Background technology
Power industry is responsible for producing, is carried and distribute electric energy, comprises the links such as generating, transmission of electricity, power transformation, distribution.Because electric energy is being related to the normal operation of whole country, so being one of important support of whole national economy, is also the leading sector of the national economic development.Current power infrastructures is in the design of 19th-century and twentieth century, along with social development, this gradually aging power infrastructures can not bear the responsibility of following electric power supply.In recent years, along with the fast development of information science technology, global various countries were all realizing striding forward fast to intelligent grid.On May 21st, 2009, China has announced " strong intelligent grid " plan, to building, there is informationization, robotization, interactive feature, the strong rack that the extra-high voltage grid of take is key rack, electric network coordination at different levels development is basis, take communication information platform as support, the generating that comprises electric system, transmission of electricity, power transformation, distribution, electricity consumption and scheduling links, cover all electric pressures, realizes the modern power network of the height integral fusion of " flow of power, information flow, Business Stream ".
And distribution is as being directly connected with user in electric system and to the link of user assignment electric energy, be the important step in electric system, and people living closely related.In intelligent grid, a very important part is exactly power distribution automation, comprise the supervision of system and control, distribution system management function and with user mutual (as load management, measurement and Real-Time Pricing) etc.Power distribution automation is by other ingredient synthetic operations with intelligent grid, both system monitoring, idle and voltage management, reduction network loss and raising assets utilization rate can have been improved, also can assist and optimize personal scheduling and maintenance activity arrangement etc., need complicated control system for this reason, be distribution power automation terminal, be called for short distribution terminal.In recent years, along with the fast development of Embedded Mobile intelligent terminal, the system configuration of distribution terminal is also progressively to intelligent development.At present, most of distribution terminal has all possessed powerful calculation process ability, and system software platform also more adopts embedded real-time multi-task operating system, and all possesses ability of utilizing mobile wireless network accesses network etc.These elements make mobile payment terminal the same with common intelligent terminal, are faced with various security threats.
The measurement data that distribution terminal provides, is the important evidence that decision-making is done by distribution main website, once these data are tampered, large-scale power failure will be initiated, thereby causes catastrophic loss.Again and again the mobile intelligent terminal security incident occurring in recent years is also being reminded us the safety case of distribution terminal system allows of no optimist.Predictably, if do not add any protection, for the appearance of the attack of distribution terminal system problem sooner or later just.Because distribution terminal is compared with common intelligent terminal, unique difference is only that the business of moving is above relatively single, is therefore all faced with same security threat, as steals authority, man-in-the-middle attack, altered data etc.And on current distribution terminal, lack integrity protection mechanism, and software systems are easily under attack and distort, once be found leak by malicious attacker, the loss bringing will be estimated.
Through the development of nearly more than ten years, the trust chain technology of conventional P C is gradually improved, and trust chain effectively this viewpoint of integrality of protection system state is generally approved.Therefore; we can be incorporated into this technical thought of chain that breaks the wall of mistrust on conventional P C on distribution terminal; by adding safety chip in order to root of trust to be provided on distribution terminal, thus the integrality of protection system, finally for system made plays believable running environment.But the software and hardware architecture of distribution terminal and conventional P C and feature are greatly different, it is inappropriate that the credible chip on PC is grafted directly on distribution terminal.So designing a whole set of full-order system for distribution terminal is a significant challenge to set up credible running environment.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the invention provides a kind of method of setting up trusted context in distribution terminal, by increasing credible chip as hardware root of trust in distribution terminal, the inside stores preset integrity reference value, then in system, add clean boot module, as the initial launch module of system.In system starting process; by system state and crucial system image are carried out to integrity measurement; thereby the integrality of operational system on protection distribution terminal; build and trust; finally set up credible running environment; the ability of checking Malware destruction system integrity from source, the safe class of raising distribution terminal system.
