[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN117556418A - Method for determining kernel state and related equipment - Google Patents

Method for determining kernel state and related equipment Download PDF

Info

Publication number
CN117556418A
CN117556418A CN202210925211.0A CN202210925211A CN117556418A CN 117556418 A CN117556418 A CN 117556418A CN 202210925211 A CN202210925211 A CN 202210925211A CN 117556418 A CN117556418 A CN 117556418A
Authority
CN
China
Prior art keywords
kernel
calculated value
tee
parameter
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210925211.0A
Other languages
Chinese (zh)
Inventor
沈国华
刘钢
葛振耀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202210925211.0A priority Critical patent/CN117556418A/en
Priority to PCT/CN2023/106854 priority patent/WO2024027472A1/en
Publication of CN117556418A publication Critical patent/CN117556418A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/06Addressing a physical block of locations, e.g. base addressing, module addressing, memory dedication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a method for determining a kernel state and related equipment. The method comprises the following steps: when the indication information is received, entering a Trusted Execution Environment (TEE); obtaining data information of the kernel according to the storage position of the kernel in the storage device in the TEE; and calculating the data information of the kernel in the TEE to determine an actual calculated value of the kernel, wherein the actual calculated value is used for determining the state of the kernel, and the state of the kernel comprises trusted or untrusted. The method can directly obtain the data information of the kernel in the TEE, and directly calculate the data information of the kernel in the TEE to obtain the actual calculated value of the kernel. By the method in the embodiment of the application, a trusted closed loop can be formed when the state of the kernel is determined, and the obtained actual calculated value is ensured to be reliable and accurate, so that whether the kernel is trusted or not can be determined more accurately, and the safety of the computing equipment can be further protected.

