In the paper,a trusted startup implementation method is proposed which is based on the domestic operating system RT-Thread and the domestic development board AB32VG1.Starting from the direction of establishing trusted entity and integrity measurement,the trusted boot framework divides the U-boot into two parts to form a trusted entity together with the core file of the operating system,and sends it to the trusted encryption module for integrity measurement.If the measurement is successful,the control signal is returned to the external device,and the trusted entity is saved in the nonvolatile memory.Otherwise,startup is prohibited.As the trusted root of the system,the trusted encryption module is completed through SM4 and SM3 double encryption.Through verification on the AB32VG1 development board,the control signal can be correctly output,the system operates stably and starts safely,the encryption results are correct for many times,and the integrity measurement can be completed quickly,which is consistent with the expected design goal.
Key words
AB32VG1 /
RT-Thread /
nonvolatile memory /
trusted entity /
trusted encryption module
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
References
[1] 吕华溢,谢政.一种软硬件自主可控的嵌入式实时控制系统[J].单片机与嵌入式系统应用,2017,17(3):2731.
[2] 宫健,裴焕斗,唐道光.RTThread操作系统的可信验证平台设计[J].单片机与嵌入式系统应用,2022,22(4):3437.
[3] 胡俊,沈昌祥.可信计算3.0工程初步[M].北京:人民邮电出版社,2019.
[4] 徐万山,张建标,袁艺林,等.基于BMC的服务器可信启动方法研究[J].信息网络安全,2021,21(5):6773.
[5] 王希冀,张功萱,郭子恒.基于可信密码模块的SoC可信启动框架模型[J].计算机工程与科学,2019,41(4):606611.
[6] 黄坚会.主动免疫可信计算TPCM模块研究及实现[D].北京:北京工业大学,2020.
[7] 刘火良,杨森.RTThread内核实现与应用开发实战指南基于STM32[M].北京:机械工业出版社,2018.
[8] 王兆滨,韩鹏程.MSP432的RTThread操作系统移植[J].单片机与嵌入式系统应用,2021,21(5):3942.
[9] 王岩,杨期朝.基于国密SM3算法的摘要码生成器设计[J].电子质量,2021(2):3034.
PDF(1078 KB)
