CN100504897C - Method for starting protected partition - Google Patents

Method for starting protected partition Download PDF

Info

Publication number
CN100504897C
CN100504897C CNB2006100077691A CN200610007769A CN100504897C CN 100504897 C CN100504897 C CN 100504897C CN B2006100077691 A CNB2006100077691 A CN B2006100077691A CN 200610007769 A CN200610007769 A CN 200610007769A CN 100504897 C CN100504897 C CN 100504897C
Authority
CN
China
Prior art keywords
storage section
secure storage
sinit
security
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB2006100077691A
Other languages
Chinese (zh)
Other versions
CN101025770A (en
Inventor
谢巍
尹萍
毛兴中
吕渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CNB2006100077691A priority Critical patent/CN100504897C/en
Publication of CN101025770A publication Critical patent/CN101025770A/en
Application granted granted Critical
Publication of CN100504897C publication Critical patent/CN100504897C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

一种启动受保护分区的方法,包括以下步骤:将安全初始化指令和域管理器中至少安全初始化指令加载到第一安全存储区域;准备并执行处理器的安全进入指令;从第一安全存储区域加载安全初始化指令并进行完整性校验,在完整性校验通过后运行安全初始化指令,并将完整性校验值存储在第一或第二安全存储区域;从第一安全存储区域中、或从存储域管理器的存储介质中将域管理器加载到第一或第二安全存储区域后进行完整性校验,并且将完整性校验值存储在第一、或第二安全存储区域;调用域管理器进行初始化,管理受保护的分区。该方法可以保证启动受保护分区过程中的安全性。

Figure 200610007769

A method for starting a protected partition, comprising the following steps: loading a security initialization command and at least a security initialization command in a domain manager into a first security storage area; preparing and executing a security entry command of a processor; Loading the security initialization instruction and performing integrity check, running the security initialization instruction after the integrity check is passed, and storing the integrity check value in the first or second security storage area; from the first security storage area, or After loading the domain manager into the first or second safe storage area from the storage medium of the storage domain manager, the integrity check is performed, and the integrity check value is stored in the first or second safe storage area; calling The domain manager performs initialization and manages protected partitions. This method can guarantee the security in the process of booting the protected partition.

Figure 200610007769

Description

一种启动受保护分区的方法 A method of booting a protected partition

技术领域 technical field

本发明涉及计算机系统分区的启动,特别是涉及一种启动受保护分区的方法。The invention relates to the starting of computer system partitions, in particular to a method for starting protected partitions.

背景技术 Background technique

随着计算机在当今社会中起着越来越重要的作用,它必然会更多地处理一些高度敏感和机密的信息。这些信息通常具有较高的价值,是电脑黑客的极具吸引力的目标。而对客户计算机系统的攻击,无论是攻击频率还是甄别的难度都在不断地增长;而且专家预测,这种攻击在未来还将持续增长。As computers play an increasingly important role in today's society, it is bound to deal with more highly sensitive and confidential information. This information is often of high value and is an attractive target for computer hackers. As for attacks on client computer systems, both the attack frequency and the difficulty of screening are constantly increasing; and experts predict that such attacks will continue to increase in the future.

虽然防火墙软件、病毒扫描软件、加密软件和其他的一些安全软件提供了一些保护,但是这些软件的解决方案只能通过大量的工作来保护一些跟它们具有相同或者更高权限级别的软件免受其他软件(可能是恶意的)的攻击。所以,纯软件的保护措施将会受到更大的限制。Although firewall software, virus scanners, encryption software, and other security software provide some protection, these software solutions can only protect some software with the same or higher privilege level from other software with a lot of work. Software (possibly malicious) attacks. Therefore, pure software protection measures will be more limited.

TPM(Trusted Platform Module),称为可靠平台模块,它是主板上密码算法芯片中内置的固件,是一个用来存储密钥、密码以及数字证书的微控制器。它通常被固定在PC的主板上,也可以应用于需要其相应功能的任何计算设备。该微控制器的特性保证了存储在里面的信息可以免受软件的攻击,防止通过物理上的偷窃而获取上面的信息,从而使存储在上面的信息更加安全。一些需要安全保护的过程,比如数字签名和密钥交换,可以通过TPM得到保护。如果启动过程不符合预期,则访问该平台上的数据和秘密都会被拒绝。从而使一些关键的应用和性能,如安全的电子邮件,安全的网络访问,以及数据的本地保护,都会因此而更加安全。TPM (Trusted Platform Module), known as a reliable platform module, is the firmware built into the cryptographic algorithm chip on the motherboard, and is a microcontroller used to store keys, passwords, and digital certificates. It is usually fixed on the motherboard of a PC, but it can also be applied to any computing device that requires its corresponding function. The characteristics of the microcontroller ensure that the information stored in it can be protected from software attacks, preventing the above information from being obtained through physical theft, so that the information stored on it is more secure. Some processes that need security protection, such as digital signature and key exchange, can be protected by TPM. If the boot process does not meet expectations, access to data and secrets on the platform is denied. So that some key applications and functions, such as secure e-mail, secure network access, and local protection of data, will be more secure.

安装了操作系统的系统开机后,首先启动的是TPM。系统一旦加电,TPM芯片就会立即检查基本输入输出系统(BIOS)和包括如系统ROM,硬件驱动的主引导记录(MBR)以及分区表的相关硬件,并将它们的哈希值存储在TPM的平台配置寄存器(PCR)中。这些值将会和保存的启动记录的值进行比较,如果结果产生矛盾,TPM就不允许对系统分区进行访问;如果比较后通过,TPM将允许启动过程继续进行。接下来,主引导记录(MBR)会控制启动进程,其指定活动分区,加载首个扇区到系统内存中,之后由启动扇区控制。After the system with the operating system installed is turned on, the first thing to start is the TPM. Once the system is powered on, the TPM chip will immediately check the basic input and output system (BIOS) and related hardware including system ROM, hardware driver's master boot record (MBR) and partition table, and store their hash values in the TPM in the Platform Configuration Register (PCR). These values will be compared with the saved boot records, and if the results are inconsistent, the TPM will not allow access to the system partition; if the comparison passes, the TPM will allow the boot process to continue. Next, the master boot record (MBR) controls the boot process, which designates the active partition, loads the first sector into system memory, and is then controlled by the boot sector.