Description

Method for determining kernel state and related equipment
Technical Field
Embodiments of the present application relate to the field of computers, and more particularly, to a method, computing device, computing apparatus, chip system, and computer readable storage medium for determining a state of a kernel.
Background
The security of applications in current common operating systems depends on the security of the operating system, which depends on the security of the kernel. Specifically, the kernel may perform secure startup on a secure library of the application in the operating system, thereby confirming that the related files of the application have not been modified. During the running of the application, the operating system may implement dynamic calculations through extensions that may correspond to the application, through local or remote attestation to confirm whether the application is running in a trusted state. The operating system is a set of capabilities provided after the kernel is mapped to memory execution, functions are extended by the load module, necessary system services are started, so the trust of the kernel is the basis for the security of the operating system and applications in the operating system.
Rich execution environments (rich execution environment, REE) and trusted execution environments (trusted execution environment, TEE) may now be deployed inside a computing device by partitioning hardware in the computing device. Meanwhile, the time-sharing multiplexing of the processor in the computing device can enable the processor to run in REE or TEE, and ensure that codes in the TEE cannot be modified or stolen maliciously. However, the REE and the TEE cannot acquire the execution state of the other party because the REE and the TEE are divided too far into the bottom layers. In determining whether the kernel in the REE is trusted, valid computing information for the current kernel may be obtained by a high-authority proxy application deployed in the REE and passed to a trusted operating system/trusted application in the TEE (trusted execution environment operating system/trusted application, TEEOS/TA). The TEEOS/TA receives the calculation information and considers the kernel to be trusted. In the method, the TEEOS/TA determines that the trust of the kernel is based on the trust of the high-authority agent application (agent), and the trust of the high-authority agent application depends on the trust of the kernel. That is, in the event that the kernel has been maliciously modified, the high-authority proxy application may still compute the kernel and send the computation information to the tee os/TA. The tee os/TA still considers the kernel to be trusted after receiving the calculation information, i.e. the method cannot form a trusted closed loop.
Therefore, how to form a trusted closed loop in the process of determining the kernel state, so that the accuracy and the reliability of determining the kernel state are improved, and the problem to be solved is urgent.
Disclosure of Invention
The embodiment of the application provides a method, a computing device, a chip system and a computer readable storage medium for determining a kernel state, which can directly calculate data information of a kernel in a TEE, namely, a trusted closed loop is formed in the process of determining the kernel state, so that whether the kernel is trusted or not can be determined more accurately and reliably, and the safety of the computing device is further protected.
In a first aspect, a method of determining a state of a core is provided. The method comprises the following steps: when receiving indication information, entering a Trusted Execution Environment (TEE), wherein the indication information is used for indicating and determining the state of a kernel; obtaining data information of the kernel according to the storage position of the kernel in the storage device in the TEE; and calculating the data information of the kernel in the TEE, and determining an actual calculated value of the kernel, wherein the actual calculated value is used for determining the state of the kernel, and the state of the kernel comprises trusted or untrusted.
In the embodiment of the application, the computing device can directly determine the storage position of the kernel in the TEE to obtain the data information of the kernel, and can also directly calculate the data information of the kernel in the TEE to obtain the actual calculation value of the kernel. By the method in the embodiment of the application, a trusted closed loop can be formed when the state of the kernel is determined, and the obtained actual calculated value is ensured to be reliable and accurate, so that whether the kernel is trusted or not can be determined more accurately, and the safety of the computing equipment can be further protected.
With reference to the first aspect, in certain implementations of the first aspect, the first parameter and the second parameter are obtained in the TEE by a basic input output system BIOS; and determining a storage position in the TEE according to the first parameter and the second parameter.
Wherein the first parameter includes a boot address of the kernel and a length of the kernel. The second parameter includes a physical starting address of the rich execution environment REE memory space in the memory device, or the second parameter includes a physical starting address of the REE memory space and an address offset of the kernel.
In the embodiment of the application, the computing device may obtain the first parameter and the second parameter through the BIOS, so that a storage location of the kernel in the storage device is determined according to the first parameter and the second parameter. By the method in the embodiment of the application, the computing equipment can obtain the first and second trusted parameters in the TEE in a safe and trusted mode, so that a trusted closed loop is formed, the obtained storage position of the kernel is ensured to be reliable and accurate, and further the data information of the kernel can be obtained more accurately.
With reference to the first aspect, in certain implementations of the first aspect, the first parameter is a parameter stored in the BIOS and/or the second parameter is a parameter determined by the BIOS.
In the embodiment of the application, the first parameter may be stored in the BIOS in advance, and the BIOS may directly determine the second parameter, so that reliability and accuracy of the first parameter and the second parameter obtained by the computing device in the TEE may be ensured, and further a trusted closed loop may be formed conveniently.
With reference to the first aspect, in certain implementations of the first aspect, the storage location includes a physical start address of the kernel in the storage device and a length of the kernel, the physical start address of the kernel in the storage device is determined according to a physical start address of the REE storage space and a start address of the kernel, or the physical start address of the kernel in the storage device is determined according to the physical start address of the REE storage space, the start address of the kernel, and an address offset of the kernel.
In the embodiment of the application, the computing device may determine, in the TEE, a physical start address of the kernel in the storage device and a length of the kernel according to the first parameter and the second parameter. And the computing device can directly read the data information of the kernel in the TEE according to the physical starting address of the kernel in the storage device and the length of the kernel, so that the data information of the kernel is conveniently calculated, and the trusted actual calculated value can be determined.
With reference to the first aspect, in certain implementations of the first aspect, in the TEE, data information of the kernel is read from the storage device according to a physical start address and a length of the kernel in the storage device.
In the embodiment of the application, the computing device can directly read the data information of the kernel from the storage device according to the storage position of the kernel in the TEE, so that the read data information of the kernel can be ensured to be the real data information of the currently running kernel, and further whether the kernel is trusted or not can be accurately determined.
With reference to the first aspect, in certain implementations of the first aspect, comparing, in the TEE, a baseline calculated value of the kernel with an actual calculated value, the baseline calculated value being a preset value; if the baseline calculated value is the same as the actual calculated value, determining the state of the kernel as credible; if the baseline calculated value and the actual calculated value are different, the state of the kernel is determined to be unreliable.
In the embodiment of the application, the computing device may directly compare the actual computing value of the kernel with the baseline computing value in the TEE, so as to determine whether the kernel has been attacked or modified according to whether the actual computing value of the kernel is the same as the baseline computing value, and further determine whether the state of the kernel is trusted.
With reference to the first aspect, in certain implementations of the first aspect, the baseline calculated value is determined according to data information of a kernel at a kernel compile time.
In this embodiment of the present application, a baseline calculation value of the kernel may be determined according to data information of the kernel at compile time, that is, the baseline calculation value is a calculation value obtained by calculating data information of the kernel in a trusted state of the kernel. By the method in the embodiment of the application, when the actual calculated value is different from the baseline calculated value, the computing device can determine that the data information of the kernel is modified, so that the state of the kernel is determined to be unreliable.
With reference to the first aspect, in some implementations of the first aspect, encrypting the actual calculated value in the TEE to obtain an encrypted actual calculated value; and sending the encrypted actual calculated value to a management device, wherein the encrypted actual calculated value is used for determining the state of a kernel by the management device, and the management device is other computing devices connected with the computing device comprising the storage device.
In the embodiment of the application, the computing device can send the actual calculated value to the management device connected with the computing device, so that the management device can determine whether the kernel of the computing device is trusted or not. And the computing device can encrypt the actual computing value when sending the actual computing value, so that the management device can check the received actual computing value to determine whether the received actual computing value is credible.
In a second aspect, embodiments of the present application provide a computing device comprising means for implementing the first aspect or any one of the possible implementations of the first aspect.
In a third aspect, embodiments of the present application provide a computer device comprising a processor for coupling with a memory, reading and executing instructions and/or program code in the memory to perform the first aspect or any one of the possible implementations of the first aspect.
