Research And Implementation Of A Trusted Virtual Machine System Based On Efi

The EFI(Extensible Firmware Interface) is the next generation BIOS InterfaceSpecification developed by Intel. Because it is easy to use and is similar to an operationsystem, so EFI is gradually replacing the legacy BIOS. EFI does not solve the securityrisks faced by legacy BIOS, coupled with its support in the network communicationwithout operation system and accessing the harddisk data easily, it faces a very serioussecurity situation. Traditional security and defense systems are based on the operationsystem, taking a form of passive defense, so it is helpless while the virus attackinghardware, such as the CIH virus.In addition, with the rapid development of communication and Internet technology,the information is in a rapid growth in recent years. Especially, the cloud computingindustry is developing in a rapid speed, the global information industry is undergoing adramatic change driven by it. In the cloud computing era, the user’s data and IT servicesrely on the virual layer of cloud computing environment, we must ensure the security ofinformation by ensuring the security of computers and virtual machine manager.Therefore, how to ensure the safety of the EFI BIOS and operation system and virtualmachine manager is an urgent problem in the field of information security.In this thesis, we designed a safe program that formed a credible chain from EFI tooperation system and the virtual machine manager, using the U disk as a boot device,coupled with a trusted management center to configure and manage the entire system,we can solve the shortcoming of traditional security in base of operation system andrealize the credible system form EFI to the operation system. Thereby, the credibilityand integrity of the data is increased.Advanced expressed in this thesis:(1) The signature verification algorithm based on EFI is realized, designed a set ofactive defense program to solve the traditional security issuces base onoperation system;(2) Proposed a program with the portable U disk as a trusted boot device,combined with the upper configuration management module to manage more computers. So it has the advantages of flexibility and scalability.