Skip to main content
Log in

Design and implementation of a portable TPM scheme for general-purpose trusted computing based on EFI

  • Research Article
  • Published:
Frontiers of Computer Science in China Aims and scope Submit manuscript

Abstract

In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Trusted Computing Group. TPM main part 1 design principles, specification version 1.2, revision94. March, 2006

  2. Trusted Computing Platform Alliance. Trusted computing platform alliance (tcpa) main specification, version 1.1a (Republished as Trusted Computing Group (TCG) main specification, version 1.1b). 2001

  3. Trusted Computing Group. TCG specification architecture overview, specification revision 1.4. August, 2007

  4. TCG Best Practices Committee. Design, implementation and usage principles, version 2.0. December 2005

  5. Shen C X, Zhang H G, Feng D G. Survey of information security. Chinese Science, 2007, 37(2): 129–150 (in Chinese)

    Google Scholar 

  6. Intel. Low pin count (LPC) interface specification, revision 1.1. August 2002

  7. Trusted Computing Group. TCG PC client specific implementation specification for conventional BIOS version 1.20 final revision 1.00. July, 2005

  8. Challener D, Yoder K, Catherman R, Safford D, Van Doorn L. A Practical Guide to Trusted Computing. Lebanon: IBM Press, 2008

    Google Scholar 

  9. Ren J C, Dai K, Wang Z Y. Trust-enhanced alteration scenario for universal computer. In: Proceedings of 11th Pacific Rim International Symposium on Dependable Computing. 2005, 275–280

  10. Peng S H, Han Z. Enhancing PC security with U-Key. IEEE Security and Privacy, 2006, 4(5): 34–39

    Article  Google Scholar 

  11. Peng S H, Han Z. Trust of user using U-Key on trusted platform. In: Proceedings of 8th International Conference on Signal Processing. 2006, 3023–3026

  12. Tang W M, Peng S H. Research on secure enhancement frame of general personal computer. Journal of Communication, 2008, 29(11A): 17–22 (in Chinese)

    Google Scholar 

  13. Tang W M, Peng S H. Design and implementation of UsbKey device driver based on extensible firmware interface. In: Proceedings of 9th International Conference on Signal Processing. 2008, 2833–2836

  14. Trusted Computing Group. TCG EFI platform specification version 1.20, final revision 1.0. June, 2006

  15. Trusted Computing Group. TCG EFI protocol specification, version 1.20. June, 2006

  16. Zhang R, Liu J Q, Peng S H. Research and implementation of trust transition based on EFI. Computer Applications, 2007, 27(9): 2174–2176 (in Chinese)

    Google Scholar 

  17. Zhang Y, Zhou C S. Research on trusted computing platform in EFI based on portable TPM. Computer Technology and Devolopment, 2010, 20(1): 167–171 (in Chinese)

    MATH  Google Scholar 

  18. Intel. Extensible firmware interface specification, version 1.10. December 1, 2002

  19. Trusted Computing Group. TPM main part 3 commands, specification version 1.2 level 2 revision. October, 2006

  20. USB Implementers Forum. Universal serial bus mass storage class bulk-only transport (revision 1.0). 1999

  21. Intel. Platform innovation framework for UEFI. http://www.intel.com/technology/framework/

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Lei Han.

Additional information

Lei HAN, born in 1983, received his B.S. Degree in automation from Beijing Jiaotong University, China, in 2006. Currently, he is a Ph.D. candidate of School of Electronics and Information of Beijing Jiaotong University. His main research interests are trusted computing, mobile ad hoc networks security and sensor networks security.

Jiqiang LIU, born in 1973, received his B.S. (1994) and Ph.D. (1999) from Beijing Normal University. Currently, he is a Professor at the Department of Computer and Information Technology of Beijing Jiaotong University. His main research interests are trusted computing, cryptographic protocols, privacy preserving and networks security.

Zhen HAN, born in 1962, received his Ph.D. from China Academy of Engineering Physics, in 1991. Currently, he is a Professor and Doctoral supervisor at the Department of Computer and Information Technology of Beijing Jiaotong University. His main research interests are information security architecture and trusted computing.

Xueye WEI, born in 1963, received his Ph.D. from Beijing Institute of Technology, in 1994. Currently, he is a Professor and Doctoral supervisor at the School of Electronics and Information of Beijing Jiaotong University. His main research interests are internet of things and signal detection.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Han, L., Liu, J., Han, Z. et al. Design and implementation of a portable TPM scheme for general-purpose trusted computing based on EFI. Front. Comput. Sci. China 5, 169–180 (2011). https://doi.org/10.1007/s11704-011-9180-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-011-9180-4

Keywords

Navigation