LT(LaGrande Technology)技术是指一系列功能增强的硬件组件,它们被设计用来帮助保护敏感的信息免受来自软件的攻击。LT特性包含了在微处理器、芯片组、I/O子系统和其他一些平台组件上的特性。当LT技术和支持LT技术的操作系统和应用结合时,它能够在安全性受到越来越多威胁的环境下帮助保护数据的安全性和完整性。LT技术支持引导启动受保护的分区的过程,该过程利用LT技术的后启动方式,支持在不重新启动计算平台的情况下启动受保护的分区。并且原有软件可以不做修改的运行在标准分区下。LT (LaGrande Technology) technology refers to a series of enhanced hardware components designed to help protect sensitive information from software attacks. LT features include features on microprocessors, chipsets, I/O subsystems, and other platform components. When LT technology is combined with LT-enabled operating systems and applications, it can help protect the security and integrity of data in an environment where security is increasingly threatened. The LT technology supports the process of booting the protected partition, which uses the post-boot method of the LT technology to support the booting of the protected partition without restarting the computing platform. And the original software can run under the standard partition without modification.

如图1所示,LT支持由正常的Windows分区切换到安全的Windows分区。通常启动受保护的分区是由支持LT特性的操作系统发出的请求,然后将内存空间划分为一系列受保护的内存空间,并标示为受保护,然后将域管理器(Domain Manager,DM)加载到指定的内存空间里,并通过认证码(Authenticated Code,AC)模块进行注册。As shown in Figure 1, LT supports switching from a normal Windows partition to a secure Windows partition. Usually, starting a protected partition is a request issued by an operating system that supports LT features, and then divides the memory space into a series of protected memory spaces, and marks them as protected, and then loads the domain manager (Domain Manager, DM) Go to the specified memory space and register through the Authenticated Code (AC) module.

为支持这种切换,LT芯片组提供新的指令,其安全启动过程如图2所示,具体步骤如下:In order to support this switching, the LT chipset provides new instructions, and its secure boot process is shown in Figure 2. The specific steps are as follows:

①将处理器的安全初始化指令(SINIT)和DM加载到内存当中,对处理器进行初始化;① Load the processor's security initialization instruction (SINIT) and DM into the memory to initialize the processor;

②执行安全进入指令(SENTER),该指令运行后原处理器中所有的运算等活动全部停止,准备进入受保护的分区;② Execute the safe entry command (SENTER), after the command runs, all operations and other activities in the original processor are all stopped, and it is ready to enter the protected partition;

③处理器从第①步所述的内存中加载SINIT指令,利用处理器厂家的公钥对SINIT指令进行认证,通过认证后启动SINIT指令;③The processor loads the SINIT instruction from the memory described in step ①, uses the public key of the processor manufacturer to authenticate the SINIT instruction, and starts the SINIT instruction after passing the authentication;

④SINIT指令检测主要硬件配置是否正确,此时是在受保护的区域内运行,同时将经过认证后的SINIT指令的完整性校验值存储在TPM相应的平台配置寄存器(PCR)中;④ The SINIT instruction detects whether the main hardware configuration is correct, and at this time it is running in a protected area, and at the same time stores the integrity check value of the authenticated SINIT instruction in the corresponding platform configuration register (PCR) of the TPM;

⑤SINIT指令对第①步内存中的DM进行完整性校验,通过后调用DM,并且将DM的完整性校验值也存储在TPM相应的PCR中;⑤The SINIT command performs the integrity check on the DM in the memory in step ①, calls the DM after passing, and stores the integrity check value of the DM in the corresponding PCR of the TPM;

⑥DM进行初始化,将操作权交给DM,由DM管理受保护的内存分区。⑥ DM initializes, and gives the operation right to DM, and DM manages the protected memory partition.

在上述启动过程中,SINIT执行的目的是检测不正确配置的硬件;SENTER过程用来确保启动没有干扰;DM的校验是指由SENTER对DM进行校验操作,检测对域管理器的篡改;注册DM是指SENTER把DM的校验值存储到TPM中;认证码用来检测不正确的硬件配置,其中包括芯片组,直到芯片组配置被验证后,内存才被信赖;认证码由芯片组厂家采用非对称密钥的私钥进行签名,认证时,认证码在专门的硬件保护区域内通过数字签名的公钥进行认证。In the above startup process, the purpose of SINIT execution is to detect incorrectly configured hardware; the SENTER process is used to ensure that there is no interference in startup; DM verification refers to the verification operation of DM by SENTER to detect tampering with the domain manager; Registering DM means that SENTER stores the verification value of DM in TPM; the authentication code is used to detect incorrect hardware configuration, including the chipset, and the memory is not trusted until the chipset configuration is verified; the authentication code is determined by the chipset The manufacturer uses the private key of the asymmetric key to sign, and the authentication code is authenticated by the public key of the digital signature in a special hardware protection area.

注意到上面的过程中,加载SINIT和DM过程存在安全漏洞:由于第①步SINIT指令和DM放在不受保护的内存区域当中,因此病毒程序可能对其进行攻击,这样在第③步校验SINIT完整性校验值和第⑤步校验DM完整性校验值时,其无法通过校验,在不重新启动计算平台的状况下永远无法进入安全操作系统状态。Note that in the above process, there is a security hole in the process of loading SINIT and DM: since the SINIT instruction and DM are placed in the unprotected memory area in step ①, virus programs may attack it, so in step ③ check When the SINIT integrity check value and the 5th step verify the DM integrity check value, it cannot pass the check, and can never enter the safe operating system state without restarting the computing platform.

有鉴于此,需要对在启动受保护分区的过程中对SINIT指令和DM提供进一步的保护,从而增强整个启动受保护分区方法的安全性。In view of this, it is necessary to provide further protection for the SINIT instruction and DM during the process of booting the protected partition, so as to enhance the security of the entire method of booting the protected partition.

发明内容 Contents of the invention

本发明的目的是,提供一种启动受保护分区的方法,解决现有技术中启动受保护分区过程安全初始化指令和域管理器加载的存储区域容易受到软件病毒攻击,从而影响整个启动过程安全性的问题。The purpose of the present invention is to provide a method for starting a protected partition, which solves the problem that in the prior art, the security initialization instruction and the storage area loaded by the domain manager are vulnerable to software virus attacks, thereby affecting the security of the entire startup process. The problem.

