1、INTERNATIONA1.STANDARDISO/IEC27070editionF1.rst202M2Informationtechno1.ogySecuritytechniquesRequirementsforestab1.ishingvirtua1.izedrootsoftrustTechno1.ogiesdeinfrmationTechniquesdeSRUriWExigencesre1.ativesaVitabUssementderacinesdeconfiancevirtua1.isesReferencenumberISO/IEC27070:2021(E)COPYRIGHTPROT
2、ECTEDDOCUMENTISO/1EC2021IUirhM*hedbdi1.iUedotherwiseupdhi.o啪InyM1.tta0DmkfifiU81.andonnet8CH-1214Vernier,GenevaPhone:M1.227490111觥曲ite:图洲跳触OQrgPub1.ishedinSwitzer1.andISO/IEC2021-A1.1.tightsreservedContentsForewordivIntroductionv2 Scope13 Normativereferences14 Termsanddefinitions15 SymbOiSandabbrevi
3、atedterms2Functiona1.view35.1 Overview35.2 Hardware1.ayercomponents45.2.2 Genetidna1.requirementsQfkeycoraponents45.2.3 Securityrequirementsofkeycomponents45.3 VMM1.ayercomponents5:i耗做fi&ha1.requirementske,E8fr悦nents55.4 IayerCorPonentS75.5 C1.oudOS1.ayercomponents86.S.fiRPf111.requirementsofkeycomp
4、onentsA6S.5.3Securityrequirementsofkeycomponents8Activityview9,)1m.一)6.2Transitivetrust96.2.2 VEmsit1.vetrustinhost106.2.3 *ianstvetrustinM-.106.2.4 TransitivetrustinVM1()酎1.toWW三J三ent-_116.5 Dataprotection126.51Genera1.一.一12时4Databig-.一.一.-.-126.6 xrTMmigration14AnnexA(informative)Re1.ationshipbetw
5、eenactivityandfunctiona1.views16Bib1.iography.一.一.一.18ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.(inb(S5io6)SOrnIHGspectHipMisyB耐u6vHFvM0tMditand29ionS出口出Mr由Budiughtechniojbcommitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1
6、arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interestOtherinternationa1.organizations,governmenta1.andnon-governmenta1.rin1.iaisonwithISOandIEC,a1.sotakepartintheTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenanceAi1.cddc抑IbCdthe1.nd睢rcnt1
7、S(W招由也帼rtsK曲如M1.Marjg惇的脚也Jid空wff酶旬I1.Wn%w4h:WNhIhee0三1.rt1.es毛fIheISO/IECDirectives.Part2(seewww.iso.org/dircctivesorwww.iec.ch/members.experts/refdocs).MMfigrigWMwn怕而花6网刺i1.1.Ma飒戏?册率湎MC用阳加田呼烟曲y唧A1凰和Subjectrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmentof41.M1.eHiMVwU1.4eintheIntrod
8、uctionand/orontheISO1.istofpatentdec1.arationsreceived(seewww.iso.org/patents)ortheIEC1.istofpatentdec1.arationsreceived(seepatents.iec.ch).Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.fcpJwsionsexjIkInWrtbnOKotheCY*w11。域nt,standMdHHeiniwn
9、inona峻tspedft加MnCetothWoWd丁Fad。g阴ao-(WTo)princip1.esinTMbng1.Baw沁竹(丁B不力seewww.iso.org/iso/fbresvord.h1.ni1.Inthe1EC,secwww.iec.ch/understanding-standards.j族。例M腺里SC编妞肿群梆隰CUrj夕或M1.wfm阳(SO/I&肪小econ./brmaontechno1.ogy,Anyfeedbackorquestionsonthisdocumentshou1.dbedirectedtotheusersnationa1.standardsbodie
10、scanbefoundatwww.Mc.cTg/memher&htm1.andISO/IEC2021-A11rightsreservedIntroductionTrustedcomputingisakindofsecuritytechno1.ogybasedonhardwaretrustedmodu1.es,whichaimsto980xpected.Thetrustedcomputingtechno1.ogyhasbeendeve1.opingTheemergenceofc1.oudcomputingprovidesanewapp1.icationscenariofortrustedcomp
11、utinganddestinationphysica1.machines(inc1.uding1.hcirVMMsoftware)andcomponentsinvo1.vedinthe璃阳脚那CeSSco邮拙则Ca“泡脚UUn&isen*8H眼柚S用圜用晒僚阳阚姻秒短如mi1.edToaddressthisissue,VirtuanzedRoTsareused.Usingvirtua1.izationtechnofogytocreatemu1.tip1.evirtua1.izedRoTsonasing1.ephysica1.p1.atform,providingavirtua1.izedRoT
