Abstract: Nowadays, the cloud environment still confronted with a severe challenge on issues of security threats, and trusted platform control module (TPCM) technology provides an effective countermeasure for building a server platform that is secure, proactive, and controllable. To resolve the two completeness issues in TPCMbased server realizations, in this paper we propose a server platform architecture, which is based on TPCM and trusted software base (TSB). Concerning server hardware, we present a poweron timing control scheme that takes outofband management module (OMM) into consideration, and a dedicated scheme for establishing the trust chain. Meanwhile, we illustrate some basic requirements and insights in the realization of virtual root of trust, and we present a solution for virtual root of trust for measurement (VRTM). We also give some discussion on other key techniques including trusted migrations. We believe this work can serve as a practical reference in the design of TPCMbased cloud server platforms.

Key words: cloud computing, trusted server, trusted platform control module (TPCM), trusted software base (TSB), virtual root of trusted

摘要： 云环境中的安全威胁依旧严峻，可信平台控制模块(trusted platform control module, TPCM)技术为建立安全、主动可控的服务器平台提供了有效途径.为了解决基于TPCM的可信服务器实现中存在的两大完备性问题，构建了基于TPCM与可信软件基(trusted software base, TSB)的服务器平台体系结构.在服务器硬件层面，提出了结合带外管理系统(outofband management module, OMM)的上电时序控制及信任链设计方案.同时，对虚拟可信根的基本实现要求与思路进行阐述，并给出了虚拟可信度量根的设计方案.此外，对包括可信迁移在内的其他关键技术进行了探讨.将为云环境下基于TPCM的可信服务器平台提供具有实践意义的设计参考.

关键词: 云计算, 可信服务器, 可信平台控制模块, 可信软件基, 虚拟可信根