Based on the concept of root of trust? Chain of trust and trusted storage, a secure system called FDES (full disk encryption system, FDES) is designed and implemented based on Linux. FDES combines the system confidentiality and user authentication. With the device-mapper instructure which can be used to create layers of virtual block devices over the real block device, FDES is implemented in Linux kernel. FDES automatically encrypts the data that is written to the disk underneath and decrypts the data that is readed from the disk underneath with the functions of trusted computing and secure storage supplied by the TCM chip, so that the stable security mechanism cannot be bypassed.%基于可信计算技术中的可信根、信任链和可信存储的概念,设计并实现了一种基于TCM (trusted cryptography module)的全盘加密系统(full disk encryption system,FDES).FDES系统具有加密和认证功能,利用device-mapper(DM)提供的从逻辑设备到物理设备的映射框架机制,嵌入在Linux内核中,利用TCM芯片提供的加密、认证和存储等功能,实现对全部硬盘的透明加解密功能,从而确保了安全机制的不可旁路性和可靠性.
展开▼
