CN120597277A

CN120597277A - Operating system kernel design method and device based on trust domain expansion

Info

Publication number: CN120597277A
Application number: CN202510455245.1A
Authority: CN
Inventors: 张殷乾; 江睿翔; 游俊涛; 贾禹帆
Original assignee: Southern University of Science and Technology
Current assignee: Southern University of Science and Technology
Priority date: 2025-04-11
Filing date: 2025-04-11
Publication date: 2025-09-05

Abstract

The present invention discloses a method and device for designing an operating system kernel based on trust domain extensions. The method comprises: obtaining a Rust-TPM library and a Rust-IMA library built based on the Rust language, and utilizing Rust's inherent security properties to reduce security vulnerabilities and improve code reliability; obtaining an Asterinas-IMA kernel based on the Rust-TPM library and the Rust-IMA library, and implementing a system kernel implemented in Rust to effectively reduce security vulnerabilities; and deploying the kernel onto Intel Trust Domain Extensions to obtain a kernel based on the Trust Domain Extensions. The kernel enhances system security by leveraging the isolation effect of Intel Trust Domain Extensions. The present invention utilizes the memory safety characteristics of Rust and Trust Domain Extensions to reimplement the integrity measurement architecture function, thereby significantly improving the security of the operating system.

Description

Operating system kernel design method and device based on trust domain expansion

Technical Field

The invention relates to the technical field of computers, in particular to an operating system kernel design method and device based on trust domain expansion.

Background

Linux is an open source computer operating system kernel. The system is a Unix-like operating system which is mainly written in a C language and accords with the POSIX standard, and Linux is widely applied to a plurality of fields such as servers, embedded systems, desktop computing and the like due to the characteristics of open source and modularization. Although Linux makes many efforts in terms of security, there are some inherent security problems in the C language itself, such as memory management errors, lack of type security, and manual memory management problems, such as memory leaks and other memory related vulnerabilities caused by the developer's need to manually manage memory allocation and release, resulting in system crashes or exploitation by malicious attackers.

Accordingly, the prior art is still in need of improvement and development.

Disclosure of Invention

The invention aims to solve the technical problems of the prior art, and provides an operating system kernel design method and device based on trust domain expansion, which aims to solve the problems of system breakdown or utilization by malicious attackers caused by own security holes of a Linux system in the prior art.

The technical scheme adopted for solving the technical problems is as follows:

In a first aspect, the present invention provides a trust domain extension-based operating system kernel design method, where the method includes:

Obtaining a Rust-TPM library and a Rust-IMA library constructed based on Rust language, wherein the Rust-TPM library is used for realizing a trusted platform module on ASTERINAS cores, and the Rust-IMA library is used for realizing an integrity measurement architecture on ASTERINAS cores;

Obtaining ASTERINAS-IMA kernels based on the Rust-TPM library and the Rust-IMA library;

and deploying the ASTERINAS-IMA kernel to an Intel trust domain extension to obtain a ASTERINAS-IMA kernel based on the trust domain extension.

In one implementation, the Rust-TPM library constructed based on the Rust language comprises:

The trusted platform module component and the hardware interface driver of ASTERINAS kernels constructed based on Rust language are used for generating keys, hardware encryption, hardware decryption, safe starting and remote authentication.

In one implementation, the Rust-IMA library constructed based on the Rust language includes:

The system call interceptor component, the measurement unit component, the integrity anchor component and the hardware auxiliary verification component of ASTERINAS kernels constructed based on Rust language, wherein the measurement unit component is used for processing measurement requests, storing measurement results and verifying measurement data.

In one implementation, the system call interceptor component is to:

when a call instruction of a system call processing program is acquired, sending a measurement request to the measurement unit component through a system call interceptor, wherein the call instruction is used for calling a system file;

Measuring the called system file according to the measurement request to obtain a hash value of the system file;

Comparing the hash value of the system file with a measurement reference value to obtain a comparison result;

If the comparison result is that the hash value of the system file is consistent with a preset measurement reference value, calling the system file according to the calling instruction;

and if the comparison result is that the hash value of the system file is inconsistent with the preset measurement reference value, the calling instruction is not executed.

