正在加载图片...
228 Z.Du,X.Li,and K.Shen vendors like AMI,Insyde and Phoenix [6]are leading UEFI promoters,and nowadays UEFI has been the popular firmware developing platform. Firmware abstracts the hardware interface,provides some basic services to operat- ing system,and has higher security.Nowadays few developers are familiar with the firmware mechanism;secure strategy imposed on firmware is more invulnerable than one on the software.Essentially speaking,trusted firmware services is dependent on the combination of software and hardware.Firmware are,in general,much safer than OS,application and communication software.But the new generation of firmware might have security holes through API interfaces and extensive modules.In this pa- per,we proposed a method to use TPM to enhance the security of PC firmware. The organization of the paper is as follows,UEFI framework and popular TPM functions are brief reviewed in section two.The third section is the main part of the paper,which covers three issues,multi-factor user authentication,hard disk protection and platform attestation alert.The experiments are discussed in section four,which is followed by conclusion. 2 Related Works The goal of trusted firmware services based on TPM is to build the safe computer,it involves UEFI based firmware development and security services provided by TPM. We will briefly review these two issues in this section. 2.1 UEFI Based Firmware In the traditional PC the firmware is called BIOS (Basic Input and Output System) and IBM defined its interface with OS,the interrupt services.This interface has not been changed very much until Intel proposed and implemented EFI (Extensible Firmware Interface)at the beginning of this decade.The Unified EFI Forum is a non- profit collaborative trade organization formed to promote and manage the UEFI stan- dard,which is originally based on EFI specification.Today UEFI has close to 150 members and its standards have been widely used in today's electronic devices. UEFI provides a program interface [5,6]to the hardware platform which includes the motherboard,CPU,and other components.UEFI based implementation allows for executing the pre-operating system agents,such as OS loader,diagnostics,driver and application.Figure 1 illustrates UEFI framework is an ensemble of EFI system table, handles,protocols,EFI images,events,devices,drivers,and EFI based firmware. Meanwhile,UEFI framework is a complex body which balances the OS requirement and hardware initialization. UEFI logically locates between OS and Hardware(as Figure 2 illustration),it ma- nipulates the devices by EFI handle,driver,protocol,image,etc.Not only do EFI manage the existed hardware in computer,but also the extended devices.EFI only provides the basic functionality,such as the driver to keyboard,monitor,etc,and the driver to specific motherboard need to be additionally developed.Moreover,EFI has strong flexibility,for keeping the less space and higher efficiency,some EFI images and protocols could be dynamically loaded or unloaded.For supplying more compati- bility to vendors and OEMs,EFI abstracts the interface to various hardwires with which vendors,IBVs and OEM could tightly incorporate with.228 Z. Du, X. Li, and K. Shen vendors like AMI, Insyde and Phoenix [6] are leading UEFI promoters, and nowadays UEFI has been the popular firmware developing platform. Firmware abstracts the hardware interface, provides some basic services to operat￾ing system, and has higher security. Nowadays few developers are familiar with the firmware mechanism; secure strategy imposed on firmware is more invulnerable than one on the software. Essentially speaking, trusted firmware services is dependent on the combination of software and hardware. Firmware are, in general, much safer than OS, application and communication software. But the new generation of firmware might have security holes through API interfaces and extensive modules. In this pa￾per, we proposed a method to use TPM to enhance the security of PC firmware. The organization of the paper is as follows, UEFI framework and popular TPM functions are brief reviewed in section two. The third section is the main part of the paper, which covers three issues, multi-factor user authentication, hard disk protection and platform attestation alert. The experiments are discussed in section four, which is followed by conclusion. 2 Related Works The goal of trusted firmware services based on TPM is to build the safe computer, it involves UEFI based firmware development and security services provided by TPM. We will briefly review these two issues in this section. 2.1 UEFI Based Firmware In the traditional PC the firmware is called BIOS (Basic Input and Output System) and IBM defined its interface with OS, the interrupt services. This interface has not been changed very much until Intel proposed and implemented EFI (Extensible Firmware Interface) at the beginning of this decade. The Unified EFI Forum is a non￾profit collaborative trade organization formed to promote and manage the UEFI stan￾dard, which is originally based on EFI specification. Today UEFI has close to 150 members and its standards have been widely used in today’s electronic devices. UEFI provides a program interface [5, 6] to the hardware platform which includes the motherboard, CPU, and other components. UEFI based implementation allows for executing the pre-operating system agents, such as OS loader, diagnostics, driver and application. Figure 1 illustrates UEFI framework is an ensemble of EFI system table, handles, protocols, EFI images, events, devices, drivers, and EFI based firmware. Meanwhile, UEFI framework is a complex body which balances the OS requirement and hardware initialization. UEFI logically locates between OS and Hardware (as Figure 2 illustration), it ma￾nipulates the devices by EFI handle, driver, protocol, image, etc. Not only do EFI manage the existed hardware in computer, but also the extended devices. EFI only provides the basic functionality, such as the driver to keyboard, monitor, etc, and the driver to specific motherboard need to be additionally developed. Moreover, EFI has strong flexibility, for keeping the less space and higher efficiency, some EFI images and protocols could be dynamically loaded or unloaded. For supplying more compati￾bility to vendors and OEMs, EFI abstracts the interface to various hardwires with which vendors, IBVs and OEM could tightly incorporate with
<<向上翻页向下翻页>>
©2008-现在 cucdc.com 高等教育资讯网 版权所有