12、foreachVM,combinedwithngtg6wm腺ntsuppXA%W酬M1.gK除Fduremrati0H(,/物1.1.跖rt三i唱的防H詈Nf1.1U1.tip1.esteps,a11(fanysecurityprob1.eminanystepdiminishesthetrustworthinessofvirtua1.izedRoTs,resu1.tinginaninabi1.itytoestab1.ishtrustusingthevirtua1.izedRoTs.Thegoa1.modu1.es.ofthedocumentistoprovideaunifiedapproach
13、tovirtua1.izeRoTsbasedonhardwaretrustedInformationtechno1.ogySecuritytechniques一Requirementsforestab1.ishingvirtua1.izedrootsoftrust1 ScopeThisdocumentspecifiesrequirementsforestab1.ishingvirtua1.izedrootsoftrust.2 NormativereferencesTherearenonormativereferencesinthisdocument.3 TermsanddefinitionsF
14、orthepurposesofthisdocument,thefo1.1.owingtermsanddefinitionsapp1.y.ISOandIECmaintaintermino1.ogydatabasesforuseinstandardizationatthefo1.1.owingaddresses:ISOOn1.inebrowsingp1.atform:avai1.ab1.eathttps:/www.iso.org/obp371IECE1.ectropedia:avai1.ab1.eabUps/WWWTe1.eFg/attestationkeyAKparticu1.artypeoft
15、rustedmodu1.e(3.7)signingkeythathasarestrictiononitsuse,inordertoprevent史为eryendorsementkeyEKkeythatisusedinaprocessfortheissuanceofattestationkey(3.1)credentia1.sandtoestab1.ishag1.1.formownerintegritymeasurementgrecessofca1.cu1.atingthehashva1.ueofthemeasuredobjectusingthecryptographichasha1.gorit
16、hmrootoftrustRoTcomponentthatneedstoa1.waysbehaveintheexpectedmannerbecauseitsmisbehaviourcannotbedetectedWtv11.UrjnmumpirtgeN*丽Cttfetrust.otHpstfdreh11inimumsetoffunctionstoenab1.eadescription地gURCE:ISO)EC11889-1.r3.59,modifiedTheabbreviatedtermhasbeenadded.remoteattestationRprocessofeva1.uatingint
17、egritymeasurementsgeneratedusingarootoftrust(3.4)formeasurement,storageandreportingtoestab1.ishtrustinap1.atformremote1.y3.6sensitiveinformationinformationissensitivethatthetrustedmodu1.e(3.7)doesnota1.1.owaccesstotheinformationwithoutproperauthorityNote1toentry:Anexamp1.eofsensitiveinformationinatr
18、ustedmodu1.eistheprivateofanasymmetrickey.37trustedmodu1.eTMmodu1.efor(rustedcomputingprovidingintegritymeasurement,integrityreport,cryptographicservice,randomnumbergeneration,securestoragefunctionsandasetofp1.atformconfigurationregistersNote1toentry:Therearesevera1.imp1.ementationsoftrustedmodu1.e,
19、suchasTPM,TCM,etc.3.8virtua1.machineVMvirtua1.izedhardwareenvironmentinwhichanoperatingsystemcanexecute,butwhosefunctionsareaccomp1.ishedbysharingtheresourcesofarea1.dataprocessingsystemvirtua1.trustedmodu1.evTMcomponentassociatedwithasing1.evirtua1.machine(3.8)thatprovidesthefunctiona1.itydescribed
20、inamodu1.e(3.7)virtua1.p1.atformcongurationregistervPCRoneormorep1.atformconfigurationregisterswithinavirtua1.trustedmodu1.e(3.9)4 Symbo1.sandabbreviatedtermsBIOSbasicinput/outputsystemCPUcentra1.processingunitCRTMcorerootoftrustformeasurementGPTg1.oba1.1.yuniqueidentifierpartitiontab1.eKEKkeyencryp
21、tionkeyMBRmasterbootrecordOSoperatingsystemPCRp1.atformconfigurationregisterPCAprivacycertificateauthorityPIp1.atforminitia1.izationROMread-on1.ymemorySRKstoragerootkeyTPMtrustedp1.atformmodu1.eISO/IEC2021-A1.1.rightsreservedTCMtrustedcryptographymodu1.eTSStrustedsoftwarestackUEFIunifiedextensib1.ef
22、irmwareinterfaceVMMvirtua1.machinemonitorvCRTMvirtua1.corerootoftrustformeasurementvRTMvirtua1.rootoftrustformeasurementvRTRvirtua1.rootoftrustforreportingvRTSvirtua1.rootoftrustforstoragevSRKvirtua1.storagerootkeyWKworkkey5 Functiona1.view5.1 OverviewTponentsrequiredbytrustedcofntmgntsadbvikiiy:int
