计算机工程与应用 ›› 2015, Vol. 51 ›› Issue (17): 64-69.

• 理论研究、研发设计 • 上一篇    下一篇

一种面向集中管控系统的计算机可信启动架构

尚  京,徐开勇,杨启超   

  1. 解放军信息工程大学 密码与工程学院,郑州 450002
  • 出版日期:2015-09-01 发布日期:2015-09-14

Trusted boot for computer centralized control system-oriented architecture

SHANG Jing, XU Kaiyong, YANG Qichao   

  1. School of Cryptogram and Engineering, The PLA Information Engineering University, Zhengzhou 450002, China
  • Online:2015-09-01 Published:2015-09-14

摘要: 结合可信计算理论,针对统一的可扩展固件接口(Unified Extensible Firmware Interface,UEFI)因诸多原因无法达到可信启动的缺陷,将星形信任结构和信任链技术相结合并引入能够参与生成度量策略的管控代理,提出一种面向集中管控系统的计算机安全启动架构。用向量空间的形式描述了架构的启动流程,说明了管控代理的工作原理。将传统的可信启动流程与本架构的安全启动流程进行了对比。对此架构进行信任链测试,说明提出的可信启动架构符合可信计算标准。

关键词: 统一的可扩展固件接口(UEFI), 可信计算, 安全启动

Abstract: Combining with trusted computing theories for UEFI BIOS (Unified Extensible Firmware Interface) is not able to launch trusty due to many reasons, it combines with star trust structure and chain of trust and introduces a kind of measurement agency which one can make strategies to measure the process. It makes a project which about centralized management and control systems for relative safety of the architecture. In the form of a vector space structure described in the startup process, it indicates control agent works. It makes a traditional architecture of the secure boot contrasting with this architecture on boot process. It does a test on the chain of trust architecture. The test shows that the proposed trusted computing trusted boot architecture meets the standard.

Key words: Unified Extensible Firmware Interface(UEFI), trusted computing, secure boot