In one implementation, the integrity anchor component is to:

And acquiring a measurement record of the measurement unit, and comparing the measurement record with historical measurement results in a measurement list to verify the integrity of the content in the measurement list, wherein the measurement list is deployed in an integrity measurement architecture and used for storing the historical measurement results, and the historical measurement results are stored through a security. Ima extension attribute.

In one implementation, the hardware-assisted verification component is to:

Running a trust domain expansion driver on a ASTERINAS kernel, and triggering a measurement unit to send TDCALL request to the trust domain expansion through the trust domain expansion driver;

recording runtime measurement data according to the TDCALL request;

Calculating the runtime measurement data through an SHA384 algorithm to obtain a local runtime measurement register extension value, and storing the local runtime measurement register extension value in a runtime measurement register of the trust domain extension;

And reading the local run-time measurement register extension value through a trust domain extension authentication report, comparing the local run-time measurement register extension value with the historical measurement results in the measurement list, and if the local run-time measurement register extension value is consistent with the historical measurement results in the measurement list, passing verification.

In one implementation, the obtaining ASTERINAS-IMA kernel based on the Rust-TPM library and the Rust-IMA library includes:

And the Rust-TPM library is interacted with the trusted platform module, the Rust-TPM library is interacted with the integrity measurement architecture, the Rust-TPM library and the Rust-TPM library are integrated into the integrity measurement architecture, and a platform configuration register of the trusted platform module is replaced by a runtime measurement register of the trust domain extension, so that ASTERINAS-IMA kernel is obtained.

In a second aspect, an embodiment of the present invention further provides an operating system kernel design device based on trust domain expansion, where the device includes:

The first Rust library writing module is used for acquiring a Rust-TPM library and a Rust-IMA library which are constructed based on Rust language, wherein the Rust-TPM library is used for realizing a trusted platform module on ASTERINAS cores, and the Rust-IMA library is used for realizing an integrity measurement architecture on ASTERINAS cores;

The first system kernel acquisition module is used for acquiring ASTERINAS-IMA kernels based on the Rust-TPM library and the Rust-IMA library;

And the second system kernel acquisition module is used for deploying the ASTERINAS-IMA kernel to the Intel trust domain extension to obtain a ASTERINAS-IMA kernel based on the trust domain extension.

In a third aspect, an embodiment of the present invention further provides an intelligent terminal, where the intelligent terminal includes a memory, a processor, and a trust domain expansion-based operating system kernel design program stored in the memory and capable of running on the processor, where the steps of the trust domain expansion-based operating system kernel design method described in any one of the above are implemented when the processor executes the trust domain expansion-based operating system kernel design program.

In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores an operating system kernel design program based on a trust domain extension, where the operating system kernel design program based on the trust domain extension implements the steps of the operating system kernel design method based on the trust domain extension according to any one of the above steps when the operating system kernel design program based on the trust domain extension is executed by a processor.

The trust domain extension-based operating system kernel design method has the advantages that compared with the prior art, the trust domain extension-based operating system kernel design method comprises the steps of obtaining a Rust-TPM library and a Rust-IMA library which are constructed based on Rust language, reducing security holes and improving reliability of codes by means of security attributes of the Rust, obtaining ASTERINAS-IMA kernels based on the Rust-TPM library and the Rust-IMA library, effectively reducing the security holes through the system kernels realized by the Rust, and deploying the ASTERINAS-IMA kernels to Intel trust domain extension to obtain ASTERINAS-IMA kernels based on the trust domain extension, and enhancing security of the system by means of isolation effects of the Intel trust domain extension. The invention realizes the function of the integrity measurement architecture again by utilizing the security characteristics of the memory expanded by Rust and trust domain, thereby greatly improving the security of the operating system.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings may be obtained according to the drawings without inventive effort to those skilled in the art.

FIG. 1 is a flow chart of a trust domain expansion-based operating system kernel design method provided by an embodiment of the invention.

Fig. 2 is a diagram of a ASTERINAS-IMA kernel architecture provided by an embodiment of the present invention.

FIG. 3 is a functional block diagram of an operating system kernel design device based on trust domain expansion provided by an embodiment of the present invention.

Fig. 4 is a schematic block diagram of an internal structure of an intelligent terminal according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and effects of the present invention clearer and more specific, the present invention will be described in further detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.

