Design and implementation of trusted boot based on a new trusted computing dual-architecture

Trusted Platform Module (TPM) is considered to be one of the best technologies to ensure computer sys-tem security at present, but it has some defects. The TPM chip exposed on the motherboard is easily monitored or bypassed. As a slave device on the bus, it is under the control of the master device and has no higher privileges to access system resources than the CPU used only to compute in traditional computers. The current trusted computing architecture cannot ensure that the TPM chip starts to work prior to the CPU. To solve these problems, this paper propose a new trusted computing dual-architecture, which is made up of a trusted computing subsystem and a traditional computing subsystem. A new hardware root-of-trust and a kind of boot process in the trusted computing dual-architecture are im-plemented to provide a higher-level trust for the whole system. In a word, the new trusted computing dual-architecture ensures that the hardware root-of-trust is a trusted source due to its dual-architecture design and trusted boot process. It can effectively introduce and set up a trusted chain for the whole computer system. Active-defense capabilities obtained can ensure system security to avoid those defects in previous trusted computing. (c) 2023 Published by Elsevier Ltd.