In order to realize foregoing invention object, the present invention takes following technical scheme:
The invention provides a kind of method of setting up trusted context in distribution terminal, said method comprising the steps of:
Step 1: described distribution terminal is written into clean boot module from nonvolatile external memory;
Step 2: described clean boot module is forbidden all interruptions, initialization register and memory headroom are done integrity measurement to the state of described distribution terminal;
Step 3: described clean boot module judges whether to upgrade to the operating system of described distribution terminal according to zone bit, if need upgrading, enters the upgrading of upgrading flow process complete operation system; If do not need upgrading, perform step 4;
Step 4: clean boot module is calculated the integrity measurement value of boot and operating system nucleus;
Step 5: after integrity verification success, distribution terminal control is handed to boot, enters normal distribution terminal bootup process.
Described step 1 comprises the following steps:
Step 1-1: credible chip initiation, and use the IO interface between described chip and distribution terminal to make distribution terminal enter outside Boot state;
Step 1-2: restart distribution terminal, make it enter the Boot state of specifying;
Step 1-3: distribution terminal, according to specifying Boot state, is written into clean boot module from nonvolatile external memory.
Described step 2 comprises the following steps:
Step 2-1: call the integrality extended instruction ETM_Extend of credible chip, the result after integrity measurement is expanded in credible chip, to guarantee the safety of integrity measurement value;
Step 2-2: call the integrity verification instruction ETM_PCR_Validate of credible chip, judge that whether the state of current distribution terminal is credible;
Step 2-3: credible chip determines whether enter NextState according to the result, if integrity verification failure, credible chip forces distribution terminal to be restarted.
Described step 3 comprises the following steps:
Step 3-1: if need to described distribution terminal be upgraded, receive data by network, the integrity reference value that upgrade server need to upgrade the operating system mirror image after upgrading together with credible chip sends to upgrading submodule simultaneously;
Step 3-2: described upgrading submodule, by resolution data bag, is upgraded to described distribution terminal calls the integrality update instruction ETM_PCRRef_Put of credible chip simultaneously, upgrades the integrity reference value of storing in credible chip.
Described step 4 comprises the following steps:
Step 4-1: be written into boot and operating system nucleus mirror image from nonvolatile external memory;
Step 4-2: call the integrality extended instruction ETM_Extend of credible chip, the result after integrity measurement is expanded in credible chip, to guarantee the safety of integrity measurement value;
Step 4-3: call chip integrity verification instruction ETM_PCR_Validate, judge that whether current boot and operating system state is separately all credible;
Step 4-4: credible chip determines whether enter NextState according to the result, if the failure of the integrity verification of boot or operating system, credible chip forces distribution terminal to be restarted.
Compared with prior art, beneficial effect of the present invention is:
(1) demand for security for distribution terminal customizes credible chip ETM, the various software and hardware architecture of embedded distribution terminal equipment has more been considered in its design, on the basis of assurance module security and function, the dirigibility of its realization of lay special stress on and customizability, be beneficial to widespread use and popularization;
(2) for the distribution terminal of different shape, the feature in conjunction with concrete operation system, has proposed general software and hardware architecture to realize credible startup; protection system integrality; strengthen security of system, it has all formulated complete process step in production and upgrading flow process, and exploitativeness is strong.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
The mechanism that the present invention utilizes safety chip to build trust chain conventional P C is applied on distribution terminal, designs and Implements credible chip first for distribution terminal, in order to the function of protection integrity measurement value and integrity verification to be provided.With respect to the safety chip of PC, the various software and hardware architecture of embedded distribution terminal equipment has more been considered in the design of ETM, on the basis of assurance module security and function, and the dirigibility of its realization of lay special stress on and customizability.In addition, the present invention provides on the basis of hardware root of trust at safety chip ETM, by adding system integrity to control correlation module, finally set up the foundation that a whole set of complete software and hardware system system realizes credible running environment in system startup and escalation process.