In a fourth aspect, embodiments of the present application provide a chip system comprising logic circuitry for coupling with an input/output interface through which data is transferred for performing the first aspect or any one of the possible implementations of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer readable storage medium storing program code which, when run on a computer, causes the computer to perform any one of the possible implementations as in the first aspect or the first aspect.
In a sixth aspect, embodiments of the present application provide a computer program product comprising: computer program code which, when run on a computer, causes the computer to perform any one of the possible implementations as or in the first aspect.
Drawings
Fig. 1 is a schematic architecture diagram of a computing device 100.
FIG. 2 is a schematic flow chart diagram of a method of determining kernel state according to one embodiment of the present application.
FIG. 3 is a schematic block diagram of a memory location of a kernel according to one embodiment of the present application.
FIG. 4 is a schematic flow chart of a method of determining a kernel state according to another embodiment of the present application.
FIG. 5 is a schematic diagram of a computing device according to one embodiment of the present application.
FIG. 6 is a schematic diagram of a computing device according to one embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings.
The technical solution of the embodiment of the present application may be applied to various computing devices including a kernel and a TEE, such as a host, a desktop, a notebook, etc., which is not limited in this embodiment of the present application.
Fig. 1 is a schematic architecture diagram of a computing device 100. Computing device 100 may include a processor 110, a memory 120, a basic input output system (basic input output system, BIOS) BIOS 130, and a hardware platform 140.
It should be understood that the architecture illustrated in the embodiments of the present application does not constitute a particular limitation of computing device 100. In other embodiments of the present application, computing device 100 may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The processor 110 may be, for example, a central processing unit (central processing unit, CPU) or a graphics processor (graphics processing unit, GPU) or the like. Processor 110 is the computational and control core of computing device 100 and may run in a REE or TEE.
It should be understood that the meaning of "processor 110 running in a REE or TEE", "processor 110 running in a REE or TEE state", "processor 110 running in a REE or TEE environment", "processor 110 in a REE or TEE" is similar.
When the processor 110 is running in the REE, only the hardware, software, and storage resources in the REE are accessible, and the hardware, software, and storage resources in the TEE are not accessible. For example, when the processor 110 is running in a REE, only the REE store 121 in the memory 120 may be accessed, and the TEE store 122 in the memory 120 may not be accessed. While the processor 110 is running in the TEE, it may access hardware, software, and storage resources in the TEE, as well as access storage resources in the REEs. For example, while the processor 110 is running in a TEE, not only the TEE store 122 in the memory 120, but also the REE store 121 in the memory 120 may be accessed.
The processor 110 may enter the trusted execution environment TEE upon receipt of the indication information. The indication information is used for indicating the state of the determined kernel. Processor 110 may also determine the memory location of the core in memory 120 in the TEE, i.e., determine the location of core 1211. The memory location is for the processor 110 to read data information in the core 1211. Processor 110 may also calculate data information in core 1211 from the storage location in the TEE, determining the actual calculated value of core 1211. The actual calculated value is used to determine the state of the core 1211, the state of the core 1211 including trusted or untrusted.
The processor 110 may also obtain the first and second parameters in the TEE via the BIOS 130. The first parameter may include a boot address of the core 1211 and a length of the core 1211. The boot address of the core 1211 is the physical starting address of the compressed core when decompressed to memory 120. The second parameter may include a physical starting address of the REE memory space in the memory 120. The physical starting address of the REE storage space in the memory 120 may be the physical starting address of the REE storage 121 in FIG. 1. Alternatively, where core address randomization (kernel address space layout randomization, KASLR) techniques are enabled in the computing device, the second parameter may include the physical starting address of the re memory space and the address offset of the core 1211. The address offset of the kernel 1211 is an address offset that the computing device 100 randomly generates prior to booting the kernel, and is used to enable the address of the kernel to be different with each boot of the computing device 100, i.e., to enable an attacker to be unable to determine the physical address of the kernel 1211, thereby enhancing the security of the kernel. Processor 110 may also determine a storage location of core 1211 in memory 120 in the TEE based on the first parameter and the second parameter.
Alternatively, the first parameter may be a parameter stored in the BIOS. Alternatively, the first parameter may be a parameter that an administrator of the computing device 100 manually imports into the BIOS. For example, the administrator may import the first parameter into the BIOS through a BIOS menu, gateway, command-line interface (CLI), and so on.
Optionally, the first parameter may be encrypted, e.g., signed, before being stored in the BIOS. The public key that verifies the first parameter may be stored in the BIOS. That is, the first parameter stored in the BIOS is an encrypted parameter, and the BIOS can verify whether the first parameter is trusted through the public key, so that the security of the kernel can be enhanced.
Alternatively, the second parameter may be a parameter determined by the BIOS. After startup, the BIOS may initialize the memory 120 and allocate memory space for REEs and TEEs, i.e., determine the memory locations of REE store 121 and TEE store 122 in memory 120. That is, the BIOS may determine the physical starting location of REE store 121. In the case of KASLR technology enabled in a computing device, the BIOS may also determine the address offset of the randomly generated kernel.
Alternatively, the storage location of the core 1211 in the REE storage 121 may include the physical starting address of the core 1211 in the memory 120 and the length of the core 1211. Alternatively, the storage location of the core 1211 in the REE storage 121 includes the physical start address and the physical end address of the core 1211 in the memory 120.
Alternatively, the physical starting address of the core 1211 in the memory 120 may be determined from the physical starting address of the REE store 121 and the starting address of the core 1211. Alternatively, the physical starting address of the core 1211 in the memory 120 is determined from the physical starting address of the REE store 121, the starting address of the core 1211, and the address offset of the core 1211.
Processor 110 may also obtain data information for core 1211 from the memory location of core 1211 in the TEE. Processor 110 may also calculate the data information of core 1211 to obtain the actual calculated value. The actual calculated value comprises data of at least one data bit.
Alternatively, the processor 110 may compare the baseline calculated value and the actual calculated value of the core 1211 in the TEE. The baseline calculated value is a predetermined value including data of at least one data bit. In the event that the baseline calculated value is the same as the actual calculated value, the processor 110 may determine that the state of the core is trusted. In the event that the baseline calculated value is different from the actual calculated value, the processor 110 may determine that the state of the core is not trusted.
Alternatively, the processor 110 may encrypt the actual calculated value in the TEE, for example, sign, to obtain the encrypted actual calculated value. The processor 110 may also send the encrypted actual calculated value to the management device. The management device is another computing device connected to computing device 100. The management device may determine whether the kernel 1211 of the computing device 100 is trusted based on the encrypted actual calculated value, i.e., the encrypted actual calculated value is used by the management device to determine the state of the kernel 1211.
Alternatively, the management device may also verify whether the encrypted actual calculation value is authentic, and in the case where it is determined that the encrypted actual calculation value is authentic, determine whether the kernel 1211 of the computing device 100 is authentic according to the encrypted actual calculation value.
The memory 120 may be used to store data or instructions, and may be, for example, random access memory (random access memory, RAM), static RAM (SRAM), dynamic RAM (DRAM), synchronous dynamic RAM (synchronous dynamic RAM, SDRAM), double rate synchronous dynamic RAM (ddr SDRAM), etc., which are not limited in this embodiment. The storage space in the memory 120 is divided into a re storage 121 and a TEE storage 122.
The REE store 121 may store data or instructions in REEs. The processor 110, when running in a REE or TEE, may access data or instructions in the REE store 121. The data information of the kernel may also be stored in the REE storage 121, i.e. the kernel 1211 is included in the REE storage 121. The core 1211 includes therein data information of the core, such as information of program codes and the like.
TEE store 122 may store data or instructions in the TEE. The processor 110, while running in the TEE, may access data and instructions in the TEE store 122. Data information for TEE os/TA may also be stored in TEE store 122, i.e., TEE store 122 includes TEE os/TA 1221. The teos/TA 1221 includes data information of the teos/TA, such as program code.
The BIOS 130 includes programs for basic input and output of the computing device 100, a self-checking program after power-on, a system start-up program, and the like, and is mainly used to provide the bottommost hardware setting and control for the computing device 100. The BIOS 130 may have stored therein a first parameter. A unified extensible firmware interface (unified extensible firmware interface, UEFI) variable area may be included in the BIOS 130 for storing the first parameter. The BIOS 130 may also store a public key that verifies the first parameter and may verify the first parameter based on the stored public key to determine if the first parameter is authentic. The BIOS 130 may also initialize the memory 120 after startup, allocate REE storage 121 for REEs, and allocate TEE storage 122 for TEEs to determine the second parameter. The BIOS 130 may also pass the first and second parameters to the TEE store 122 to facilitate the processor 110 in determining the memory location of the kernel in the memory 120 in the TEE.
The computing device 100 in fig. 1 may directly determine the storage location of the kernel in the TEE, and calculate the kernel, so as to form a trusted closed loop in the process of determining the state of the kernel, and determine whether the kernel is trusted more accurately, thereby protecting the security of the computing device 100.
FIG. 2 is a schematic flow chart of a method of determining the state of a kernel, the method of FIG. 2 including the following steps.
