主权项 |
1. A computer-implemented method for indicating that a computing device has booted an untrusted image, the method comprising:
receiving, via a network, an image from a source external to the computing device; receiving instructions, to boot up the image; determining whether the source external to the computing device is a trusted source, wherein determining comprises the steps of:
retrieving a digital signature appended to the image,decrypting the digital signature using a cryptographic key, andcomparing the decrypted digital signature with a message digest computed based on the image; permanently setting, if the image is not from a trusted source, an indicator to indicate that the computing device has booted from an untrusted image, the indicator implemented as a trusted platform module (TPM) chip configured to be permanently written to once, such that the indicator cannot be rewritten; booting the image; sending a request for accessing at least one resource; receiving, from an entity controlling access to the at least one resource, a request for an indicator status; and providing the entity with the indicator status, wherein the entity is configured to restrict access to the at least one resource if the indicator status indicates that an untrusted image has been booted by the computing device. |