摘要
在深入研究可信平台模块(TPM)和kexec相关技术的基础上,针对未安装TPM芯片的计算终端设计并实现了一种安全引导方式。该引导方式参考了可信平台模块的安全引导机制,在操作系统启动前,预先启动一个受保护的小型Linux系统,对操作系统的运行环境进行信任度量,验证BIOS和操作系统的完整性,为操作系统的启动提供一个可信赖的计算环境,然后使用kexec工具切换到磁盘操作系统。经过实验验证,文中设计的引导方式可以为Windows和Linux等多种平台的计算机终端提供安全引导支持,预引导系统验证系统运行环境的时延对系统启动总耗时的影响不明显。该引导方式是一种在不改变现有计算机硬件的基础上实现安全引导,是对现有计算机系统的安全增强措施。
Investigating in depth the technology of trusted platform module { TPM ) and kexec, design and implement a secure boot mechanism for computers without TPM support. In this scheme, referencing the secure boot mechanism based on TPM, a small protected Linux will start first, which can then measure the real operating system needed to boot at the early stage. After the measurement, can boot the operating system on disk by utilizing kexec. The mechanism designed by this paper can support Windows and Linux according to the experiments,and it was also shown that no obvious burden has been added to the whole system boot time. This mechanism is one of secure boots for existing computer without changing hardware, is a kind of security enhancement measures for computer system.
出处
《计算机技术与发展》
2012年第6期143-146,共4页
Computer Technology and Development
基金
国家高技术研究发展计划"863"项目(2009AA01Z40)
