计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (18): 76-79.

• 研发、设计、测试 • 上一篇    下一篇

太行安全BIOS可信体系结构与实现研究

周振柳1,3,李 铭2,许榕生1,宋东生3   

  1. 1.中国科学院 高能物理研究所 计算中心,北京 100049
    2.中国电子科技集团 信息化工程总体研究中心,北京 100083
    3.沈阳航空工业学院,沈阳 110034
  • 收稿日期:2007-09-20 修回日期:2007-11-12 出版日期:2008-06-21 发布日期:2008-06-21
  • 通讯作者: 周振柳

Research on trusted architecture and implementation of Taihang secure BIOS

ZHOU Zhen-liu1,3,LI Ming2,XU Rong-sheng1,SONG Dong-sheng3   

  1. 1.Computing Center,Institute of High Energy Physics,Chinese Academy of Sciences,Beijing 100049,China
    2.Center of Information System Architecture Research,CETC,Beijing 100083,China
    3.Shenyang Institute of Aeronautical Engineering,Shenyang 110034,China
  • Received:2007-09-20 Revised:2007-11-12 Online:2008-06-21 Published:2008-06-21
  • Contact: ZHOU Zhen-liu

摘要: 分析了可信BIOS的安全需求,提出一种可信BIOS体系结构。使用消息摘要和数字签名技术验证系统引导阶段实体的完整性和真实性,构建了操作系统运行前的信任链。介绍了太行安全BIOS的可信部件、执行流程及其实现方法,讨论了可信测量对BIOS引导过程的性能影响。

Abstract: Security requirements of trusted BIOS are analyzed,and architecture of trusted BIOS is developed in this paper.To construct Pre-OS chain of trust,message digest and digital signature are used to verify integrity and authenticity of entities in different phases of bootstrap.Trusted components,workflow and methods of implementation of Taihang secure BIOS are introduced in detail.Performance of trusted measurement is also analyzed at the end.