As security threats to an information processing apparatus, computer viruses and attacks over the network are widely known, however, it is possible to make a physical attack by adding to the information processing apparatus a device that can be a backdoor security hole.
For instance, even if an operation policy is settled in which permission of a manager is required to connect a communication unit or an input-output device to the information processing apparatus in order to prevent the information leakage, there is a case where a user connects an input-output device to the apparatus without permission.
Accordingly, developed is an information processing apparatus that stores configuration information of the information processing apparatus into a tamper-resistant chip named TPM (Trusted Platform Module), collects configuration information when being booted, and verifies whether or not configuration is changed by collating the collected information with the information in the TPM.
Note that, for example, technologies disclosed in the following patent documents are given by way of the prior arts related to the invention of the present application.
[Patent document 1] Japanese Laid-Open Patent Publication No. 2006-092533
[Patent document 2] Japanese Laid-Open Patent Publication No. 2006-323814
[Patent document 3] Japanese Laid-Open Patent Publication No. 2002-063037
The conventional information processing apparatus that verifies configuration change when being booted has such a problem that, even when configuration change is made properly, configuration change is detected and thereby the boot process is terminated.
Therefore, it is possible to disable the verification capability of the configuration change when a proper configuration change is being made and to enable, after the apparatus is rebooted, the verification capability of the configuration change.
However, when the verification capability is disabled in a case where the configuration of the information processing apparatus in operation is changed with using DR (Dynamic Reconfiguration) that allows a user (manager) to add or delete devices dynamically, which results in a problem where security cannot be guaranteed until the next rebooting will be executed. Moreover, the user may forget to enable the verification capability.