efi下可信链建立关键技术研究与实现信息安全专业论文.docxVIP

北京交通人学硕士学位论文 北京交通人学硕士学位论文 ABSTRACT ABSTRACT The Extensible Firmware Interface(EFI)iS a specification that defines a software interface between all operating system and platform firmware．EFI is intended as a significantly improved replacement of the old legacy BIOS firmware interface historically used by all IBM PC compatible personal computers．The EFI specification was originally developed by Intel，and is now managed by the Unified EFI Forum and is officially known as Unified EFI(UEFI)．EFI provides more extensibility and customization． Coming with the increase of aaack against BIOS，implementation of safe BIOS becomes extremely urgent．EFI have not resolved the security risk．Because most EFI code is implemented by C language，EFI is more easily to be decoded．The research in EFI security is very hot now．At present，most security research in EFI is concerned with trust transition based on TPM module．But TPM is not widely used now．In this thesis， USB Key is chosen to makeup trust root．The code before EFI DXE is the trust transition origin point． The base of implementing safe EFI is establishing a trust transition in EFI．This thesis focuses on research of the loading process of EFI drivers and applications．All EFI drivers and applications are loaded by the form of EFI Image in EFI．Two verification schemes of EFI Images are proposed in this thesis．One is EFl Trust List and the other is Embedding Signing Messages in EFI Image．EFI Trust List scheme needs a file that contains trusted EFI Images’information such as the path and the hash value．The file should be stored in the system．When an EFI Image needs to be loaded， its integrity will be checked．First，its legitimate hash value will be found in the Trusted List File by its path．Then，its actual hash value will be calculated．If the two hash values are the same，the integrity of the EFI Image is verified．In the scheme of embedding signing messages in EFI Image