为了实现上述目的,本发明的启动受保护分区的方法,包括以下步骤:In order to achieve the above object, the method for starting the protected partition of the present invention comprises the following steps:

步骤100,将安全初始化指令和域管理器中至少安全初始化指令加载到第一安全存储区域;Step 100, loading the security initialization instruction and at least the security initialization instruction in the domain manager into the first security storage area;

步骤110,准备并执行处理器的安全进入指令;Step 110, preparing and executing a security entry command of the processor;

步骤120,从第一安全存储区域加载安全初始化指令并对所述安全初始话指令进行完整性校验,在完整性校验通过后运行安全初始化指令,并将完整性校验值存储在第一或第二安全存储区域;Step 120, load the security initialization command from the first security storage area and perform an integrity check on the security initialization command, run the security initialization command after the integrity check is passed, and store the integrity check value in the first or a second secure storage area;

步骤130,从第一安全存储区域中、或从存储域管理器的存储介质中将域管理器加载到第一或第二安全存储区域后,对所述域管理器进行完整性校验,并且将完整性校验值存储在第一、或第二安全存储区域;Step 130, after loading the domain manager into the first or second secure storage area from the first secure storage area or from the storage medium storing the domain manager, perform an integrity check on the domain manager, and storing the integrity check value in the first or second secure storage area;

步骤140,调用域管理器进行初始化,管理受保护的分区。Step 140, calling the domain manager to initialize and manage the protected partitions.

本发明的另一种启动受保护分区的方法,包括以下步骤:Another method for starting a protected partition of the present invention includes the following steps:

步骤200,对处理器进行初始化,准备并执行安全进入指令;Step 200, initialize the processor, prepare and execute the security entry command;

步骤210,将安全初始化指令和域管理器中至少安全初始化指令发送到第一安全存储区域,利用Hash算法进行完整性校验,并将完整性校验值存储在第一或第二安全存储区域;Step 210, send the security initialization instruction and at least the security initialization instruction in the domain manager to the first security storage area, use the Hash algorithm to perform integrity check, and store the integrity check value in the first or second security storage area ;

步骤220,从存储介质中加载安全初始化指令,,对所述安全初始化指令进行认证码方式的完整性校验认证,通过完整性校验后启动安全初始化指令,并将完整性校验值存储在第一或第二安全存储区域中;Step 220, load the security initialization instruction from the storage medium, perform the integrity check and authentication of the authentication code on the security initialization instruction, start the security initialization instruction after passing the integrity check, and store the integrity check value in in the first or second secure storage area;

步骤230,将域管理器加载到第一或第二安全存储区域,进行完整性校验,通过后调用域管理器,并将完整性校验值存储在第一、第二或第三安全存储区域中;Step 230, load the domain manager into the first or second safe storage area, perform an integrity check, call the domain manager after passing, and store the integrity check value in the first, second or third safe storage area in the area;

步骤240,调用域管理器进行初始化,管理受保护的内存分区。Step 240, calling the domain manager to initialize and manage the protected memory partition.

与现有技术相比,本发明的有益效果是:在原有启动受保护分区的方法的基础上,通过在加载SINIT和DM时利用Hash算法对其进行完整性校验,确保加载的SINIT和DM的完整性,进一步,通过在安全的存储区域内进行SINIT和DM的完整性校验,并将完整性校验值存储在安全存储区域中,可以使其免受病毒程序的攻击,从而保证了启动受保护分区过程的安全性。Compared with the prior art, the beneficial effect of the present invention is: on the basis of the original method for starting the protected partition, by using the Hash algorithm to check the integrity of the loaded SINIT and DM, it is ensured that the loaded SINIT and DM further, by performing the integrity check of SINIT and DM in the safe storage area, and storing the integrity check value in the safe storage area, it can be protected from virus program attacks, thereby ensuring Security to start the protected partition process.

附图说明 Description of drawings

图1示出了LT技术中由正常的Windows分区切换到受保护的Windows分区后的系统示意图;Fig. 1 shows the schematic diagram of the system after switching from a normal Windows partition to a protected Windows partition in the LT technology;

图2示出了现有技术启动受保护分区的方法的流程图;FIG. 2 shows a flowchart of a method for starting a protected partition in the prior art;

图3为本发明在内存保留区中启动安全分区的方法的第1例子的流程图;Fig. 3 is the flow chart of the first example of the method for starting the security partition in the reserved memory area of the present invention;

图4为本发明在内存保留区中启动安全分区的方法的第2例子的流程图;Fig. 4 is the flow chart of the second example of the method for starting the security partition in the reserved memory area of the present invention;

图5为本发明在内存保留区中启动安全分区的方法的第3例子的流程图;Fig. 5 is the flow chart of the third example of the method for starting the secure partition in the reserved memory area of the present invention;

图6为本发明在TPM中对SINIT和DM进行完整性校验的启动受保护分区的方法的流程图;Fig. 6 is the flow chart of the method for starting the protected partition that SINIT and DM are carried out integrity verification in TPM of the present invention;

图7为本发明启动受保护分区的方法中由TPM进行完整性校验的流程,其中,校验值存储在CPU或芯片组硬件中预留的寄存器内;Fig. 7 is the process of performing integrity verification by TPM in the method for starting a protected partition according to the present invention, wherein the verification value is stored in a register reserved in the CPU or chipset hardware;

图8为本发明启动受保护分区方法中由TPM进行完整性校验的流程,其中,校验值存储在TPM中预留的寄存器内;Fig. 8 is the process of performing integrity verification by TPM in the method for starting a protected partition according to the present invention, wherein the verification value is stored in a register reserved in the TPM;

图9为本发明启动受保护分区方法中由TPM来对SINIT进行完整性校验,然后在清空的内存内进行DM完整性校验的流程。FIG. 9 is a process of performing integrity check on SINIT by TPM in the method for starting a protected partition of the present invention, and then performing DM integrity check in the cleared memory.

