[go: up one dir, main page]

CN201203868Y - A Trusted Platform Module - Google Patents

A Trusted Platform Module Download PDF

Info

Publication number
CN201203868Y
CN201203868Y CNU2008201087426U CN200820108742U CN201203868Y CN 201203868 Y CN201203868 Y CN 201203868Y CN U2008201087426 U CNU2008201087426 U CN U2008201087426U CN 200820108742 U CN200820108742 U CN 200820108742U CN 201203868 Y CN201203868 Y CN 201203868Y
Authority
CN
China
Prior art keywords
module
trusted
data
tpcm
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNU2008201087426U
Other languages
Chinese (zh)
Inventor
毛军捷
庄俊玺
姜广智
刘贤刚
孙瑜
李晨
刘智君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CNU2008201087426U priority Critical patent/CN201203868Y/en
Application granted granted Critical
Publication of CN201203868Y publication Critical patent/CN201203868Y/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A trusted platform module relates to a information safety domain. The trusted platform module TPM is the trusted root of the trusted computer platform and is core module of trusted computation. The utility model provides a new trusted platform module, aiming at the problem of the formation of the core root of trust of measurement CRTM and information chain establishment in the TPM chip and a measurement mode of initiative mode based on the trusted platform module is also provided and the trusted measurement root of the platform is designed in the trusted platform module, so as to solve the trusted root safety danger due to BIOS falsification and a trust chain of initiative mode is established using the module as the trusted root. The module is a trusted platform control module TPCM for realizing the control function of trusted root in the whole platform.

Description

一种可信平台模块 A Trusted Platform Module

技术领域 technical field

本实用新型涉及信息安全领域,尤其涉及一种可信平台模块。The utility model relates to the field of information security, in particular to a trusted platform module.

背景技术 Background technique

国际可信计算组织TCG所提出的可信计算的基本思想是:构建一个可信根(Root oftrust),并从可信根开始,用杂凑度量的方法建立一条可以验证的信任链,从硬件平台到BIOS、操作系统,再到应用,一级验证一级,从而把这种信任扩展到整个计算机系统,确保计算机系统可信。The basic idea of trusted computing proposed by the International Trusted Computing Organization TCG is: to build a root of trust (Root of trust), and start from the root of trust, use the method of hash measurement to establish a verifiable chain of trust, from the hardware platform From the BIOS, the operating system, to the application, one level of verification is required to extend this trust to the entire computer system to ensure that the computer system is credible.

TCG推出了以可信平台模块TPM(Trusted P1atform modules)为主的系列规范,以TPM为可信根,建立从底层硬件到操作系统的信任链,形成可信平台。TCG has launched a series of specifications based on trusted platform modules TPM (Trusted P1atform modules), using TPM as the root of trust to establish a trust chain from the underlying hardware to the operating system to form a trusted platform.

TCG规范中给出三个信任根,可信存储根、可信报告根和可信度量根,前两个根放在可信平台模块TPM芯片中,但可信度量根放在BIOS中,在工程实践中,这种方式引起了BIOS篡改、信任根建立等问题。Three trust roots are given in the TCG specification, trusted storage root, trusted report root and trusted measurement root. The first two roots are placed in the trusted platform module TPM chip, but the trusted measurement root is placed in the BIOS. In engineering practice, this method has caused problems such as BIOS tampering and root of trust establishment.

可信根root of trust

在TCG系统中,可信根是无条件被信任的,系统并不检测可信根的行为,因此可信根的是否真正值得信任,是系统的可信关键。这就要求可信根的功能最小化,理论上应具有数学意义上的可信任,工程实现上基于硬件的物理保护。文献[2]给出三个信任根:In the TCG system, the root of trust is unconditionally trusted, and the system does not detect the behavior of the root of trust. Therefore, whether the root of trust is really trustworthy is the key to the system's credibility. This requires the function of the root of trust to be minimized, theoretically it should be trustworthy in the mathematical sense, and in engineering implementation, it should be based on hardware-based physical protection. Literature [2] gives three trust roots:

用于度量的根信任(Root of Trust for Measurement,RTM),即可信度量根;Root of Trust for Measurement (RTM), that is, root of trust for measurement;

用于存储的根信任(Root of Trust for Storage,RTS),即可信存储根;Root of Trust for Storage (RTS) for storage, i.e. trusted storage root;

用于报告的根信任(Root of Trust for Report,RTR),即可信报告根;Root of Trust for Report (RTR), the trusted reporting root;

RTM是一个完整性度量的起始点,能够进行可靠的完整性测量的计算引擎。RTM is a starting point for integrity measurement, a calculation engine capable of reliable integrity measurement.

RTS是能够保存完整性信息摘要的正确记录和信息摘要序列的计算部件。The RTS is a computational component capable of maintaining correct records of integrity message digests and sequence of message digests.

RTR是能正确报告RTS所保存信息的可靠性的计算部件。The RTR is the computational component that correctly reports the reliability of the information held by the RTS.

其中,可信存储根和可信报告根存储在不可篡改的可信平台模块TPM中。核心可信度量根CRTM存储在基本输入输出系统BIOS中,也就是说CRTM和RTM不在TPM中。而可信度量根是建立可信链的重要部件,它的可信是整个系统可信的根基,将CRTM存放在BIOS可能引起病毒和恶意程序的修改,从而引起整个信任根的破坏,导致信任链的失效。Among them, the trusted storage root and the trusted reporting root are stored in the non-tamperable trusted platform module TPM. The core root of trust measurement CRTM is stored in the basic input and output system BIOS, that is to say, the CRTM and RTM are not in the TPM. The root of trust measurement is an important part of establishing a trust chain. Its credibility is the foundation of the entire system. Storing the CRTM in the BIOS may cause the modification of viruses and malicious programs, thereby causing the destruction of the entire root of trust and leading to trust. chain failure.