The embodiment that present patent application provides be take without the distribution terminal of operating system as example explanation, first needs to realize safety chip ETM and is responsible for protecting the functions such as integrity measurement value and verification system integrality state.The system resource that the ETM realizing in the present embodiment possesses is described below:
1, adopt 32-bit RISC embedded microprocessor, support 16/32-bit fixed length instruction set, support 5 grades of instruction flow lines, inside have the Instruction Cache of 1KB;
2, adopt AMBA bus architecture, 4 groups of DMA passages;
3, memory resource comprises 12KB ROM, 25KB RAM, and 1024KB Flash storer, by memory management unit MMU allocate memory space;
4, there are 22 interrupt sources, share 6 hardware interrupts entrances, 2 software interruption entrances, 6 grades of interrupt priority levels;
5, peripheral modules in integrated a large amount of sheets, mainly comprise 2 timers, 1 house dog, 1 road SCD interface (7816 from interface) and 1 road SCC interface (7816 main interface), 2 road UART interfaces, 2 road SPI interfaces, 30 GPIO.
The ETM firmware program of realizing in the present embodiment, what externally provide is described below in order to build the command interface definition of trusted context:
■ ETM_Extend:(is increased to a new integrity measurement value in a PCR)
■ input parameter is described:
1, tag: marking command type of message, be worth for ETM_TAG_RQU_AUTH_CMD, representative need to be authorized password
2, paramSize: total byte number of all input parameters (comprising tag and paramSize)
3, ordinal: marking command coding, is worth for 0x0000000f
4, cmdAuth: the digest value of command authority password
5, pcrNum: the PCR index of wish renewal value
6, inDigest: 160 bit integrity values of wish expansion
■ output parameter is described:
1, tag: marking command type of message, is worth for ETM_TAG_RQU_AUTH_CMD
2, paramSize: total byte number of all input parameters (comprising tag and paramSize)
3, returnCod:ETM carries out the rreturn value of this order
4, ordinal: marking command coding, is worth for 0x0000000f
5, outDigest: the value of this PCR after command execution completes
whether ETM_PCR_Validate(checking PCR value is consistent with the PCR reference value of storing in ETM)
■ input parameter is described:
1, tag: marking command type of message, is worth for ETM_TAG_RQU_AUTH_CMD
2, paramSize: total byte number of all input parameters (comprising tag and paramSize)
3, ordinal: marking command coding, is worth for 0x00000010
4, cmdAuth: the digest value of command authority password
5, targetPCR: the PCR index of wish checking PCR value
■ output parameter is described:
1, tag: marking command type of message, is worth for ETM_TAG_RQU_AUTH_CMD
2, paramSize: total byte number of all input parameters (comprising tag and paramSize)
3, returnCod:ETM carries out the rreturn value of this order
4, ordinal: marking command coding, is worth for 0x00000010
5, validatedValue: the result of checking
eTM_PCRRef_Put(inserts PCR reference value in ETM)
■ input parameter is described:
1, tag: marking command type of message, is worth for ETM_TAG_RQU_AUTH_CMD
2, paramSize: total byte number of all input parameters (comprising tag and paramSize)
3, ordinal: marking command coding, is worth for 0x0000000d
4, cmdAuth: the digest value of command authority password
5, keyHandle: the key handle of checking PCR reference value certificate signature
6, certSize:PCR reference value certificate size
7, pcrRefCert:PCR reference value certificate
■ output parameter is described:
1, tag: marking command type of message, is worth for ETM_TAG_RQU_AUTH_CMD
2, paramSize: total byte number of all input parameters (comprising tag and paramSize)
3, returnCod:ETM carries out the rreturn value of this order
The detailed process that in the present embodiment, trusted context is set up as shown in Figure 2, because systemic-function is fairly simple, does not have typical bootloader and operating system module, and service master is directly carried out in ROM, does not need to be loaded into internal memory; And also because system module is less, omitted and be written into clean boot module and the steps such as completeness check to system state.Owing to need to import command authority password into when calling credible chip, guaranteeing only to obtain the authorization just allows to use chip, therefore, first needs to insert in advance the digest value of authorizing password in the ROM of distribution terminal.The concrete steps that trusted context is set up are as follows:
1, cpu system automatically resets;
2, operation Boot system initialization routine, and read startup sign, master routine entry address, messaging parameter etc.;
3, judgement starts to indicate whether be the sign that XX(starts upgrading), if start upgrading, Boot program is carried out in continuation, waits for reception program upgrade; If without starting upgrading, store version number and the version date of Boot program, call integrity measurement module;
4, integrity measurement module reads master routine entry address and master routine length, and master routine is carried out to integrity measurement, obtains integrity measurement value;
If 5 integrity measurement module successful execution, Boot routine call chip ETM_Extend order, importing successively total byte number paramSize, the marking command coding ordinal of command messages type tag, all input parameters (comprising tag and paramSize), the digest value cmdAuth(of command authority password into is preset in ROM), the PCR index pcrNum(0x2 of wish renewal value, extend in No. 2 PCR), the 160 bit integrity values (the integrity measurement value that the 4th step calculates) of wish expansion, integrity measurement value is expanded in corresponding PCR;
6, call chip ETM_PCR_Validate order, verify the integrity measurement value in No. 2 PCR;
If 7 integrity verifications by (rreturn value is true) after, enter master routine; Otherwise cpu reset.
