网络与信息安全学报 (Dec 2020)
TPCM-based trusted PXE boot method for servers
Abstract
The PXE startup mechanism downloads operating system files through the network and starts the operating system,which is widely used in server network startup.It is widely used in server network startup.The PXE boot process is secured and trusted through trusted computing technology to prevent the PXE boot file from being tampered with maliciously,ensuring the safe and reliable operation of the server.The cyber security classified protection standard requires that the system boot program and system program of the server device be trusted and verified based on the trusted root.A TPCM-based server trusted PXE boot method based on the requirements of classified protection standard was proposed to ensure the security and trust of the server's BIOS firmware,PXE bootfiles,and Linux system files.When the server performs PXE boot,TPCM measured BIOS firmware,BIOS boot environment measured PXE boot files,and PXE boot environment measured Linux system files.Taking TPCM as the root of trust,one level of measurement,one level of trust,and a chain of trust were established to achieve a trusted server operating environment.The proposed method was tested on a domestically-controlled,self-controllable Shenwei server.The experimental results show that the proposed method is feasible.