可信度量根存储在可以修改的BIOS中降低了系统的安全性。因为信任链是一个单向传递链,其间任意一个节点出现问题,都会导致整个信任环境建立失败,因此,一旦该可信度量根被篡改,则无法在该可信终端系统中建立可信计算环境,导致可信终端系统存在安全隐患。Root of Trust Metrics stored in BIOS which can be modified reduces the security of the system. Because the chain of trust is a one-way transmission chain, if any node has a problem, the establishment of the entire trust environment will fail. Therefore, once the trusted measurement root is tampered with, it is impossible to establish a trusted computing environment in the trusted terminal system. , leading to potential security risks in the trusted terminal system.

实用新型内容Utility model content

本实用新型的目的在于提供一种可信平台模块(TPCM)Trusted Platform ControlModule,以及基于可信平台模块的主动度量方法。可信平台模块是一种集成在可信计算平台中,用于建立和保障信任源点的硬件核心模块,为可信计算提供完整性度量、安全存储、可信报告以及密码服务等功能。The purpose of the utility model is to provide a Trusted Platform Module (TPCM) Trusted Platform ControlModule, and an active measurement method based on the Trusted Platform Module. The trusted platform module is a hardware core module integrated in the trusted computing platform to establish and guarantee the source of trust, and provides functions such as integrity measurement, secure storage, trusted reporting, and cryptographic services for trusted computing.

为达到上述目的,本实用新型的技术方案具体是这样实现的:In order to achieve the above object, the technical solution of the utility model is specifically realized in the following way:

一种可信平台模块,其特征在于:包括控制单元和主动度量单元。其中主动度量单元,其包括数据访问模块、数据解析模块、杂凑算法模块和同步时钟模块,是用于在TPCM上电后,主动读取外部待度量的信息,并完成对所述信息的度量工作;其中控制单元包括控制执行模块和状态检测模块,用于决定如何对计算机系统中的硬件设备进行硬件控制,以及向硬件设备发出控制信号。A trusted platform module is characterized in that it includes a control unit and an active measurement unit. Among them, the active measurement unit, which includes a data access module, a data analysis module, a hash algorithm module and a synchronous clock module, is used to actively read the external information to be measured after the TPCM is powered on, and complete the measurement of the information ; Wherein the control unit includes a control execution module and a state detection module, which are used to determine how to control the hardware of the hardware devices in the computer system, and send control signals to the hardware devices.

数据访问模块:通过可信平台模块芯片管脚和外部扩展的存储体连接。上电后,对可信平台模块外部扩展的存储体进行数据读取的控制操作。Data access module: connected with the externally expanded storage body through the trusted platform module chip pins. After power-on, the control operation of data reading is performed on the externally extended memory bank of the trusted platform module.

数据解析模块:与数据访问模块相连,负责实现通讯协议和读取数据访问模块采集到的数据内容,并将采集到的数据转换成可以被杂凑运算模块直接操作的数据。Data analysis module: connected with the data access module, responsible for implementing the communication protocol and reading the data content collected by the data access module, and converting the collected data into data that can be directly operated by the hash operation module.

杂凑算法模块:是度量运算的主要执行单元。其与数据解析模块相连,对数据解析模块转换后的数据进行杂凑值运算,生成度量值或者度量参考值。Hash algorithm module: it is the main execution unit of measurement operation. It is connected with the data analysis module, performs hash value operation on the data converted by the data analysis module, and generates measurement value or measurement reference value.

同步时钟模块:通过可信平台模块芯片管脚和外部扩展的存储体连接。负责向被主动读取数据的外部存储提供同步时钟。Synchronous clock module: connected with the externally expanded storage body through the trusted platform module chip pins. Responsible for providing a synchronous clock to external storage that is actively reading data.

控制执行模块:直接连接到硬件资源的使能信号输入端,负责向硬件资源发出控制信号。Control execution module: directly connected to the enable signal input end of the hardware resource, responsible for sending a control signal to the hardware resource.

状态检测模块:负责实时检测硬件资源的工作状态。Status detection module: responsible for real-time detection of the working status of hardware resources.

所述的可信平台模块(TPCM)进行主动度量方法,包括以下步骤:Described Trusted Platform Module (TPCM) carries out active measuring method, comprises the following steps:

a)主机供电,可信平台模块TPCM与BIOS芯片同时先于主板上其他硬件单元上电,执行初始化模块代码;a) Host power supply, Trusted Platform Module TPCM and BIOS chip are powered on before other hardware units on the motherboard at the same time, and execute the initialization module code;

b)TPCM执行状态检查,判断是否处于禁用状态;同时状态检测模块通过通讯总线搜集PC上的硬件资源信息与当前使用状态;b) TPCM performs a status check to determine whether it is in a disabled state; at the same time, the status detection module collects hardware resource information and current usage status on the PC through the communication bus;

c)如果TPCM处于使能状态,则TPCM的控制执行模块将向信号切换单元发出切换命令,准备进行主动度量操作,同时同步时钟模块向BIOS芯片提供同步工作时钟;控制执行模块想BIOS芯片发出使能信号,数据访问模块读出BIOS中的关键代码,经数据解析模块解析后,交给杂凑算法模块进行度量并存储度量结果;如果BIOS度量不成功,则控制执行模块向信号切换信号器发出控制指令,切换单元切换到正常启动模式后,平台受控启动,TPCM进入失败处理流程,由预定管理策略或者由平台管理员现场操作,选择进入非可信工作模式:平台下电或重启;c) If the TPCM is in the enabled state, the control execution module of the TPCM will send a switching command to the signal switching unit to prepare for an active measurement operation, and the synchronous clock module will provide a synchronous working clock to the BIOS chip; the control execution module will send a command to the BIOS chip. The data access module reads out the key codes in the BIOS, and after being analyzed by the data analysis module, it is handed over to the hash algorithm module for measurement and storage of the measurement results; if the BIOS measurement is unsuccessful, the control execution module sends control to the signal switching signal device Instruction, after the switching unit is switched to the normal startup mode, the platform is started under control, and the TPCM enters the failure processing flow, and the predetermined management strategy or the on-site operation by the platform administrator choose to enter the untrusted working mode: the platform is powered off or restarted;

