基于可信密码模块的SoC可信启动框架模型  被引量:11

An SoC trusted startup framework based on trusted cryptographic module

在线阅读下载全文

作  者:王希冀 张功萱[1] 郭子恒 WANG Xi-ji;ZHANG Gong-xuan;GUO Zi-heng(School of Computer Science and Technology,Nanjing University of Science and Technology,Nanjing 210094,China)

机构地区:[1]南京理工大学计算机科学与工程学院,江苏南京210094

出  处:《计算机工程与科学》2019年第4期606-611,共6页Computer Engineering & Science

基  金:国家自然科学基金(61272420)

摘  要:为满足嵌入式终端对信息安全的要求,设计了基于可信密码模块的SoC可信启动框架。该框架的特点在于对引导程序U-boot做功能上的分割,且存储在不同的非易失性存储器中,并增设了通信模块,使之在操作系统启动之前就具有发送和接收文件的功能。将引导程序的各部分与操作系统核心文件均作为可信实体,发送至可信密码模块进行完整性度量,若度量成功则可信密码模块返回下一阶段的启动信号并在其本地存储器中保存可信实体;若度量失败则禁止启动。实验结果表明,该框架是可行、有效的,可以满足现今嵌入式终端在信息安全方面的需要。We design an SoC trusted startup framework based on trusted cryptographic module to satisfy the requirement for information security on embedded terminals. This framework can partition the boot program U-boot functionally and store them in different non-volatile memories. In addition, we add communication modules to enable the U-boot to transmit and receive files before OS stratup. Trusted entities including the parts of the U-boot and OS core files are transmitted to the trusted cryptographic module to measure integrity. If they pass the integrity measurement, then a signal for starting the next phase is sent back by the trusted cryptographic module and the trusted entities are stored in local memory on the trusted cryptographic module. Otherwise initialization signals are not sent. Experimental results show that the proposed framework is feasible and effective, and it can satisfy the requirement for information security on embedded terminals.

关 键 词:嵌入式终端 系统级芯片 可信密码模块 非易失性存储器 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象