Runtime-based boot components re-measurement scheme for trusted platform

Abstract

Integrity measurement is just one of the most important features in a trusted computing platform to provide evidence of platform configuration and behavior. Each set of software instructions (binary code) is measured and recorded before it is executed. Especially, all of boot components which be recorded in pre-boot stage can't be re-measured until the platform is rebooted. However, the reality is that many components belong to pre-boot stage, such as BIOS, Boot Loader and MBR, are easily modified or updated in runtime environment. If these updated results of components are treated as configuration requirements for a remote server-side to verify the access request, the remote network access connection will fail. It must restart the host to re-measure there components, and the result of the new measure is not guaranteed right absolutely. We solve this problem by embedding Integrity Measurement Agency Component (IMAC) which has the capability of monitoring transformation, verifying credibility, updating Platform Configuration Registers and recording integrity measurement logs in Linux kernel. The result of performance analysis demonstrates that the method is feasible and credible. © 2011 Springer-Verlag Berlin Heidelberg.