Powered by Google www.ChineseStandard.net Database: 189760 (20 Jul 2024)

GB/T 38638-2020 PDF in English


GB/T 38638-2020 (GB/T38638-2020, GBT 38638-2020, GBT38638-2020)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 38638-2020English145 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Trusted computing -- Architecture of trusted computing Valid

PDF Preview

Standards related to: GB/T 38638-2020

GB/T 38638-2020: PDF in English (GBT 38638-2020)

GB/T 38638-2020
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Trusted computing -
Architecture of trusted computing
可信计算体系结构
ISSUED ON: APRIL 28, 2020
IMPLEMENTED ON: NOVEMBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Architecture of trusted computing ... 6
6 Trusted components and integrity measurement modes ... 8
6.1 Trusted components ... 8
6.2 Integrity measurement modes ... 9
7 Types of trusted computing nodes ... 12
7.1 Trusted computing nodes (terminal) ... 12
7.2 Trusted computing nodes (services) ... 13
Information security technology - Trusted
computing - Architecture of trusted computing
1 Scope
This Standard specifies the architecture of trusted computing, trusted
components and integrity measurement modes, as well as types of trusted
computing nodes.
This Standard applies to the design, development and application of trusted
computing systems.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 29827-2013 Information security technology - Trusted computing
specification - Motherboard function and interface of trusted platform
GB/T 29828-2013 Information security technology - Trusted computing
specification - Trusted connect architecture
GB/T 29829-2013 Information security techniques - Functionality and
interface specification of cryptographic support platform for trusted
computing
GB/T 36639-2018 Information security technology - Trusted computing
specification - Trusted support platform for server
GB/T 37935-2019 Information security technology - Trusted computing
specification - Trusted software base
ISO/IEC 11889:2015 Information technology - Trusted platform module
library
A collection of software elements that support the trustworthiness of a trusted
computing platform.
[GB/T 37935-2019, definition 3.3]
3.6
trusted chain
The trust transfer relationship that is established between the components by
the integrity measurement method during the startup and operation of a
computing node.
[GB/T 29829-2013, definition 3.1.13]
4 Abbreviations
For the purpose of this document, the following abbreviations apply.
BIOS: Basic Input Output System
CRTM: Core Root of Trust for Measurement
TCM: Trusted Cryptography Module
TPCM: Trusted Platform Control Module
TPM: Trusted Platform Module
TSB: Trusted Software Base
TSM: TCM Service Module
TSS: TCG Software Stack
5 Architecture of trusted computing
Trusted computing refers to the safety protection while computing, and the
whole computing process can be measured and controlled without interference,
so that the computing results are always consistent with expectations. The
trusted computing system is composed of trusted computing nodes and trusted
connections between them, which provide corresponding levels of security for
the network environment in which they are located, as shown in Figure 1.
According to the functions of the nodes in the network environment, trusted
computing nodes can deploy applications with different functions according to
their business environment. Trusted computing nodes include trusted
independent module or physical package, or be realized by integration and
virtualization with TCM/TPM through IP core or firmware.
6.1.3 Trusted main board
Trusted main board is a computer main board integrated with TPCM, which
uses TPCM as a root of trust to establish a chain of trust and provides the
connection between TPCM and other hardware.
The composition structure and function interfaces of trusted main board shall
comply with GB/T 29827-2013.
6.1.4 Trusted software base
Trusted software base (TSB) implements monitoring and measurement of
applications running in the host basic software.
The composition structure and function interfaces of TSB shall comply with
GB/T 37935-2019.
6.1.5 Trusted connection
Trusted connection realizes the identity authentication and platform
authentication of trusted computing nodes when they access the network,
including user identity authentication, platform identity authentication, and
platform integrity assessment, ensuring that only trusted computing nodes can
access the network.
The specific structure and function interfaces of trusted connection shall comply
with GB/T 29828-2013.
6.2 Integrity measurement modes
6.2.1 Arbitration measurement mode
The arbitration measurement mode of trusted components is shown in Figure
3. The participating components shall include TCM/TPM, TPCM, trusted main
board and TSB.
At the hardware and firmware layer, TPCM shall be the first running component
of the trusted computing node. As the root of trust of the trusted computing node,
it shall apply TCM/TPM or other cryptographic algorithms and integrity
measurement functions to actively initiate integrity measurement operations on
computing components such as BIOS and host basic software, and actively
arbitrate and control based on the measurement results.
At the host basic software and middleware layer, TPCM provides support for
......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.