具体实施方式 Detailed ways

为了便于本领域普通技术人员理解与实施本发明,下面参照附图描述本发明的基于LT技术的启动受保护分区的方法。In order to make it easier for those skilled in the art to understand and implement the present invention, the method for starting a protected partition based on LT technology of the present invention will be described below with reference to the accompanying drawings.

在本发明中,为了填补现有技术在启动安全分区时的漏洞,提出了两种解决方案,即,后面将要分别描述的内存隔离法以及TPM执行完整性校验两种方法。In the present invention, in order to fill the loopholes in the prior art when starting the security partition, two solutions are proposed, that is, the memory isolation method and the TPM execution integrity verification method which will be described later.

内存隔离法memory isolation

对于内存隔离法,本发明在内存物理上提供特殊的内存空间,该空间只能由CPU的特定的硬件指令访问,而软件无法使用该内存空间。所说的特定硬件指令只能由相应的SINIT等LT指令调用。为了方便描述,后续将该特殊的内存空间称为内存保留区。For the memory isolation method, the present invention physically provides a special memory space in the memory, which can only be accessed by specific hardware instructions of the CPU, and software cannot use the memory space. Said specific hardware instructions can only be called by corresponding LT instructions such as SINIT. For the convenience of description, this special memory space will be referred to as a memory reserved area later.

上述的内存保留区可以通过如下的方法实现:The above memory reserved area can be realized by the following methods:

首先对内存的某些地址线(如低端地址线或者片选信号线)在进行地址译码时增加控制逻辑,控制逻辑判断当前指令是否为LT指令,如果是则允许访问,否则不允许访问。这部分地址对来自CPU的访问有一定的限制,预留给特殊的指令访问。然后,在BIOS启动阶段,这些受到特殊指令访问保护的内存空间被分配给特定指令使用。First, add control logic to certain address lines of the memory (such as low-end address lines or chip select signal lines) when decoding addresses. The control logic judges whether the current instruction is an LT instruction. If it is, access is allowed, otherwise access is not allowed . This part of the address has certain restrictions on access from the CPU and is reserved for special instruction access. Then, during the BIOS startup phase, these memory spaces protected by special instruction access are allocated for use by specific instructions.

通过上述的实现方法,这样分配的内存保留区就只能由LT指令控制,从而防止外部代码的攻击其存储的内容。Through the above implementation method, the reserved memory area allocated in this way can only be controlled by the LT instruction, thereby preventing external codes from attacking its stored content.

以下将参考图3至图5说明本发明采用内存保留区启动安全分区的方法。The method for starting the security partition by using the reserved memory area of the present invention will be described below with reference to FIG. 3 to FIG. 5 .

图3为本发明在内存保留区中启动安全分区的方法的第1例子的流程图。如图3所示,本发明启动受保护分区的方法包括以下步骤:FIG. 3 is a flow chart of a first example of the method for activating a secure partition in a memory reserved area according to the present invention. As shown in Figure 3, the method for starting the protected partition of the present invention comprises the following steps:

1)首先利用Hash算法对存储在硬盘或其他存储介质中的SINIT指令和DM进行完整性校验。1) Firstly, use the Hash algorithm to check the integrity of the SINIT instruction and DM stored in the hard disk or other storage media.

2)将通过完整性校验的SINIT指令或DM加载到内存保留区当中,对处理器进行初始化。如果DM过大,那么只加载SINIT指令。2) Load the SINIT instruction or DM that has passed the integrity check into the reserved memory area, and initialize the processor. If the DM is too large, only the SINIT instruction is loaded.

3)执行SENTER指令,该指令运行后原处理器中所有的运算等活动全部停止,准备进入受保护的环境。3) Execute the SENTER instruction. After the instruction runs, all calculations and other activities in the original processor are all stopped, and it is ready to enter the protected environment.

4)处理器在第2)步的内存保留区中加载SINIT指令,利用处理器厂家的公钥对SINIT指令进行认证,通过认证后启动SINIT指令。4) The processor loads the SINIT instruction in the memory reserved area of step 2), uses the public key of the processor manufacturer to authenticate the SINIT instruction, and starts the SINIT instruction after passing the authentication.

5)SINIT指令检测主要硬件配置是否正确,此时是在内存保留区中运行,同时将经过认证后的SINIT指令的完整性校验值存储在TPM相应的平台配置寄存器中,清空内存保留区的内存。注意,本步骤5)中所指的完整性校验为现有LT技术启动安全分区方法中对SINIT指令进行认证码方式的完整性校验,与步骤1)中采用Hash算法对SINIT和DM进行的完整性校验方式不同。5) The SINIT command checks whether the main hardware configuration is correct. At this time, it is running in the memory reserved area. At the same time, the integrity check value of the authenticated SINIT command is stored in the corresponding platform configuration register of the TPM, and the memory reserved area is cleared. Memory. Note that the integrity check referred to in this step 5) is the integrity check of the SINIT command in the authentication code mode in the existing LT technology startup security partition method, and the Hash algorithm is used to perform SINIT and DM in step 1). The integrity check method is different.

6)如果DM已经加载,则SINIT指令对第2)步内存保留区中的DM进行完整性校验,在完整性校验通过后调用DM,并且将DM的完整性校验值也存储在TPM相应的PCR中;否则将DM调入内存保留区后再对DM进行完整性校验,在完整性校验通过后调用DM,并且将DM的完整性校验值也存储在TPM相应的PCR中。注意,本步骤6)中所指的完整性校验为现有LT技术启动安全分区方法中对DM进行认证码方式的完整性校验,与步骤1)中采用Hash算法对SINIT和DM进行的完整性校验方式不同。6) If the DM has been loaded, the SINIT instruction performs integrity check on the DM in the memory reserved area in step 2), calls the DM after the integrity check is passed, and stores the integrity check value of the DM in the TPM In the corresponding PCR; otherwise, transfer the DM to the memory reserved area and then perform integrity verification on the DM, call the DM after the integrity verification passes, and store the integrity verification value of the DM in the corresponding PCR of the TPM . Note that the integrity check referred to in this step 6) is the integrity check of the authentication code mode for DM in the existing LT technology startup security partition method, and the Hash algorithm is used for SINIT and DM in step 1). The integrity check method is different.

