1. Technical Field
The present invention relates generally to an improved data processing system. In particular, the present invention relates to a method, apparatus, and computer instructions for extending the core root of trust for measurement (CRTM) in a trusted platform.
2. Description of Related Art
Most data processing systems contain sensitive data and sensitive operations that need to be protected. For example, the integrity of configuration information needs to be protected from illegitimate modification, while other information, such as a password file, needs to be protected from illegitimate disclosure. As another example, a data processing system needs to be able to reliably identify itself to other data processing systems.
An operator of a given data processing system may employ many different types of security mechanisms to protect the data processing system. For example, the operating system on the data processing system may provide various software mechanisms to protect sensitive data, such as various authentication and authorization schemes, while certain hardware devices and software applications may rely upon hardware mechanisms to protect sensitive data, such as hardware security tokens and biometric sensor devices.
The integrity of a data processing system's data and its operations, however, centers on the issue of trust. A data processing system's data and operations can be verified or accepted by another entity if that entity has some manner for establishing trust with the data processing system with respect to particular data items or particular operations.
Hence, the ability to protect a data processing system is limited by the manner in which trust is created or rooted within the data processing system. To address the issues of protecting data processing systems, a consortium of companies has formed the Trusted Computing Group (TCG) to develop and to promulgate open standards and specifications for trusted computing. According to the specifications of the Trusted Computing Group, trust within a given data processing system or trust between a data processing system and another entity is based on the existence of a hardware component within the data processing system that has been termed the trusted platform module (TPM).
A trusted platform enables an entity to determine the state of the software environment in that platform and to seal data to a particular software environment in that platform. The entity deduces whether the state of the computing environment in that platform is acceptable before performing a transaction with that platform. To enable this, the trusted platform provides integrity metrics, also known as integrity measurements, to the entity that reflects the integrity of the software state of the trusted platform, and the integrity measurements require a root of trust within the computing platform. In order for a system to be a trusted platform, the integrity measurements must be taken from the core root of trust for measurement (CRTM) and extended through the initial program load (IPL) process up to the point at which the operating system is initialized.
Trusted computing platforms predicate the start of execution from the CRTM. CRTM is a component of a trusted platform system and provides secure measurement functions to the rest of the platform. CRTM is essentially the first piece of code that executes on a platform at boot time. The CRTM builds a chain of hash codes for each portion of the boot. The CRTM then reports to the TPM what software executes after the CRTM executes. In addition, as the CRTM is required to be an immutable portion of the platform's initialization code, the CRTM is changeable only by a platform manufacturer approved methodology or process. Thus, only code that is owned and controlled by the platform manufacturer will meet the requirements for updating the CRTM.
Existing methods for updating the CRTM are predicated on unique processor instruction architectural elements. For example, Intel Corporation has introduced an SMX mode which allows for the “late instantion of a hypervisor type function”. A hypervisor is a trusted firmware component and is used to create multiple, isolated, high-integrity supervisor program environments. The processor (firmware, etc.) verifies this “hypervisor” before giving control to the BIOS. Consequently, the Intel model adds additional complexity to the processor architecture. In addition, the Intel model facilitates the extension of the CRTM with code that is not under manufacturer control. Thus, the Intel model does not provide an extension of the CRTM, but rather it provides mechanism for instantiating a replacement CRTM for one set of execution models.
Therefore, it would be advantageous to have a mechanism for enhancing the functionality of the existing CRTM by allowing platform manufacturer controlled and certified code to be incorporated into the function of the CRTM.