d)如果TPCM对BIOS的关键代码度量结果正确,则TPCM的控制执行模块向信号切换单元发出切换信号,信号切换单元发出平台上电信号,平台上电,BIOS启动执行;如果判断到TPCM处于禁用状态,信号切换单元进行切换操作,则平台正常上电,BIOS启动,系统不经过度量环节,依次经过MBR启动和内核加载步骤,使平台进入非可信工作模式;d) If the TPCM measures the key codes of the BIOS correctly, the control execution module of the TPCM sends a switching signal to the signal switching unit, and the signal switching unit sends a platform power-on signal, the platform is powered on, and the BIOS starts to execute; if it is judged that the TPCM is disabled state, the signal switching unit performs the switching operation, then the platform is powered on normally, the BIOS starts, the system does not go through the measurement link, and then goes through the steps of MBR startup and kernel loading in turn, so that the platform enters the untrusted working mode;

e)BIOS中的关键代码完成对BIOS其他部分代码和MBR的度量,并将度量结果存储在TPCM中;e) The key code in the BIOS completes the measurement of other parts of the BIOS code and the MBR, and stores the measurement result in the TPCM;

f)如果对MBR度量成功,则MBR启动;f) If the MBR measurement is successful, the MBR starts;

g)MBR对OS Loader进行度量,将度量结果存储在TPCM中;g) MBR measures OS Loader and stores the measurement results in TPCM;

h)如果对OS Loader度量成功,则OS内核被加载;h) If the OS Loader measurement is successful, the OS kernel is loaded;

i)系统进入可信工作模式。i) The system enters the trusted working mode.

所述可信平台模块,其特征在于将完整性度量根放置在TPCM内部,由硬件和固件协同实现,用于实现对可信计算平台和可信计算系统的主动度量操作。TPCM上电初始化后,首先将根据可信完整性度量功能,在可信计算平台上的CPU上电之前,主动的对存储在BOOTROM中的BIOS代码、外围硬件设备的固件、操作系统在内的各部分依次的分步骤的进行完整性检查,以保证平台启动链中的软件代码没有被篡改硬件设备没有被非法替换,其后CPU上电,读取BIOS代码。并且在初始化外部设备的同时,对制定的外部设备进行完整性、可靠性检查,实现可信报告功能;在主动度量阶段和正常计算机工作阶段之间进行切换时,需要通过信号切换单元来实现。The trusted platform module is characterized in that the integrity measurement root is placed inside the TPCM, and is realized by cooperation of hardware and firmware, and is used to realize the active measurement operation on the trusted computing platform and the trusted computing system. After the TPCM is powered on and initialized, firstly, according to the trusted integrity measurement function, before the CPU on the trusted computing platform is powered on, it will actively check the BIOS code stored in the BOOTROM, the firmware of peripheral hardware devices, and the operating system. Each part carries out the integrity check step by step in order to ensure that the software code in the platform startup chain has not been tampered with and the hardware device has not been illegally replaced, and then the CPU is powered on to read the BIOS code. And at the same time of initializing the external equipment, check the integrity and reliability of the specified external equipment to realize the credible report function; when switching between the active measurement phase and the normal computer work phase, it needs to be realized through the signal switching unit.

实施效果:Implementation Effect:

本实用新型设计了可信平台模块(Trus tedPlatformmodules,TPCM),它实现了TPM的功能,且将可信度量根RTM植入TPCM中。这样,TPM所提出的三个信任根都存储在具有物理保护的芯片中,防止外界篡改可信根,因此,其可信性更有保障。The utility model designs a trusted platform module (TrustedPlatformmodules, TPCM), which realizes the function of the TPM, and implants the trusted measurement root RTM in the TPCM. In this way, the three trust roots proposed by the TPM are all stored in a chip with physical protection to prevent the outside world from tampering with the trust root, so its credibility is more guaranteed.

在信任链建立方面提出了主动度量模式。设计独立的隔离电源为TPCM和CPU供电,让TPCM先于CPU启动,使TPCM运行于主动模式,对BIOS的启动代码(Boot Block)进行完整性验证,实现了可信平台模块作为整个平台的信任根的特性。Proactive measurement mode is proposed in the establishment of trust chain. Design an independent isolated power supply to power TPCM and CPU, let TPCM start before CPU, make TPCM run in active mode, verify the integrity of BIOS boot code (Boot Block), and realize the trust of the trusted platform module as the entire platform properties of the root.

与TCG的TPM方案相比,TPCM方案不仅提高了芯片的可信性,也体现了可信根的可控制性。本文的方案中,TPCM是平台唯一的信任根,所以默认可信(axiomatically trusted)的只有TPCM芯片;在TCG方案中,除TPM要求默认可信之外,还要求核心可信度量根(CoreRoot of Trusted Measurement,CRTM)默认可信,而CRTM包含BIOS、键盘等。显然,TPCM方案更加安全。Compared with TCG's TPM solution, the TPCM solution not only improves the reliability of the chip, but also reflects the controllability of the root of trust. In the scheme of this paper, TPCM is the only trust root of the platform, so only the TPCM chip is axiomatically trusted by default; Measurement, CRTM) is trusted by default, and CRTM includes BIOS, keyboard, etc. Obviously, the TPCM scheme is more secure.

附图说明: Description of the drawings:

图1 TPCM组成结构图Figure 1 TPCM structure diagram

图2 TPCM内部固件组成图Figure 2 TPCM internal firmware composition diagram

图3 TPCM可信度量流程图Figure 3 Flow chart of TPCM trustworthiness measurement

图4 TPCM详细工作流程图Figure 4 TPCM detailed work flow chart

图5 TPCM与主板其它通用设备复位时序关系Figure 5 The timing relationship between TPCM and other general-purpose devices on the motherboard

图6 信号切换单元连接图Figure 6 Signal switching unit connection diagram

具体实施方式 Detailed ways

TPCM硬件组成结构TPCM hardware composition structure

可信平台模块采用经典SOC设计方案,主要完成TPCM的基本功能(见图1)。芯片内部实现包括CPU、非易失性存储单元、易失性存储单元、随机数发生器、密码算法引擎、密钥生成器、定时器、控制单元、主动度量单元、输入输出桥接单元和总线控制器,由输入输出桥接单元统一将这些功能单元映射到片内微处理器的访问地址空间。另外,芯片除LPC控制器之外,设置多种控制器接口,以适应不同主板总线。The trusted platform module adopts the classic SOC design scheme and mainly completes the basic functions of TPCM (see Figure 1). The internal implementation of the chip includes CPU, non-volatile storage unit, volatile storage unit, random number generator, cryptographic algorithm engine, key generator, timer, control unit, active measurement unit, input-output bridge unit and bus control device, and these functional units are mapped to the access address space of the on-chip microprocessor by the input-output bridge unit. In addition, in addition to the LPC controller, the chip is equipped with multiple controller interfaces to adapt to different motherboard buses.

