中文摘要：

现行通用个人计算机基于开放架构,存在诸多攻击点,然而传统可信计算平台在解决个人PC安全问题的同时暴露出可信引导过程存在不可恢复的不足。针对这些安全问题,基于可信密码模块（TCM）提出一种新型可信计算平台体系结构。该结构具有可信引导失败时的自恢复机制,同时提供低于操作系统层的用户身份验证功能,通过基于TCM芯片的完整性度量、信任链的传递以及可信引导等技术,进而保证可信计算平台能够完成更安全的计算和存储工作,使可信计算平台达到更高的安全性、可信性和可靠性,同时该体系结构具有可信引导失败时的自恢复机制,可解决现有可信计算平台引导失败时无法正常启动的不足。

英文摘要：

For the open architecture of personal computer and security issue of attacks,the traditional personal computing can solve the security issues,but it had lack of recovery mechanism in trusted boot process,a new trusted computer architecture based on trusted cryptography module（TCM） is proposed,the new architecture can achieve self-recovery while the trusted bootstarp failed and provide the identity authentication below operation system level.Through integrality measurement of TCM,trusted chain pass,trusted bootstarp and the identity authentication below operation system level,the reliable security computing and storage circumstance can be achieved.By this mechanism the higher security and dependability is given to the personal computer.The new architecture has the recovery mechanism in trusted boot process,it can also start the trusted computing platform when you trusted boot process failure.