Research And Implementation Of Key Technology For Thusted Startup Of Server Based On BMC

With the emergence of cloud computing、big data、Internet of Things、mobile computing、artificial intelligence and other emerging information technologies,the Internet is undergoing a new transformation,the data centers deployed around the world has become one of the most important infrastructure to support the current Internet services.Once the server in the data center has security issues,it will bring serious consequences.Therefore,the security of the server must be ensured.And it must take comprehensive measures from the server hardware、firmware and operating system,etc.Trusted computing,as an important technology of information protection and security prevention has been widely used in many server systems.However,the traditional trusted design scheme can't meet the security requirements of the server system in the new era.Especially in recent years,there have been more and more attacks on server firmware such as BIOS,and the security of server has been seriously threatened.Server trusted startup technology based on active metrics is based on trusted roots.It guarantees the trustworthiness at all levels of system startup by building a complete trust chain.Baseboard Management Controller(BMC)is a server component integrated on the server motherboard and independent of each module of the server.It can start up before the server.Through the design,it can not only implement time controller of the server but also meet the security requirements of active measurement and it meets the requirements of the Trusted Platform Control Module(TPCM)in China.Fan.The main research work of this paper includes:(1)By analyzing the internal structure and principle of BMC firmware,following the domestic trusted computing related specifications,the trusted computing is applied to the security transformation of BMC firmware,and a BMC trusted startup scheme based on digital signature technology is designed to implement the security and trust metrics during the BMC startup process,which ensures the security and credibility of the BMC startup process.(2)By researching and analyzing of trusted computing platform,designed on the basis of the original BMC and studied the key technology of server-based trusted startup based on BMC.This scheme is based on BMC.And Active measurement mechanism is used to realize measurement control in the process of server startup.And the trusted measurement module TMM(Trusted Measurement Module)is introduced into the measurement model to realize the specific measurement work through TMM.(3)Based on the design of trusted startup system architecture,the server visual management interface is designed to provide policy support for server trusted startup.At the same time,administrators can easily monitor the status and remote control of the server through this interface.(4)The whole system is validated on relevant platforms,including BMC trustworthiness measurement,BIOS trustworthiness measurement and server management system function test,which ensures the availability of the whole system.