摘要
基于国产操作系统RT Thread与国产开发板AB32VG1提出一种可信启动实现方法。可信启动框架从建立可信实体与完整性度量方向出发,将U boot分割为两部分,与操作系统核心文件共同构成可信实体,发送至可信加密模块进行完整性度量,度量成功则返回控制信号至外部设备,并保存可信实体到非易失性存储器中;反之,则禁止启动,可信加密模块作为系统可信根,通过SM4与SM3双重加密完成。在AB32VG1开发板上进行验证,可正确输出控制信号,系统稳定运行、安全启动、多次加密结果正确、可快速完成完整性度量,与预期设计目标一致。
In the paper,a trusted startup implementation method is proposed which is based on the domestic operating system RT-Thread and the domestic development board AB32VG1.Starting from the direction of establishing trusted entity and integrity measurement,the trusted boot framework divides the U-boot into two parts to form a trusted entity together with the core file of the operating system,and sends it to the trusted encryption module for integrity measurement.If the measurement is successful,the control signal is returned to the external device,and the trusted entity is saved in the nonvolatile memory.Otherwise,startup is prohibited.As the trusted root of the system,the trusted encryption module is completed through SM4 and SM3 double encryption.Through verification on the AB32VG1 development board,the control signal can be correctly output,the system operates stably and starts safely,the encryption results are correct for many times,and the integrity measurement can be completed quickly,which is consistent with the expected design goal.
作者
余小桐
韩跃平
唐道光
武杰
Yu Xiaotong;Han Yueping;Tang Daoguang;Wu Jie(School of Instrument and Electronics,North University of China,Taiyuan 030051,China;100 Trust Information Technology Co.,Ltd.;China Mobile Shanxi Co.Ltd.Taiyuan Branch)
出处
《单片机与嵌入式系统应用》
2022年第12期20-23,31,共5页
Microcontrollers & Embedded Systems