As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein includes all or any element and all combination of one or more of the associated listed items.

It will be understood by those skilled in the art that all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs unless defined otherwise. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

Linux is a C-language based operating system, and since its release in 1991, linux has become one of the most widely used operating systems worldwide. Because of its open source and modularity, linux is widely used in many fields such as servers, embedded systems, desktop computing, etc. In terms of security, linux implements functions such as a TPM (TrustedPlatform Module ) and an IMA (INTEGRITY MEASUREMENT ARCHITECTURE, integrity measurement architecture), which greatly enhance the security of the system. However, since the C language itself has some inherent security problems, linux has security defects such as memory management errors and lack of type security. To overcome the security deficiency of the C language, developers choose to implement a new operating system in the more secure Rust language.

ASTERINAS (star blossom operating system) uses Rust as the only programming language, and is a safe, quick and universal operating system kernel. The method is provided with the same interface as that of Linux, can seamlessly run Linux application, but is safer in memory and more friendly to developers than Linux. In order to enhance the safety of ASTERINAS, the invention adopts ASTERINAS as a kernel of the system, develops a version adapting to TDX (Trust Domain Extensions, trust domain expansion) for ASTERINAS, and simultaneously introduces IMA (INTEGRITY MEASUREMENT ARCHITECTURE ) and TPM (Trusted Platform Module, trusted platform module) functions realized by Rust language.

Exemplary method

The embodiment provides an operating system kernel design method based on trust domain expansion, which can be applied to an operating system kernel. As shown in fig. 1, the method comprises the steps of:

step S100, a Rust-TPM library and a Rust-IMA library constructed based on Rust language are obtained, wherein the Rust-TPM library is used for realizing a trusted platform module on ASTERINAS cores, and the Rust-IMA library is used for realizing an integrity measurement architecture on ASTERINAS cores;

Specifically, in Linux systems, a TPM (TrustedPlatform Module ) provides a range of hardware-level security functions, including generating and managing encryption keys. By utilizing a hardware-based encryption technology, the TPM provides higher protection for stored information and prevents external software attacks. Various applications supported by the TPM improve security measures, particularly in situations where unauthorized access to sensitive data needs to be prevented, such as theft of devices. Security protocols are enhanced by ensuring that the platform configuration has not been tampered with the TPM so that applications can refuse to access data and confidential information.

The star burst (ASTERINAS) is a secure, fast, general purpose operating system kernel. The Linux interface is the same as that of Linux, and can seamlessly run Linux application. In terms of memory security, rust is used as a unique programming language, so that the security of the star burst is improved. By limiting the use of unsafe Rust to a well-defined and minimal trusted computing basis, the star burst is made a safer, more reliable kernel choice. All memory accesses in Rust are strictly checked by a compiler, and the problems of null pointer abnormality, data competition and the like can not occur in the running process. This means that the Rust code has higher reliability and security, and common security vulnerabilities can be avoided.

In the embodiment, a Rust-TPM library is written by using the Rust language, so that the TPM is realized on the ASTERINAS kernel, and the kernel operation is safer and more reliable.

IMA (INTEGRITY MEASUREMENT ARCHITECTURE ) is a secure framework for operating systems that ensures that the system has not been tampered with during operation by computing and comparing hash values of files. The IMA measurement may be stored in the TPM for greater security and may be used for remote authentication. Systems using only IMA rely on the security and configuration of the kernel. If the kernel or the configuration has loopholes or improper configuration, the protection effect of IMA may be affected. For example, some critical files may not be monitored, or an IMA configuration error may result in insufficient protection.

In this embodiment, IMA is implemented through the Rust language, based on the security of the Rust language, a Rust-IMA library is developed for calculating and verifying hash values of system components, ensuring system integrity, implementing runtime integrity check, continuously monitoring the integrity of key files and processes, integrating audit and log record functions, providing comprehensive security audit capability, supporting policy-based integrity measurement and verification, and allowing an administrator to define and manage security policies. I.e., through use of IMA implemented by Rust in ASTERINAS, security vulnerabilities caused by memory management and type security problems of programming languages are effectively avoided, and the burden of developers in writing and maintaining security codes is reduced.

