磁针石: 可信计算（Good）

11月8日
TPM frontend driver的使用步骤
TPM frontend driver的使用步骤
qinyu
1.         定义tpmfe_device结构
TPM frontend driver的头文件tpmfe.h定义了tpmfe_device结构，外部使用frontend就必须定义tpmfe_device的实例。
struct tpmfe_device {
int (*receive)(const u8 *buffer, size_t count, const void *ptr);   //上层接收回调函数
void (*status)(unsigned int flags);
unsigned int max_tx_size;
struct tpm_private *tpm_private;
};
2.         注册/注销接收实例
在tpmfront.c中导出了tpmfe_device的注册/注销函数，通过这两个函数注册第一步定义的tpmfe_device实例。
int tpm_fe_register_receiver(struct tpmfe_device *tpmfe_dev)
void tpm_fe_unregister_receiver(void)
3.         发送/接收数据
tpmfront.c中导出了接收数据函数tpm_fe_send，使用这个函数上层应用可以向tpm frontend发送数据。
int tpm_fe_send(struct tpm_private *tp, const u8 * buf, size_t count, void *ptr)
函数调用时，函数第一个参数为tpmfe_device结构的tpm_private项。
而接收数据和发送实现不同，不是通过导出函数实现，而是由tpmfe_device的第一个域receive回调函数实现。receive函数输入参数为接收到的数据及其长度。
int (*receive)(const u8 *buffer, size_t count, const void *ptr);
21:11 |添加评论 |阅读评论 (2) |固定链接 |写入日志 |可信计算
Xen hyercall调用
Hypercall的调用流程：
1. 首先应用程序（例如：Xend）创建hypercall的命令及其参数，用pricmd_hypercall_t结构进行创建，然后ioctl操作privcmd驱动设备。
例如domain的创建hypercall：
privcmd_hypercall_t hypercall = { 0 };
hypercall.op     = __HYPERVISOR_dom0_op;
hypercall.arg[0] = (unsigned long)op;
2. Dom0内核层中提供了privcmd命令接口，privcmd通过获取ioctl操作命令，使用inline assemble将hypercall命令数据传递给Hypervisor.
3. 在Hypervisor中hypercall的调用被映射到hypercall_table表，查找到相应的hypercall entry，执行对应的hypercall函数完成操作。
21:06 |添加评论 |固定链接 |写入日志 |可信计算
Xen源代码的编译安装
Xen源代码的编译安装
qinyu
安装编译步骤
第一步：解压软件包，查看Xen源码包所带的文件；
第二步：配置内核；
linux-2.6-xen-sparse/arch/xen/configs/目录下是内核的配置文件,先设置Xen内核配置文件，可以手动，也可以通过命令配置。
第三步：编译和安装Xen；
Xen的编译需要在原有的内核代码上打补丁，这样编译出的xen内核支持虚拟技术。在编译之前，先将linux内核源码包linux-2.6.16.tar.bz2拷贝到xen根目录下（否则xen安装程序将从kernel.org上下载内核linux-2.6.16.tar.bz2进行安装）。
[root@localhost xen-3.0.2]# make all
[root@localhost xen-3.0.2]# make install
编译具体方法
第一次编译
# make KERNELS=linux-2.6-xen all     //如果不指定KERNELS，那么将编译两个内核镜像Xen0,XenU，指定KERNELS=linux-2.6-xen那么将生成一个共用的linux内核镜像vmlinuz-2.6.x-xen。在xen-3.0.2默认的是只编译一个共用内核,指定KERNEL=”linux-2.6-xen0 linux-2.6-xenU”将分别编译出Dom0,DomU内核。
（注意：编译两个内核最好的方法是直接在Makefile文件中设置KERNELS= linux-2.6-xen0 linux-2.6-xenU）
# make install
重新编译
# make linux-2.6-xen-config CONFIGMODE=menuconfig     (or xconfig)
# make linux-2.6-xen-build
# make linux-2.6-xen-install   （经测试linux-2.6-xen-build和linux-2.6-xen-install编译功能完全相同，只需使用linux-2.6-xen-install就能满足要求）
如果分两个内核编译那么执行下面的命令
# make linux-2.6-xen0-config CONFIGMODE=menuconfig     (or xconfig)
# make linux-2.6-xen0-install
# make linux-2.6-xenU-config CONFIGMODE=menuconfig     (or xconfig)
# make linux-2.6-xenU-install
为新编译的Xen内核生成ram disk文件
Depending on your config, you may need to use 'mkinitrd' to create an initial ram disk, just like a native system e.g.
