Abstract:

This paper proposes an active measurement and control method of the trusted platform control module (TPCM) based on advanced technology extended (ATX) motherboard. Keeping the original design of the motherboard unchanged, the existing interfaces of the computer motherboard are extended to protect the boot code from been tampered and attacked from the first CPU instruction. Combined with the realization of the power control, the method can fundamentally solve the problem that the source of the boot is not to be trusted. This design makes sure the TPCM has been powered on firstly and lets the TPCM lead the power control system of the computer, measuring the credibility and the integrity of the boot code. If the BIOS and any other firmware have been maliciously tampered, the TPCM enter untrusted operation environment or prevent the computer from been powered on according to the pre written security policy in TPCM. The TPCM designed by this method has active and absolute control right on the computer. Once the malicious code invades and the system is out of control, the TPCM can take the absolute protection measures such as taking off the computer and cutting off the power. The method is not only reliable and effective, but also has the advantages of low cost and simple installation.

Key words: ATX, TPCM, SPI, BIOS, boot code measurement