| With the rapid development of embeded devices and mobile devices,their are having increasingly wide application areas.At the same time,the number of attacks against embeded devices and mobile devices increse,and they are more hardly to prevent.Applying trusted computing technologies to mobile devices can provide better protection.However,due to the inherent shortcomings of mobile devices,the Trusted Platform Module is difficult to be used directly on mobile devices.Therefore,this paper presents a way that use TrustZone technology to build virtual TPM.According to TPM1.2 specification,we build TPM's function as software and find a way to protect virtual TPM by isolation features(software and hardware)of TrustZone,so the virtual TPM can provide trusted computing service to Rich Execution Environment(REE)as a Trusted Root.We rewrite the TDDL and design the way of communication between TDDL and virtual TPM.For the shortcoming thar TrustZone don't provide hardware isolation of external storage,we present a way that use RPMB and CBC mode to protect the data of virtual TPM.We use Hikey board(ARMv8)and OPTEE trusted OS to build virtual TPM system and make experiments to verify the feasibility and performance of this method.Finally,we discuss the trust theory and the method of building trust chain used by TCG,and propose a method to construct trust chain based on virtual TPM. |
PDF Full Text Request