其中主动度量单元,其包括数据访问模块、数据解析模块、杂凑算法模块和同步时钟模块,是用于在TPCM上电后,主动读取外部待度量的信息,并完成对所述信息的度量工作;其中控制单元包括控制执行模块和状态检测模块,用于决定如何对计算机系统中的硬件设备进行硬件控制,以及向硬件设备发出控制信号。Among them, the active measurement unit, which includes a data access module, a data analysis module, a hash algorithm module and a synchronous clock module, is used to actively read the external information to be measured after the TPCM is powered on, and complete the measurement of the information ; Wherein the control unit includes a control execution module and a state detection module, which are used to determine how to control the hardware of the hardware devices in the computer system, and send control signals to the hardware devices.

模块实现方法: Module implementation method:

1)数据访问模块:该模块采用硬件方式实现,主要负责完成TPCM主动对外部数据存储体的访问操作。组成主要包括对LPC通讯总线的主从模式的切换控制部分、数据控制读取部分、读取数量控制部分、读取时序控制部分等。该模块I/O端口主要包括使能信号端口、输入输出信号端口、中断信号端口等1) Data access module: This module is realized by hardware, and is mainly responsible for completing the access operation of TPCM to the external data storage body actively. The composition mainly includes the switching control part of the master-slave mode of the LPC communication bus, the data control reading part, the reading quantity control part, the reading timing control part and so on. The I/O ports of the module mainly include enable signal ports, input and output signal ports, interrupt signal ports, etc.

2)数据解析模块:该模块采用硬件方式实现,与数据访问模块相连,负责实现通讯协议和读取数据访问模块采集到的数据内容,并将采集到的数据转换成可以被杂凑运算模块直接操作的数据。通讯协议部分是基于LPC通讯协议基础上实现自定义的可信平台控制模块的通讯协议,该部分包括数据解析操作和数据封装操作。数据解析操作主要是进行数据的分类、非法数据过滤、数据的格式转换、数据组合等。数据封装操作是将处理完的数据按照自定义的通讯协议进行组包封装。该模块I/O端口主要包括使能信号端口、输入输出信号端口、功能选择端口等2) Data analysis module: This module is realized by hardware, connected with the data access module, responsible for implementing the communication protocol and reading the data content collected by the data access module, and converting the collected data into data that can be directly operated by the hash operation module The data. The communication protocol part is based on the LPC communication protocol to realize the communication protocol of the customized trusted platform control module. This part includes data analysis operation and data encapsulation operation. Data parsing operations are mainly for data classification, illegal data filtering, data format conversion, data combination, etc. The data encapsulation operation is to package and encapsulate the processed data according to the custom communication protocol. The I/O ports of the module mainly include enable signal ports, input and output signal ports, function selection ports, etc.

3)杂凑算法模块:该模块采用硬件方式实现,是度量运算的主要执行单元。其与数据解析模块相连,对数据解析模块转换后的数据进行杂凑值运算,生成度量值或者度量参考值。模块I/O端口主要包括使能信号端口、输入输出信号端口、中断信号端口等。3) Hash algorithm module: This module is realized by hardware and is the main execution unit of measurement operation. It is connected with the data analysis module, performs hash value operation on the data converted by the data analysis module, and generates measurement value or measurement reference value. The module I/O ports mainly include enable signal ports, input and output signal ports, and interrupt signal ports.

4)同步时钟模块:通过可信平台模块芯片管脚和外部扩展的存储体连接。负责向被主动读取数据的外部存储提供与可信平台模块同步的工作时钟。同步时钟信号可以由可信平台模块内部产生,也可以取自外部的分支信号。4) Synchronous clock module: connected to the externally expanded storage body through the trusted platform module chip pins. Responsible for providing a working clock synchronized with the trusted platform module to the external storage whose data is actively read. The synchronous clock signal can be generated internally by the trusted platform module, or can be obtained from an external branch signal.

5)控制执行模块:直接连接到硬件资源的使能信号输入端,负责向硬件资源发出控制信号。可以进行硬件资源使能和禁用、信号切换单元的切换控制等操作。主要包括与相连设备的使能信号控制端口、中断端口、数据通讯端口等。5) Control execution module: directly connected to the enable signal input end of the hardware resource, responsible for sending a control signal to the hardware resource. Operations such as enabling and disabling hardware resources, and switching control of signal switching units can be performed. It mainly includes the enable signal control port, interrupt port, data communication port, etc. of connected devices.

6)状态检测模块:负责实时检测硬件资源的工作状态。通过SMBUS总线接口查询硬件资源的使用状态和相关信息。6) Status detection module: responsible for real-time detection of the working status of hardware resources. Query the usage status and related information of hardware resources through the SMBUS bus interface.

TPCM固件组成构成TPCM firmware composition

TPCM固件是芯片内部的核心控制程序,主要负责辅助硬件单元实现可信计算功能,同时以软件的方式管理和维护硬件资源。TPCM基本功能由内部固件实现,其固件包含五个部分(见图2):TPCM firmware is the core control program inside the chip, which is mainly responsible for assisting hardware units to realize trusted computing functions, and at the same time manage and maintain hardware resources in software. The basic functions of TPCM are implemented by internal firmware, and its firmware consists of five parts (see Figure 2):

●初始化模块:负责对模块进行初始化、模块自检等。●Initialization module: responsible for initializing the module and self-testing of the module.

●输入输出驱动模块:模块内输入输出的驱动函数库,负责可信平台模块内部的总线控制器。● Input and output driver module: the driver function library for input and output in the module, responsible for the bus controller inside the trusted platform module.