In one implementation, the Rust-TPM library of the present embodiment includes the following:

In this embodiment, the TPM is implemented in the Rust language, and the Rust library is developed to interact with the TPM, including key generation, hardware encryption/decryption, secure boot, and remote authentication, and then implement the hardware interface and driver of the TPM, so as to ensure that the TPM can be seamlessly integrated with the ASTERINAS operating system. Thus, a trusted platform module is realized on ASTERINAS cores, and the security of the system is enhanced.

In one implementation, the Rust-IMA library of the present embodiment includes:

In particular, as shown in FIG. 2, in the detailed architecture of ASTERINAS-IMA, the implementation of IMA is divided into several major components, including a system call interceptor component, a measurement unit component, an integrity anchor component, and a hardware-assisted verification component, which work together to ensure the integrity of files and systems.

In one implementation, the system call interceptor group of this embodiment is configured to:

Step S1001, when a call instruction of a system call handler is acquired, sending a measurement request to the measurement unit component through a system call interceptor, where the call instruction is used to call a system file;

Step S1002, measuring the called system file according to the measurement request to obtain a hash value of the system file;

Step S1003, comparing the hash value of the system file with a measurement reference value to obtain a comparison result;

step S1004, if the comparison result is that the hash value of the system file is consistent with the preset measurement reference value, calling the system file according to the calling instruction;

Step 1005, if the comparison result is that the hash value of the system file is inconsistent with the preset measurement reference value, the call instruction is not executed.

Specifically, in ASTERINAS, various system call interfaces and their handlers are defined that parse the system call request and its parameters and pass the system call request and its parameters to specific processing functions. The system call interceptor is responsible for intercepting system call requests of the operating system. Each time an operating system processes a system call request, it triggers an interrupt, enters a trap frame handler, and is routed to a specific processing function.

In this embodiment, to implement runtime measurements, ASTERINAS adds a system call interceptor in the system call handler to bind the registered system call handler and allow measurement code to be inserted before and after the system call processing task. Specifically, when a file operation sensitive system call such as mmap () is performed, the system call interceptor sends a measurement request to the measurement unit. The measurement unit measures the accessed file and compares the hash value of the current system file with a preset measurement reference value. This process ensures the integrity of the file at runtime and monitors the file operation.

In one implementation, the integrity anchor component of the present embodiment is configured to:

step S1006, obtaining a measurement record of the measurement unit, and comparing the measurement record with a history measurement result in a measurement list to verify the integrity of the content in the measurement list, where the measurement list is deployed in an integrity measurement architecture to store the history measurement result, and the history measurement result is stored by a security. Ima extension attribute.

In particular, the measurement unit is responsible for processing measurement requests, storing results and validating measurement data. A Measurement List (ML) is a key data structure implementing the IMA function, which holds the current complete Measurement history. ML is maintained by the kernel security module and when a new measurement record is generated, a new measurement entry is added to the list. Since the measurement list is a measurement log that maintains the system, the history entries cannot be deleted, so it is read-only to the outside world.

In this embodiment, to save the measurement reference, ASTERINAS file system designs an extended file property (ExtendedFileAttribute, xattr) mechanism. An extended attribute is a key-value pair permanently associated with a particular file and is typically used to provide additional functions of the file system, such as rights control and logging, integrated in an Access Control List (ACL). In an IMA implementation, a security. IMA attribute is used to specify a reference measurement for the current file. The kernel may use XattrAPI to set, retrieve, and list the extended properties of the file. The file system is initialized during system initialization by traversing the file system to initialize the measurement reference and write the extended attributes as the original reference. When the subsequent system performs integrity measurement, the file can be compared with the reference value to judge whether the file is complete or not, and the corresponding reference value needs to be synchronously updated after the file is modified.

An integrity anchor (MeasurementAnchor, MA) is an important node in the IMA trust chain to ensure the integrity of the content in the measurement list. Whenever a new measurement record is submitted to the measurement list, the measurement unit will synchronize the changes to the measurement anchor point to maintain consistency of the record. In order for the integrity anchor to be trusted, it relies on secure hardware, such as a TPM chip or a measurement anchor in a TDX environment. In this embodiment, the measurement anchor point based on Intel TDX is selected as the secure firmware platform, specifically, the driver module of the TDX firmware, that is TDX _guard, is mounted under the/dev/TDX _guard directory at kernel start-up.