23、hp(dtM三putingenvironment.Ita1.sopresentsthefunctiona1.andsecurityaregroupedintoFponents,wherespecifictypesoffunctionsoudOS1.ayerVMVM1.ayerGuestOSUnifiedTSS-2IPOWerIITMCWBIOSHardware1.ayerFigure1Fponents5.2Hardware1.ayercomponents5.2.1 Genera1.Atthebottomofthearchitecture,thehardware1.ayerthatinc1.ud
24、eshardwareresourcesanddevicesisthattypica1.1.ybui1.dingtrustedcomputingp1.atform.VMMIayenprovidesaRoTforthephysica1.machineNOTETheVMM1.ayerisa1.soknownasthehyperrisor1.ayer.This1.ayera1.soinc1.udestheCRTMtheinitia1.setofinstructionsexecutedforestab1.ishinganewchainoftrustforintegritymeasurement.Theh
25、ardware1.ayercomponentsinc1.udebutarenot1.imitedto: power:Poweringthecomputersystemforbootingandrunning.TheTrustedModu1.e(TM)cancontro1.powersuchthatitcanincreasesecuritybyturningoffthepowerifverificationofthebootfai1.sagainstapo1.icy; TM:Atrustedmodu1.eonaspecia1.co-processororchipwithcapabi1.ities
26、thatinc1.udebutnot1.imitedtointegritymeasurement,integrityreporting,generationofsignaturesformeasuredintegrityva1.ues,keymanagementsecurestorage,identityverification,etc.;TheTMsha1.1.supportarootoftrustformeasurement,imp1.ementarootoftrustforreportingandprovidearootoftrustforstorage.SeeTMstandardsfo
27、rdetai1.s. BitJSyUHfiUfttimefirnwaCeWrtNg松WiIitieSOfinitia1.izingthep1.atform,startinganOS1.oaderand CPU:Theoperatingcentreofthecomputingsystem.克口中上号WARWWR抑OT1F晚加,能制Ction国呢ICtioW三1.RWtf闻甫Min),ARPa1.ized5.2.3.5.2.2 Functiona1.requirementsofkeycomponentsTMsha1.1.providethefo1.1.owingfunctions.S邮IIOrtr
28、e初dg网”edW口阴班师领讯祜fomgenerationofsignaturesformeasuredintegrityva1.ues Supportkeygenerationforuseassignaturekeys. SdPMfttd阱togr那MiCSPedfiCa1.tfiorithms.hasha1.gorithm,encryption/decryptiona1.gorithm,but ProtectintegritymeasurementsinthePCR.5.2.3 SecurityrequirementsofkeycomponentsATMsha1.1.meetthefo1.
29、1.owingsecurityrequirements. EnsurethesecurityofaTMitse1.f. Ensurethesecurityofconfidentia1.information,suchaskeys. ProvidethesecurestorageareatostoreanSRKtoensurethesecurityofthekeyinformation.ISO/IEC2021-A11rightsreservedThegenera1.databindingprocessisshownasfo1.1.ows.TheTM/vTMusestheSRK/vSRKtoenc
30、rypttheKEKTheTM/vTMusestheKEKtoencrypttheWK.6.S.3Datasea1.ingEncryptsensitivedata(e.g.symmetrickey)byusingtheTM/vTMinterna1.keyandPCRva1.ues.Oncethe3cuteWtaIiia站ChdHHSwOtWimFManeTfirmwaretampering),thesensitivedatacannotbedecrypted.Thedatasea1.ingprocessisshownasfo1.1.ows. TheTM/vTMusestheSRK/vSRKto
31、encrypttheKEK. TheTM/vTMusestheKEKtoencrypttheWK. TheTM/vTMbindsthesensitivedataandPCRva1.uetousetheWKtogeneratetheencrypteddata.Figure7F1.owchartofdatasea1.ingactivity6.6vTMmigrationWhenmigratingaVMfromthesourcesidetothedestinationside,anumberofstepsarerequiredtoBat11te6dassociatedestabtfKMnsUiTMeU
32、ndSotbct*nHjdftnwduMt11abcmdibetheu1.dueirft,totbniMkte0er.Itiscritica1.thatthesensitivedatahousedwithintheassociad-vTMarewe1.1.protectedduringthemigration.ThevTMmigrationactivityisi1.1.ustratedinFigure8andthesestepsareinitiatedbythemigrationControIIeiESourceside:MutU.!DestinationsideMigrationI11I!v
33、erc)onIIcontro1.1.ervTMmanagerMigrottonenginer:MigrationenginevTMmanager-1.Makem1.grationdecision2.Sendmigrationrequest3.RequestsnewvTMinstance13.InformthevTcomp1.etion6.RequestavTMstatepackageS.ReturnnewvTM4.ReturnanewVTMinstanceinstancecreationmessage9.PassthedecryptedvIMstatepackageforinitiatingt
