基于可信密码模块的SoC可信启动框架模型

计算机工程与科学

基于可信密码模块的SoC可信启动框架模型

王希冀，张功萱，郭子恒

（南京理工大学计算机科学与工程学院，江苏南京 210094）

收稿日期:2018-10-13 修回日期:2018-12-11 出版日期:2019-04-25 发布日期:2019-04-25
基金资助:
国家自然科学基金（61272420）

An SoC trusted startup framework based

on trusted cryptographic module

WANG Xiji,ZHANG Gongxuan,GUO Ziheng

(School of Computer Science and Technology,Nanjing University of Science and Technology,Nanjing 210094,China)

Received:2018-10-13 Revised:2018-12-11 Online:2019-04-25 Published:2019-04-25

摘要/Abstract

摘要：

为满足嵌入式终端对信息安全的要求，设计了基于可信密码模块的SoC可信启动框架。该框架的特点在于对引导程序U-boot做功能上的分割，且存储在不同的非易失性存储器中，并增设了通信模块，使之在操作系统启动之前就具有发送和接收文件的功能。将引导程序的各部分与操作系统核心文件均作为可信实体，发送至可信密码模块进行完整性度量，若度量成功则可信密码模块返回下一阶段的启动信号并在其本地存储器中保存可信实体；若度量失败则禁止启动。实验结果表明，该框架是可行、有效的,可以满足现今嵌入式终端在信息安全方面的需要。

关键词: 嵌入式终端, 系统级芯片, 可信密码模块, 非易失性存储器

Abstract:

We design an SoC trusted startup framework based on trusted cryptographic module to satisfy the requirement for information security on embedded terminals. This framework can partition the boot program Uboot functionally and store them in different nonvolatile memories. In addition, we add communication modules to enable the Uboot to transmit and receive files before OS stratup. Trusted entities including the parts of the Uboot and OS core files are transmitted to the trusted cryptographic module to measure integrity. If they pass the integrity measurement, then a signal for starting the next phase is sent back by the trusted cryptographic module and the trusted entities are stored in local memory on the trusted cryptographic module. Otherwise initialization signals are not sent. Experimental results show that the proposed framework is feasible and effective, and it can satisfy the requirement for information security on embedded terminals.

Key words: embedded terminal, system-level chip, trusted cryptographic module, non-volatile memory

王希冀，张功萱，郭子恒. 基于可信密码模块的SoC可信启动框架模型[J]. 计算机工程与科学.

WANG Xiji,ZHANG Gongxuan,GUO Ziheng.

An SoC trusted startup framework based

on trusted cryptographic module

[J]. Computer Engineering & Science.

[1]	张伶俐，张功萱，王天舒，程翔. 嵌入式系统可信虚拟化技术的研究与应用[J]. 计算机工程与科学, 2016, 38(08): 1654-1660.
[2]	李文晓，李建成，李聪，王震，尚靖. 一种面向无源RFID电子标签的电流灵敏放大器设计[J]. J4, 2014, 36(12): 2361-2366.