In one implementation, the hardware-assisted verification component of this embodiment is configured to:

Step S1007, a trust domain expansion driver is operated on ASTERINAS kernels, and a measurement unit is triggered to send TDCALL requests to the trust domain expansion through the trust domain expansion driver;

Step S1008, recording the measurement data in operation according to the TDCALL request;

In brief, the module function may be called at the kernel to operate the TDX related registers. As a Trust Domain (TD) in TDX. TDCALL is an instruction for requesting services from the TDX module by the trust domain. ASTERINAS can use TDCALL to submit measurement data and obtain an authentication report to read the data.

Step S1009, calculating the runtime measurement data by SHA384 algorithm to obtain a local runtime measurement register extension value, and storing the local runtime measurement register extension value in the runtime measurement register of the trust domain extension;

step S1040, reading the local run-time measurement register extension value through a trust domain extension authentication report, comparing the local run-time measurement register extension value with the history measurement result in the measurement list, and if the local run-time measurement register extension value is consistent with the history measurement result in the measurement list, passing the verification.

Specifically, the hardware assisted verification mechanism is based on a runtime measurement register (RTMR) extension of the intel trust domain extension. In the Intel trust domain expansion standard, runtime measurement registers are used to record runtime data, where RTMR [2] and RTMR [3] allow the operating system and user programs to record runtime measurement data. First, we implement a simple TDX driver in the kernel that allows the measurement unit to send TDCALL to extend the runtime measurement registers based on Intel TDX GuestAPI. The TDX, upon receiving the request, performs an expansion operation on the submitted value along with the old value, and calculates and overwrites the old value by SHA384 (new value+old value) algorithm.

It should be noted that the trust domain expansion criteria do not provide a way to directly read the runtime measurement registers, but are obtained by trust domain expansion authentication report decoding. The trust domain extension Guest may use TDCALL [ tdg.mr.report ] to obtain TDREPORT (TDREPORT _ STRUCT) from the trust domain extension module. In the trust domain expansion authentication report, the runtime measurement register value is encoded in a specific field. The RTMR value, i.e. the historical measurement result in the measurement list, is obtained by reading the corresponding location in TDREPORT _buffer and compared with the local run-time measurement register extension value. If it is consistent, this proves the integrity of the measurement records stored in the measurement list, and is verified.

Step 200, obtaining ASTERINAS-IMA kernels based on the Rust-TPM library and the Rust-IMA library;

in particular, systems using only IMA rely on security and configuration of the kernel. If the kernel or the configuration has loopholes or improper configuration, the protection effect of IMA may be affected. For example, some critical files may not be monitored, or an IMA configuration error may result in insufficient protection. While TDX provides hardware level isolation separating the operating environments of the virtual machine and host system, potential threats inside the host and virtual machines can be prevented from affecting the integrity of the data. In ASTERINAS, IMA provides integrity protection while benefiting from the isolation effects of TDX, enhancing system security.

In one implementation, the step S200 in this embodiment includes the following steps:

Step S201, the Rust-TPM library is interacted with the trusted platform module, the Rust-TPM library is interacted with the integrity measurement architecture, the Rust-TPM library and the Rust-TPM library are integrated into the integrity measurement architecture, and a platform configuration register of the trusted platform module is replaced by a runtime measurement register of the trust domain extension, so that a ASTERINAS-IMA kernel is obtained.

Specifically, ASTERINAS introduces new methods in measurement data logging and validation by implementing a validation mechanism based on a trust domain extension runtime measurement register extension. In this embodiment, an extension mechanism of the runtime measurement register is used to replace a platform configuration register of a conventional trusted platform module to record runtime data, and this mechanism enhances the reliability and security of measurement data. Meanwhile, the system uses a mode of acquiring an extension value by using a TDX standard authentication report, and compared with a traditional TPM, the system realizes the cooperative work of the TPM and the IMA and enhances the overall security of the system.

And step S300, deploying the ASTERINAS-IMA kernel to an Intel trust domain extension to obtain a ASTERINAS-IMA kernel based on the trust domain extension.