S210, entering a Trusted Execution Environment (TEE) when the indication information is received.
The computing device may receive indication information that instructs the computing device to determine a state of the kernel. The computing device may also enter into the TEE upon receipt of the indication information, determining a state of the kernel in the TEE.
Alternatively, the indication information may come from other devices to which the computing device is connected, such as a management device. Alternatively, the indication information may be triggered periodically within the computing device. Alternatively, the indication may be triggered by the user. Alternatively, the indication may be triggered when a change occurs to the computing device. The change in the computing device may be a change in hardware of the computing device or a change in software of the computing device, which is not limited by the embodiments of the present application.
S220, obtaining the data information of the kernel according to the storage position of the kernel in the storage device in the TEE.
The computing device may directly obtain the data information of the kernel from the storage device in the TEE according to the location of the kernel in the storage device. The data information of the kernel refers to all data information stored in the storage device by the kernel, namely, all data information from a physical starting position of the kernel in the storage device to a physical ending position of the kernel in the storage device. Alternatively, the data information of the kernel may be said to include all data information within the length of the kernel in the storage device.
It should be appreciated that since the computing device may also access data information within the REE storage space in the storage device in the TEE, and the kernel is located within the REE storage space in the storage device, the computing device may directly read the data information of the kernel in the REE storage space after determining the storage location of the kernel in the TEE. That is, the computing device may begin reading the data information of the kernel in the TEE according to the physical starting address of the kernel in the storage device and end reading the data information of the kernel at the physical ending address of the kernel in the storage device. The physical end address of the kernel in the storage device may be the sum of the physical start address of the kernel in the storage device and the length of the kernel. Alternatively, the computing device may read the data information of the kernel directly from the storage device in the TEE according to the physical starting address and length of the kernel in the storage device.
Alternatively, before step S220, the computing device may directly determine the storage location of the kernel in the storage device in the TEE. The memory location may be used to obtain data information for the kernel.
The memory location may include, for example, a physical starting address of the core in the memory device and a length of the core. Alternatively, the storage location may include a physical start address, a physical end address, etc. of the kernel in the storage device, which is not limited in this embodiment of the present application.
Optionally, the computing device may determine a storage location of the kernel in the storage device in the TEE based on the first parameter and the second parameter. The first and second parameters may be stored in TEE storage space in the storage device. The first parameter may include a boot address of the core and a length of the core. The second parameter may include a physical starting address of the REE memory space in the memory device. Alternatively, where KASLR techniques are enabled in the computing device, the second parameter may include a physical starting address of the re memory space and an address offset of the core.
It should be appreciated that the physical starting address of the REE memory space is the physical starting address relative to the full physical address of the memory device. It should also be appreciated that where the computing device hides the TEE memory, the physical starting address of the re memory corresponds to the relative address of the removal of the TEE memory in the storage device.
Optionally, the physical start address of the kernel in the storage device is determined according to the physical start address of the REE storage space and the start address of the kernel. Alternatively, the physical starting address of the kernel in the storage device is determined according to the physical starting address of the REE storage space, the starting address of the kernel, and the address offset of the kernel.
Illustratively, where the KASLR technique is enabled in the computing device, i.e., where the second parameter includes an address offset of the kernel, the memory location of the kernel in the memory device may be as shown in fig. 3.
FIG. 3 is a schematic block diagram of a memory location of a kernel. The REE store 310 in FIG. 3 is similar to REE store 121 in FIG. 1, and the kernel 311 in FIG. 3 is similar to kernel 1211 in FIG. 1. As can be seen from fig. 3, the physical starting address of the core 311 in the storage device is the sum of the physical starting address of the re, the starting address of the core, and the address offset of the core. Where the physical starting address of the REE is the physical starting address of REE store 310 relative to the storage device.
Illustratively, where the KASLR technique is not enabled in the computing device, i.e., where the second parameter does not include an address offset of the core, the physical starting address of the core in the storage device is the sum of the physical starting address of the re and the starting address of the core.
Alternatively, the computing device may pass the first and second parameters into the TEE memory space through the BIOS so that the computing device may obtain the first and second parameters in the TEE. The first parameter is a parameter stored in the BIOS and/or the second parameter is a parameter determined by the BIOS.
Illustratively, the first parameter may be a parameter manually stored into the BIOS by an administrator of the computing device. For example, the administrator may store the first parameter in the BIOS through a BIOS menu, gateway, CLI, or the like.
For example, the first parameter may be determined at the time of compiling the kernel. The first parameters may be the same for different versions of the kernel, or may be different, which embodiments of the present application are not limited to.
Illustratively, the step of storing the first parameter to the BIOS may be performed once when the version of the kernel changes. That is, if the kernel version or kernel in the computing device has not changed, the first parameter may be stored in the BIOS of the computing device at or before the first run of the computing device, and the first parameter does not need to be repeatedly imported during the subsequent run of the computing device. If the kernel version in the computing device changes, the updated first parameter needs to be stored in the BIOS of the computing device when the kernel version is updated for the first time or before the first time. The updated first parameter is determined from the updated kernel.
Illustratively, the first parameter may be encrypted, such as by signing a digest of the first parameter, before storing the first parameter in the BIOS. The public key that verifies the first parameter may be stored in the BIOS. That is, the first parameter stored in the BIOS may be an encrypted parameter, and the BIOS may verify whether the first parameter is trusted through the public key, so that the security of the kernel may be enhanced.
For example, the manager may process the first parameter using a digest algorithm to obtain a first digest of the first parameter. The first digest may then be signed using the private key to obtain an encrypted first digest. The first parameter and the encrypted first digest may then be stored in the BIOS. When the BIOS is started, the public key can be used for decrypting the encrypted first abstract, and the decrypted first abstract is obtained. The first parameter may then be processed using the same digest algorithm to obtain a second digest of the first parameter. Finally, whether the first parameter is trusted can be determined by comparing whether the first digest is identical to the second digest. Specifically, if the first digest and the second digest are the same, it indicates that the first parameter is not tampered and can be trusted. If the first digest and the second digest are different, the first parameter is tampered and cannot be trusted.
Illustratively, the second parameter is a parameter determined by the BIOS in operation. The BIOS may initialize the storage device and allocate storage space for REEs and TEEs, i.e., determine REE storage space and TEE storage space in the storage device. In determining the REE memory space, a physical starting address of the REE memory space and a length of the REE memory space may be determined. Alternatively, a physical start address, a physical end address, etc. of the REE storage space may be determined, which is not limited in the embodiments of the present application.
Illustratively, in the case where the KASLR technology is enabled in the computing device, the BIOS may also determine the address offset of the kernel. The address offset of the kernel is an offset randomly generated by the BIOS according to the KASLR technology, and is used for improving the address security of the kernel.
After determining the storage location of the kernel in the storage device, the computing device may read the data information of the kernel from the storage device directly in the TEE according to the storage location.
S230, calculating the data information of the kernel in the TEE, and determining the actual calculated value of the kernel.
The computing device may calculate the data information of the kernel after obtaining the data information of the kernel in the TEE, thereby determining an actual calculated value of the kernel. The actual calculated value may be used to determine the state of the kernel, i.e., may be used to determine whether the kernel is trusted.
Alternatively, the computing device may calculate the data information of the kernel in the TEE according to a metric algorithm, thereby obtaining an actual calculated value. The actual calculated value comprises data of at least one data bit.
Illustratively, the metric algorithm may include a hash algorithm, such as a secure hash algorithm-256 (secure hash algorithm-256, SHA-256) or a cryptographic hash algorithm of Shangmi 3, SM 3. The SHA-256 algorithm may output fixed length (e.g., 256 data bits) computations without limiting the length of the input data. Also, in the case where any bit in the input data is modified, the output of the SHA-256 algorithm is different.
For example, assuming that the first input data and the second input data have the same length, the first input data and the second input data are different in one bit data, the first output result obtained through the SHA-256 algorithm is different from at least one bit in the second output result. Alternatively, assuming that the first input data and the second input data are different in length, the first output result is different from the second output result by at least one bit. The first output result is an output result corresponding to the first input data, and the second output result is an output result corresponding to the second input data.
