发明名称 |
TRUSTED KERNEL STARTING METHOD AND APPARATUS |
摘要 |
A trusted kernel starting method and apparatus are provided. The method includes: starting a security boot module boot loader; invoking the boot loader to measure, according to a first security algorithm, whether a platform configuration register (PCR) partition is trusted; if the PCR partition is trusted, invoking the boot loader to read kernel code into a memory, and invoking the boot loader to measure, according to a first complete algorithm and a kernel code standard measurement value prestored in the PCR partition, whether the kernel code is trusted; initializing, if the kernel code is trusted, the kernel code to trigger an initialized kernel to measure, according to a second complete algorithm, whether the boot loader is trusted; and starting the kernel if the boot loader is trusted. Kernel starting security is improved. |
申请公布号 |
US2017011219(A1) |
申请公布日期 |
2017.01.12 |
申请号 |
US201615272199 |
申请日期 |
2016.09.21 |
申请人 |
Huawei Technologies Co., Ltd. ;Wuhan University |
发明人 |
LI Zhi;ZHAO Bo;FEI Yongkang |
分类号 |
G06F21/57;H04L9/08;H04L9/32;G06F9/44 |
主分类号 |
G06F21/57 |
代理机构 |
|
代理人 |
|
主权项 |
1. A trusted kernel starting method, comprising:
starting a security boot loader; invoking the boot loader to measure, according to a first security algorithm, whether a platform configuration register (PCR) partition is trusted; invoking, if the PCR partition is trusted, the boot loader to read kernel code into a memory, and invoking the boot loader to measure, according to a first complete algorithm and a kernel code standard measurement value prestored in the PCR partition, whether the kernel code is trusted; initializing, if the kernel code is trusted, the kernel code to trigger an initialized kernel to measure, according to a second complete algorithm, whether the boot loader is trusted; and starting the kernel if the boot loader is trusted. |
地址 |
Shenzhen CN |