Abstract: This paper analyzes security threats of firmware BIOS, and defines the concept of trusted BIOS. The architecture of UTBIOS, which is based on UEFI specification and trusted computing mechanism, is developed. To construct Pre-OS chain of trust, CRTM embedded in UTBIOS is used to measure the trustworthiness of entities in different phases of bootstrap. Implementation of UTBIOS based on UEFI BIOS product is described and the performance of trusted measurement is analyzed.

Key words: trusted computing, trusted measurement, Basic Input Output System(BIOS)

摘要： 分析固件基本输入输出系统(BIOS)的安全需求，定义了可信BIOS概念。基于UEFI规范和可信计算机制设计UTBIOS体系结构。UTBIOS的实现以新一代符合UEFI规范的BIOS产品为基础，使用可信测量根核对BIOS运行和系统引导过程中各部件进行可信测量，构建操作系统运行前的可信链，讨论可信测量对BIOS引导过程的性能影响。

关键词: 可信计算, 可信测量, 基本输入输出系统

CLC Number: 

• TP309