Illustratively, the computing device may calculate the data information of the kernel in the TEE using the SHA-256 algorithm, resulting in a 256-bit actual calculated value.
Alternatively, after obtaining the actual calculated value of the kernel in the TEE, the computing device may directly compare the baseline calculated value and the actual calculated value of the kernel in the TEE. The baseline calculated value is a predetermined value and may include data of at least one data bit. If the baseline calculated value and the actual calculated value are the same, the computing device may determine that the state of the kernel is trusted. If the baseline calculated value and the actual calculated value are different, the computing device may determine that the state of the kernel is not trusted.
For example, assuming that the actual calculated value and the baseline calculated value each include 256 data bits, if the actual calculated value is identical to the baseline calculated value over 256 data bits, then it is indicated that the actual calculated value is identical to the baseline calculated value. If the actual calculated value differs from the baseline calculated value by data on one or more of the 256 data bits, then it is indicated that the actual calculated value differs from the baseline calculated value.
For example, the baseline calculated values of the kernel may be stored in TEE memory space in the storage device. Alternatively, the baseline calculated value of the kernel may be stored in the REE memory space in the storage device after the encryption process.
For example, the baseline calculated value of the kernel may be determined from the data information of the kernel at the time of compilation of the kernel. That is, the baseline calculation value of the kernel is a calculation value obtained by calculating the data information of the kernel in a trusted state of the kernel.
Alternatively, the computing device may determine the state of the kernel in the TEE from the actual calculated values and metric models of the kernel. The metric model may be a mapping between actual calculated values of the kernel and states of the kernel. The metrology model may also include baseline calculations.
Alternatively, after obtaining the actual calculated value of the kernel in the TEE, the computing device may encrypt the actual calculated value in the TEE to obtain an encrypted actual calculated value. The computing device may also send the encrypted actual calculated value to the management device. The management device is another computing device connected to the computing device. The management device may determine the state of the kernel of the computing device based on the encrypted actual calculated value, i.e., the encrypted actual calculated value is used by the management device to determine the state of the kernel of the computing device.
The management device may also verify, for example, whether the received actual calculated value is authentic, and in the event that it is determined that the actual calculated value is authentic, determine the state of the kernel of the computing device from the actual calculated value.
For example, the computing device may process the actual calculated value in the TEE according to a digest algorithm to obtain a first digest of the actual calculated value. The computing device may then sign the first digest of the actual computed value in the TEE using the private key, obtain an encrypted first digest, and send the actual computed value and the encrypted first digest to the management device. The management device may decrypt the encrypted first digest using the public key to obtain a decrypted first digest. The management device may further process the received actual calculated value according to the same digest algorithm, to obtain a second digest of the actual calculated value. The management device may determine whether the actual calculated value is authentic based on whether the first digest and the second digest are identical. If the first digest and the second digest are the same, the actual calculated value may be determined to be authentic. If the first digest and the second digest are different, it may be determined that the actual calculated value is not authentic.
For example, the management device may store a baseline calculation of a kernel of the computing device and determine a state of the kernel of the computing device based on the baseline calculation and the encrypted actual calculation.
For example, the management device may compare the baseline calculated value with the actual calculated value if it is determined that the actual calculated value is authentic. If the baseline calculated value and the actual calculated value are the same, the computing device may determine that the state of the kernel is trusted. If the baseline calculated value and the actual calculated value bits are different, the management device may determine that the state of the kernel of the computing device is not trusted.
Alternatively, the computing device may periodically perform steps S220 and S230 in the TEE. Alternatively, the computing device may perform steps S220 and S230 in the TEE upon receiving the instruction information from the management device. The indication information is used to instruct the computing device to determine a state of the kernel. Alternatively, the computing device may perform steps S220 and S230 upon detecting certain changes or updates of itself, which embodiments of the present application are not limited in this regard.
It should be appreciated that the computing device may obtain the trusted first and second parameters in the TEE and may determine the memory location of the kernel based on the first and second parameters. The computing device may also directly read the data information of the kernel in the TEE, and calculate the data information of the kernel, thereby determining an actual calculated value. Since the steps of the computing device determining the actual calculated value are all performed in the TEE, the actual calculated value is accurate and trusted. That is, by the method in the embodiment of the application, a trusted closed loop can be formed in the process of determining the state of the kernel, so that whether the kernel is trusted or not can be determined more accurately and reliably, and the safety of the computing equipment can be further protected.
FIG. 4 is a schematic flow chart of a method of determining the state of a kernel, the method of FIG. 4 including the following steps.
S410, entering a Trusted Execution Environment (TEE) when the indication information is received. The specific implementation of step S410 is similar to that of step S210, and will not be described here again.
S420, obtaining the first parameter and the second parameter through the BIOS.
The computing device may obtain the first and second parameters in the TEE via the BIOS. The first parameter may include a boot address of the kernel and a length of the kernel. The second parameter may include a physical starting address of the REE memory space in the memory device, or the second parameter may include a physical starting address of the REE memory space and an address offset of the kernel.
Alternatively, the first parameter may be pre-stored in the BIOS, i.e., the first parameter may be a parameter manually stored into the BIOS by an administrator of the computing device. For example, the administrator may store the first parameter in the BIOS through a BIOS menu, gateway, CLI, or the like.
For example, the first parameter may be determined at the time of compiling the kernel. The first parameters may be the same for different versions of the kernel, or may be different, which embodiments of the present application are not limited to.
Illustratively, the step of storing the first parameter to the BIOS may be performed once when the version of the kernel changes. That is, if the kernel version or kernel in the computing device has not changed, the first parameter may be stored in the BIOS of the computing device at or before the first run of the computing device, and the first parameter does not need to be repeatedly imported during the subsequent run of the computing device. If the kernel version in the computing device changes, the updated first parameter needs to be stored in the BIOS of the computing device when the kernel version is updated for the first time or before the first time. The updated first parameter is determined from the updated kernel.
Illustratively, the first parameter may be encrypted, such as by signing a digest of the first parameter, before storing the first parameter in the BIOS. The BIOS may also store a public key that verifies the first parameter. That is, the first parameter stored in the BIOS may be an encrypted parameter, and the BIOS may verify whether the first parameter is trusted through the public key, so that the security of the kernel may be enhanced. The specific verification manner may refer to the description in step S220.
In some embodiments, the BIOS may determine the second parameter at run-time.
For example, the BIOS may initialize the storage device and allocate storage space for REEs and TEEs, i.e., determine REE storage space and TEE storage space in the storage device. In determining the REE memory space, a physical starting address of the REE memory space and a length of the REE memory space may be determined. Alternatively, a physical start address, a physical end address, etc. of the REE storage space may be determined, which is not limited in the embodiments of the present application.
Illustratively, in the case where the KASLR technology is enabled in the computing device, the BIOS may also determine the address offset of the kernel. The address offset of the kernel is an offset randomly generated by the BIOS according to the KASLR technology, and is used for improving the address security of the kernel.
Optionally, after the BIOS is running, the BIOS may pass the first and second parameters into the TEE storage space so that the computing device may obtain the first and second parameters in the TEE.
Alternatively, step S420 may be performed once at power-up of the computing device. That is, if the computing device has just been powered on, step S420 may be performed once. If the computing device is in a state of continuous power-on operation, it is not necessary to repeatedly perform step S420.
S430, determining a storage position of the kernel in the storage device according to the first parameter and the second parameter in the TEE.
The computing device may obtain the first parameter and the second parameter in the TEE storage space and determine, directly in the TEE, a storage location of the kernel in the re storage space in the storage device based on the first parameter and the second parameter.
Alternatively, the storage location may include the physical starting address of the core in the REE storage space and the length of the core. Alternatively, the storage location may include a physical start address, a physical end address, etc. of the kernel in the REE storage space, which is not limited in this embodiment of the present application.
Optionally, the physical start address of the kernel in the REE memory space is determined according to the physical start address of the REE memory space and the start address of the kernel. Alternatively, the physical starting address of the kernel in the REE storage space is determined according to the physical starting address of the REE storage space, the starting address of the kernel, and the address offset of the kernel, which is not determined in the embodiment of the present application.
