1. Field of the Invention
The present invention relates to an information processing device, and more particularly, to an information processing device having an activation verification function of checking the validity of system programs which are activated at power-on of the personal computer or the like and preventing error detections of invalid programs and the like.
2. Description of the Related Art
Currently, there have been the problems of corruption of programs and data and illegal outflow of important data, due to malevolent software such as computer viruses and spyware.
In order to realize a safe computer system against such malevolent software, there has been suggested a computer system which detects the existence of invalid software, falsification of files and the like, during the activation of the computer.
For example, there has been suggested a method for detecting falsification of programs using a coding technique called digital signature.
Also, there has been suggested a compute system having a falsification detecting function of reading specific stored information stored in a secondary storage device and to-be-inspected files without using OSs and detecting the presence or absence of falsification of the files using information stored in a boot program, during the activation of the boot program (see Japanese Unexamined Patent Publication No. 2004-280284).
Further, there has been suggested a control processor which pre-stores a hash-value table including reference hash values for to-be-activated system modules at a secure state and makes comparisons between hash values determined by checking the activated system module programs being activated and the reference hash values for correctly performing software authentication processing at a secure state (see Japanese Unexamined Patent Publication No. HEI 10 (1998)-333902).
Further, there has been suggested a computer system incorporating a security chip called a TPM chip (Trusted Platform Module), in order to authenticate the existence of invalid software and the presence and absence of valid authorities.
The computer system is a personal computer (TCG-compliant personal computer) which conforms to a specification defined by the TCG (Trusted Computing Group). Further, the TPM chip is hardware having the function of checking information (hash values) provided by system programs being actually activated in a successive manner for verifying whether or not only valid software and system programs have been activated without addition of an invalid system program or falsification the system programs.
FIG. 13 illustrates an explanation view of conventional verification processing which is executed during the activation of an information processing device. Here, only main portions of the device are illustrated.
In general, in a computer such as a personal computer, certain system programs are activated in a constant order, just after power-on thereof.
At first, a program called CRTM (Core Root Trust Measurement) is activated and, then, a BIOS (Basic Input Output System) program is activated to check various types of hardware, an Option ROM, an IPL (Initial Program Loader) and the like. Then, an OS (operating system) program is activated.
The TPM chip pre-stores authentication data (an authenticated hash value HS1) for use in checking the validity of the system programs and an activation key KEY1 for use in activation of the OS.
In a TCG-compliant personal computer, a predetermined measurement calculation is performed every time the system programs are activated and the result of the calculation (a hash value) is provided to the TPM chip.
For example, when the CRTM program is activated, the CRTM program executes a measurement calculation for the CRTM program itself and provides data A, which is the result of the calculation (a hash value), to the TPM chip. The TPM chip temporarily stores the provided calculation result (data A).
Next, when the BIOS program is activated, the CRTM program executes a measurement calculation for the BIOS program and provides the result of the calculation (data B) to the TPM chip. The TPM chip creates a new hash value using the provided calculation result and the hash value of the CRTM (the previously-stored hash value) and overwrites it. Thereafter, the BIOS program itself is executed to check the hardware and the like and the OS is activated.
When the OS is activated, a measurement calculation is executed for the OS program and then the result of the calculation (data C) is provided to the TPM chip. The TPM chip overwrites the provided calculation result (hash value: data C) similarly to described above.
Thereafter, the TPM chip makes a comparison between the hash value (data C) resulted from the calculations and the pre-stored authentication hash value HS1. If the comparison processing reveals that both the hash values do not match with each other, it is determined that the activation is abnormal, but if they match, then it is determined that the activation is normal. For example, if an unexpected invalid program is activated, this causes mismatch among the hash values and, accordingly, it is determined that the activation is abnormal.
If it is determined that the activation is abnormal, then the TPM chip provides the pre-stored activation key KEY1 to the OS program. On receiving the activation key KEY1, the OS program executes decoding processing on the HDD, using the key, to activate application programs which operate on the OS. Thereafter, the user is enables to perform operations using the personal computer.
On the other hand, if the aforementioned comparison processing reveals that the hash values do not match with each other, the TPM chip does not output the activation key to the OS program. In this case, the OS program cannot receive the activation key and cannot execute the subsequent activation processing, which prevents the user from using the personal computer.
Namely, in the event of the existence of an unexpected invalid program (for example, computer virus), the activation key is prevented from being output from the TPM chip, which enables detection of invalid programs.
However, with the activation controlling using a conventional TPM chip and the activation controlling described in the aforementioned patent documents, it is possible to detect invalid programs, but even if valid activation processing is activated and invalid program is not existed, it is often determined that the activation is invalid, which may prevent the personal computer from being activated.
For example, if the user changes the BIOS setting, if an external device is newly connected through an interface such as an USB, if a memory (SRAM) is newly mounted, if the order of activation of the system programs is changed and the like, the hash value resulted from the aforementioned measurement calculations will be changed.
In such cases, a hash value different from the authentication hash value pre-stored in the TPM chip is output to the TPM chip. Consequently, the comparison processing by the TPM chip reveals that both the hash value do not match with each other and, thus, it is determined that the activation is abnormal.
Namely, even though there exists no invalid program, it is erroneously determined that abnormal activation has been performed due to the existence of an invalid program or the like, which prevents the activation key from being provided to the OS, thereby preventing the user from using the personal computer.
In the event that the personal computer is made unusable as described above, it is possible to notify the user of the fact of the failure of authentication during activation, but the user has the difficulty of identifying whether or not the personal computer was actually made unusable due to the existence of an invalid program.
Furthermore, in order to search for a cause, the user is required to make an attempt to perform re-activation through power-off, recovery of the hardware, restoration to the previous hardware which enabled normal operations, password inputting processing for unlocking the activation key, and the like.
Namely, with a TCG-compliant personal computer equipped with a conventional TPM chip, it is possible to detect the existence of invalid programs for enhancing the security, but even if there is no invalid program, the personal computer should be restored to a normal activation state through user's operations, which requires a long time period, thereby the usability for users is reduced.