Though there are many computers are used, on which people make no use of trusted computing technology, as there is no trusted module chip on their mainboards. A RTD (root of trust device) system according to the problem is designed. In RTD, a TCM chip and an EEPPROM are put into the same PCI-card. The code in the EEPROM called as PCT/PNP expansion ROM, attests the authentication of the BIOS and the OS Loader. By analyzing the mechanism of PCI/PNP expansion ROM, the boot sequence of the BIOS, and the twice compute mechanism of hash value, the RTD implemented, which points out a new way to implement the trusted computing technology in the traditional computing.%针对目前仍在大量使用的PC机上没有可信模块芯片,无法部署可信安全机制的现状,提出了基于扩展ROM的信任根设备.该设备将国产可信模块芯片TCM与PCI扩展ROM部署在同一块PCI板卡上,以BIOS插件的形式,在扩展ROM中完成对BIOS和OS Loader的完整性认证.在分析了PCI/PNP扩展ROM机制、BIOS的引导流程、哈希值软硬件相结合的二级计算方式等的基础上,设计和实现了信任根设备,为可信计算技术在传统计算机上的部署提供了一种新的技术途径.
展开▼