It should be appreciated that the physical starting address of the REE memory space is the starting address relative to the full physical address of the memory device. It should also be appreciated that where the computing device hides the TEE memory, the physical starting address of the re memory corresponds to the relative address of the removal of the TEE memory in the storage device.
Alternatively, step S430 may be performed once when the computing device is powered up, or may be repeated each time the state of the kernel needs to be determined, which is not determined in the embodiment of the present application. That is, the computing device may directly store the location of the kernel in the storage device into the TEE storage space after determining the storage location of the kernel in the storage device, so that it is not necessary to repeatedly perform step S430 each time the state of the kernel needs to be determined. Alternatively, the computing device may encrypt the storage location of the kernel in the storage device and store the encrypted storage location in the re storage space, so that it is not necessary to repeatedly perform step S430 each time the state of the kernel needs to be determined.
S440, obtaining the data information of the kernel according to the storage position of the kernel in the storage device in the TEE. Step S440 is similar to step S220 and will not be described here.
S450, calculating the data information of the kernel in the TEE to obtain an actual calculated value. Step S450 is similar to step S230, and will not be described here.
S460, determining whether the baseline calculated value is the same as the actual calculated value.
Alternatively, step S460 may be performed by a computing device or may be performed by a management device, which is not limited by the embodiment of the present application. The management device may be another computing device connected to the computing device.
In some embodiments, the baseline calculated value may be stored in the TEE storage space, or may be stored in the re storage space after encryption. Alternatively, the baseline calculated value may be stored in a management device, which is not limited in this embodiment of the present application.
For example, the baseline calculated value of the kernel may be determined from the data information of the kernel at the time of compilation of the kernel. That is, the baseline calculation value of the kernel is a calculation value obtained by calculating the data information of the kernel in a trusted state of the kernel.
Alternatively, the computing device may directly compare the actual calculated value with the baseline calculated value after obtaining the actual calculated value in the TEE, thereby determining the state of the kernel.
In some embodiments, the actual calculated value and the baseline calculated value may each include data of at least one data bit. If the data on each data bit of the actual calculated value and the baseline calculated value are the same, then the baseline calculated value is the same as the actual calculated value. If the data on one or more data bits of the actual calculated value is different from the baseline calculated value, it is interpreted that the baseline calculated value is different from the actual calculated value.
For example, assuming that the actual calculated value and the baseline calculated value each include 256 data bits, if the actual calculated value is identical to the baseline calculated value over 256 data bits, then it is indicated that the actual calculated value is identical to the baseline calculated value. If the actual calculated value differs from the baseline calculated value by data on one or more of the 256 data bits, then it is indicated that the actual calculated value differs from the baseline calculated value.
Alternatively, the computing device may send the actual calculated value to the management device after obtaining the actual calculated value in the TEE. The management device may determine whether the kernel of the computing device is trusted by determining whether the baseline calculated value is the same as the actual calculated value.
In some embodiments, the computing device may perform encryption processing when sending the actual calculated value, so that the management device may verify whether the received actual calculated value is authentic. The specific implementation may be described in step S230.
In the case where the actual calculated value is the same as the baseline calculated value, step S470 may be performed.
In the case where the actual calculated value is different from the baseline calculated value, step S480 may be performed.
S470, determining the state of the kernel as trusted.
In the event that the computing device determines that the actual calculated value is the same as the baseline calculated value, the state of the kernel may be determined to be trusted, i.e., it may be determined that the kernel has not been attacked or modified.
In the event that the state of the kernel is determined to be trusted, the computing device may function normally. Alternatively, the computing device may take some action, such as issuing a kernel-safe notification message to the user or management device, etc. Alternatively, the management device may take some measure, such as sending a kernel-safe notification message to the computing device or administrator, for example, and the embodiments of the present application are not limited in this regard.
And S480, determining that the state of the kernel is not trusted.
In the event that the computing device determines that the actual calculated value is different from the baseline calculated value, it may be determined that the state of the kernel is not trusted, i.e., it may be determined that the kernel has been attacked or modified.
In the event that the state of the kernel is determined to be untrusted, the computing device may take certain actions, such as may alert a user or a management device, or may directly suspend operation, thereby preventing the computing device from further attack. Alternatively, in the case where the state of the kernel is determined to be unreliable, the management device may send a notification message to the computing device or the administrator that the kernel is not secure, or may directly suspend operation of the computing device, or the like, which is not limited by the embodiment of the present application.
The computing device can obtain the first parameter and the second parameter from the TEE through the BIOS, so that the storage position of the kernel in the re storage space can be directly determined in the TEE, and further the data information of the kernel can be directly read. The computing device can also calculate the data information of the kernel in the TEE to obtain an actual calculated value, so that a trusted closed loop is formed in the process of determining the state of the kernel, and the state of the kernel can be determined more accurately and reliably.
Fig. 5 is a schematic diagram of a computing device 500 according to one embodiment of the present application. The computing device 500 includes a conversion module 510, an acquisition module 520, and a determination module 530.
The conversion module 510 is configured to enter the trusted execution environment TEE when receiving indication information, where the indication information is used to indicate determining a state of the kernel. The conversion module 510 may perform step S210 in the method of fig. 2 or step S410 in the method of fig. 4.
The acquiring module 520 is configured to acquire, in the TEE, data information of the kernel according to a storage location of the kernel in the storage device. The acquisition module 520 may perform step S220 in fig. 2, steps S420-440 in fig. 4.
The determining module 530 is configured to calculate data information of the kernel in the TEE, and determine an actual calculated value of the kernel. The actual calculated value is used to determine the state of the core, which may include trusted or untrusted. The determination module 530 performs step S230 in the method of fig. 2, steps S450-480 in the method of fig. 4.
In some embodiments, computing device 500 further includes a transmission module (not shown). The sending module may encrypt the actual calculated value in the TEE to obtain an encrypted actual calculated value. The sending module may also send the encrypted or signed actual calculated value to the management device. The encrypted actual calculation value is used for the management device to determine the state of the kernel. The management device is another computing device connected to a computing device that includes a storage device.
Fig. 6 is a block diagram of a computing device 600 provided in accordance with an embodiment of the present application. The computing device 600 shown in fig. 6 includes: processor 601, memory 602, and communication interface 603, processor 601, memory 602, and communication interface 603 communicate via bus 604. The receiver 605 is configured to receive information or pending requests from other devices (e.g., management devices) connected to the computing device 600, and the transmitter 606 is configured to transmit the actual calculated values stored in the memory 602 or the encrypted actual calculated values to the other devices (e.g., management devices) connected to the computing device 600.
The method disclosed in the above embodiment of the present invention may be applied to the processor 601 or implemented by the processor 601. The processor 601 may be a central processing unit (central processing unit, CPU), but may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), field programmable gate arrays (field programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or any conventional processor or the like. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in the processor 601 or instructions in the form of software. The disclosed methods, steps, and logic blocks in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in the memory 602. The processor 601 reads the instructions in the memory 602 and, in combination with its hardware, performs the steps of the method described above.
The memory 602 may store instructions for performing the methods performed by the computing device in the embodiments described above. The memory 602 may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and direct memory bus RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory. The processor 601 may execute instructions stored in the memory 602 and perform the steps of the computing device of the above embodiments in conjunction with other hardware (e.g., the receiver 605 and the transmitter 606), and reference may be made to the description of the above embodiments for specific operation and benefits.
The bus 604 may include a power bus, a control bus, a status signal bus, and the like in addition to a data bus. But for clarity of illustration, the various buses are labeled as bus 604 in the figures.
The present application also provides a chip system including a logic circuit for coupling with an input/output interface through which data is transmitted to perform the steps performed by the computing device in the above embodiments.
According to the method provided by the embodiment of the application, the application further provides a computer program product, which comprises: computer program code which, when run on a computer, causes the computer to perform the steps of the above embodiments.
According to the method provided by the embodiment of the application, the application further provides a computer readable medium storing program code, which when run on a computer, causes the computer to perform the steps of the above-described embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (19)