# depmod 2.6.16-xen            #2.6.16-xen是xen内核版本号
# mkinitrd -v -f --with=aacraid --with=sd_mod --with=scsi_mod  /boot/initrd-2.6.16-xen.img 2.6.16-xen
两个内核可以分别制作initrd
配置grub启动项
title Xen 3.0 (XenLinux 2.6)
root (hd0,7)
kernel /boot/xen-3.0.2.gz
module /boot/vmlinuz-2.6.16-xen root=LABEL=/12 rhgb quiet selinux=0
module /boot/initrd-2.6.16-xen.img
如何在DomU中安装新内核
如果想升级DomU的内核，启动DomU后按照普通的编译升级内核的办法是无法实现的。因为DomU的Xen配置文件中指定了kernel和ramdisk是Dom0文件系统中的/boot/vmlinuz-2.6.X-xenU和/boot/initrd-2.6.X-xenU.img，DomU启动是使用这个内核启动的。要想升级DomU的内核需要将内核源码包，如内核linux-2.6.18.tar.bz2拷贝到xen根目录下，修改Makefile中的设置：KERNELS=linux-2.6.18-xenU，再这样编译xen，就会得到一个新的DomU内核，然后mount DomU的文件系统分区，将lib/modulue/2.6.18-xenU下的里边拷贝到DomU对应的文件系统中，在DomU的VM的配置文件中指定新的内核和initial ramdisk。
下载新内核源码包（这里为linux-2.6.17.tar.bz2)，将新内核放置在Xen根目录下，然后修改根目录下Makefile文件。
KERNELS ＝ linux-2.6-xenU             //单独编译出DomU的内核, 如果单独编译Dom0的内核改为linux-2.6-xen0就行了
修改buildconfigs/mk.linux-2.6-xen文件
LINUX_SERIES = 2.6
LINUX_VER   = 2.6.17
LINUX_SRCS = linux-2.6.17.tar.bz2    //解压linux-2.6.17.tar.bz2，编译时内核源码所在目录为linux-2.6.17-xenU
经过我测试，按照上诉方法将DomU内核升级到2.6.17，2.6.18都出现编译错误，原因是由于目录linux-2.6-xen-sparse下的源码和2.6.16匹配，而与2.6.17，2.6.18结合就产生了编译错误。
21:03 |添加评论 |固定链接 |写入日志 |可信计算
8月17日
xen-3.02内核编译过程解析
Xen编译时相关目录及其过程
linux-2.6.16-xen
含有Xen源代码的内核目录,是拷贝ref-linux-2.6.16目录中的代码，然后使用linux-2.6-xen-sparse目录构建源码树得到，使用的是脚本mkbuildtree实现
patch
xen相关补丁目录
linux-2.6-xen-sparse
xen内核目录树结构，含有脚本mkbuildtree构建内核目录树
pristine-linux-2.6.16
由linux-2.1.16.tar.bz2解压得到的内核源代码
ref-linux-2.6.16
拷贝pristine-linux-2.6.16目录中的代码，使用patch目录中的补丁对pristine-linux-2.6.16打补丁得到ref-linux-2.6.16中的源码。
Xen内核编译的过程总结如下：首先从kernel.org网站上下载linux内核linux-2.6.16.tar.bz2，然后将源码解压pristine-linux-2.6.16目录下，拷贝得到ref-linux-2.6.16目录，然后使用patch目录中的补丁对ref-linux-2.6.16目录中的源码打补丁，再拷贝ref-linux-2.6.16目录得到linux-2.6.16-xen，然后使用linux-2.6-xen-sparse目录中的代码，用脚本mkbuildtree构建内核目录得到最终的linux-2.6.16-xen目录。
17:27 |添加评论 |阅读评论 (1) |固定链接 |写入日志 |可信计算
8月10日
如何为TPM生成AIK证书
如何为TPM生成AIK证书
利用TSS可以编程轻易的产生AIK密钥对，TPM在进行平台身份证明，远程证明时必须用到AIK公钥证书，直
接利用TSS的AIK请求函数Tspi_TPM_CollateIdentityRequest，Privacy CA再解析AIK请求，为它颁发AIK
证书太过麻烦。
我用openssl结合TSS，实现了一个简单产生AIK证书的方法：
1.Tspi_Context_LoadKeyByUUID加载AIK密钥，用Tspi_GetAttribData获取公钥Blob
2.对公钥Blob进行DER编码，注意获得的公钥Blob只是Modulus，加上Exponent，编码得到
subjectPublicKey，最终将公钥DER编码得到SubjectPublicKeyInfo。
3.将SubjectPublicKeyInfo转换为openssl中的EVP_PKEY对象，openssl编程实现加载CA私钥EVP_PKEY对象
,创建证书对象X509，设置证书各项，用CA私钥签名得到证书。
测试生成的AIK证书：
用TSS实现AIK私钥的签名，在验证方使用AIK证书进行验证，验证完全通过。
10:26 |添加评论 |阅读评论 (1) |固定链接 |写入日志 |可信计算
6月28日
VT的发展和展望
VT的发展和展望
qinyu
2005-12-15
虚拟技术可以让计算机使用同样一块芯片在系统中运行多种操作系统或者应用程序。虚拟技术作为一项重要的底层硬件设计技术，主要是CPU芯片对虚拟技术的支持，是Intel公司率先推动和发展的关键技术之一，虚拟技术设计首先出现在英特尔的Xeon处理器中，逐渐的虚拟技术扩展到台式机处理器。
虚拟技术对于整个计算机平台架构有着重要的影响，不管是平台硬件（包括I/O设备），操作系统，系统级软件，应用软件，甚至系统管理等方方面面都随之而发展。我这里将从3方面来讨论VT（Virtualization Technology）未来发展趋势。
1. VT的分类及其功能
现有的主流的OS级结构都是单操作系统，即在同一时间段上，一个硬件架构上只能运行单个操作系统，而单操作系统会有以下缺陷：1）所有用户全部属于某个操作系统，那么这个操作系统上所有的资源都有一组用户共同管理。2）很难获得系统级的强隔离支持。
而VT带来了多OS的支持，从CPU，到其他硬件同时支持运行多个OS，各个OS之间又相互隔离。VT技术按照虚拟程度分为：Full virtualization和Para-virtualization。像VMware，Virtual PC属于Full virtualization，多个Guest OS运行于一个Host OS之上。而Xen等则是多个Guest OS运行于同一硬件架构之上，它们属于Para-virtualization。我这里主要讨论Para-virtualization技术，以Xen为例。
VT技术，特别是Xen，在原有计算机架构上，提供了众多的安全增强功能：强制访问控制，TPM的支持，资源管理，可信路径等。这里我讨论一下资源管理，原来的单OS，所有的资源全部位于同一个OS的资源容器中，而多个OS，资源被虚拟到若干个OS资源容器中，实现了操作系统级的物理资源的复用。硬件级别的VT虚拟技术可以对系统进行硬件分区化操作，实现一个硬件系统对应多个软件系统。这样的虚拟无疑增加了系统的安全性能，管理员和用户分别对应管理区和使用区，普通用户的使用不会对系统带来太大的破坏，出现了问题，管理员也可以很快地解决。