7)DM进行初始化,将操作权交给DM,由DM管理受保护的内存分区。7) The DM initializes, hands over the operation right to the DM, and manages the protected memory partitions by the DM.

在上述第1例子中,通过在加载SINIT和DM之前利用Hash算法对其进行完整性校验,可以保证所加载的SINIT和DM为完整的SINIT和DM。并且,通过完整性校验的SINIT和DM的完整性校验值存储在TPM的特定PCR中,可以避免其在启动过程中完整性受到破坏。因此,可以进一步提高了SINIT和DM的可靠性。In the first example above, by using the Hash algorithm to check the integrity of the SINIT and DM before loading them, it can be ensured that the loaded SINIT and DM are complete SINIT and DM. Moreover, the SINIT and the integrity check value of the DM that have passed the integrity check are stored in a specific PCR of the TPM, which can prevent its integrity from being damaged during the startup process. Therefore, the reliability of SINIT and DM can be further improved.

上述第1例子的流程中,可以做以下修饰或者变化:In the process of the first example above, the following modifications or changes can be made:

a.在步骤1)中进行SINIT和DM的完整性校验后,也可以不用存储在特定的内存保留区中,因为可以认为此时的SINIT和DM是完整的。a. After the integrity check of SINIT and DM is performed in step 1), it may not be stored in a specific memory reserved area, because it can be considered that SINIT and DM are complete at this time.

b.当SINIT和DM中任何一个未通过完整性校验时,可以采用自动修复的方式对其进行修复。所谓的自动修复是通过用备份在计算机系统中的SIINIT和DM覆盖完整性被破坏的SINIT或DM来实现,保证加载之前SINIT指令和DM在存储介质上的完整性,避免被病毒或黑客工具攻击。b. When any one of SINIT and DM fails the integrity check, it can be repaired by means of automatic repair. The so-called automatic repair is realized by covering the damaged SINIT or DM with the SIINIT and DM backed up in the computer system, ensuring the integrity of the SINIT instruction and DM on the storage medium before loading, and avoiding being attacked by viruses or hacker tools .

c.步骤1)中SINIT和DM可以不用同时进行完整性校验,可以在对SINIT完整性校验并加载后,再对DM进行校验;c. In step 1), SINIT and DM do not need to perform integrity verification at the same time, and can verify DM after SINIT integrity verification and loading;

d.上述步骤5)和步骤6)中的SINIT和DM的完整性校验值可以不用存储在TPM中的特定PCR中,可以存储在上述的内存保留区中为其分配的相应区域中,这部分区域在清空内存保留区的内存时不受影响。d. above-mentioned steps 5) and step 6) the integrity check value of SINIT and DM can not be stored in the specific PCR in the TPM, can be stored in the corresponding area that it allocates in the above-mentioned memory reserved area, this Some areas are not affected when the memory in the reserved area is cleared.

图4为本发明在内存保留区中启动安全分区的方法的第2例子的流程图。如图4所示,该方法具体包括以下步骤:FIG. 4 is a flow chart of a second example of the method for activating a secure partition in a memory reserved area according to the present invention. As shown in Figure 4, the method specifically includes the following steps:

步骤41,在BIOS启动阶段,分别为SINIT和DM分配相应的内存保留区,即,SINIT内存保留区和DM内存保留区;Step 41, in the BIOS start-up stage, allocate corresponding memory reserved areas for SINIT and DM respectively, that is, SINIT memory reserved area and DM memory reserved area;

步骤42,将SINIT和DM加载到SINIT内存保留区和DM内存保留区;Step 42, SINIT and DM are loaded into the SINIT memory reserved area and the DM memory reserved area;

步骤43,分别在SINIT内存保留区和DM内存保留区,利用Hash算法对SINIT和DM进行完整性校验,校验值分别存储在SINIT内存保留区和DM内存保留区;Step 43, in the SINIT memory reserved area and the DM memory reserved area, use the Hash algorithm to check the integrity of SINIT and DM, and the check values are respectively stored in the SINIT memory reserved area and the DM memory reserved area;

步骤44,运行LT的安全清除指令SCLEAR,该指令清空内存保留区之外的其他内存区域;Step 44, run the security clear instruction SCLEAR of LT, and this instruction clears other memory areas outside the reserved memory area;

步骤45,依次启用SINIT和DM,在DM进行初始化后,将操作权交给DM,由DM管理受保护的分区。Step 45, enable SINIT and DM in turn, and after DM initializes, hand over the operation right to DM, and DM manages the protected partition.

从图4中的流程图可以看出,与图2中的启动受保护分区的方法相比,本发明启动受保护分区的方法中,将SINIT和DM分别加载到为其分配的SINIT内存保留区和DM内存保留区,并分别在SINIT内存保留区和DM内存保留区内进行完整性校验,然后把校验值分别存储在SINIT内存保留区和DM内存保留区内。可以有效避免SINIT和DM受到病毒攻击,提高SINIT和DM的可靠性。As can be seen from the flowchart in Fig. 4, compared with the method for starting the protected partition in Fig. 2, in the method for starting the protected partition of the present invention, SINIT and DM are respectively loaded into the SINIT memory reserved area allocated for it and DM memory reserved area, and perform integrity verification in the SINIT memory reserved area and DM memory reserved area respectively, and then store the check value in the SINIT memory reserved area and DM memory reserved area respectively. It can effectively prevent SINIT and DM from being attacked by viruses, and improve the reliability of SINIT and DM.

并且,在这里,可以通过采用Hash算法对加载在内存保留区中的SINIT和DM进行完整性校验来代替现有启动受保护分区的方法中对SINIT和DM的完整性校验,省略了第1例子中的第二次完整性校验,从而,在保证SINIT和DM的完整性的情况下,简化了启动受保护分区的过程。And, here, the integrity check of SINIT and DM in the existing method of starting the protected partition can be replaced by using the Hash algorithm to check the integrity of SINIT and DM loaded in the reserved memory area, omitting the second 1 example, the second integrity check, thus simplifying the process of starting the protected partition under the condition of ensuring the integrity of SINIT and DM.