In particular, systems using only IMA rely on security and configuration of the kernel. If the kernel or the configuration has loopholes or improper configuration, the protection effect of IMA may be affected. For example, some critical files may not be monitored, or an IMA configuration error may result in insufficient protection. The Intel trust domain extension provides a hardware-level isolation mechanism to isolate the execution environment of the virtual machine from the host operating system, so that potential threats inside the host machine and the virtual machine can be prevented from affecting the integrity of the data.

In this embodiment, the ASTERINAS-IMA kernel is deployed on the intel trust domain extension, so that data and codes in the virtual machine are isolated and protected from the influence of the host system or other virtual machines, and the attack surface is reduced. For example, even if the host operating system is trapped, an attacker cannot directly access or tamper with virtual machine data running inside the trust domain. RTMRs (runtime measurement registers) are used to record measurement data of the virtual machine at runtime and to protect and verify these data using secure hardware. This mechanism ensures the integrity and non-tamper-ability of the measured data so that the system can detect and respond in real-time to potential security issues such as file tampering or anomalies in system configuration. The measurement register is maintained in the system during operation, so that the trust domain expansion hardware characteristic can be well utilized to improve the measurement reliability and integrity of the IMA system.

Exemplary apparatus

As shown in fig. 3, the present embodiment further provides an operating system kernel design apparatus based on trust domain expansion, where the apparatus includes:

In one implementation, the first Rust library writing module includes:

The Rust-TPM library unit comprises a ASTERINAS-kernel trusted platform module component and a hardware interface driver, wherein the ASTERINAS-kernel trusted platform module component is constructed based on Rust language and is used for generating keys, hardware encryption, hardware decryption, security starting and remote authentication.

In one implementation, the first Rust library writing module further includes:

The Rust-IMA library unit comprises a ASTERINAS kernel system call interceptor component, a measurement unit component, an integrity anchor point component and a hardware auxiliary verification component which are constructed based on Rust language, wherein the measurement unit component is used for processing measurement requests, storing measurement results and verifying measurement data.

In one implementation, the Rust-IMA library unit of the present embodiment includes:

The measurement request sending unit is used for sending a measurement request to the measurement unit component through the system call interceptor when a call instruction of the system call processing program is acquired, wherein the call instruction is used for calling a system file;

The hash value acquisition unit is used for measuring the called system file according to the measurement request to obtain the hash value of the system file;

The first comparison unit is used for comparing the hash value of the system file with a measurement reference value to obtain a comparison result;

a system file calling unit, configured to call the system file according to the calling instruction if the comparison result indicates that the hash value of the system file is consistent with a preset measurement reference value;

and the interception unit is used for not executing the calling instruction if the comparison result is that the hash value of the system file is inconsistent with the preset measurement reference value.

And the second comparison unit is used for acquiring the measurement record of the measurement unit and comparing the measurement record with the historical measurement results in the measurement list to verify the integrity of the content in the measurement list, wherein the measurement list is deployed in the integrity measurement architecture and used for storing the historical measurement results, and the historical measurement results are stored through the security. Ima extension attribute.

A request sending unit, configured to run a trust domain expansion driver on a ASTERINAS kernel, and trigger a measurement unit to send TDCALL a request to the trust domain expansion through the trust domain expansion driver;

A measurement data recording unit, configured to record runtime measurement data according to the TDCALL request;

The runtime measurement register extension value acquisition unit is used for calculating the runtime measurement data through an SHA384 algorithm to obtain a local runtime measurement register extension value, and storing the local runtime measurement register extension value in a runtime measurement register of trust domain extension;

And the third comparison unit is used for reading the local run-time measurement register extension value through the trust domain extension authentication report, comparing the local run-time measurement register extension value with the history measurement result in the measurement list, and if the local run-time measurement register extension value is consistent with the history measurement result in the measurement list, passing the verification.

In one implementation, the first system kernel acquisition module includes:

And the ASTERINAS-IMA kernel acquisition unit is used for interacting with the trusted platform module through the Rust-TPM library, integrating the Rust-TPM library and the Rust-TPM library into the integrity measurement architecture through interaction of the Rust-TPM library with the integrity measurement architecture, and replacing a platform configuration register of the trusted platform module with a runtime measurement register of the trust domain extension to obtain the ASTERINAS-IMA kernel.