Because the integrality of protection system is by calling chip instruction ETM_PCR_Validate, the integrity reference value in integrity measurement value and chip to be compared and realized; after system upgrade, integrity measurement value can change; the corresponding integrity reference value of therefore also need to be after system upgrade more storing in new chip; as shown in Figure 3, concrete steps are as follows for detailed upgrading flow process:
1, first manufacturer terminal needs to calculate the integrity reference value of the service master after upgrading;
2, manufacturer terminal XiangCA applies at center the integrity reference value certificate of this service master;
3, integrity reference value certificate is returned at CA center;
4, upgrade server sends to the service master after upgrading and corresponding integrity reference value certificate according to rendezvous protocol the Boot program of distribution terminal;
5, Boot program receives upgrade by communication network, upgrades master routine, and receives reference value certificate; The upgrading submodule of Boot program operation can call chip order ETM_PCRRef_Put, and integrity reference value certificate and the mandate password digest value that is stored in ROM are imported into as parameter, and the integrity reference value completing in chip is upgraded operation.
The security protection of simple dependence enhancing system and application software can not guarantee the high safety grade of system, and owing to all inevitably there is defect in all software systems, the security module of increase may be brought new safety defect.Therefore, the distribution terminal of having relatively high expectations for safe class, the security solution of pure software is not sufficient to build the credible running environment that can trust.Although TCG moves trusted module for the designed MTM(of embedded system) the similar security function with the TPM on PC is provided, also therefore can be used to build the trusted context in embedded system.But distribution terminal is compared with general mobile terminal, has the feature of oneself, as versatile and flexible in the software and hardware architecture of equipment, and form is also of all kinds, and the application moving on distribution terminal is comparatively single.And MTM is more for general embedded platform, although security function is comparatively complete, implement very complicatedly, upper layer software (applications) needs more change to support safe guidance, and is not suitable for distribution terminal and uses.The present invention is directed to the demand for security customization safety chip ETM of distribution terminal, the various software and hardware architecture of embedded distribution terminal equipment has more been considered in its design, on the basis of assurance module security and function, the dirigibility of its realization of lay special stress on and customizability, be beneficial to widespread use and popularization.
Existing embedded credible system starts in design, by TPM chip, directly the key code of system is carried out to integrity measurement and checking, it is large that this star-like chain of trust structure realizes difficulty, to the processing power of TPM and very high to the judgement requirement of upper strata behavior, can improve the production cost of chip, and cause system flexibility lower.The present invention is directed to the distribution terminal of different shape, the feature in conjunction with concrete operation system, has proposed general software and hardware architecture to realize credible startup; protection system integrality; strengthen security of system, it has all formulated complete process step in production and upgrading flow process, and exploitativeness is strong.
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit, although the present invention is had been described in detail with reference to above-described embodiment, those of ordinary skill in the field are to be understood that: still can modify or be equal to replacement the specific embodiment of the present invention, and do not depart from any modification of spirit and scope of the invention or be equal to replacement, it all should be encompassed in the middle of claim scope of the present invention.