●主动度量模块:负责控制主动度量单元,对Boot ROM的主动度量。●Active measurement module: responsible for controlling the active measurement unit and active measurement of Boot ROM.

●指令处理模块:负责对外部实体发送的指令进行解析和执行。●Instruction processing module: responsible for parsing and executing instructions sent by external entities.

●访问控制模块:负责辅助控制单元,实现对硬件资源的访问控制和工作状态检测。●Access control module: responsible for assisting the control unit to realize access control to hardware resources and detection of working status.

TPCM可信度量流程TPCM Trust Measuring Process

TPCM可信度量流程(见图3):TPCM credibility measurement process (see Figure 3):

a)主机供电,TPCM与BIOS芯片同时先于其他主板上其他硬件单元上电,执行初始化模块代码。a) Host power supply, TPCM and BIOS chips are powered on before other hardware units on other motherboards at the same time, and execute the initialization module code.

b)TPCM执行状态检查,判断是否处于禁用状态。同时状态检查模块通过I2C或者SMbus总线搜集PC上的硬件资源信息与当前使用状态。b) The TPCM performs a status check to determine whether it is in a disabled state. At the same time, the status inspection module collects hardware resource information and current usage status on the PC through the I 2 C or SMbus bus.

c)如果TPCM处于使能状态,则TPCM的控制执行模块将向信号切换单元发出切换命令,准备进行主动度量操作,同时同步时钟模块向BIOS芯片提供同步工作时钟。控制执行模块想BIOS芯片发出使能信号,数据访问模块读出BIOS中的关键代码,经数据解析模块解析后,交给杂凑算法模块进行度量并存储度量结果。如果BIOS度量不成功,则控制执行模块向信号切换信号器发出控制指令,切换单元切换到正常启动模式后,平台受控启动,TPCM进入失败处理流程,由预定管理策略或者由平台管理员现场操作,选择进入非可信工作模式或者是平台下电或重启。c) If the TPCM is in the enabled state, the control execution module of the TPCM will send a switching command to the signal switching unit to prepare for an active measurement operation, and at the same time, the synchronous clock module provides a synchronous working clock to the BIOS chip. The control execution module sends an enable signal to the BIOS chip, and the data access module reads out the key codes in the BIOS, and after being analyzed by the data analysis module, it is handed over to the hash algorithm module for measurement and storage of the measurement results. If the BIOS measurement is unsuccessful, the control execution module sends a control command to the signal switching annunciator. After the switching unit switches to the normal startup mode, the platform starts under control, and the TPCM enters the failure processing flow, which is operated by a predetermined management strategy or on-site by the platform administrator. , choose to enter the untrusted working mode or power off or restart the platform.

d)如果TPCM对BIOS的关键代码度量结果正确,则TPCM的控制执行模块向信号切换单元发出切换信号,信号切换单元发出平台上电信号,平台上电,BIOS启动执行。如果判断到TPCM处于禁用状态,信号切换单元进行切换操作,则平台正常上电,BIOS启动,系统不经过度量环节,依次经过MBR启动和内核加载步骤,使平台进入非可信工作模式。d) If the TPCM measures the key codes of the BIOS correctly, the control execution module of the TPCM sends a switching signal to the signal switching unit, and the signal switching unit sends a platform power-on signal, the platform is powered on, and the BIOS starts to execute. If it is judged that the TPCM is in the disabled state and the signal switching unit performs a switching operation, the platform is normally powered on, the BIOS starts, the system does not go through the measurement link, and the system goes through the steps of MBR startup and kernel loading in turn, so that the platform enters an untrusted working mode.

e)BIOS中的关键代码完成对BIOS其他部分代码和MBR的度量,并将度量结果存储在TPCM中。e) The key code in the BIOS completes the measurement of other parts of the BIOS code and the MBR, and stores the measurement result in the TPCM.

f)如果对MBR度量成功,则MBR启动。f) If the measurement of the MBR is successful, then the MBR starts.

g)MBR对OS Loader进行度量,将度量结果存储在TPCM中。g) MBR measures OS Loader and stores the measurement results in TPCM.

h)如果对OS Loader度量成功,则OS内核被加载。h) If the OS Loader measurement is successful, the OS kernel is loaded.

i)系统进入可信工作模式。i) The system enters the trusted working mode.

TPCM详细工作流程TPCM detailed workflow

TPCM详细工作流程分为三个部分(见图4):可信工作模式流程、异常处理工作流程和非可信工作模式流程。The detailed workflow of TPCM is divided into three parts (see Figure 4): trusted working mode process, exception handling workflow and non-trusted working mode process.

Figure Y200820108742D00091
可信工作模式流程:
Figure Y200820108742D00091
Trusted working mode process:

1)TPCM正常启动后完成初始化自检、度量、认证绑定、发送可信计算平台启动信号的一系列动作,开始进入可信工作模式。1) After the TPCM starts normally, it completes a series of actions including initialization self-inspection, measurement, authentication binding, and sending a trusted computing platform startup signal, and starts to enter the trusted working mode.

2)接收指令:TPCM通过总线控制器和数据解析模块来接收指令。如果没有接收到指令则处于等待接收指令状态。2) Receiving instructions: TPCM receives instructions through the bus controller and data analysis module. If no instruction is received, it is in the state of waiting to receive an instruction.

3)口令判断:指令集部分指令需要通过授权口令判断才能执行。如果没有通过口令判断,则应该向可信计算平台返回指令失败应答信号,装换到空闲等待接收指令状态。3) Password judgment: Some instructions in the instruction set need to pass the authorization password judgment before they can be executed. If it is not judged by the password, it should return an instruction failure response signal to the trusted computing platform, and switch to an idle state waiting to receive instructions.

4)指令解析:通过数据解析模块和固件中的指令处理模块,将接收到的指令进行细化分析,转换成可复用的原语操作。4) Instruction analysis: through the data analysis module and the instruction processing module in the firmware, the received instructions are analyzed in detail and converted into reusable primitive operations.