当然,可以在从内存保留区中加载SINIT和/或DM后进行现有启动受保护分区的方法中所采用的完整性校验,以进一步保证加载过程中SINIT和DM的完整性未受到破坏。Of course, the integrity check used in the existing method for booting the protected partition can be performed after loading SINIT and/or DM from the reserved memory area, so as to further ensure that the integrity of SINIT and DM is not damaged during the loading process.

图5为本发明在内存保留区中启动安全分区的方法的第3例子的流程图。当DM需要的内存空间较大的时候,可以先加载SINIT后加载DM。如图5所示,为先加载SINIT后加载DM的例子,该方法具体包括以下步骤:FIG. 5 is a flow chart of a third example of the method for activating a secure partition in a memory reserved area according to the present invention. When the memory space required by DM is large, you can load SINIT first and then load DM. As shown in Figure 5, it is an example of loading SINIT first and then loading DM. The method specifically includes the following steps:

步骤51,在BIOS启动阶段,分别为SINIT分配内存保留区,即,SINIT内存保留区;Step 51, in the BIOS start-up phase, respectively allocate a memory reserved area for SINIT, that is, a SINIT memory reserved area;

步骤52,将SINIT加载到SINIT内存保留区,利用Hash算法对SINIT进行完整性校验,校验值保存在SINIT内存保留区;Step 52, loading the SINIT into the SINIT memory reserved area, utilizing the Hash algorithm to check the integrity of the SINIT, and storing the check value in the SINIT memory reserved area;

步骤53,运行LT的安全清除指令SCLEAR,该指令清空SINIT内存保留区之外的其他内存区域;Step 53, run the security clear command SCLEAR of LT, and this command clears other memory areas other than the SINIT memory reserved area;

步骤54,从SINIT内存保留区中调用SINIT,启动SINIT;Step 54, call SINIT from the SINIT memory reserved area, start SINIT;

步骤55,将DM加载到清空后的某一内存空间,利用Hash算法对DM进行完整性校验,将校验值保存在该内存空间内或者TPM相应的PCR中,然后启用DM;Step 55, loading the DM into a certain memory space after clearing, using the Hash algorithm to check the integrity of the DM, saving the check value in the memory space or in the corresponding PCR of the TPM, and then enabling the DM;

步骤56,在DM进行初始化后,将操作权交给DM,由DM管理受保护的分区。Step 56, after the DM initializes, hand over the operation right to the DM, and the DM manages the protected partition.

对于第3例子,上述步骤可以进行如下修饰和变化:For the third example, the above steps can be modified and changed as follows:

a.步骤54中,在调用SINIT后,可以首先与步骤52中的校验值进行比较,在一致的情况下,启动SINIT。a. In step 54, after invoking SINIT, it can be compared with the verification value in step 52 first, and in the case of consistency, start SINIT.

b.步骤52中,在加载SINIT后,可以不利用Hash算法对SINIT进行完整性校验,而在将其从SINIT内存保留区调用后,再进行完整性校验,并将完整性校验值存储在TPM相应的PCR中,或者SINIT内存保留区中。b. In step 52, after loading SINIT, you can not use the Hash algorithm to carry out integrity check on SINIT, but after it is called from the SINIT memory reserved area, carry out integrity check again, and the integrity check value Stored in the corresponding PCR of the TPM, or in the reserved area of the SINIT memory.

TPM执行完整性校验TPM performs integrity checks

上述实施例针对在内存保留区中进行SINIT和DM的完整性校验的启动受保护分区的方法进行了描述,以下将结合实施例对在TPM中进行完整性校验的启动受保护分区的方法进行说明。The above-mentioned embodiment has described the method for starting the protected partition that performs the integrity check of SINIT and DM in the reserved memory area, and the method for starting the protected partition that performs the integrity check in the TPM will be described below in conjunction with the embodiment Be explained.

如图6所示,为本发明在TPM中对SINIT和DM进行完整性校验的启动受保护分区的方法的流程图,该方法包含以下步骤:As shown in Figure 6, it is the flow chart of the method for starting the protected partition that SINIT and DM are carried out integrity verification in TPM for the present invention, and this method comprises the following steps:

步骤61,对处理器进行初始化,准备执行SENTER指令;Step 61, initialize the processor and prepare to execute the SENTER instruction;

步骤62,执行SENTER指令,该指令运行后原处理器中所有的运算等活动全部停止,准备进入受保护的环境;Step 62, execute the SENTER instruction, and after the instruction runs, all calculations and other activities in the original processor are all stopped, and ready to enter the protected environment;

步骤63,将SINIT指令或DM利用TPM_HASH指令发送到TPM,由TPM利用Hash算法对其完整性进行校验,并将校验值存储在TPM或CPU相应寄存器中,从而保证加载之前SINIT或DM的完整性,避免被病毒或黑客工具攻击,如果DM过大,那么只加载SINIT指令;Step 63, send the SINIT instruction or DM to the TPM using the TPM_HASH instruction, and the TPM uses the Hash algorithm to check its integrity, and store the check value in the corresponding register of the TPM or CPU, so as to ensure that the previous SINIT or DM is loaded. Integrity, to avoid being attacked by viruses or hacking tools, if the DM is too large, then only load the SINIT instruction;

步骤64,处理器直接从硬盘或其他存储介质加载SINIT指令,利用处理器厂家的公钥对SINIT指令进行认证,通过认证后启动SINIT指令;Step 64, the processor directly loads the SINIT instruction from the hard disk or other storage media, uses the public key of the processor manufacturer to authenticate the SINIT instruction, and starts the SINIT instruction after passing the authentication;

步骤65,SINIT指令检测主要硬件配置是否正确,此时是在特殊受保护的区域内运行,同时将经过认证后的SINIT指令的完整性校验值存储在TPM相应的PCR中,清空内存;Step 65, the SINIT instruction detects whether the main hardware configuration is correct. At this time, it runs in a special protected area, and simultaneously stores the integrity check value of the authenticated SINIT instruction in the corresponding PCR of the TPM, and clears the memory;

步骤66,SINIT指令加载DM,对DM进行完整性校验,通过后调用DM,并且将DM的完整性校验值也存储在TPM相应的PCR中;Step 66, load the DM with the SINIT instruction, perform an integrity check on the DM, call the DM after passing, and store the integrity check value of the DM in the corresponding PCR of the TPM;

步骤67,DM进行初始化,将操作权交给DM,由DM管理受保护的内存分区。In step 67, the DM performs initialization, and gives the operation right to the DM, and the DM manages the protected memory partition.

