Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (6): 105-111.doi: 10.11959/j.issn.2096-109x.2020079

• Papers • Previous Articles     Next Articles

TPCM-based trusted PXE boot method for servers

Guojie LIU1,2,Jianbiao ZHANG1,2()   

  1. 1 Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China
    2 Beijing Key Laboratory of Trusted Computing,Beijing 100124,China
  • Revised:2020-10-24 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    The National Natural Science Foundation of China(61971014);National Defense Science and Technology Laboratory of Information Security(2015XXAQ08)

Abstract:

The PXE startup mechanism downloads operating system files through the network and starts the operating system,which is widely used in server network startup.It is widely used in server network startup.The PXE boot process is secured and trusted through trusted computing technology to prevent the PXE boot file from being tampered with maliciously,ensuring the safe and reliable operation of the server.The cyber security classified protection standard requires that the system boot program and system program of the server device be trusted and verified based on the trusted root.A TPCM-based server trusted PXE boot method based on the requirements of classified protection standard was proposed to ensure the security and trust of the server's BIOS firmware,PXE bootfiles,and Linux system files.When the server performs PXE boot,TPCM measured BIOS firmware,BIOS boot environment measured PXE boot files,and PXE boot environment measured Linux system files.Taking TPCM as the root of trust,one level of measurement,one level of trust,and a chain of trust were established to achieve a trusted server operating environment.The proposed method was tested on a domestically-controlled,self-controllable Shenwei server.The experimental results show that the proposed method is feasible.

Key words: information security, trusted computing, TPCM, trusted startup

CLC Number: