CN108460282A - A kind of computer safety start method based on multi-core chip - Google Patents
A kind of computer safety start method based on multi-core chip Download PDFInfo
- Publication number
- CN108460282A CN108460282A CN201710095172.5A CN201710095172A CN108460282A CN 108460282 A CN108460282 A CN 108460282A CN 201710095172 A CN201710095172 A CN 201710095172A CN 108460282 A CN108460282 A CN 108460282A
- Authority
- CN
- China
- Prior art keywords
- core
- credible
- insincere
- safety
- credible core
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The computer safety start method based on multi-core chip that the invention discloses a kind of, including:Based on heterogeneous polynuclear platform, the safety of insincere core is ensured using at least one credible core.Credible core is as monitoring core, and insincere core is as calculating core;Credible core and insincere core are isomeries, and the core cpu with independent intellectual property right is the first choice of credible core.Credible core is hardware isolated with insincere core, and sensitive hardware resource allocation gives credible core.Credible core is communicated with insincere core by the cooperation of shared drive and internuclear interruption.Credible core is guided using independent development system, externally provides security service, and insincere core uses UEFI System guides.Core of the invention is to be based on heterogeneous polynuclear platform, ensures that the safety of insincere core, the realization of this method are not limited to specific platform and Starting mode by credible core, it is only necessary to which meeting basic demand can apply.
Description
Technical field
The present invention relates to modern computer clean boot technical field more particularly to a kind of meters based on multi-core chip
Calculation machine safe starting method.
Background technology
With the development of information technology, computer has become a part indispensable in our daily lifes, still
Also the threat in terms of information security is brought while it brings Informatization Service, especially in defence and military, aviation
The key areas such as space flight, this point seem more prominent.Current all kinds of computer viruses emerge one after another, and trust computing is also at meter
The research hotspot of calculation machine, but the research of trust computing has focused largely on operating system level at present, i.e., is grasped in computer starting
Make after system how killing virus and to resist attack, the research for computer starting process is fewer and fewer, this results in being directed to
BIOS (Basic Input Output System, basic input output system) is attacked, we lack effective solution scheme.
Programs of the BIOS as guiding operating system, has existed for more than 20 years, lacks safety at the beginning of being designed due to it
Consider, computer starting process is constantly in insincere state.UEFI(Unified Extensible Firmware
Interface, unified Extensible Firmware Interface) appearance effectively change this point, it brings many benefits, opens safely
Dynamic is exactly one wherein important.The clean boot function of UEFI relies on TPM (Trusted Platform Module, credible platform
Module), TPM can provide the clean boot function of encryption and decryption, become the root of trust of computing platform, establish a chain-of-trust accordingly,
To solve the Creditability Problems of platform startup.But many problems are still had among these.First, TPM are by TCG (Trusted
Computing Group, Trusted Computing Group) propose, a whole set of standard and core algorithm are all controlled by foreign countries, to China
Information security is unfavorable, therefore domestic in research and development TCM (Trusted Cryptography Module, credible encryption and decryption mould
Block) with TPCM (Trusted Platform Control Module, credible platform control module) solve the problems, such as this.The
Two, on computers after electricity, the trusted root of the partial code that executes at first as trust chain is unconditionally trusted, therefore
If root of trust is attacked, entire platform, which still has no safety, to be sayed.Third, current most popular processor is substantially all
It is x86 frameworks, core technology is controlled by Intel Company, we can not grasp the behavior of the processor completely, this is to ours
Sensitive information is also hidden danger.Therefore how to be ensured in the computing platform for possessing insincere processing core and untrusted application at one
Safety is the key that solve the problems, such as this.
Invention content
It, can be on heterogeneous polynuclear platform the technical problem to be solved by the present invention is to design a kind of method of clean boot
The clean boot of another insincere core is ensured using a credible core.
This method is based on heterogeneous polynuclear platform, and wherein at least one core is believable.In view of reality factor, tool
The core of standby China independent intellectual property right is optimal selection as credible core.On such platform base, this method is used
A set of activation system can be built, ensures the safety of start-up course.
