面对新时期网络空间安全形势，我国适时提出了基于可信计算3.0的主动免疫防护体系。结合可信平台控制模块（TPCM）国家标准规范，提出一种基于安全固态硬盘的TPCM方案及其实现方法。通过安全控制芯片内置的SM2、SM3、SM4、随机数模块、OTP控制器模块等实现了安全控制芯片的上电自检、安全启动、数据加解密及密钥管理功能。然后基于安全固态硬盘设计了认证软件，实现了对计算机主板、BIOS、外设及IP地址等物理环境的可信启动度量及响应，和已有的TPCM板卡相比，提出的方案具有安全性高、兼容性好、扩展性强、部署方便、成本低等优点。

Facing the new era's cybersecurity situation, China has timely proposed an active immune protection system based on trusted computing 3.0. Combined with the national standard specifications of the Trusted Platform Control Module (TPCM) in China, a TPCM module solution based on a secure SSD and its implementation method are proposed. Through the built-in SM2, SM3, SM4, random number generator module, and OTP controller module of the security control chip, the power-on self-test, secure boot, data encryption and decryption, and key management functions of the security control chip are realized. Based on the secure SSD, an authentication software is designed to achieve the trusted boot measurement and response of the physical environment such as the computer motherboard, BIOS, peripherals, and IP address. Compared with the existing TPCM cards, the proposed solution has the advantages of high security, good compatibility, strong scalability, convenient deployment, and low cost.