Abstract: These years saw rapid development of research on trusted computing. But research on trusted computing enabled Linux is not enough yet. Not every system critical object can be measured nowadays, which causes it is impossible to judge whether the system is trusted. To supply the gap, this paper represents a scheme to measure Linux’s system critical objects. This scheme based on the idea of Demetrios Lambrou and improved it. The problem that configuration files, dynamic shared library and executable scripts can not be measured has been fixed in this scheme. Now all components that maybe change system’s trusted state can be measured.

Key words: Trusted Computation, Information security, Linux

摘要： 近几年可信计算方面的研究发展迅速，但在支持可信计算的Linux方面的研究却相对落后，无法对所有可能改变系统可信状态的关键组件进行完整性验证，以至于无法判断系统是否处于可信状态。为了弥补这个不足，该文提出了一种验证Linux关键组件的新方案。该方案基于Demetrios Lambrou的想法并对其进行了完善，弥补了其不能验证配置文件、动态共享库和可执行脚本的缺点，保证了对所有可能改变系统可信状态的关键组件的验证。

关键词: 可信计算, 信息安全, Linux