In order to solve the above-mentioned technical problem, the invention discloses a kind of computer safety starts based on multi-core chip
Method, including:
The Starting mode of credible core and insincere core is determined respectively.Credible core uses the guiding system of independent research
System, and need not start to operating system, it is only necessary to can provide security service, which relies on TPM modules, by can
Establishing for letter chain safer must be completed.And essential core of the insincere core as chip operation, generally x86 frameworks, it takes
UEFI guides operating system.Since credible core and insincere core are isomeries, the two has binary system isolation.The two
Start code to develop in different development environment, be compiled under different translation and compiling environments, and be programmed same Flash not
Same position, if there are polylith Flash on mainboard, can also burning on different Flash.
Further, this method includes:Hardware resource divides.
Credible core is by hardware isolated with insincere core, and the two has respectively exclusive hardware resource, including outer
And if memory.Sensitive resource should distribute to credible core, prevent the direct access of insincere core, such as TPM.In addition credible
The main task of core is to provide security service, in order to ensure the performance of follow-up computer, for the required money of credible core distribution
Source.Remaining resource is distributed on insincere core.
Further, this method includes:Intercore communication is divided with memory.
Credible core is communicated with insincere core by shared drive, therefore monoblock memory is divided into three parts:It is credible
Core monopolizes part, the exclusive part of insincere core and shared part.The method of synchronization of two cores is internuclear interruption, by
GPIO is completed.Data are placed in shared drive by insincere core, and generate internuclear interruption, and then credible core response is interrupted,
It obtains data and completes security service.Then result is stored back into shared drive, insincere core is then determined according to the result
Next step behavior.
Further, since memory is subject to attack, the data needs in shared drive are encrypted.
Further, this method needs to control boot sequence.
The process of startup must control starts credible core first, completes the initial work for monopolizing hardware, then starts
Start insincere core.
Further, this method needs to carry out encryption and decryption verification to UEFI modules.
Since UEFI is modularized design, module can be stored in the different position such as ROM, hard disk and Flash, every
Before a module loading safety verification will be carried out to it.Each UEFI module needs to be packaged after compiling is completed,
Encapsulation process includes, and Hash is carried out to UEFI modules, obtains carrying out signature algorithm to it using factory private key after cryptographic Hash, then
Signature and module are packaged together.And before load, it needs to verify module, which is completed by credible core.It can
Believe that core calls the security service of TPM, signature is decrypted to obtain cryptographic Hash using factory public key, by the value and former cryptographic Hash
It is compared, whether authentication module has complete credible.
Further, after credible core completes verification, result can be returned to by GPIO and shared drive insincere
Core is only being verified, and insincere core could load and execute the module
Technical solution of the present invention can ensure insincere core in multi-core chip using a credible core
Clean boot.
Description of the drawings
Fig. 1 is a kind of Organization Chart of computer safety start embodiment of the method based on multi-core chip of the present invention;
Specific implementation mode
Technical scheme of the present invention is illustrated in further detail below in conjunction with attached drawing and preferred embodiment.It should be appreciated that
The specific embodiments described herein are merely illustrative of the present invention, the technical solution being not intended to limit the present invention.
As shown in Figure 1, being a kind of computer safety start embodiment of the method based on multi-core chip of the present invention
Organization Chart, wherein:
Credible core with microprocessor research and development centre of Peking University there is the Unicore processors of independent intellectual property right to lift
Example.
Insincere core is x86 architecture processors.
In terms of hardware division, TPM must be monopolized by credible core, and the division of remaining sensitive resource can be according to specific implementation
Situation is different.GPIO is that credible core is shared with insincere core, and the synchronization of the two is realized by it.
Memory is divided into three parts, and specific location can determine as the case may be with size, and rule is credible core
The exclusive part of the heart is small as possible with shared part, it is only necessary to meet interaction primary demand.
System aspects, credible core eventually start to Unicore boot systems, and the process of startup follows chain-of-trust
It establishes, therefore the entire parts Unicore can be used as a TCB (Trusted Computing Base, trusted computing base).Institute
The behavior for relating to security control is all completed by Unicore, and insincere core takes UEFI to guide os starting.
