欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2008, Vol. 25 ›› Issue (5): 626-630.DOI: 10.7523/j.issn.2095-6134.2008.5.009

• 论文 • 上一篇    下一篇

一种可配置的可信引导系统

徐 震1+, 沈丽红2, 汪 丹1   

  1. 1中国科学院软件研究所 信息安全国家重点实验室, 北京 100080
    2中国科学院研究生院, 北京 100049
  • 收稿日期:1900-01-01 修回日期:1900-01-01 发布日期:2008-09-15

LOIS grub: A configurable trusted booting system

XU Zhen1+ , SHEN Li-Hong2 , Wang Dan1   

  1. 1State Key Laboratory of Information Security, Chinese Academyof Sciences, Beijing 100080, China ;
    2 Graduate University of the Chinese Academy of Sciences, Beijing 100049, China
  • Received:1900-01-01 Revised:1900-01-01 Published:2008-09-15

摘要: 引导过程的安全是计算机系统安全的基点,安全的引导系统需要保证系统加电后引导执行链条中的实体未受篡改。当前,基于可信平台模块(TPM)开展的可信引导工作,仅能可信地记录并报告系统引导的证据链,无法进行验证以及进一步的处理。本文提出一种可配置的可信引导系统,可以配置认证引导和安全引导,支持细粒度的文件验证,以及操作系统内核的可信恢复。给出了系统的设计思想,并介绍了其原型工作,实验表明该系统能够有效实现其设计目标。

关键词: 可信平台模块, 可信引导, 可信计算

Abstract: Security of the booting process in a computing system is a starting point of the security of the overall system. Secure booting system will guarantee that entities in the booting chain have not been tampered. On the other hand, trusted booting system based on TPM can only record evident chain during system booting without further processing. This paper presents a configurable trusted booting system which can be configured to boot the system in secure mode or trusted mode and can further support fine-grained file verification and kernel recovery. Prototype shows that the system can reach its design goals.