中文摘要：

针对嵌入式平台的安全问题,提出一种基于可信计算技术的嵌入式终端可信安全方案。采用可移动的启动存储介质作为核心可信度量根的带双启动模式的混合型信任链结构,缩短根节点到每个节点在信任链上的距离;采用预计算摘要值法度量节点完整性;简化并移植在PC平台上的可信软件协议栈;提出嵌入式可信网络接入机制,从而实现了嵌入式终端可信环境的建立。最后实验结果表明,该方案可以在启动中检测出代码是否被篡改,且启动时间开销相比于普通可信启动减少约15.8%,因此可基本上保证终端的安全性。

英文摘要：

We proposed a trusted computing technology-based trusted security solution for embedded terminals in light of the safety of embedded platforms. We used a hybrid chain of trust structure, which has dual-boot mode and uses movable storage media as the root of core trust measurement, to reduce the distance between each node to the ,root node in the trust chain; We used pre-computed summary method to measure the node integrity, simplified and transplanted the trusted software stack on PC platform, and at last concluded an embedded trusted network access mechanism, so that achieved the establishment of trusted environment of embedded terminals. Final experimental results showed that the solution could detect whether the startup code had been tampered, and compared with ordinary credible start, the time overhead decreased 15.8% , therefore it was able to basically ensure the safety of terminals.