上述方法中,TPM执行完整性校验的关键在于由于TPM内部具有散列算法模块,而且执行过程完全在芯片内部完成,外部无法探测,因此可以将SINIT和DM的完整性校验通过只能由硬件发出给TPM的Hash指令交由TPM完成。In the above method, the key to the integrity check performed by the TPM is that the TPM has a hash algorithm module inside, and the execution process is completely completed inside the chip, which cannot be detected externally. Therefore, the integrity check of SINIT and DM can only be passed by The Hash command sent by the hardware to the TPM is completed by the TPM.

对于上述方法,存在相应的修饰或者改变的方案:For the above method, there is a corresponding modification or change scheme:

可以在初始化处理器之前进行SINIT和DM的完整性校验,即,在初始化处理器之前,同时或者依次在TPM中进行SINIT和DM的完整性校验,将完整性校验值分别存储在处理器或TPM中预定的寄存器中;The integrity checks of SINIT and DM can be performed before the processor is initialized, that is, before the processor is initialized, the integrity checks of SINIT and DM are performed in the TPM at the same time or in sequence, and the integrity check values are stored in the processing In the predetermined register in the device or TPM;

然后,在初始化处理器之后,执行SENTER指令,利用处理器厂家的公钥对SINIT指令进行认证,通过认证后启动SINIT指令;Then, after initializing the processor, execute the SENTER command, use the public key of the processor manufacturer to authenticate the SINIT command, and start the SINIT command after passing the certification;

接下来,SINIT指令调用DM,DM进行初始化,将操作权交给DM,由DM管理受保护的内存分区。Next, the SINIT instruction calls the DM, and the DM performs initialization, and hands over the operation right to the DM, and the DM manages the protected memory partition.

上述方法中,根据SINIT和DM校验后的数值存储区域的不同,以及DM加载到的区域不同,又分为3个不同的流程,分别如图7、图8和图9所示。In the above method, according to the difference in the value storage area after SINIT and DM verification, and the difference in the area where DM is loaded, it is divided into three different processes, as shown in Fig. 7, Fig. 8 and Fig. 9 respectively.

其中,图7表示,在CPU或芯片组硬件中预留SINIT和DM的校验寄存器,当需要对SINIT和DM进行完整性校验时,由CPU或芯片组发出相应的TPM Hash指令,由TPM来对SINIT和DM进行完整性校验,将校验后的数值存储在SINIT和DM的校验寄存器,而不用将SINIT和DM加载到内存后,由CPU在内存中完成完整性校验。Wherein, Fig. 7 shows, the check register of SINIT and DM is reserved in CPU or chip set hardware, when needing to SINIT and DM integrity checking, send corresponding TPM Hash command by CPU or chip set, by TPM To check the integrity of SINIT and DM, and store the checked values in the check registers of SINIT and DM, instead of loading SINIT and DM into the memory, the CPU completes the integrity check in the memory.

图8表示,在需要对SINIT和DM进行完整性校验时,由CPU或芯片组相应的TPM Hash指令发给TPM,由TPM来对SINIT和DM进行完整性校验,并将校验值存储在TPM内部的对应寄存器中,然后读取预先保存的比较基准校验值验证其完整性。Figure 8 shows that when the integrity verification of SINIT and DM is required, the corresponding TPM Hash command of the CPU or chipset is sent to the TPM, and the TPM performs the integrity verification of SINIT and DM, and stores the verification value In the corresponding register inside the TPM, then read the pre-saved comparison reference check value to verify its integrity.

图9表示,在DM文件较大的情况下,用TPM对其进行校验需要很长时间,因而,可以先对SINIT进行完整性校验。当对SINIT进行完整性校验时,由CPU或芯片组发出相应的TPM Hash指令,直接使用TPM对SINIT进行完整性校验,将校验值存储在TPM内部的寄存器中,然后读取相应的校验值验证其完整性。验证完SINIT的完整性后,进入SENTER阶段,启动SINIT,清空内存,将DM加载到清空的内存中,对DM进行完整性校验,并运行。Figure 9 shows that in the case of a large DM file, it takes a long time to verify it with the TPM, therefore, the integrity verification of SINIT can be performed first. When checking the integrity of SINIT, the CPU or chipset issues a corresponding TPM Hash command, directly uses the TPM to check the integrity of SINIT, stores the check value in the internal register of the TPM, and then reads the corresponding The checksum verifies its integrity. After verifying the integrity of SINIT, enter the SENTER stage, start SINIT, clear the memory, load DM into the cleared memory, check the integrity of DM, and run it.

综上所述,本发明启动受保护分区方法中,SINIT和DM加载和校验都在安全的存储区域进行,从而使其免受病毒程序可能对其进行攻击,从而保证了启动受保护分区过程的安全性。In summary, in the method for starting the protected partition of the present invention, SINIT and DM loading and verification are all carried out in a safe storage area, so that it is protected from possible attacks by virus programs, thereby ensuring the process of starting the protected partition security.

值得注意的是,在本发明中所指的计算机系统,指的是这样一些基于处理器的系统,比如台式计算机、笔记本电脑、服务器、顶置盒或者其他一些类似的设备。在本发明的具体实施例中,所述的计算机系统通常包含支持LT技术的处理器。但是需要指出的是,本发明完全可以应用于其他一些含有支持类似安全计算环境的处理器的计算机系统。It should be noted that the computer system referred to in the present invention refers to such processor-based systems, such as desktop computers, notebook computers, servers, set-top boxes or other similar devices. In a specific embodiment of the present invention, the computer system generally includes a processor supporting LT technology. However, it should be pointed out that the present invention can be applied to other computer systems including processors supporting similar secure computing environments.

