Research And Implementation Of Trusted Boot Based On Usbkey

With the development and popularization of the science and technology in today's society, computers and networks have been widely used in various fields. However, information security problem has become increasingly prominent. Trusted computing technology is recognized as one of the most effective solutions to the problem of computer security issues.Computers complied with trusted computing technology have an obvious advantage of security compared to traditional computers, because it can build a fully trusted computing platform, but because the hardware of trusted computing platform is embedded on the motherboard, so traditional computer have to pay a higher price to use this technology, and there are no authentication process to final user in the trusted boot process.In view of the above problems, this paper has designed a trusted architecture based on USBKEY for common computer and has implemented main functions of trusted boot process defined in TCG standards. So this architecture not only can ensure the integrity and credibility of the operation system itself, but it can also provide trust support for the upper applications. In this way, it solves the problem that common computer cannot build a trusted environment because it has no hardware properly.In this paper, firstly we make introduction of the requirement of trusted enhancement, studied relevant TCG standards and some implementation of trusted boot process. Secondly, a trusted enhancement architecture based on USBKEY for common computer is designed based on the study of trusted computing technology, in which using USBKEY and BIOS as the trusted root, using boot authentication, trusted boot technology and trust chain transfer technology to ensure the credibility of the system platform and also the ability to provide support for applications in the upper layer. Thirdly, implement boot authentication process and trusted bootstrap process by combining the open source GRUB and TCG standards: the former process will authenticate whether user and computer are matched with the USBKEY plugged in currently; the latter process will measure and verify integrity of operation system loader, kernel and so on before it's loaded to ensure the integrity and credibility of each component of the operating system, thus ensuring the integrity and credibility of the whole operating system.