In terms of safety guarantee, credible core is integrated with the security service of TPM, and insincere core, both sides is supplied to pass through logical
Believe interactive interfacing.For insincere core, credible core be it is transparent, i.e., it can only know service that credible core provides and
Its specific implementation mode can not be found out, the exclusive hardware resource of credible core can not be also accessed.
Above-mentioned safe starting method further includes encapsulation and the encryption process of UEFI modules:
The encryption Yu encapsulation of wherein UEFI modules are realized in the process of development, and the binary system generation of UEFI is obtained in compiling
It after code, needs to carry out Hash to it, then signature algorithm is carried out using manufacturer's private key alignment, to be signed.It will signature
It is packaged together with binary code.
The verification of UEFI is completed by the credible core as trusted computing base, it can utilize the safety clothes that TPM is provided
Business team module is decrypted, and obtained cryptographic Hash is compared with initial value, to judge that whether complete the module is credible.
After credible core is completed to the verification of first module of UEFI, UEFI establishes safe trusted root, so
The process established afterwards according to chain-of-trust, insincere core constantly will can need the module verified to pass to credible core, and the two is handed over
Mutual synchronization is realized by GPIO, uses interruption and poll can here.
Once there is insincere module, it will not be loaded execution, the secure and trusted of start-up course can be effectively ensured.
From examples detailed above as can be seen that the present invention is based on multi-core chip, wherein there are credible core with can not
Believe core, the security service that credible core integrates TPM exists as safety guarantee core, and insincere core is as the core that is monitored
The heart, can not tactiosensible resource.In order to which the clean boot of insincere core is effectively ensured, each module of UEFI is required for can
Letter core is verified.The resource that the present invention designs the system divides, and communication mode and credible core ensure insincere core
Architecture design, can effectively solve the problems, such as the clean boot of the computer based on multi-core chip.
It for those skilled in the art, can be without departing substantially from this hair after understanding present disclosure and principle
In the case of bright principle and range, various modifications and variations in form and details are carried out according to the method for the present invention, still
These modifications and variations based on the present invention are still within the claims of the present invention.
Claims (7)
1. a kind of computer safety start method based on multi-core chip, which is characterized in that including:
This method is based on multi-core chip, wherein including credible core and insincere core.Credible core is as whole system
Trusted computing base, integrate the security service function of TPM/TCM/TPCM as ensureing that core exists.Insincere core is as master
Want working centre, using credible core security service and receive the monitoring of credible core.
The process of establishing of the system includes:Credible core uses hardware isolated with insincere core.Using shared drive and GPIO
Realize core between communication with it is synchronous.Credible core provides security service, and insincere kernel boot to operating system is insincere
In core start-up course, it is related to the foundation of trust chain, wherein the safety verification of each module is required for being completed by credible core.
2. the method as described in claim 1, it is characterised in that:
The heterogeneous polynuclear refers to that credible core and insincere core are isomeries, and the two has binary system isolation, the two
It is guided using different firmwares.Their bootstrap is by programming on the different location of same Flash or identical platform
Different Flash in.
3. the method as described in claim 1, it is characterised in that:
The hardware isolated refers to the hardware resource that credible core and insincere core have it respectively to monopolize, and credible core is as calculating
The trusted computing base of machine, it is necessary to exclusive sensitive resource, such as TPM.Hardware resource is assigned as under the premise of ensureing security performance,
It is that credible core distributes less resource as possible.
4. the method as described in claim 1, it is characterised in that:
The intercore communication is realized by shared drive with GPIO jointly.Memory is divided into three parts, and credible core monopolizes portion
Point, the exclusive part of insincere core and shared part.Shared drive carries out data interaction, interactive data for two cores
It needs to be encrypted.GPIO realizes the synchronization between two cores, the method that two cores can take interruption or training in rotation
To obtain the signal of GPIO.
5. the method as described in claim 1, it is characterised in that:
The credible core provides security service interface and refers to the function that credible core incorporates TPM, and is realized to insincere core
It hides, limited interface is only provided, ensures the safety of sensitive resource.
6. the method as described in claim 1, it is characterised in that:
The encryption of the UEFI modules encapsulates, and refers to after the binary code that compiling obtains UEFI modules, is carried out first to it
Hash, the private key alignment then provided according to producer carry out signature algorithm, and signature is packaged together with module.
