| With the rapid development of Internet technology and computer encryption technology, digital signature technology has a very wide range of applications. There are some underlying need to use the Bios for digital signature and verification, but digital signatures functions in UEFI layer is more difficult to be calling by the application layer.So, design and implement such an interface has very important significance.Through the research of UEFI and secure Boot technology, We can design and implement a more secure digital signature of a UEFI-based interfaces. The interface has the following characteristics: First, the interface program is executable on TCM trust chain, is a credible program. Secondly, keys, certificates, software configuration files are protected, you can ensure the integrity of critical files and prevent tampering by hackers, malicious programs. Again, the interface can authenticate the user, it can be trusted to only authorized users. Finally, the interface runs in the SMM mode, does not depend on the operating system-related function, which is the most important point for the security of digital signature interface.This paper addresses the following two problems, one is calling the UEFI digital signature function in the application layer, this paper use SMI technology through the use of software that can be related to the underlying function call by SMM drive. The second is the user authorization API implementation issues, tis paper uses Windows local service, combined with certificate validation, password, etc, to successful implement the user authorization module interface. |
PDF Full Text Request