嵌入式TPM及信任链的研究与实现

为将可信计算技术更有效应用于嵌入式系统,结合链式与星型信任结构,提出了一种带数据恢复功能的混合式信任结构,可降低链式结构的信任损失,减轻星型结构中可信平台模块(TPM)的计算负担.在此基础上构建并实现了一种嵌入式可信平台,以内置可信度量核心根(CRTM)的嵌入式TPM作为信任根,并在其内部设计了双端口内存作为与嵌入式处理器间的通信接口.该平台在启动过程中通过CRTM验证启动程序及操作系统的完整性,利用操作系统动态拦截和验证应用程序的完整性,并在发现完整性度量值被修改时启动数据恢复功能,从而有效保证了嵌入式系统软件组件的完整性和可信启动.

Study and implementation of embedded TPM and chain of trust

To improve trusted computing technology in embedded system,reduce the decrease of trust in chain-model transitive of trust and computing work of trusted platform module(TPM) in star-model,a hybrid-model chain of trust with data recovery function is presented based on these two models.An embedded trusted platform is constructed and implemented.Core root of trust for measurement(CRTM) is set within an embedded TPM,which is deployed as root of trust of the platform.An internal two-port random access memory(RAM) segment is also designed as communication interface between embedded TPM and embedded processor.On this embedded trusted platform,integrity of bootloader and operating system are validated by CRTM du-ring system startup,applications are intercepted and validated by operating system,and the data recovery function would be active when the change of integrity measurement value is detected.By all these means,integrity of software components on embedded system are effectively protected and trusted startup are ensured.