基于国产BMC的服务器安全启动技术研究与实现  被引量:2

Research and Implementation of Secure Boot Technology for Server Based on Domestic BMC

在线阅读下载全文

作  者:苏振宇[1] 

机构地区:[1]浪潮电子信息产业股份有限公司,济南250101

出  处:《信息安全研究》2017年第9期823-831,共9页Journal of Information Security Research

基  金:北京市科学技术委员会基金项目(Z161100001616007)

摘  要:基板管理控制器(baseboard management controller,BMC)和基本输入输出系统(basic input output system,BIOS)是服务器的重要固件,近年来对BMC和BIOS的攻击手段越来越丰富,对服务器的安全造成了严重的威胁.针对服务器中BMC与BIOS固件存在的安全隐患,基于可信计算技术,研究了服务器的安全启动机制,利用自研的国产BMC与国产可信密码模块(trusted cryptography module,TCM),设计了BMC的可信固件.BMC和TCM作为系统的信任根,先于服务器进行上电启动,完成对BMC与BIOS Boot Block的主动度量之后服务器才能加电启动,从而实现了服务器的安全启动控制功能,构建起了完整的信任链,符合我国的可信平台控制模块(TPCM)规范,是TPCM思想的具体实现.结果表明:在服务器启动过程中可以检测BMC及BIOS固件的完整性,及时发现固件是否被恶意篡改,该技术有着广阔的应用前景.Baseboard management controller (BMC) and basic input output system (BIOS) are important firmware in server. Currently, BMC and BIOS are facing with a series of security threats, which threaten the functions of the server. One feasible and effective solution for those threats is leveraging trusted computing technology. This paper researches secure boot mechanism for server and designs trusted firmware of BMC combined with domestic BMC and trusted cryptography module (TCM). As the trust root of the system,BMC and TCM can start before the server is powered on. Af ter completing the measurement of the credibility and integrity of BMC and BIOS Boot Block, the server can be powered on. With the trusted boot method? the complete trust chain is bui lt , which accords with China’s trusted platform control module (TPCM) specification. The results of this paper show that it can detected if the BMC or BIOS firmware has been maliciously tampered. This research realizes the technology of TPCM which can be widely used.

关 键 词:可信计算 信任链 基板管理控制器 基本输入输出系统 可信密码模块 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象