Claims (10)

1. method that starts protected partition may further comprise the steps:
Step 100, with in security initialization instruction and the domain manager at least security initialization instruction be loaded into first secure storage section;
The safe entry instruction of processor is prepared and carried out to step 110;
Step 120, load security initialization instruction and described safety is initially talked about instruction carry out completeness check from first secure storage section, pass through back security of operation initialization directive at completeness check, and integrity check value is stored in first or second secure storage section;
Step 130, after from first secure storage section or from the storage medium of storage domain manager, domain manager being loaded into first or second secure storage section, described domain manager is carried out completeness check, and integrity check value is stored in first or second secure storage section;
Step 140 is called domain manager and is carried out initialization, manages shielded subregion.
2. the method for claim 1 is characterized in that, before step 100 security initialization instruction and the domain manager that is stored in the storage medium is carried out completeness check, if pass through completeness check, then execution in step 100, if not by completeness check, then repair automatically.
3. method as claimed in claim 1 or 2 is characterized in that, between step 100 and 110 security initialization instruction at least that is loaded in first secure storage section is carried out completeness check, and integrity check value is stored in first secure storage section.
4. the method for claim 1 is characterized in that, between step 120 and 130 security initialization instruction at least that is loaded in first secure storage section is carried out completeness check, and integrity check value is stored in first secure storage section.
5. the method for claim 1 is characterized in that, first secure storage section is the save memory, and second secure storage section is a platform configuration register predetermined in the trusted platform module.
6. the method for claim 1 is characterized in that, above-mentioned completeness check is the completeness check of authentication code mode or the completeness check that utilizes hash algorithm.
7. method that starts protected partition may further comprise the steps:
Step 200 is carried out initialization to processor, prepares and carry out safe entry instruction;
Step 210, with in security initialization instruction and the domain manager at least security initialization instruction send to first secure storage section, utilize hash algorithm to carry out completeness check, and integrity check value be stored in first or second secure storage section;
Step 220, from storage medium, load security initialization instruction, described security initialization instruction is carried out the completeness check authentication of authentication code mode, by starting security initialization instruction behind the completeness check, and integrity check value is stored in first or second secure storage section;
Step 230 is loaded into first or second secure storage section with domain manager, carries out completeness check, by after call domain manager, and integrity check value is stored in first, second or the 3rd secure storage section;
Step 240 is called domain manager and is carried out initialization, manages shielded memory partitioning.
8. in accordance with the method for claim 7, it is characterized in that described first secure storage section is a trusted platform module.
9. method as claimed in claim 7 is characterized in that, described second secure storage section is the predetermined register of processor.
10. method as claimed in claim 7 is characterized in that, described the 3rd secure storage section is the save memory.
CNB2006100077691A 2006-02-20 2006-02-20 Method for starting protected partition Expired - Lifetime CN100504897C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100077691A CN100504897C (en) 2006-02-20 2006-02-20 Method for starting protected partition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100077691A CN100504897C (en) 2006-02-20 2006-02-20 Method for starting protected partition

Publications (2)

Publication Number Publication Date
CN101025770A CN101025770A (en) 2007-08-29
CN100504897C true CN100504897C (en) 2009-06-24

Family

ID=38744063

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100077691A Expired - Lifetime CN100504897C (en) 2006-02-20 2006-02-20 Method for starting protected partition

Country Status (1)

Country Link
CN (1) CN100504897C (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103679037B (en) * 2013-12-05 2017-09-26 长城信息产业股份有限公司 Asymmetric encryption authentication method and the embedded device based on asymmetric encryption certification
US9565250B2 (en) * 2014-05-30 2017-02-07 Microsoft Technology Licensing, Llc Data transfer service
CN105046116B (en) * 2015-06-25 2018-07-31 上海斐讯数据通信技术有限公司 Protect dex files not by the method for decompiling in android system
DE102015223335A1 (en) * 2015-11-25 2017-06-01 Robert Bosch Gmbh Method for operating a microcontroller
CN105786588A (en) * 2016-02-22 2016-07-20 中南大学 Remote authentication method for cleanroom trusted virtual machine monitor
CN108932249B (en) * 2017-05-24 2021-02-12 华为技术有限公司 Method and device for managing file system
CN109542518B (en) * 2018-10-09 2020-12-22 华为技术有限公司 Chip and method of starting the chip
CN111399926A (en) * 2018-12-13 2020-07-10 北汽福田汽车股份有限公司 Method and device for downloading starting program
CN110298145B (en) * 2019-06-28 2022-03-18 兆讯恒达科技股份有限公司 Firmware program loading protection method based on public key cryptographic algorithm

Also Published As

Publication number Publication date
CN101025770A (en) 2007-08-29

Similar Documents

Publication Publication Date Title
EP3125149B1 (en) Systems and methods for securely booting a computer with a trusted processing module
US8201239B2 (en) Extensible pre-boot authentication
US8909940B2 (en) Extensible pre-boot authentication
JP5390703B2 (en) Providing integrity verification and proof in a hidden execution environment
US7380136B2 (en) Methods and apparatus for secure collection and display of user interface information in a pre-boot environment
US7421588B2 (en) Apparatus, system, and method for sealing a data repository to a trusted computing platform
JP6142027B2 (en) System and method for performing protection against kernel rootkits in a hypervisor environment
US7962738B2 (en) Hypervisor runtime integrity support
US7974416B2 (en) Providing a secure execution mode in a pre-boot environment
JP4486288B2 (en) Program, method, memory controller, apparatus and computer for safely executing a trusted core initialization process in a computer
EP1975836B1 (en) Server active management technology (AMT) assisted secure boot
CN103718165B (en) BIOS flash memory attack protection and notice
CN100489728C (en) Method for establishing trustable operational environment in a computer
US8726364B2 (en) Authentication and access protection of computer boot modules in run-time environments
US9361462B2 (en) Associating a signing key with a software component of a computing platform
KR101359841B1 (en) Methods and apparatus for trusted boot optimization
US8522018B2 (en) Method and system for implementing a mobile trusted platform module
JP5346608B2 (en) Information processing apparatus and file verification system
CN101464934B (en) Mutual binding and authenticating method for computer platform and storage device, and computer thereof
CN100504897C (en) Method for starting protected partition
CN102096782B (en) Internet banking safety authentication method based on removable medium of virtual machine
US8108905B2 (en) System and method for an isolated process to control address translation
WO2007022687A1 (en) System and method for security control of operating system
US20260023610A1 (en) Zero Trust Protocol for Attestation and Authorization of Applications and Shared Resources
Butler et al. Firma: Disk-Based Foundations for Trusted Operating Systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20090624