5)访问权限检查:如果指令需要使用到硬件设备时,需要检查当前用户对该设备的使用权限。通过检查的指令可以继续执行,没有通过检查的指令不能执行,并向可信计算平台返回指令失败应答信号。5) Access permission check: If the instruction needs to use a hardware device, it is necessary to check the current user's permission to use the device. Instructions that pass the inspection can continue to be executed, and instructions that fail the inspection cannot be executed, and an instruction failure response signal is returned to the trusted computing platform.

6)指令执行:执行通过检查的指令包含的所有原语操作。6) Instruction execution: Execute all primitive operations contained in the instruction that passed the inspection.

7)返回成功应答:当指令包含的所有原语操作都执行完成后,应向可信计算平台发送指令执行成功应答信号。7) Returning a successful response: when all the primitive operations included in the instruction are executed, the instruction execution success response signal should be sent to the trusted computing platform.

8)TPCM掉电判断:当向可信计算平台发送指令执行成功应答信号后,应做TPCM掉电判断。如果有掉电请求,则TPCM内部的控制执行模块应向信号切换单元发出切换操作,并执行平台和TPCM掉电操作,最后退出。如果没有掉电请求,则应回到等待接收指令状态。8) TPCM power-off judgment: After the command execution success response signal is sent to the trusted computing platform, the TPCM power-off judgment should be made. If there is a power-down request, the control execution module inside the TPCM should send a switching operation to the signal switching unit, and execute the platform and TPCM power-down operation, and finally exit. If there is no power-down request, it should return to the state of waiting to receive instructions.

异常处理工作流程: Exception handling workflow:

TPCM上电启动后,当处于功能使能状态,应进行出错状态检查、初始化自检、度量EMM1、认证绑定操作。如果上述操作有任意一项不能完成,则应按照下面流程完成异常处理工作:After TPCM is powered on and started, when it is in the function enable state, it should perform error status check, initialization self-check, measure EMM1, and authentication binding operations. If any of the above operations cannot be completed, the exception handling work should be completed according to the following process:

1)处于出错状态:TPCM启动后需要检查TPCM是否处于出错状态,如果在出错状态,则需要保存审计日志,并交由管理员处理错误。1) In an error state: After TPCM starts, it is necessary to check whether the TPCM is in an error state. If it is in an error state, it is necessary to save the audit log and hand it over to the administrator to handle the error.

2)初始化、自检:TPCM启动后需要执行初始化和主动自检工作,并保存审计日志。其中自检工作必须包括主动和被动两种自检方式。2) Initialization and self-inspection: After TPCM is started, it needs to perform initialization and active self-inspection work, and save audit logs. The self-inspection work must include active and passive self-inspection methods.

3)度量BIOS关键代码:TPCM中的可信度量根RTM对BIOS中的关键代码主动进行完整性度量,保存度量日志。3) Measure BIOS key codes: the trusted measurement root RTM in TPCM actively measures the integrity of key codes in BIOS, and saves measurement logs.

4)认证绑定:TPCM启动后需要认证当前所在平台是否是上次可信计算平台绑定操作中被绑定的对象。如果不是,则给出出错信号,并保存审计日志。4) Authentication binding: After TPCM starts, it needs to authenticate whether the current platform is the object bound in the last trusted computing platform binding operation. If not, signal an error and save an audit log.

5)保存失败类型:如果出现上述四种情况之一,则应保存失败类型及审计日志。5) Save the failure type: If one of the above four situations occurs, the failure type and the audit log should be saved.

6)平台启动信号:保存失败类型后,应向平台发送启动信号,TPCM也可以在此时关闭平台上的除鼠标/键盘/显示器以外的其它部件,进一步控制平台的启动环境。6) platform startup signal: after saving the failure type, the startup signal should be sent to the platform, and TPCM can also close other parts on the platform except mouse/keyboard/display at this moment, further control the startup environment of the platform.

7)显示失败信息:当平台启动,执行BIOS后,应根据保存的失败类型,向用户显示失败类型信息。7) Displaying failure information: when the platform is started and the BIOS is executed, the failure type information should be displayed to the user according to the stored failure type.

8)管理员登录:当显示失败信息后,需要管理员登录对失败信息进行处理。8) Administrator login: After the failure information is displayed, the administrator needs to log in to process the failure information.

9)异常处理操作:由管理员根据失败原因进行相应的异常处理操作。9) Exception handling operation: the administrator performs corresponding exception handling operations according to the cause of the failure.

10)禁用TPCM:当管理员不能及时对失败信息进行处理时,可以由管理员发出TPCM的功能禁用操作。功能禁用后,系统的启动流程不发生变化。10) Disable TPCM: When the administrator cannot process the failure information in time, the administrator can issue a TPCM function disabling operation. After the function is disabled, the startup process of the system does not change.

11)如果执行了TPCM禁用操作,则应给可信计算平台发出TPCM禁用信号。并通过BIOS显示给用户。11) If the TPCM disabling operation is performed, a TPCM disabling signal should be sent to the trusted computing platform. And display it to the user through the BIOS.

12)平台、TPCM重启:管理员可以执行平台掉电、TPCM重新启动操作。12) Platform and TPCM restart: administrators can perform platform power-off and TPCM restart operations.

Figure Y200820108742D00101
非可信工作模式流程:
Figure Y200820108742D00101
Untrusted working mode process:

TPCM上电启动后,当处于功能禁用状态或者是处于出错状态,则应按照下面流程完成功能禁用状态或者出错状态处理流程:After the TPCM is powered on and started, when it is in the function disabled state or in the error state, the processing flow of the function disabled state or error state should be completed according to the following process:

1)平台启动信号:当TPCM处于功能禁用状态或者处于出错状态后,TPCM控制执行模块向信号切换单元和可信计算平台发出平台正常启动信号。1) Platform startup signal: When the TPCM is in a function disabled state or in an error state, the TPCM control execution module sends a platform normal startup signal to the signal switching unit and the trusted computing platform.