2. VT的当前发展
在产业界，基于VT的产品已经使用，学术界，这方面的研究也随着虚拟机技术研究的深入，不断地向前发展。
2005年，Intel在各个平台上（服务器平台，台式PC平台，移动平台），都将引入双内核技术或64位技术， I/O加速技术、虚拟技术等，这些技术都是Intel公司实施新的平台战略的中流砥柱。2005年11月15日，Intel提供的两款支持VT技术的芯片，分别为672和662。据悉，除了单内核的奔腾4处理器，英特尔还在将于2006年第一季度推出的双内核的奔腾D处理器中添加虚拟技术。到2006年上半年，英特尔将在其余的产品线上使用虚拟技术。
微软今年发布了Virtual Server 2005 R2的产品, Virtual Server提供了增强的隔离功能，一台虚拟计算机的崩溃不会影响到在系统上运行的其它虚拟计算机。
学术界对于VT的研究有Stanford University的Terra虚拟机体系结构和Cambridge University的计算机实验室与Intel研究中心合作的Xen项目，Xen起源于分布式计算项目XenoServer，现在已经完成Xen v2.0的实验系统，XenSource公司在进行商用化，最新系统Xen v3.0，支持Linux，BSD，Debian等OS，Windows XP的虚拟化工作正在进行中。
3. VT的潜在影响
VT技术让一台PC同时支持不同的操作系统以及应用程式，而VT未来将全面导入Intel的中高阶处理器产品，成为标准规格。原有的Intel CPU + Microsoft Windows构建台式PC的市场结构将发生改变。未来对于OS的选择，就像现在选择应用程序软件一样，由多个可替代的OS同时运行。
随着VT的不断发展和成熟，将在多个方面有着广阔的应用前景：1）对OS内核的开发和调试可以在同一硬件结构下进行，调试修改的内核可以在“沙盒”保护的虚拟机中进行，不用选择另一个测试计算机。2）同时运行多个OS，例如进行OS兼容性和性能质量评测。3）将多个服务器应用移到同一硬件上，通过虚拟机边界进行性能和错误隔离。4）应用于集群计算和负载平台。5）便于开发新的OS系统，便于用户自定义OS。
9:54 |添加评论 |固定链接 |写入日志 |可信计算
6月22日
可信计算规范概述
可信计算组织（Ttrusted Computing Group,TCG）是一个非盈利的工业标准组织，它的宗旨是加强在相异计算机平台上的计算环境的安全性。TCG于2003年春成立，并采纳了由可信计算平台联盟（the Trusted Computing Platform Alliance,TCPA）所开发的规范。现在的规范都不是最终稿，都还在不断的更新中，比如：TPM的规范就从原来的v1.0更新到v1.2，现在还在不断的修订。
TCG的规范包括了从硬件TPM芯片，到软件TSS，从安全PC Client，服务器，到可信网络连接TNC，从总体的体系结构，到具体的操作接口，整个TCG规范成为一个统一的整体。
1.      TCG规范体系结构
TCG规范的整体架构参照下图：
目前TCG主要的已经制定的规范有以下几个方面：
1.         TCG体系结构总体规范（Architecture Overview）
2.         基础框架规范(Infrastructure Specifications)
3.         可信平台模块规范(Trusted Platform Module Specifications)
4.         TPM软件栈规范(TSS Specifications)
5.         可信网络连接规范（Trusted Network Connect Specifications）
6.         个人计算机客户端规范（PC Client Specifications）
7.         服务器规范(Server Specific Specifications)
最近还在制定TCG的移动平台的规范，TCG的可信存储规范等都正在制定中。
2.      可信计算的主要规范
1.         TCG体系结构总体规范（Architecture Overview）
Architecture Overview规范中定义了TPM平台的使用场景，TCG规范的总体体系结构，任何人查阅TCG规范，就意味着必须首先了解Architecture规范。
2.         基础框架规范(Infrastructure Specifications)
Infrastructure Specifications主旨在于提高TCG相关技术的互操作性，侧重于可信系统的开发、配置、互操作性方面。
包含子规范有：
¨         TCG Infrastructure Working Group Reference Architecture for Interoperability (Part I) Specification
¨         TCG Infrastructure Working Group Reference Architecture for Integrity Management（Part II）Specification
该规范比较笼统，对于TCG各种子规范的管理有很大帮助，阅读此规范对TCG各个子规范之间互操作方法很有帮助。
3.         可信平台模块规范(Trusted Platform Module Specifications)
TPM Specification详细的阐述了TPM的体系结构，各个部件的功能，设计规范，TPM内部所通讯的数据结构，TPM底层执行的命令规范。
包含子规范有：
¨         TPM Main Part 1 Design Principles Specification
¨         TPM Main Part 2 TPM Structures Specification
¨         TPM Main Part 3 Commands Specification
该规范比较详尽的对TPM的各个方面作了规定，而且比较全面，现在已经生产的TPM芯片全部是遵循该规范，TPM规范应该是相对比较成熟的规范，而且目前已经成为行业标准。此规范定义了TPM相关的底层操作，特别是命令级，电路级实现必须完全参照此规范。
4.         TPM软件栈规范(TSS Specifications)
TSS Specification设计了支持TPM的软件服务层的结构，定义了各层之间的接口，规范了各个角色对于TSS的操作权限。
该方面的规范有：
TCG Software Stack (TSS) Specification Version 1.2
该规范定义了TCG软件开发接口，中间的服务接口。TSS直接和应用挂钩，提供应用程序开发接口，如果要开发可信平台下的安全应用，必须通读TSS规范。
5.         可信网络连接规范（Trusted Network Connect Specifications）
TNC规范设计了网络连接的抽象模型，定义了安全通讯的层次，规定TNC服务器，TNC客户端所必须遵循的操作接口。
主要子规范包含：
¨         TCG Trusted Network Connect,TNC Architecture
¨         TCG Trusted Network Connect,TNC IF-IMC,Specification
¨         TCG Trusted Network Connect,TNC IF-IMV,Specification
该方面标准还在不断修订中，不过TNC支持各种不同的网络结构，兼容Cisco的NAC和Microsoft的NAP，研究可信平台的网络接入，可信网络连接，基于可信连接的安全证明，需要参照这方面的规范。
6.         个人计算机客户端规范（PC Client Specifications）
这方面的规范还不够成熟，各个PC厂商生产的安全PC也是各不相同，TCG定义PC平台的规范只是提供底层的统一接口，具体细节还得看各个厂商如何实现。
7.         服务器规范(Server Specific Specifications)
这方面的规范我们涉及不多，不过支持TPM的服务器在技术上、设计上都是问题比较多的。该规范可以作为可信平台安全技术的应用实现阅读。
10:32 |添加评论 |固定链接 |写入日志 |可信计算
engine和tpm engine研究
engine和tpm engine研究
近日来，研究openssl engine，成功的实现了CSP engine，通过openssl调用CSP engine操作微软提供的密钥库。从sourceforge上下载了TPM的openssl engine，试图将它移植到Windows环境，engine实现接口采用的NTRU的TSS，将tpm engine的开源代码中dso动态加载tss函数改为了通过调用TSPI.dll动态加载tss函数，现在已经完成通过编译，抽空写个测试程序进行测试。
通过这些学习，对openssl engine机制有了深入的了解，现在比较困惑的是engine的控制函数（如init,finish,destroy,control等)如何辅助实现engine的管理。
10:30 |添加评论 |固定链接 |写入日志 |可信计算
4月13日
Lenovo M400S vs IBM M52 8114
配置比较
Lenovo 安全PC配置：
型号：联想开天M400S
芯片组：Intel 915G
CPU：2.93GHz Intel Pentium 4 515
Memory：DDR 256MB
TPM：联想“恒智”，符合TCG 1.2
TPM安全软件：联想安全方案
安全系统：联想LEOS系统
IBM M52 8114配置
型号：IBM M52 8114
芯片组：Intel 945G Express
CPU：Intel Pentium 4 531 3 GHz - 64-Bit，Hyper-Threading Technology,
Memory：DDR2 512M
TPM：National Semiconductor TPM，符合TCG 1.2
TPM安全软件：Client Security Solution
安全系统：Client Security Solution，Rescue Recovery
ThinkCentre的特点
ThinkCentre 在每个用户初始化时，创建个人用户密钥，该密钥受TPM保护。
提供有口令管理，虚拟磁盘管理，用户数据迁移，安全备份与恢复等功能。
提供的工具有：
Client Security Solution（主要工具）：口令管理和虚拟磁盘管理
Rescue and Recovery：安全备份与恢复
System Migration Assistant：用户数据迁移
个人点评：
TPM的用途限于用户层次，每个用户创建一个个人密钥，该密钥用于保护开机口令。无TPM管理工具，无密钥管理，数据保护通过虚拟磁盘的保护实现。ThinkCentre原有的安全功能很强大，使用时让人感觉不到TPM的存在，这些都做得很人性化。但是TPM的强大的存储保护功能，密钥保护功能都没有实现。
M400S的特点
Lenovo的安全PC建立了从硬件到OS的信任链，和单独的应用程序信任管理，试图实现整个系统的信任链。同样提供口令管理，虚拟磁盘管理，备份与恢复。
个人点评：
TPM的用途不限于用户层次，而是突破用户层次，直接到应用程序那一层次，TPM如果能够实现对应用程序的密钥管理，将很占优势。但Lenovo目前的功能还有很大缺陷，比如TPM管理工具产生的密钥，尽然没有应用到加密，签名等方面。
功能比较
1.信任链：
ThinkCentre：无明显的启动信任链（至少未显式实现），进入OS才开始检测芯片。
Lenovo：明显的系统启动检测，但信任链从OS开始截断，应用程序的信任由用户制订信任策略控制，通过系统智能防护工具实现。
比较：Lenovo占优势
2.系统恢复：
ThinkCentre：提供系统文件的备份，恢复，备份恢复的范围为整个系统。在Windows运行环境下提供单个文件的恢复。
Lenovo：提供系统重要文件的检测，备份，恢复，范围为系统文件。Windows运行环境下不提供任何恢复功能。
比较：ThinkCentre提供的功能更强
3.文件迁移：
ThinkCentre：提供个人数据文件（如Favourite，Desktop等）的迁移。
Lenovo：无
比较：ThinkCentre更优
4.口令保护：
ThinkCentre：提供口令保护功能，使用鼠标拖动，获取口令窗口焦点。
Lenovo：提供口令保护，类似于ThinkCentre。
比较：功能差不多，平手
5.密钥管理：
ThinkCentre：无
Lenovo：TPM工具提供创建以SRK为根的用户层次密钥。
比较：Lenovo占优势
6.启动认证：
ThinkCentre：使用安全芯片认证用户，即用户口令受芯片保护。还留有指纹认证扩展。
Lenovo：直接使用Windows密码认证。
比较：ThinkCentre占优势
7.TSS实现：
ThinkCentre：TSS动态链接库实现了TCG TSSv1.1的接口
Lenovo：TSS动态链接库没有实现TSS的导出接口
比较：ThinkCentre更好
8.TPM的控制：
ThinkCentre：BIOS控制开启，Windows OS检查芯片
Lenovo：BIOS控制，按钮控制，OS不检查芯片，应用时检查。
比较：Lenovo更人性化
9.TPM管理工具
ThinkCentre：无
Lenovo：有简单的管理工具，但是创建的密钥无法使用。
比较：Lenovo更适合于专业用户，功能更好
10.进程信任管理
ThinkCentre：无
Lenovo：提供应用程序信任管理，失败。
比较：Lenovo虽然实现了这一功能，但是一大败笔。
11.虚拟磁盘管理：
ThinkCentre：为个人用户提供创建虚拟磁盘，受个人用户密钥保护。
Lenovo：为个人用户提供创建虚拟磁盘，创建虚拟磁盘的同时创建受保护密钥。
比较：ThinkCentre的功能更强大
ThinkCentre和Lenovo的M400S对比列表：
符号说明：√表示功能更强，---表示无此项功能，==功能稍弱
IBM ThinkCentre
Lenovo M400S
1、信任链
---
√
2、系统恢复
√
==
3、文件迁移
√
---
4、口令保护
√
√
5、密钥管理
---
√
6、启动认证
√
==
7、TSS实现
√
==
8、TPM的控制
==
√
9、TPM管理工具
---
√
10、进程信任管理
---
×
11、虚拟磁盘管理
√
==
总计
6
5
总结：谁控制了应用，谁就是胜利者。可信平台能够支持更为广泛的应用，例如：提供良好的应用程序密钥管理保护，提供易用的TSS对外接口，在TSS的基础上提供SDK集成开发环境（IDE），那么可信平台就能全面支撑起整个应用框架。
10:50 |添加评论 |阅读评论 (2) |固定链接 |写入日志 |可信计算
国内安全PC配置比较
国内市场上已经出现了安全PC，下面的列表对几款常遇到的安全PC配置进行比较。
机型
芯片组
处理器
内存
TPM安全芯片
TPM安全软件
安全系统
方正君逸M500
Intel 945G
双核2.8GHz Intel Pentium D 820
DDR2 512MB
兆日SSX35，符合TCG 1.2
兆日安全方案
方正智能安全系统
惠普Compaq dc7600
Intel 945G
双核2.8GHz Intel Pentium D 820
DDR2 1024MB
Broadcom网卡芯片整合，符合TCG 1.2
惠普安全方案
Altiris Local Recovery
浪潮英政3600
Intel 945G
双核2.8GHz Intel Pentium D 820
DDR2 512MB
兆日SSX35，符合TCG 1.2
兆日安全方案
浪潮PC管理中心（可选）
联想开天M400S
Intel 915G
2.93GHz Intel Pentium 4 515
DDR 256MB
联想“恒智”，符合TCG 1.2
联想安全方案
联想LEOS系统
清华同方超翔C4200
Intel 915G
64位3.0GHz Intel Pentium 4 630
DDR 512MB
兆日SSX35，符合TCG 1.2
兆日安全方案
同方电脑急救中心（可选）
10:46 |添加评论 |固定链接 |写入日志 |可信计算
4月8日
可信计算的标准汇总
可信计算的标准汇总
可信计算组织（Ttrusted Computing Group,TCG）是一个非盈利的工业标准组织，它的宗旨是加强在相异计算机平台上的计算环境的安全性。TCG于2003年春成立，并采纳了由可信计算平台联盟（the Trusted Computing Platform Alliance,TCPA）所开发的规范。现在的规范都不是最终稿，都还在不断的更新中，比如：TPM的规范就从原来的v1.0更新到v1.2，现在还在不断的修订。
TCG规范体系结构
目前TCG主要的已经制定的规范有以下几个方面：
1.         基础框架规范(Infrastructure Specifications)
2.         可信平台模块规范(Trusted Platform Module Specifications)
3.         TPM软件栈规范(TSS Specifications)
4.         可信网络连接规范（Trusted Network Connect Specifications）
5.         个人计算机客户端规范（PC Client Specifications）
6.         服务器规范(Server Specific Specifications)
最近还在制定TCG的移动平台的规范，计划的是今年完成该规范的草稿。
可信计算的主要标准
1.         基础框架规范(Infrastructure Specifications)
Infrastructure Specifications主旨在于提高TCG相关技术的互操作性，侧重于可信系统的开发、配置、互操作性方面。
包含子规范有：
¨         TCG Infrastructure Working Group Reference Architecture for Interoperability (Part I) Specification
¨         TCG Infrastructure Working Group Reference Architecture for Integrity Management（Part II）Specification
该规范比较笼统，对于TCG的管理有很大帮助，但不适合作为标准，可是作为系统配置参考文献。
2.         可信平台模块规范(Trusted Platform Module Specifications)
TPM Specification详细的阐述了TPM的体系结构，各个部件的功能，设计规范，TPM内部所通讯的数据结构，TPM底层执行的命令规范。
包含子规范有：
¨         TPM Main Part 1 Design Principles Specification
¨         TPM Main Part 2 TPM Structures Specification
¨         TPM Main Part 3 Commands Specification
该规范比较详尽的对TPM的各个方面作了规定，而且比较全面，现在已经生产的TPM芯片全部是遵循该规范，TPM规范应该是相对比较成熟的规范，而且目前已经成为行业标准。该方面的规范在我国应该尽早的定为标准。
3.         TPM软件栈规范(TSS Specifications)
TSS Specification设计了支持TPM的软件服务层的结构，定义了各层之间的接口，规范了各个角色对于TSS的操作权限。
该方面的规范有：
TCG Software Stack (TSS) Specification Version 1.10
该方面的规范比较成熟，原有的规范应该不会有大的修改，最多再原有TSS规范上增加一些新的功能。而且TSS直接和应用挂钩，将TSS定为标准会对规范应用有很大作用。
4.         可信网络连接规范（Trusted Network Connect Specifications）
TNC规范设计了网络连接的抽象模型，定义了安全通讯的层次，规定TNC服务器，TNC客户端所必须遵循的操作接口。
主要子规范包含：
¨         TCG Trusted Network Connect,TNC Architecture
¨         TCG Trusted Network Connect,TNC IF-IMC,Specification
¨         TCG Trusted Network Connect,TNC IF-IMV,Specification
该方面标准今年才制定完毕，还在不断修订中，不过TNC支持各种不同的网络结构，兼容Cisco的NAC，如果能够经受得住网络界应用的考验，比较容易成为标准。
5.         个人计算机客户端规范（PC Client Specifications）
这方面的规范还不够成熟，各个PC厂商生产的安全PC也是各不相同，TCG定义PC平台的规范影响力还不够。
6.         服务器规范(Server Specific Specifications)
这方面的规范我还没有涉及到，不过支持TPM的服务器在技术上、设计上都是问题比较多的。建议不予考虑。
1:37 |添加评论 |固定链接 |写入日志 |可信计算
10月18日
New security proposed for do-it-all phones(zz)
New security proposed for do-it-all phones
By Joris Evers
http://news.com.com/New+security+proposed+for+do-it-all+phones/2100-1037_3-5883341.html
Story last modified Tue Sep 27 04:00:00 PDT 2005
As mobile phones become digital do-it-alls, handsets need better protection from hackers and from unauthorized access when they're lost or stolen, says an industry group proposing new, hardware-based security standards for the devices.
The Trusted Computing Group (TCG)--backed by big names like Nokia, Motorola, Intel, Samsung, VeriSign and Vodafone--plans to unveil its plan Tuesday at a conference sponsored by the Cellular Telecommunications & Internet Association. The TCG has already developed similar specifications for PCs and servers.
In addition to voice calls, cell phones are increasingly used for taking pictures, keeping a calendar and sending text messages and e-mail. In the future they could replace wallets, say industry pundits, with consumers whipping out a specially equipped phone instead of a credit card to pay for a purchase. That would make securing the gadgets even more important.
"Without proper security, mobile phones may become a target for hackers and malicious software," said Janne Uusilehto, senior technology manager at Nokia and chairman of the TCG's Mobile Phone Working Group. "The benefit of hardware-based security is that users can rely on their phone and (know) that private data is protected."
The proposed standard doesn't just protect user data. The security hardware also enables copyright protection, according to the TCG, a feature demanded by the entertainment industry. This so-called digital rights management technology could mean access to more exclusive content on cell phones, but it could also limit the content that will play on devices.
Additionally, says the TCG, cell phone operators could use the technology to get more control over the devices they sell. Operators would get a better way to lock devices to their networks and tighten control over which services and software can run on the gadgets. But user-rights advocates complain that such things limit consumers' choice and freedom.
The TCG's plans call for mobile handset hardware to support features similar to those of the Trusted Platform Module. The TPM is a security chip designed for PCs and servers that enables a variety of security features, including authentication, protected storage and secure e-mail. The TPM technology will need to be adapted because mobile phones are much smaller than PCs.
At the CTIA wireless event, the TCG will introduce its plans by sharing "use cases" for hardware-based security in cell phones. The group plans to release a blueprint designed to make it possible to include security technology in mobile handsets in the first half of 2006, representatives told CNET News.com.
Adding hardware-based security to cell phones can enable services such as electronic ticketing and mobile payments, according to the TCG. It can also provide for secure storage of personal information such as an address book, text messages, e-mail and pictures. And, in the future, payment data such as credit card numbers will be added to the mix, the TCG said.
"Nowadays my Treo 650 has some files from my corporation. It would be nice to have the phone rendered unusable if it gets lost," said Thomas Hardjono, a principal scientist at VeriSign and member of the TCG Mobile Phone Working Group. The Palm Treo 650 is a phone with features such as e-mail, a calendar and a camera.
As handsets get smarter and used for more than just voice calls, the threat of hacker attacks and mobile phone viruses rises, Nokia's Uusilehto said. The new security features can protect the devices against such threats, he said.
"Mobile phones are becoming full of security-demanding services," Uusilehto said. "Attacks are not a major problem today, and that makes the timing pretty good for us. We have time to do security properly, where we are not in a firefighting mode."
In addition to enabling new services and protecting user data, the TCG's proposals can also be used to secure copyright-protected data on mobile phones. That use of the new security features is critical to content services, said VeriSign's Hardjono. VeriSign is a significant player in the mobile content business with its Jamba and Jamster services.
"We want to sell content, but the folks in Hollywood don't want to sign the paperwork because they want guarantees that the devices have got proper security," Hardjono said. "No DRM, no content."
But digital rights management is one way the proposed security technology could restrict cell phone users, say some user-rights advocates. Operators would also get a better way to lock phones to their networks and close control of the services and applications that can run on devices.
"A lot of carriers have a model of trying to tax everything that goes into a phone, which we think is unfortunate," said Seth Schoen, staff technologist at the Electronic Frontier Foundation. "The TPM is just another tool to let them do these things."
Although the Trusted Platform Module is controversial on the PC because consumers expect a lot of freedom when using their computer, the same is not true for mobile phones. "In the cell phone market there is an assumption--rarely questioned--that restricting the end user is the natural thing carriers do," Schoen said. "I don't see the TPM in phones changing the user experience."
Hardware-based security is not new to the mobile phone space, said Nokia's Uusilehto, but manufacturers have so far each gone their own way. The Trusted Computing Group aims to provide a standard, which should reduce costs for handset makers and let component suppliers standardize.
"Today we're wasting a lot of resources and inventing the wheel again here and there, instead of doing it together in this open approach," Uusilehto said.
Nokia, the world's biggest handset maker, plans to use the TCG's security specifications, Uusilehto said. However, he could not say which products would include the technology and when those might become available.
It took several years for PCs with TPM chips to appear. Gartner analyst John Pescatore believes it won't be until about 2008 before cell phones with the new security technology hit stores.
Previous Next "The major problem is not that the technology is so difficult, but that the market is fractured," he said. While the PC market is dominated by Intel and Microsoft, the mobile phone space has many different players who will need more time to coordinate, he said.
Though the industry sees broad use for its security technologies, Pescatore thinks large businesses will be the first to buy devices that have the added security technology. Employees are accessing corporate data on their mobile devices and there is a need for more "trustable" devices, he said.
Consumers initially will not want to pay for the extra features, Pescatore said. "What consumers really want are smaller phones and lighter phones, and they don't want to pay a lot for them. Adding security hardware can make the phone more expensive, thicker and take more battery power."
-------------------------------------------------------------------------------------------
Locking up cell phones
The Trusted Computing Group provides 10 examples of what its plan for hardware-based security could enable in mobile phones.
1. Platform integrity to ensure the hardware and software are in a state intended by the manufacturer.
2. Device authentication to protect and store identities of users and bind the device to the appropriate user.
3. Digital rights management to protect content on the phone.
4. SIMlock/device personalization to ensure a device is locked to its network and can't be easily stolen.
5. Secure software download to enable the safe download of updates, patches and other software.
6. Secure channel between different parts of the phone to prevent tampering by malicious software.
7. Mobile ticketing to enable the secure download of tickets and manage them.
8. Mobile payment to enable the secure execution of payments.
9. Software use to ensure software is safe, and if not, that it can be removed, replaced or not executed.
10. User data protection to allow users to prevent their information from being accessed or viewed by unauthorized people and to give users access to services or data that might not require personal information.
Source: Trusted Computing Group.
20:13 |添加评论 |固定链接 |写入日志 |可信计算
10月14日
Introduction of TCP progress
Introduction of TCP progress
qinyu--2005.10.14
In present infrastructure there are concrete methods to deal with special security problems, such as firewall, IDS (Intrusion Detected System), anti-virus. It is not efficient, thorough for distributed computing security problem. Whether the host system is trusted to remote party, is most important in distributed environment. Why trust is most important, what is the relation to security? Trust is that the system with the context of whole environment executes as the expected behavior on subjective judgments of users, while security is system property in objective factor. They are two aspects like two sides of a coin. If the system is security, it is trusted for users. If it is trust, the system is also security. The major goal of Trusted Computing Platform (TCP) is implementing the trustworthiness of two remote parties in distributed computing.
Trust system is neither new nor invented by TCG (Trusted Computing Group).Actually trust system can date back to the 1960s and was driven by government and military need for effective information protection. Trusted Computing System Evaluation Criteria (TCSEC)  in early 1980s also known as Orange Book, first forms the standard definition of a trust computer system, how to evaluate and ensure them. But all of these are for single computer system with terminal access. Establish trust for two remote parties relies on Trust Third Party (TTP), for example Alice request Bob's service providing the certificate signed by trusted CA. Assurance of identity can be provided by TTP, but real time system configure can not be obtained by TTP, TTP can not reveal the real time security configure to remote party. If the system is able to measure its own integrity and report to remote party, trust can be established between the two parties. Based on this idea, the design and application of TCP appears. The research of TCP is originated from secure boot which implies that a system can measure its own integrity and terminate boot process if an integrity failure is detected. The AEGIS system implemented by Arbaugh  et al. is the first research on secure boot. The AEGIS system describes a secure bootstrap process for IBM PC system also allowing recovery from failure integrity. Hashes of loaded modules measured by secure bootstrap are compared with stored signatures before being executed; each layer validates the integrity of subsequent layer, started from a trusted portion of BIOS.
The early research on TCP is began with the secure coprocessor, started from Logical Coprocessing Kernel (LOCK)  of US defense in 1973. This project attempt to use hardware with other tools, based on theory of virtual machine monitor, to build a “highly trustworthy” sub community system. This project is particularly influential on early research and development of TCP. Secure coprocessor is generally defined as a computing environment, collocated at host machine, which can safely protect security-sensitive computing with some assurance. The early researches like Kent, Abyss, Citadel, Dyad  are foundation of the TCP research. Depending on these early researches, IBM 4758 secure coprocessor  is designed and built. It is a high end device, providing a robust, general purpose computational environment.
With TCP technique of IT industry proceeding, such as LaGrande  technique of Intel, NGSCB (Next Generation Secure Computing Base)  of Microsoft, the product and application of TCP is gradually mature. A serial of TCP specifications are issued by TCG (Trusted Computing Group) founded in 2003. TCG is advanced from TCPA (Trusted Computing Platform Alliance) sponsored by IBM, HP, Microsoft, Intel et al, and It is a non-profit standard organization with the aim of enhancing computing environment security by TPM (Trusted Platform Module). TPM is defined as a hardware instantiation kept to TCG specification, and is an embedded chip on the motherboard in computing platform. TCG provides a root trust with TPM, which can uniquely identify a particular platform, and provides various crypto capabilities including asymmetric and symmetric algorithm, hashing and MAC (Message Authentication Code) algorithm. TCP devices include secure coprocessor, cryptographic accelerator, TPM, personal token et al  , and TPM is a most practical one of all.
TCP measure the system integrity and convinces the remote party that the requested system is running in safe status now. TCP assure system integrity, identity authentication, information privacy. Circled around TCP for example TPM, a huge security infrastructure is shaping a new scope, various devices such as Servers, PDA, notebooks, desktops, input devices, storage devices, mobile phones, all of those are kept to TCG specification. TCP research is in a expansive space, enhancing system security, remote attestation, grid security, mobile phone communication security, access control in distributed computing, and all are in new research direction surrounding TCP.
18:11 |添加评论 |固定链接 |写入日志 |可信计算
10月12日
TCP研究机构汇总
TCP研究机构汇总
秦 宇--2005.9.14
IBM Waston Research
主要研究系统的完整性测量和完整性报告，实现C/S的远程认证。
相关文献Design and Implementation of a TCG-based Integrity Measurement ArchitectureThe Role of TPM in Enterprise SecurityBuilding the IBM 4758 Secure Coprocessor
Dartmouth University
Department of Computer Science, Dartmouth University
研究了Linux下的安全增强模块，开发了两个系统工具enforcer和security admin，在enforcer的基础上实现Web Server的SSL安全增强应用，安全增强的OpenCA系统等。
相关文献
An Open-Source Virtual Secure Coprocessor based on TCPAOpen-Source Applications of TCPA HardwareWebALPS Implementation and Performance Analysis-Using Trusted Co-servers to Enhance Privacy and Security of Web InteractionsWebALPS： A Survey of E-Commerce Privacy and Security Applications
Stanford University
Computer Science Department,Stanford University
基于VM技术，设计Terra体系结构，基于TVMM（trusted virtual machine monitor）建立了一个新型的OS体系结构，并在Terra Architecture上作了相关的实验研究。