1. A method of determining a state of a kernel, comprising:
when indication information is received, entering a Trusted Execution Environment (TEE), wherein the indication information is used for indicating and determining the state of a kernel;
obtaining data information of the kernel in the TEE according to the storage position of the kernel in a storage device;
and calculating the data information of the kernel in the TEE, and determining an actual calculated value of the kernel, wherein the actual calculated value is used for determining the state of the kernel, and the state of the kernel comprises trusted or untrusted.
2. The method according to claim 1, wherein the method further comprises:
obtaining a first parameter and a second parameter in the TEE through a Basic Input Output System (BIOS), wherein the first parameter comprises a starting address of the kernel and the length of the kernel in the storage device, the second parameter comprises a physical starting address of a Rich Execution Environment (REE) storage space in the storage device, or the second parameter comprises a physical starting address of the REE storage space and an address offset of the kernel;
and determining the storage position in the TEE according to the first parameter and the second parameter.
3. The method of claim 2, wherein the first parameter is a parameter stored in the BIOS and/or the second parameter is a parameter determined by the BIOS.
4. A method according to claim 2 or 3, wherein the storage location comprises a physical start address of the core in the storage device and the length, the physical start address of the core in the storage device being determined from a physical start address of the re storage space and a start address of the core, or the physical start address of the core in the storage device being determined from a physical start address of the re storage space, a start address of the core and an address offset of the core.
5. The method of claim 4, wherein the obtaining, in the TEE, data information of the kernel according to a storage location of the kernel in a storage device, comprises:
in the TEE, according to a physical start address of the kernel in the storage device and the length, data information of the kernel is read from the storage device.
6. The method according to any one of claims 1 to 5, further comprising:
Comparing a baseline calculated value of the kernel with the actual calculated value in the TEE, wherein the baseline calculated value is a preset numerical value;
if the baseline calculated value is the same as the actual calculated value, determining that the state of the kernel is credible;
and if the baseline calculated value and the actual calculated value are different, determining that the state of the kernel is not trusted.
7. The method of claim 6, wherein the baseline calculated value is determined from data information of the kernel at compile time of the kernel.
8. The method according to any one of claims 1 to 7, further comprising:
encrypting the actual calculated value in the TEE to obtain an encrypted actual calculated value;
and sending the encrypted actual calculated value to a management device, wherein the encrypted actual calculated value is used for determining the state of the kernel by the management device, and the management device is other computing devices connected with the computing device containing the storage device.
9. A computing device, comprising:
the conversion module is used for entering a Trusted Execution Environment (TEE) when receiving indication information, wherein the indication information is used for indicating and determining the state of the kernel;
The acquisition module is used for acquiring the data information of the kernel in the TEE according to the storage position of the kernel in the storage device;
the determining module is used for calculating the data information of the kernel in the TEE, determining an actual calculated value of the kernel, wherein the actual calculated value is used for determining the state of the kernel, and the state of the kernel comprises trusted or untrusted.
10. The apparatus of claim 9, wherein the acquisition module is further configured to:
obtaining a first parameter and a second parameter in the TEE through a Basic Input Output System (BIOS), wherein the first parameter comprises a start address of the kernel and a length of the kernel, the second parameter comprises a physical start address of a Rich Execution Environment (REE) storage space in the storage device, or the second parameter comprises a physical start address of the REE storage space and an address offset of the kernel;
and determining the storage position in the TEE according to the first parameter and the second parameter.
11. The apparatus of claim 10, wherein the first parameter is a parameter stored in the BIOS and/or the second parameter is a parameter determined by the BIOS.
12. The apparatus of claim 10 or 11, wherein the storage location comprises a physical start address of the core in the storage device and a length of the core, the physical start address of the core in the storage device being determined according to a physical start address of the re storage space and a start address of the core, or the physical start address of the core in the storage device being determined according to a physical start address of the re storage space, a start address of the core, and an address offset of the core.
13. The apparatus according to claim 12, wherein the obtaining module is specifically configured to read, in the TEE, data information of the kernel from the storage device according to a physical start address of the kernel in the storage device and the length.
14. The apparatus of any one of claims 9 to 13, wherein the determining module is further configured to:
comparing a baseline calculated value of the kernel with the actual calculated value in the TEE, wherein the baseline calculated value is a preset numerical value;
if the baseline calculated value is the same as the actual calculated value, determining that the state of the kernel is credible;
And if the baseline calculated value and the actual calculated value are different, determining that the state of the kernel is not trusted.
15. The apparatus of claim 14, wherein the baseline calculated value is determined from data information of the kernel at compile time of the kernel.
16. The apparatus according to any one of claims 9 to 15, further comprising a transmission module for:
encrypting the actual calculated value in the TEE to obtain an encrypted actual calculated value;
and sending the encrypted actual calculated value to a management device, wherein the encrypted actual calculated value is used for determining the state of the kernel by the management device, and the management device is other computing devices connected with the computing device containing the storage device.
17. A computer device, comprising: a processor for coupling with a memory, reading and executing instructions and/or program code in the memory to perform the method of any of claims 1-8.
18. A chip system, comprising: logic circuitry for coupling with an input/output interface through which data is transmitted to perform the method of any of claims 1-8.
19. A computer readable medium, characterized in that the computer readable medium stores a program code which, when run on a computer, causes the computer to perform the method according to any of claims 1-8.
CN202210925211.0A 2022-08-03 2022-08-03 Method for determining kernel state and related equipment Pending CN117556418A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210925211.0A CN117556418A (en) 2022-08-03 2022-08-03 Method for determining kernel state and related equipment
PCT/CN2023/106854 WO2024027472A1 (en) 2022-08-03 2023-07-12 Method for determining state of kernel, and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210925211.0A CN117556418A (en) 2022-08-03 2022-08-03 Method for determining kernel state and related equipment

