摘要
提出一种可信平台控制模块(trusted platform control module,TPCM)平台度量及控制实现方法.该方法在保持主板原有设计的基础上,利用计算机主板已有的接口进行扩展设计,以TPCM为信任根对计算机平台进行可信度量.结合电源控制的实现,该方法可以从根本上解决计算机启动环境不可信问题.该方法在确保启动代码的可信性和完整性基础上,通过启动代码中植入的驱动及保护策略对启动环境进行检查确认.若检测到可信环境遭受破坏或设备固件代码被恶意篡改,则根据预先写在TPCM内部的安全策略进入非可信工作模式或阻止计算机继续启动等.该方法设计的TPCM对计算机有自主的、绝对的控制权.极端情况下可以采取关闭计算机、切断电源等绝对性保护措施.该方法不但可靠有效,而且实现成本低廉,安装简单.
A trusted platform control module (TPCM) and a control method are proposed in this paper. This method is based on keeping the original motherboard design unchanged , and the TPCM is extended on the existed interface of the computer and measures the platform with the root of trust for measurement (RTM). Combined with the realization of the power control,it can solve the source of the boot untrusted problem fundamentally. In terms of keeping the credibility and integrity of the boot code, it checks the boot environment by inserting driver and protected policy into the boot code. If the trusted environment has been destroyed or the device firmware has been malicious tampered , it will enter untrusted operation environment or prevent the computer from been powered on per the security policy, which have been written in the TPCM in advance. The TPCM designed by this method has autonomous and absolute control right to the computer. Once the system out of control occurred caused by malicious code intrusion, the TPCM can protect the computer from been attacked through cut off power and any other absolute protection solutions. It is not only reliable and effective , but also low cost and easy to be installed.
出处
《信息安全研究》
2017年第4期310-315,共6页
Journal of Information Security Research
关键词
可信平台控制模块
安全可信
平台度量
电源控制
可信运行环境
trusted platform control module (TPCM)
security and trust
platform measurement
power control
trusted work environment
