In order to ensure that the embedded devices of power system can startup safely and reliably,a light-weight trusted startup method based on trusted platform control module (TPCM) is designed.The COS solidified in TPCM is regarded as the trusted root of the hardware.After power on,it takes precedence of the CPU to start and the CPU resetting signal is suspended.The CPU resetting signal will be released after successfully verifying the integrity of u-boot.And it enhances the u-boot management by adding secure users,setting password protection and filtering related commands.At the same time,the integrity of the kernel is verified by using signature and encryption technology to establish a trust chain from device power on to kernel startup.Using the security and reliability of TPCM chip,this method can protect the key through hardware encryption and ensure the security and credibility of the whole startup chain.This method has been applied in some intelligent monitoring terminals of power systems.
Key words
TPCM /
trusted computing 3.0 /
embedded Linux /
u-boot /
signature technology
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
References
[1] GB/T 38638-2020信息安全技术可信计算可信计算体系结构[S].2020.
[2] GB/T 39935-2019信息安全技术可信计算规范可信软件基础[S].2019.
[3] 孙瑜,洪宇,王炎玲.基于TPCM可信根的主动免疫控制系统防护设计[J].信息技术与网络安全,2021(3):14-18.
[4] 王希冀,张功萱,郭子恒.基于可信密码模块的SoC可信启动框架模型[J].计算机工程与科学,2019,41(4):606-611.
[5] 杨霞,雷林,吴新勇,等.采用数字签名技术的可信启动方法研究[J].电子科技大学学报,2016,45(3):448-452.
[6] 刘国杰,张建标.基于TPCM的服务器可信PXE 启动方法[J].网络与信息安全学报,2020,6(6):105-111.
[7] 王勇,尚文利,赵剑明,等.基于TPM的嵌入式可信计算平台设计[J].计算机工程与应用,2018,54(13):105-110.
[8] 冷冰,庞飞.基于国产处理器的可信计算平台构建方法[J].通信技术,2019,52(8):2044-2049.
[9] 孟祥斌,刘笑凯,郝克林.可信技术在国产化嵌入式平台的应用研究[J].电子技术应用,2021(12):94-99.
[10] 孙瑜,田健生,杨秩.一种利用TPCM实现固件主动度量的可信主板实现方法:中国,CN201810119 488.8[A],2019-08-13.
PDF(1352 KB)