7. the method as described in claim 1, it is characterised in that:
The decryption of the UEFI modules refers to credible core after obtaining the UEFI modules after encapsulating, calls the security function of TPM,
It is aligned and is decrypted using factory public key, and the obtained cryptographic Hash of decryption is compared with original cryptographic Hash, which is judged with this
It is whether complete credible.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710095172.5A CN108460282A (en) | 2017-02-22 | 2017-02-22 | A kind of computer safety start method based on multi-core chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710095172.5A CN108460282A (en) | 2017-02-22 | 2017-02-22 | A kind of computer safety start method based on multi-core chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108460282A true CN108460282A (en) | 2018-08-28 |
Family
ID=63222081
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710095172.5A Pending CN108460282A (en) | 2017-02-22 | 2017-02-22 | A kind of computer safety start method based on multi-core chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108460282A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110321235A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | The system interaction method and apparatus of credible calculating platform based on binary system structure |
| CN110704359A (en) * | 2019-08-14 | 2020-01-17 | 北京中电华大电子设计有限责任公司 | High-safety low-power-consumption communication method of dual-core chip |
| CN111264044A (en) * | 2018-10-09 | 2020-06-09 | 华为技术有限公司 | Chip, method for generating private key and method for trustable certification |
| CN111274040A (en) * | 2020-02-18 | 2020-06-12 | 北京和利时***工程有限公司 | Memory management method and device |
| CN111949989A (en) * | 2020-07-27 | 2020-11-17 | 首都师范大学 | Safety control device and method of multi-core processor |
| CN114356445A (en) * | 2021-12-28 | 2022-04-15 | 山东华芯半导体有限公司 | Multi-core chip starting method based on large and small core architectures |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101317417A (en) * | 2005-11-29 | 2008-12-03 | 英特尔公司 | Network access control for many-core systems |
| US20090113171A1 (en) * | 2007-10-26 | 2009-04-30 | Herrell Russ W | Tpm device for multi-processor systems |
| CN101464807A (en) * | 2009-01-08 | 2009-06-24 | 杭州华三通信技术有限公司 | Application program loading method and device |
| CN102110197A (en) * | 2009-12-25 | 2011-06-29 | 中国科学院计算技术研究所 | Method and system for multi-core processor to realize TMP (trusted platform module) in computing environment |
| CN102169446A (en) * | 2011-05-16 | 2011-08-31 | 北京北大众志微***科技有限责任公司 | BIOS (basic input/output system) system and method based on basic input/output system of open source system |
| US20130298250A1 (en) * | 2010-06-03 | 2013-11-07 | Ramakrishna Saripalli | Systems, Methods, and Apparatus to Virtualize TPM Accesses |
| CN104503830A (en) * | 2013-03-15 | 2015-04-08 | 英特尔公司 | Method For Booting A Heterogeneous System And Presenting A Symmetric Core View |
-
2017
- 2017-02-22 CN CN201710095172.5A patent/CN108460282A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101317417A (en) * | 2005-11-29 | 2008-12-03 | 英特尔公司 | Network access control for many-core systems |
| US20090113171A1 (en) * | 2007-10-26 | 2009-04-30 | Herrell Russ W | Tpm device for multi-processor systems |
| CN101464807A (en) * | 2009-01-08 | 2009-06-24 | 杭州华三通信技术有限公司 | Application program loading method and device |
| CN102110197A (en) * | 2009-12-25 | 2011-06-29 | 中国科学院计算技术研究所 | Method and system for multi-core processor to realize TMP (trusted platform module) in computing environment |
| US20130298250A1 (en) * | 2010-06-03 | 2013-11-07 | Ramakrishna Saripalli | Systems, Methods, and Apparatus to Virtualize TPM Accesses |
| CN102169446A (en) * | 2011-05-16 | 2011-08-31 | 北京北大众志微***科技有限责任公司 | BIOS (basic input/output system) system and method based on basic input/output system of open source system |
| CN104503830A (en) * | 2013-03-15 | 2015-04-08 | 英特尔公司 | Method For Booting A Heterogeneous System And Presenting A Symmetric Core View |
Non-Patent Citations (4)
| Title |
|---|