2)用户登录:可信计算平台BIOS启动,系统提示用户登录。如果登录的是管理员,则可以进入到对TPCM的使能状态设置操作流程。如果是普通用户登录,则可以选择是否继续启动,进入到非可信操作系统中,或者是平台、TPCM都掉电,并退出系统。如果是管理员登录,则可以选择是否使能TPCM,并执行平台掉电、TPCM重新启动,或者是平台、TPCM都掉电,并退出系统。2) User login: the trusted computing platform BIOS starts, and the system prompts the user to log in. If you are logged in as an administrator, you can enter the operation process of setting the enabling state of TPCM. If an ordinary user logs in, you can choose whether to continue to start and enter an untrusted operating system, or to power off the platform and TPCM and exit the system. If you log in as an administrator, you can choose whether to enable TPCM, and execute platform power-off, TPCM restart, or both platform and TPCM power-off, and exit the system.

TPCM电源设计TPCM power supply design

为了实现主动度量功能,改进了主板的电源供电子系统,设计了TPCM隔离的供电电路,并对现有的平台主板启动时序进行调整(见图5)。In order to realize the active measurement function, the power supply subsystem of the motherboard is improved, a TPCM isolated power supply circuit is designed, and the startup sequence of the existing platform motherboard is adjusted (see Figure 5).

计算机启动后,TPCM、BIOS和系统时钟同时先与CPU上电。先由TPCM对Boot ROM的初始启动代码(Boot Block)和主板硬件设备进行完整性度量。TPCM中的可信度量根RTM完成度量后,向信号切换单元发出切换信号进行正常启动。此时信号切换单元向电源控制器发出全面供电信号,启动CPU、芯片组和动态存储器等通用设备,实现正常开机启动。After the computer is started, TPCM, BIOS and system clock are first powered on with the CPU at the same time. First, the TPCM performs integrity measurement on the initial startup code (Boot Block) of the Boot ROM and the hardware device of the motherboard. After the RTM in the TPCM completes the measurement, it sends a switching signal to the signal switching unit to start normally. At this time, the signal switching unit sends a comprehensive power supply signal to the power controller to start general-purpose devices such as CPU, chipset and dynamic memory, so as to realize normal booting.

工程实验表明,改进方案对主板的修改涉及范围不大,成本开销很小,且修改后的主板与原主板可以完全兼容。Engineering experiments show that the scope of modification of the main board is not large, the cost is very small, and the modified main board is fully compatible with the original main board.

信号切换单元设计Signal switching unit design

在计算机正常工作阶段,可信平台模块、BIOS相对于计算机主板都被视为受控设备,直接受控于计算机设备控制器(见图6)。而在计算机启动过程中的主动度量阶段,可信平台控制模块被当作控制端,BIOS被当作TPCM的受控设备,接受TPCM的主动度量和检测。这样可信平台控制模块和计算机设备控制器之间就存在两个工作阶段中,两个控制主端的切换问题。In the normal working stage of the computer, the trusted platform module and the BIOS are regarded as controlled devices relative to the computer motherboard, and are directly controlled by the computer device controller (see FIG. 6 ). In the active measurement phase of the computer startup process, the Trusted Platform Control Module is regarded as the control terminal, and the BIOS is regarded as the controlled device of the TPCM, which accepts the active measurement and detection of the TPCM. In this way, there are two working stages between the trusted platform control module and the computer device controller, and the problem of switching between the two control masters.

为了解决TPCM和计算机设备控制器之间存在的切换问题,就需要设计一个由TPCM控制的信号切换单元,分别连接计算机设备控制器、TPCM、BIOS和电源控制器,负责在两个阶段切换时提供信号的切换和抗干扰功能。其主要连接的通讯线包括:数据线、地址线和控制线(包括TPCM单独向BIOS提供的同步时钟信号线和连接到电源控制器的信号线)。In order to solve the switching problem between the TPCM and the computer equipment controller, it is necessary to design a signal switching unit controlled by the TPCM, which is respectively connected to the computer equipment controller, TPCM, BIOS and the power controller, and is responsible for providing power during the two-stage switching. Signal switching and anti-interference function. The communication lines mainly connected include: data line, address line and control line (including the synchronous clock signal line provided by TPCM to BIOS separately and the signal line connected to the power controller).

具体要求:Specific requirements:

1)在主动度量阶段TPCM使用的通讯协议应和BIOS采用的通讯协议一致。1) The communication protocol used by TPCM in the active measurement phase should be consistent with the communication protocol used by BIOS.

2)TPCM和BIOS之间的通讯速度在双方芯片运行的工作范围内,可以根据TPCM提供的同步时钟自适应设定。一般定义为33MHZ。2) The communication speed between TPCM and BIOS can be adaptively set according to the synchronous clock provided by TPCM within the operating range of both chips. Generally defined as 33MHZ.

3)在每一个阶段中,信号切换单元应保证同一时刻只能有一个主控制端存在。3) In each stage, the signal switching unit should ensure that only one main control terminal exists at the same time.

4)在任一主控制端工作时,信号切换单元应保证正常的通讯不受外部电路的串扰影响。4) When working at any main control terminal, the signal switching unit shall ensure that normal communication is not affected by crosstalk from external circuits.

5)在TPCM功能使能前提下,默认计算机启动时信号切换单元将TPCM与BIOS连通,且为想电源控制器发出全面供电信号。5) On the premise that the TPCM function is enabled, the signal switching unit connects the TPCM to the BIOS by default when the computer is started, and sends a comprehensive power supply signal to the power controller.

与TPM不同之处在于,TPCM独立于系统CPU供电,所以可以作为主设备先于CPU启动。这样设计的目的有两个:一是可信度量根可以设计在TPCM内部,由TPCM提供基于硬件级的可信度量根,以TPCM为起点建立信任链;二是TPCM独立于系统CPU,对可信平台环境的度量、监控与记录。The difference from TPM is that TPCM is powered independently of the system CPU, so it can be started as a master device before the CPU. There are two purposes of this design: one is that the root of trusted measurement can be designed inside TPCM, and TPCM provides a root of trusted measurement based on hardware level, and the trust chain is established with TPCM as the starting point; Measurement, monitoring and recording of the information platform environment.

