements an interface in SETUP to display the trusted boot log to the user. The trusted boot log includes the boot log of the entire device lifecycle. Each boot log shows in detail all the measurement results in each boot process. This solves the technical problem that users cannot intuitively see the entire trusted boot measurement process.

[0044] 7. If users need to view trusted boot logs under the OS, this can be achieved through an additional client program. This client program obtains trusted boot logs through the interface provided by UEFI, decrypts them, and displays them to the user, achieving the same function as UEFISETUP.

[0045] 8. For enterprise users, corresponding management interfaces can be developed to allow IT administrators to remotely obtain trusted logs from each device and remotely monitor the integrity of each device.

[0046] The following sections introduce the "UEFI Trusted Log Agent Module" and the "Trusted Log Database".

[0047] 1. The main function of the UEFI Trusted Log Agent module is to provide an interface for writing trusted logs to the "UEFI Trusted Log Database"; the interface mainly includes two types,

[0048] (1) Create a new trusted log node. After each startup, UEFI will call this interface to create a log node for this startup. At this time, this metric node contains only one metric information: TCM measures UEFI, that is, TCM verifies the signature of the UEFI file.

[0049] (2) Add measurement information: After each new measurement is initiated, add a measurement information to the current trusted log node.

[0050] The trusted logs generated in the previous step will eventually be stored in the "trusted log database". According to the UEFI specification, UEFI provides a UEFIVariable area specifically for storing this type of information. Therefore, UEFI-based systems can use UEFIVariable to implement the "trusted log database". Since the UEFIVariable area is an open area with standard APIs that can be accessed, trusted logs need to be signed and placed in the UEFIVariable area to prevent malicious tampering.

Claims

1. A method for implementing trusted logs based on UEFI, characterized in that, Includes the following steps: When UEFI executes each external program during the boot process, it first verifies the integrity of the external program, then performs measurement to generate measurement information, and adds the measurement information to the trusted log corresponding to this boot, thereby updating the data in the UEFI trusted log database; the measurement refers to the signature verification of asymmetric encryption. The data in the UEFI trusted log database is displayed in the UEFI settings interface to show the trusted logs to users. The displayed content includes trusted logs for the entire lifecycle of the device. The trusted logs for each device startup show all the measurement results during the startup process. The trusted log is a summary log generated by the TCM from the results of each UEFI measurement and stored inside the TCM to await UEFI acquisition. The trusted log generates trusted log nodes with startup sequence numbers throughout the entire device lifecycle. The trusted log nodes contain measurement information, and the data in the measurement information includes the measurement initiator, the measured object, the log time, and the measurement result. The startup sequence number is used to indicate how many startups within the device lifecycle it is. The initiator of the measurement includes TCM, UEFI, or GRUB. The object being measured is UEFI, any external EFI program, or system kernel. The time is the specific date and time of the measurement. The measurement result is whether the measurement passes or fails. The measurement process includes two parts: calculating the hash and decrypting the signature and comparing the hash. When TCM measures UEFI, TCM completes the entire measurement process. When UEFI measures the external EFI program or GRUB measures the system kernel, UEFI or GRUB performs the hash calculation, and then TCM performs the decryption signature and hash comparison.

2. The method for implementing a trusted log based on UEFI according to claim 1, characterized in that, In step one, the integrity of the external program is verified through the verification interface of the TCM security chip.

3. The method for implementing a trusted log based on UEFI according to claim 1, characterized in that, In step one, the measurement information is added to the trusted log through the relevant interface of the UEFI trusted log agent module.

4. The method for implementing a trusted log based on UEFI according to claim 3, characterized in that, The UEFI trusted log proxy module is used to provide an interface for writing trusted logs into the UEFI trusted log database; The interfaces include: 1) Create a new trusted log node: After each startup, UEFI will call the interface to create a log node for this startup. The created trusted log node will temporarily only contain one metric: TCM metric for UEFI, that is, TCM verifies the signature of the UEFI file; 2) Add measurement information: After each new measurement is initiated, the measurement information generated by this measurement is added to the current trusted log node through the interface.

5. The method for implementing a trusted log based on UEFI according to claim 4, characterized in that, The UEFI trusted log database is stored based on the UEFI Variable area, and the trusted logs need to be signed using an asymmetric encryption algorithm before being stored.

6. The method for implementing a trusted log based on UEFI according to claim 1, characterized in that, The measurement results are obtained in the following way: If the TCM determines that the signature of the object being measured is correct, the measurement passes; otherwise, the measurement fails. When initiating the measurement command, the hash value and signature of the file need to be passed to the TCM as parameters.

7. The method for implementing a trusted log based on UEFI according to claim 1, characterized in that, The trusted log is generated during UEFI runtime. After initializing the TCM, a command is sent to the TCM to obtain the TCM measurement log. Based on the obtained information, UEFI generates a trusted log node for this boot, including the boot sequence number obtained directly from the TCM and the number of logs. The number of logs includes the number of measurements initiated during this boot process, and the information of each measurement is stored in a separate measurement information.

Images