摘要： 阐述了在嵌入式终端上构建可信计算环境相关的嵌入式可信引导、TPM的扩展和驱动设计、嵌入式可信软件栈和嵌入式可信安全组件等关键问题。嵌入式可信引导可结合BR, USBKey和TPM等技术，保证用户、终端和应用三者间的可信认证。给出的嵌入式终端可信计算环境的方案保证了嵌入式可信平台的可重用性，同时也使平台具有更高的安全性和实用性。

关键词: 嵌入式终端, 可信引导, 可信软件栈, 可信安全组件

Abstract: The paper discusses the key problems to build embedded trusted computing environment, such as embedded trusted boot process, the extension and driver design of TPM, embedded TSS and trusted security component. The embedded trusted boot process is able to ensure the trusted attestation among users, terminals and application by making a combination of BR, USBKey and TPM. The scheme is able to make embedded platform more secure, practical and reusable.

Key words: embedded terminal, trusted boot, trusted software stack, trusted security component

中图分类号: 

• TP309