摘要： 可信计算组织（TCG）提出了可信计算规范，其主要思想就是通过度量和保障组成平台的各组件的完整性来保证平台及应用的安全。启动过程是操作系统的基础，因此实施可信启动对操作系统意义重大。基于Linux 启动的现实条件，结合TCG 规范中可信度量和可信链的思想，利用TPM 提供的可信计算和保护存储功能，设计了Linux 可信启动过程TSPL，并实现了原型。设计中充分考虑到启动过程的复杂性和度量数据的多样性，不仅度量了程序代码，还对影响执行程序行为的配置文件和环境数据进行了度量。

关键词: 可信计算组织；TPM；信任根；信任链；可信引导

Abstract: TCG releases the trusted computing specification, the main idea of which is to enforce the security of the platform and the applications on it by confirming integrity of the components comprise it. Since startup process is the basement of an OS, implementation of trusted startup process is of much significance. Having combined the reality condition of Linux and the concept of chain of trust and trust measurement, this paper designs the trusted startup process of Linux (TSPL), and implements a prototype. By fully considering the complexity and variety of measurement data in the Linux startup process, it measures not only the program data but also the data of the configure file and environment in the design

Key words: Trusted computing group(TCG); TPM; Root of trust; Chain of trust; Trusted bootstrap