| This article studies on the security and trusted status of a PC system, points outthat we can setup a BIOS security subsystem to protect our PC, and realizes threesecurity functions including system integrity / validity detection,client identityauthentication and hard disk data encryption. All these functions depends on systemBIOS (Basic Input Output System), so it is a hardware based security solution. Thisarticle expatiates on the three functions according to BIOS execution sequence. System integrity / validity detection checks system (Motherboard,CPU,harddisk,Lan card,embedded code and BIOS code) to detect change,modification ofdevices and code modules. If there is any authenticated factor,BIOS will stopentering Operating System. Client identity authentication module authenticates current client through BIOSmodule , USB Key and client PIN. This function prevents system fromunauthenticated access and also protects network security. Hard disk data encryption module includes two functions: 1. encrypts MBR(Master Boot Record),partition tables and FATs(File Allocate Table)to protectswhole disk data;2. Uses BIOS and OS driver to encrypt different clients' files. Theencryption keys for these two functions are saved in BIOS chip, so the hard disk datacan not be decrypted on other system. The theory related with BIOS Security Subsystem includes BIOS worktechnology,OS work theory and encryption theory. |
PDF Full Text Request