34、henewVTMinstance8.SendencryptedsymmetrickeyandVTMstatepackage7.ReturnaVTMstatepackage12.Requesttode1.eteIhcvTMinstance11.Informtheinitiationsuccess10.ReturntheinitiatedVTMinstancemigrationFigure8F1.owchartofvTMmigrationactivityThevTMmirationactivityprocessisasfo1.1.ows. Whenthemigrationcontro1.1.erd
35、ecidesthataVTMneedtobemigrated,itcommunicateswiththemigrationengineofthecurrentVMM1.ayerbyestab1.ishingamigrationsession. ThesourcemigrationenginesendsavTMmigrationrequesttothedestinationmigrationengine. Afterthedestinationmigrationenginereceivestherequestfromthesourcemigrationengine.Itasksthedestin
36、ationvTMmanagertocreateanewvTMinstance.destinationmigrationenginereturnsanewvTMinstancecreationmessagetothesourceThemigrationengine. Afterreceivingtheresponse,thesourcemigrationenginetriggersthesourcevTMmanagertopackageupthevTMstate. ThesourcemigrationenginerequeststhesourcevTMinstancetogenerateasym
37、metrickeyandencryptthevTMstatepackagewiththesymmetrickey.Then,itencryptsthesymmetrickeywithaf三kcyj嗨屈由吸dexc栖雁崛gyideanddestinationside(inthisdocument,usingtheDiffie- ThesourcemigrationenginesendstheencryptedsymmetrickeyandtheencryptedvTMstatepackagetothedestinationmigrationengine. AfterreceivingtheseB
38、nCryPteddata,thedestinationmigrationenginefirst1.ydecryptsthesymmetrickeywithastoragekeyandpassesthesymmetrickeytothenewvTMinstance.Then,thenewvTMsourceside,instancedecryptstheencryptedvTMstatepackagewiththesymmetrickeyfromthe ThedestinationmigrationenginepassesthedecryptedvTMstatepackagetothedestin
39、ationvTMmanagerforinitiatingthenewvTMinstance. OncethenewvTMhasbeeninitiated,thedestinationmigrationengineinformsthesourcemigrationengineofrTMinstanceinitiationachievedsuccessfu1.1.y. OH1S(Ahreemi削底岫加祖电触0呻UjveddW1.5fMmawagfarPMtjn1.jrhohwmIjMtnsw1.iyinitiated. Thesourcemigrationengineinformsthemigra
40、tioncontro1.1.erthatvTMmigrationiscomp1.eted.阳性SPCCihHhIStr国“也温伙俯融i露帆帆金城隙岭曲健H11ftWi用确nVM蛉c1.oudcomputingenvironmentistrusted;remoteattestationactivitycanensurethatthesourcesideanddestinationsideistrustedanda1.1.owtheverifiertotrustthemigrationprocess;dataprotectionactivityandvTMmigrationactivitycane
41、nsurethatthetransferredVMdataretainsintegrityanticonfidentia1.ity.AnnexA(informative)Re1.ationshipbetweenactivityandfunctiona1.views.1.Transitivetrustactivityre1.ationshipFigureAponentsinvo1.ved,kFigureA.1.Componentsparticipatinginthe*transitivetrusactivityA.2Remoteattestationactivityre1.ationshipFi
42、gureAponentsinvo1.ved.UM曲Edb儆姆c110Mtyisimp1.ementedbymeansofcomponentsdistributedatthehardware,VMM1ISO/IEC2021-A11rightsreservedFigureA.2Componentsparticipatinginthe,renoteattestationactivityA.3vTMmigrationactivityre1.ationshipFigureA.3providesaviewoftheVTMponentsinvo1.ved.ItBib1.iography1 ISO/IEC10
43、118-31.ITSeCUritytechniquesHash-functionsPart3:Dedicatedhash-functions2 ISO/IEC11889-1,Informationtechno1.ogyTrustedp1.atformmodu1.eIibraryrPart1:Architecture3 ISO/IEC11889-2,Informationtechno1.ogyTrustedP1.atformModu1.e1.ibraryPart2:Structures4 ISO/IEC1889-3rInformationtechno1.ogyTrustedP1.atformModu1.e1.ibraryPart3:Commands5 118894,Informationtechno1.ogyTrustedP1.atformModu1.e1.ibraryfPart4:Supporting6 CW%哪硼嘀硼胡超洲慨即帆M/andinterfacespecificationofISO/IEC2021-A1.1.rightsreserved
