摘要
介绍了P4080安全启动信任链建立和传递的过程;利用P4080安全启动和可信结构,采用数字签名及验证技术设计了从ISBC到Uboot、从Uboot到Linux系统的两级信任链系统安全启动机制,并采用修改启动映像内容和替换内核映像的方法验证了安全启动机制的有效性。采用该设计设备平台在启动过程中可检查到启动程序、配置文件、操作系统等程序文件是否被篡改过,从而保障平台计算环境的安全。
This article describes the P4080 secure boot chain of trust creation and transfer process. With P4080 secure boot and credible structure, and as the digital signatures and authentication technology, the secureboot mechanism of two-level trust chain system from ISBC toUboot and from Uboot to Linux system is designed, and by modifying theboot image content and replacing the kernel image, the effectiveness of secureboot mechanisms is verified. With the equipment platform of this design, the tampering on boot code, configuration file, or operating system could be detected in the boot process, and thus the platform security of computing environments be protected.
出处
《通信技术》
2013年第10期34-37,共4页
Communications Technology