Publications (1)

Publication Number Publication Date
CN117556418A true CN117556418A (en) 2024-02-13

Family

ID=89815246

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210925211.0A Pending CN117556418A (en) 2022-08-03 2022-08-03 Method for determining kernel state and related equipment

Country Status (2)

Country Link
CN (1) CN117556418A (en)
WO (1) WO2024027472A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060242406A1 (en) * 2005-04-22 2006-10-26 Microsoft Corporation Protected computing environment
KR100745640B1 (en) * 2005-08-11 2007-08-02 주식회사 웨어플러스 How to Protect Kernel Memory and Its Devices
CN104951316B (en) * 2014-03-25 2018-09-21 华为技术有限公司 A kind of credible startup method and apparatus of kernel
CN112231072A (en) * 2019-07-15 2021-01-15 杭州中天微系统有限公司 A kind of processor and kernel switching processing method

Also Published As

Publication number Publication date
WO2024027472A1 (en) 2024-02-08

Similar Documents

Publication Publication Date Title
US10931451B2 (en) Securely recovering a computing device
KR101662618B1 (en) Measuring platform components with a single trusted platform module
KR101066727B1 (en) Secure Boot of Computing Devices
US8826405B2 (en) Trusting an unverified code image in a computing device
US8230412B2 (en) Compatible trust in a computing device
KR101402542B1 (en) Persistent security system and method
JP5346608B2 (en) Information processing apparatus and file verification system
JP5394441B2 (en) System and method for N-ary locality in a security coprocessor
CN107679425B (en) Trusted boot method based on firmware and USBKey combined full disk encryption
JP2006501581A (en) Encapsulation of reliable platform module functions by TCPA inside server management coprocessor subsystem
JP6391439B2 (en) Information processing apparatus, server apparatus, information processing system, control method, and computer program
CN116842517A (en) Trusted verification method and device
CN117556418A (en) Method for determining kernel state and related equipment
CN111277601A (en) A kind of website security monitoring method and system
CN111357003A (en) Data protection in a pre-operating system environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination