【正文】 ng the SINIT AC module ? Loading the MLE and processor rendezvous ? Performing a measured launch 106 TXT detection This action is only performed by the ILP 107 Loading the SINIT AC Module ? register location ? register size ? 128 KBytes of physically contiguous memory ? BIOS reserve 108 Matching an AC Module 109 TXT Heap Initialization ? system software ? SINIT AC ? system software ? MLE ? SINIT AC ? MLE ? TXT Heap Memory ? OsMleData OsMleDataSize ? specifying regions of memory to protect from DMA (PMR Low/High Base/Size) using VTd. ? OsSinitData OsSinitDataSize ? MLE Header data structure whose address is specified in the OsSinitData entry 110 Rendezvousing Processors and Saving State 111 MTRR Setup 112 executes the GETSEC[SENTER] instruction ? = Physical Base Address of SINIT AC Module ? = size of the SINIT AC Module in bytes ? = 0 ? [SENTER] 113 Definitions ? Modern CPUs have more than one processor ? Multicore CPUs ? Hyperthreading ? Initiating Logic Processor (ILP) ? Starts the GETSEC [SENTER] sequence ? Must be the bootstrap processor ? Responding Logic Processor (RLP) ? Any other processor on the platform that is not the ILP ? Reacts to the ILP, hence the name ? Broadcast ? Mechanism used by ILP to send messages to all RLPs ? Sleep ? When a processor sleeps it does nothing but wait for a wakeup call 114 GETSEC [SENTER] Sequence 115 THANK YOU 116 靜夜四無鄰，荒居舊業(yè)貧。 ? 用戶可以通過編程直接訪問 TSP 62 會話：用于驗證執(zhí)行 TPM命令的授權(quán) 63 A message in an authorized session ? Message Container ? identifies message type, size and formatting ? TPM Command ? mand name input/output parameters and return code ? Session State ? session ID, control flags and digest value of session messages 64 Agenda ? 可信平臺的基本特性 ? 可信計算平臺的基本體系 ? 可信平臺模塊（ TPM）部件 ? 軟件接口和服務 ? TCG編程接口 ? Trusted Boot 65 Naming Conventions ? Command ? discrete functionality of the TPM exposed externally and recognizable by TPMs mand processor. ? Function ? discrete functionality of nonTPM modules having programmatic interfaces. ? Operation ? Interface ? The set of mand or function entry points, including parameters and return codes, to a particular module. When used in singular context, Interface may refer to a single entry point. 66 消息格式 ? requestresponse model ? Request/Response Message 67 Command Ordinals ? Command Call: ? Command Reply: 68 包長與字節(jié)次序 ? TPM處理的包的最大長度： 4096字節(jié)。 ?證書和密鑰管理 ——存儲與平臺有關(guān)的證書和密鑰。 ? 為 TPM應用程序提供一個與操作系統(tǒng)無關(guān)的軟件接口。 ? 不可遷移 ?在一個 TPM中生成的密鑰只限在該 TPM中使用。 ? 受保護的信息（包括密鑰和數(shù)據(jù)）從 TPM內(nèi)傳送到 TPM外之前，需要進行加密， SRK是用于進行這樣的加密的根密鑰。 ? TPM中的存儲空間非常有限，存放不下多少密鑰，大量的密鑰只能存放在 TPM外的存儲介質(zhì)中。 ? updates to a PCR ? PCR[n] ? SHA1 (PCR[n] + measured data) ? SML does not reside in the TPM. 23 procedure 24 Measurement on Linux ? An example from a Linux based implementation of trusted puting 25 Linux Application Measurements 26 Integrity Reporting Protocol 27 協(xié)議說明 1. 請求方發(fā)出獲取一個或多個 PCR寄存器值的請求； 2. 平臺上的度量機制采集 SML記錄信息； 3. 度量機制從 TPM中獲取 PCR寄存器的值； 4. TPM用 AIK對 PCR寄存器的值進行簽名； 5. 平臺的度量機制采集與 TPM關(guān)聯(lián)的憑證，并把 SML記錄信息、憑證和經(jīng)過簽名的 PCR寄存器的值提供給請求方； 6. 請求方驗證請求的響應結(jié)果：它計算度量產(chǎn)生的摘要，將其與 PCR寄存器的值進行對比，并評估平臺的憑證，檢查簽名信息。 ? 接著 OS Loader度量 OS,OS度量應用和新的 OS組件。 ? EK/TPM act as RTR 16 Trusted Building Blocks (TBB) ? 可信構(gòu)件塊（ TBB）：平臺中必須納入到信任根之中的部件，處于保護區(qū)域和保護能力的范圍之外。CRTM是平臺執(zhí)行 RTM時的執(zhí)行代碼，一般存儲在 BIOS中。 9 完整