摘要
针对计算机系统存储设备或重要程序易被私自替换或篡改的问题,提出了一种基于统一可扩展固件接口(Unified Extensible Firmware Interface,UEFI)规范的软硬件度量机制。该机制在计算机启动时对软硬件进行度量,仅在度量成功时允许继续启动。同时,在固件设置界面引入了“三员”管理模式,使三类管理员的权限相互制约。基于第二代可扩展固件接口开发套件(EFI Development Kit 2,EDK2)实现了具备上述功能的固件原型。经虚拟机平台验证,“三员”管理模式下的软硬件度量机制可以有效地防止软硬件被私自替换或篡改,维护了计算机系统的信息安全。
Aiming at the problem that the storage devices or important programs of the computer system are easily replaced or tampered without permission,a hardware and software measurement mechanism based on the Unified Extensible Firmware Interface(UEFI) specification is proposed. This mechanism measures the hardware and software while the computer is booting,and allows to continue only if the measurement is successful. At the same time,the schema of three types of administrators is introduced,so that the authorities of the three types of administrators are mutually restricted. A firmware prototype with the above functions is implemented based on the second-generation EFI Development Kit 2(EDK2).Verified by the virtual machine platform,the software and hardware measurement mechanism under the schema of three types of administrators can effectively prevent the software and hardware from being replaced or tampered without permission,and maintain the information security of the computer system.
作者
古淳仁
胡怀湘
陈相宇
GU Chunren;HU Huaixiang;CHEN Xiangyu(The 15th Research Institute of China Electronics Technology Group Corporation,Beijing 100083,China)
出处
《电子设计工程》
2022年第20期83-87,共5页
Electronic Design Engineering