| JARED SCHMITZ, ET AL.: "TPM-SIM: A Framework for Performance Evaluation of Trusted Platform Modules", 《PROCEEDINGS OF THE 48TH DESIGN AUTOMATION CONFERENCE, DAC 2011》 * |
| KUAN-JEN LIN, ET AL.: "Using TPM to improve boot security at BIOS layer", 《2012 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS (ICCE)》 * |
| 王龙杰 等: "多核MV12 片上***中断控制器的设计与实现", 《半导体技术》 * |
| 袁迹 等: "多核处理器引导方法研", 《计算机测量与控制》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111264044A (en) * | 2018-10-09 | 2020-06-09 | 华为技术有限公司 | Chip, method for generating private key and method for trustable certification |
| US11722300B2 (en) | 2018-10-09 | 2023-08-08 | Huawei Technologies Co., Ltd. | Chip, private key generation method, and trusted certification method |
| CN110321235A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | The system interaction method and apparatus of credible calculating platform based on binary system structure |
| CN110704359A (en) * | 2019-08-14 | 2020-01-17 | 北京中电华大电子设计有限责任公司 | High-safety low-power-consumption communication method of dual-core chip |
| CN111274040A (en) * | 2020-02-18 | 2020-06-12 | 北京和利时***工程有限公司 | Memory management method and device |
| CN111274040B (en) * | 2020-02-18 | 2023-04-07 | 北京和利时控制技术有限公司 | Memory management method and device |
| CN111949989A (en) * | 2020-07-27 | 2020-11-17 | 首都师范大学 | Safety control device and method of multi-core processor |
| CN114356445A (en) * | 2021-12-28 | 2022-04-15 | 山东华芯半导体有限公司 | Multi-core chip starting method based on large and small core architectures |
| CN114356445B (en) * | 2021-12-28 | 2023-09-29 | 山东华芯半导体有限公司 | Multi-core chip starting method based on large and small core architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11741234B2 (en) | Technologies for fast launch of trusted containers | |
| CN108460282A (en) | A kind of computer safety start method based on multi-core chip | |
| Tiburski et al. | Lightweight security architecture based on embedded virtualization and trust mechanisms for IoT edge devices | |
| Guan et al. | Trustshadow: Secure execution of unmodified applications with arm trustzone | |
| US10826904B2 (en) | Local verification of code authentication | |
| CN103748594B (en) | For ARM*TRUSTZONETMThe credible platform module based on firmware realized | |
| JP7072123B2 (en) | Graphics processing unit with accelerated trusted execution environment | |
| EP3201822A1 (en) | End-to-end security for hardware running verified software | |
| CN102244684B (en) | EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey | |
| Ling et al. | Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes | |
| CN106127059B (en) | The realization of credible password module and method of servicing on a kind of ARM platform | |
| CN108140092B (en) | Device with multiple roots of trust | |
| Hoang et al. | Trusted execution environment hardware by isolated heterogeneous architecture for key scheduling | |
| US12003960B2 (en) | Booting and operating computing devices at designated locations | |
| CN104346572A (en) | Construction method of universal external intelligent terminal safety operation environment | |
| Bugiel et al. | Implementing an application-specific credential platform using late-launched mobile trusted module | |
| Sule et al. | Deploying trusted cloud computing for data intensive power system applications | |
| US11748520B2 (en) | Protection of a secured application in a cluster | |
| US10552168B2 (en) | Dynamic microsystem reconfiguration with collaborative verification | |
| CN115906097A (en) | Processor of isomorphic dual computing system and method of operating the same | |
| Ushakov et al. | Trusted hart for mobile RISC-V security | |
| CN110334532B (en) | File encryption and decryption processing method and encryption and decryption system | |
| Hong et al. | A dual‐system trusted computing node construction method based on ARM multi‐core CPU architecture | |
| Li et al. | Secure trusted operating system based on microkernel architecture | |
| De Jian Li et al. | Secure Trusted Operating System Based on Microkernel Architecture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180828 |
|
| WD01 | Invention patent application deemed withdrawn after publication |