相关文献
Terra：A Virtual Machine-Based Platform for Trusted ComputingFlexible OS Support and Applications for Trusted Computing
Cambridge University
University of Cambridge Computer Laboratory
与Intel合作开发TPM的虚拟技术，实现Xen virtual machine monitor。
相关文献
Xen and the Art of Virtualization
HP Lab
Hewlett-Packard Research Labs
HP启动了一系列关于TC应用的研究项目，主要领域包括：网格安全、可信生物认证、可信移动平台等
相关文献
A Trusted Biometric SystemOn Enhancing Biometric Authentication with Data protectionHow Trusted Computers can Enhance for Privacy Preserving Mobile ApplicationsInnovations for Grid Security from Trusted Computing
George Mason University
研究分布式环境下，可信平台的P2P访问控制
相关文献
Peer to Peer Access Control Architecture Using Trusted Computing Technology
13:28 |添加评论 |固定链接 |写入日志 |可信计算
TCP（Trusted Computing Platform）研究进展汇总
TCP（Trusted Computing Platform）研究进展汇总
秦 宇--2005.9.14
本索引只列举各个领域内可信计算研究的文献情况，详细内容请参照《TCP科研进展汇总》
系统安全
可信计算平台的操作系统构架，虚拟技术，安全协处理器，系统安全增强，完整性度量和报告等
参考文献
远程证明
可信计算模块TPM向远端证明自己可信
参考文献
数字版权
DRM（Digital Right Management），包含DRM的体系结构和实现机制，TCP与DRM的关系等等
参考文献
移动通讯
TCP在移动平台的应用，TCP保护移动平台的隐私性等等
参考文献
网格计算
TCP增强网格计算的安全性，基于TCP的新一代网格体系结构等
参考文献
访问控制
TCP平台下如何增强访问控制功能，P2P环境如何实现远端的访问控制
参考文献
Web服务器
基于TCP的Web服务器安全增强方案
参考文献
PKI系统
如何使用TCP增强PKI系统的安全
参考文献
电子商务
基于TCP设计更为安全的电子商务协议
参考文献
http://international.visa.com/fb/paytech/secure/main.jsp
生物认证
研究可信计算生物认证系统
参考文献
其他
参考文献
开源代码
汇总可信计算平台开源代码的情况
TPM Device Driver
Linux Device Driver/library/applications
http://www.research.ibm.com/gsal/tcpa
说明：IBM提供的TPM在linux系统下的Device Driver
Official Device Driver included in 2.6.12 kernel
http://sourceforge.net/projects/tpmdd
说明：IBM提供的linux内核2.6.12下的TPM驱动
NetBSD下的TPM Driver
http://www.citi.umich.edu/u/rwash/projects/trusted/netbsd.html
说明：密歇根大学的Rick Wash提供的NetBSD下的TPM Driver
TCG Software Stack（TSS）
IBM TrouSerS
http://sourceforge.net/projects/trousers
说明：IBM提供的Linux下的TSS，其中包含两个应用程序，一个控制TPM状态，一个PKCS#11的数据存储。
其他
Dartmouth enforcer--Linux Security Module
http://sourceforge.net/projects/enforcer
说明：Dartmouth提供的OS的安全增强部件，用于实现文件系统的防窜改。
Swiss Federal Institute of Technology – TPM emulator
http://www.infsec.ethz.ch/people/psevinc/
Software-based TPM Emulator
https://developer.berlios.de/projects/tpm-emulator
13:12 |添加评论 |阅读评论 (2) |固定链接 |写入日志 |可信计算
9月29日
Carnivore's New Leash on Life? (zz)
Carnivore's New Leash on Life? (zz)
By Declan McCullagh
04/19/2002
SAN FRANCISCO -- A graduate student at Dartmouth College wants to tame the FBI's Carnivore surveillance system. Alex Iliev has proposed a way to force anyone who wants to monitor e-mail or Web browsing to follow the rules -- and not snoop on private data that should be off-limits.
Iliev's system relies on technology, not Congress or federal judges, to keep Carnivore on a very short leash.
Much of the public outcry over Carnivore and similar eavesdropping methods arises because they take a vacuum-cleaner approach, sucking in all the data flowing through a network and then storing only the desired information. But if the snooperware is buggy or if police agencies go beyond what a court order allows, the system will snare far more traffic than it is authorized to retain.
Iliev's proposal, titled "Prototyping an Armored Data Vault" (PDF) and presented at the Privacy Enhancing Technologies workshop this week, says "a design goal is to store packets securely, so that they may be accessed only through the security mechanism imposed by the vault."
Here's how it works: An Internet service provider, university or corporation could choose to record all activities of people using the network. The data would be encrypted, with the only key able to unlock the information kept by the vault.
An FBI agent who wanted to access the information would obtain a search order that was digitally signed by a judge. The vault would recognize that signature and divulge only the information specified by the court. There would be no chance -- assuming the vault was programmed properly -- for a fishing expedition.
Even if the FBI physically seized the vault, legally or otherwise, it's supposed to be just about impossible for the cops to crack. Iliev's program runs on an IBM 4758 cryptographic coprocessor, designed to destroy itself if it detects an intrusion attempt.
IBM says its coprocessor features "physical penetration, power sequencing, temperature, and radiation sensors to detect physical attacks against the encapsulated subsystem." The U.S. government has certified it to meet the FIPS 140-1 standard at level 4, the most secure.
The U.S. Department of Justice and IBM partially funded this research. Since the Sept. 11 terrorist attacks, FBI use of Carnivore has increased sharply.
Iliev says he isn't necessarily suggesting that administrators store terabytes of traffic -- after all, the best way to protect someone's privacy is never to have their information on file in the first place.
Rather, Iliev says, if an administrator is required to play Big Brother, he wants them to have a reasonable way to do it.
"It might be preferable if collection of data to a large extent were not deemed necessary," says Iliev, who is a 23-year-old PhD candidate in Dartmouth's computer science department. "But if it is, then people might be more willing to bear with this. People can be confident how it would proceed."
"We want this to take place in an environment where people who have their data collected can be confident that how they agreed to have their data accessed will be how it will be accessed," he says.
Other applications for the vault, beyond storing network data, include encrypting medical or financial information that would be released only to authorized users.
Sean Smith, an assistant professor of computer science who co-authored the paper with Iliev, previously worked at IBM where he designed the software for the coprocessor.
"We tried to make it as unbreakable as feasible," Smith says. "As far as we know, it's held up."
The source code for the vault, which runs under the Linux operating system, is available on Dartmouth's website:http://www.cs.dartmouth.edu/~pkilab/code/vault.tar.gz