Based on the above embodiment, the present invention further provides an intelligent terminal, and a functional block diagram thereof may be shown in fig. 4. The intelligent terminal comprises a processor, a memory, a network interface, a display screen and a temperature sensor which are connected through a system bus. The processor of the intelligent terminal is used for providing computing and control capabilities. The memory of the intelligent terminal comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the intelligent terminal is used for communicating with an external terminal through network connection. The computer program, when executed by a processor, implements a trust domain expansion-based operating system kernel design method. The display screen of the intelligent terminal can be a liquid crystal display screen or an electronic ink display screen, and a temperature sensor of the intelligent terminal is arranged in the intelligent terminal in advance and used for detecting the running temperature of internal equipment.

It will be appreciated by those skilled in the art that the schematic block diagram shown in fig. 4 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the intelligent terminal to which the present inventive arrangements are applied, and that a particular intelligent terminal may include more or less components than those shown, or may combine some of the components, or may have a different arrangement of components.

In one embodiment, an intelligent terminal is provided, the intelligent terminal includes a memory, a processor, and an operating system kernel design program based on trust domain expansion stored in the memory and capable of running on the processor, and when the processor executes the operating system kernel design program based on trust domain expansion, the processor implements the following operating instructions:

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, operational database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual operation data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.

In summary, the invention discloses an operating system kernel design method based on trust domain expansion, which comprises the steps of obtaining a Rust-TPM library and a Rust-IMA library constructed based on Rust language, wherein the Rust-TPM library is used for realizing a trusted platform module on ASTERINAS kernels, the Rust-IMA library is used for realizing an integrity measurement architecture on ASTERINAS kernels, obtaining ASTERINAS-IMA kernels based on the Rust-TPM library and the Rust-IMA library, and deploying ASTERINAS-IMA kernels on Intel trust domain expansion to obtain ASTERINAS-IMA kernels based on trust domain expansion. The invention realizes the function of the integrity measurement architecture again by utilizing the security characteristics of the memory expanded by Rust and trust domain, thereby greatly improving the security of the operating system.

It should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention, and not for limiting the same, and although the present invention has been described in detail with reference to the above-mentioned embodiments, it should be understood by those skilled in the art that the technical solution described in the above-mentioned embodiments may be modified or some technical features may be equivalently replaced, and these modifications or substitutions do not make the essence of the corresponding technical solution deviate from the spirit and scope of the technical solution of the embodiments of the present invention.

Claims

1. An operating system kernel design method based on trust domain expansion, which is characterized by comprising the following steps:

2. The trust domain extension based operating system kernel design method of claim 1, wherein the Rust-TPM library constructed based on Rust language comprises:

3. The trust domain expansion-based operating system kernel design method of claim 1, wherein the Rust-IMA library constructed based on Rust language comprises:

4. The trust domain extension based operating system kernel design method of claim 3, wherein the system call interceptor component is configured to:

5. The trust domain extension based operating system kernel design method of claim 3, wherein the integrity anchor component is configured to:

6. The trust domain expansion based operating system kernel design method of claim 5, wherein the hardware assisted verification component is configured to:

recording runtime measurement data according to the TDCALL request;

7. The trust domain expansion based operating system kernel design method of claim 6, wherein the obtaining ASTERINAS-IMA kernels based on the Rust-TPM library and the Rust-IMA library comprises:

8. An operating system kernel design device based on trust domain expansion, the device comprising:

The method comprises the steps of a first Rust library writing module, a Rust-TPM library and a Rust-IMA library which are constructed based on a Rust language, wherein the Rust-TPM library is used for realizing a trusted platform module on a ASTERINAS kernel, and the Rust-IMA library is used for realizing an integrity measurement architecture on a ASTERINAS kernel;

9. An intelligent terminal, characterized in that the intelligent terminal comprises a memory, a processor and a trust domain expansion-based operating system kernel design program stored in the memory and capable of running on the processor, wherein the processor implements the steps of the trust domain expansion-based operating system kernel design method according to any one of claims 1-7 when executing the trust domain expansion-based operating system kernel design program.

10. A computer readable storage medium, wherein a trust domain extension based operating system kernel design program is stored on the computer readable storage medium, and wherein the trust domain extension based operating system kernel design program, when executed by a processor, implements the steps of the trust domain extension based operating system kernel design method of any of claims 1-7.