计算机工程 ›› 2008, Vol. 34 ›› Issue (8): 174-176.doi: 10.3969/j.issn.1000-3428.2008.08.061

• 安全技术 • 上一篇    下一篇

基于UEFI的可信BIOS研究与实现

周振柳1,2,李 铭3,翟伟斌1,许榕生1   

  1. (1. 中国科学院高能物理研究所计算中心,北京 100049;2. 沈阳航空工业学院计算机学院,沈阳 110034; 3. 中国电子科技集团信息化工程总体研究中心,北京 100083)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-04-20 发布日期:2008-04-20

Research and Implementation of Trusted BIOS Based on UEFI

ZHOU Zhen-liu1,2, LI Ming3, ZHAI Wei-bin1, XU Rong-sheng1   

  1. (1. Computing Center, Institute of High Energy Physics, Chinese Academy Scences, Beijing 100049;2. School of Computer Science, Shenyang Institute of Aeronautical Engineering, Shenyang 110034;3. Center of Information System Architecture Research, China Electron Technology Group Corporation, Beijing 100083)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-04-20 Published:2008-04-20

摘要: 分析固件基本输入输出系统(BIOS)的安全需求,定义了可信BIOS概念。基于UEFI规范和可信计算机制设计UTBIOS体系结构。UTBIOS的实现以新一代符合UEFI规范的BIOS产品为基础,使用可信测量根核对BIOS运行和系统引导过程中各部件进行可信测量,构建操作系统运行前的可信链,讨论可信测量对BIOS引导过程的性能影响。

关键词: 可信计算, 可信测量, 基本输入输出系统

Abstract: This paper analyzes security threats of firmware BIOS, and defines the concept of trusted BIOS. The architecture of UTBIOS, which is based on UEFI specification and trusted computing mechanism, is developed. To construct Pre-OS chain of trust, CRTM embedded in UTBIOS is used to measure the trustworthiness of entities in different phases of bootstrap. Implementation of UTBIOS based on UEFI BIOS product is described and the performance of trusted measurement is analyzed.

Key words: trusted computing, trusted measurement, Basic Input Output System(BIOS)

中图分类号: