Research on the Trusted-Boot Technology Using Digital Signature Technique

Device booting is a critical step and the foundation of trust for embedded systems. Through analyzing related work we find that most current trusted boot technologies rely heavily on the hardware modules such as trusted platform module (TPM). A new trusted boot method is proposed in this paper for embedded Linux system, which is based on the trusted measurement policy and trust chain mechanism. Firstly, this approach takes the firmware IROM as root of trust, which is used to check the integrity and authenticity of the next booting step like BootLoader. Then the BootLoader do the same to the Kernel. So the chain of trust is established from the top of booting to the Kernel. Using the technology of digital signature and Hash algorithm, we implemented the integrity and authenticity checking for each booting entity. The results show that this method can verify the integrity and authenticity of booting entity, and protect the expected metric easily and effectively without other hardware modules. Besides, it ensures the integrity and authenticity of booting entity when they are updated.