Claims (1)

1. a credible platform module is characterized in that: comprise control module and active metric element; Wherein initiatively metric element is realized by hardware, comprise Data access module, data resolution module, hash algorithm module and synchronous clock module, be to be used for after credible platform module powers on, initiatively read outside information to be measured, and finish tolerance work described information; Wherein control module comprises control and executive module and state detection module, how is used for determining the hardware device of computer system is carried out hardware controls, and sends control signal to hardware device;
Data access module: be connected by the memory bank of credible platform module chip pin with outside expansion; After powering on, the outside memory bank of expanding of credible platform module is carried out the control operation of data read;
Data resolution module: link to each other with Data access module, be responsible for the data content that realization communications protocol and reading of data access modules collect, and can be by the data of hash computing module direct control with the data-switching one-tenth that collects;
Hash algorithm module: be the main performance element of tolerance computing, link to each other, the data after the conversion of data parsing module are carried out the Hash Value computing, generate metric or reference metric value with data resolution module;
Synchronous clock module: be connected by the memory bank of credible platform module chip pin with outside expansion; Be responsible for to being provided synchronous clock by the exterior storage of active reading of data;
Control and executive module: be directly connected to the enable signal input end of the hardware device in the computer system, be responsible for sending control signal to hardware device;
State detection module: the duty of being responsible for the hardware device in the real-time detection computations machine system.
CNU2008201087426U 2008-06-20 2008-06-20 A Trusted Platform Module Expired - Lifetime CN201203868Y (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNU2008201087426U CN201203868Y (en) 2008-06-20 2008-06-20 A Trusted Platform Module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNU2008201087426U CN201203868Y (en) 2008-06-20 2008-06-20 A Trusted Platform Module

Publications (1)

Publication Number Publication Date
CN201203868Y true CN201203868Y (en) 2009-03-04

Family

ID=40426180

Family Applications (1)

Application Number Title Priority Date Filing Date
CNU2008201087426U Expired - Lifetime CN201203868Y (en) 2008-06-20 2008-06-20 A Trusted Platform Module

Country Status (1)

Country Link
CN (1) CN201203868Y (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107392032A (en) * 2017-08-07 2017-11-24 浪潮(北京)电子信息产业有限公司 A kind of method and system credible checking BIOS
TWI687837B (en) * 2018-12-18 2020-03-11 英業達股份有限公司 Hardware structure of a trusted computer and trusted booting method for a computer
CN111382433A (en) * 2018-12-29 2020-07-07 龙芯中科技术有限公司 Module loading method, device, equipment and storage medium
US10783253B2 (en) 2018-12-13 2020-09-22 Inventec (Pudong) Technology Corporation Hardware structure of a trusted computer and trusted booting method for a computer
CN114095227A (en) * 2021-11-15 2022-02-25 许昌许继软件技术有限公司 Credible authentication method and system for data communication gateway and electronic equipment

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107392032A (en) * 2017-08-07 2017-11-24 浪潮(北京)电子信息产业有限公司 A kind of method and system credible checking BIOS
US10783253B2 (en) 2018-12-13 2020-09-22 Inventec (Pudong) Technology Corporation Hardware structure of a trusted computer and trusted booting method for a computer
TWI687837B (en) * 2018-12-18 2020-03-11 英業達股份有限公司 Hardware structure of a trusted computer and trusted booting method for a computer
CN111382433A (en) * 2018-12-29 2020-07-07 龙芯中科技术有限公司 Module loading method, device, equipment and storage medium
CN111382433B (en) * 2018-12-29 2022-12-13 龙芯中科技术股份有限公司 Module loading method, device, equipment and storage medium
CN114095227A (en) * 2021-11-15 2022-02-25 许昌许继软件技术有限公司 Credible authentication method and system for data communication gateway and electronic equipment

Similar Documents

Publication Publication Date Title
CN100568254C (en) A trusted platform module and its active measurement method
CN101281577B (en) A trusted computing system for protecting BIOS and its application method
CN101515316B (en) Trusted computing terminal and trusted computing method
CN102012979B (en) Embedded credible computing terminal
CN101901319B (en) Trusted computing platform and method for verifying trusted chain transfer
KR101974188B1 (en) Firmware-based trusted platform module for arm® trustzone™ implementations
US9098301B2 (en) Electronic device and booting method
US20220067165A1 (en) Security measurement method and security measurement device for startup of server system, and server
CN102004876B (en) Security terminal reinforcing model and reinforcing method of tolerable non-trusted component
CN101221509B (en) Bus arbitration starting method of reliable embedded system
CN107665308B (en) TPCM system for building and maintaining trusted operating environment and corresponding method
CN101122936A (en) Embedded Platform Booting on a Trusted Mechanism
CN110659498A (en) Trusted computing measurement method, system thereof and computer readable storage medium
TW201401098A (en) System and method for verificating firmware
CN103049293B (en) A kind of startup method of embedded credible system
US12197582B2 (en) Implementation of trusted computing system based on master controller of solid-state drive
CN201203868Y (en) A Trusted Platform Module
CN110334522A (en) Start the method and device of measurement
CN111353150A (en) A trusted boot method, device, electronic device and readable storage medium
CN101303716B (en) Embedded System Restoration Method Based on Trusted Platform Module
CN115495798A (en) Security chip of terminal equipment, trusted configuration method of security chip and terminal equipment
CN111723379B (en) Trusted protection methods, systems, equipment and storage media for smart terminals in trusted Taiwan areas
CN113419905A (en) Method and device for realizing credible verification and security module
CN206649517U (en) Server credible platform measures control system and the server including the system
CN103795905A (en) Trusted starting method of web camera

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Shen Changxiang

Inventor after: Mao Junjie

Inventor after: Zhuang Junxi

Inventor after: Jiang Guangzhi

Inventor after: Liu Xiangang

Inventor after: Sun Yu

Inventor after: Li Chen

Inventor after: Liu Zhijun

Inventor before: Mao Junjie

Inventor before: Zhuang Junxi

Inventor before: Jiang Guangzhi

Inventor before: Liu Xiangang

Inventor before: Sun Yu

Inventor before: Li Chen

Inventor before: Liu Zhijun

CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20090304