摘要: Baseboard Management Controller (BMC) and Basic Input Output System (BIOS) are important firmware in server. Currently, BMC and BIOS are facing with a series of security threats, which threaten the functions of the server. One feasible and effective solution for those threats is leveraging trusted computing technology. This paper researches secure boot mechanism for server and designs trusted firmware of BMC combined with domestic BMC and Trusted Cryptography Module (TCM). As the trust root of the system, BMC and TCM have been powered on firstly, measuring the credibility and the integrity of BMC and BIOS Boot Block, and then the server can be powered on. With the trusted boot method, the complete trust chain has been built, that accords with Chinese Trusted Platform Control Module (TPCM) specification. The achievement in the paper shows that it can detect if the BMC or BIOS firmware has been maliciously tampered. This research realizes the technology of TPCM and can be widely used.
