Skip to product information
1 of 5

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 38638-2020 English PDF (GBT38638-2020)

GB/T 38638-2020 English PDF (GBT38638-2020)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 38638-2020 to get it for Purchase Approval, Bank TT...

GB/T 38638-2020: Information security technology -- Trusted computing -- Architecture of trusted computing

This Standard specifies the architecture of trusted computing, trusted components and integrity measurement modes, as well as types of trusted computing nodes. This Standard applies to the design, development and application of trusted computing systems.
GB/T 38638-2020
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Trusted computing -
Architecture of trusted computing
????????????????????????
ISSUED ON: APRIL 28, 2020
IMPLEMENTED ON: NOVEMBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviations ... 6
5 Architecture of trusted computing ... 6
6 Trusted components and integrity measurement modes ... 8
6.1 Trusted components ... 8
6.2 Integrity measurement modes ... 9
7 Types of trusted computing nodes ... 12
7.1 Trusted computing nodes (terminal) ... 12
7.2 Trusted computing nodes (services) ... 13
Information security technology - Trusted
computing - Architecture of trusted computing
1 Scope
This Standard specifies the architecture of trusted computing, trusted
components and integrity measurement modes, as well as types of trusted computing nodes.
This Standard applies to the design, development and application of trusted computing systems.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 29827-2013 Information security technology - Trusted computing
specification - Motherboard function and interface of trusted platform
GB/T 29828-2013 Information security technology - Trusted computing
specification - Trusted connect architecture
GB/T 29829-2013 Information security techniques - Functionality and
interface specification of cryptographic support platform for trusted
computing
GB/T 36639-2018 Information security technology - Trusted computing
specification - Trusted support platform for server
GB/T 37935-2019 Information security technology - Trusted computing
specification - Trusted software base
ISO/IEC 11889:2015 Information technology - Trusted platform module
library
A collection of software elements that support the trustworthiness of a trusted computing platform.
[GB/T 37935-2019, definition 3.3]
3.6
trusted chain
The trust transfer relationship that is established between the components by the integrity measurement method during the startup and operation of a
computing node.
[GB/T 29829-2013, definition 3.1.13]
4 Abbreviations
For the purpose of this document, the following abbreviations apply.
BIOS: Basic Input Output System
CRTM: Core Root of Trust for Measurement
TCM: Trusted Cryptography Module
TPCM: Trusted Platform Control Module
TPM: Trusted Platform Module
TSB: Trusted Software Base
TSM: TCM Service Module
TSS: TCG Software Stack
5 Architecture of trusted computing
Trusted computing refers to the safety protection while computing, and the whole computing process can be measured and controlled without interference, so that the computing results are always consistent with expectations. The trusted computing system is composed of trusted computing nodes and trusted connections between them, which provide corresponding levels of security for the network environment in which they are located, as shown in Figure 1. According to the functions of the nodes in the network environment, trusted computing nodes can deploy applications with different functions according to their business environment. Trusted computing nodes include trusted
independent module or physical package, or be realized by integration and virtualization with TCM/TPM through IP core or firmware.
6.1.3 Trusted main board
Trusted main board is a computer main board integrated with TPCM, which uses TPCM as a root of trust to establish a chain of trust and provides the connection between TPCM and other hardware.
The composition structure and function interfaces of trusted main board shall comply with GB/T 29827-2013.
6.1.4 Trusted software base
Trusted software base (TSB) implements monitoring and measurement of
applications running in the host basic software.
The composition structure and function interfaces of TSB shall comply with GB/T 37935-2019.
6.1.5 Trusted connection
Trusted connection realizes the identity authentication and platform
authentication of trusted computing nodes when they access the network, including user identity authentication, platform identity authentication, and platform integrity assessment, ensuring that only trusted computing nodes can access the network.
The specific structure and function interfaces of trusted connection shall comply with GB/T 29828-2013.
6.2 Integrity measurement modes
6.2.1 Arbitration measurement mode
The arbitration measurement mode of trusted components is shown in Figure 3. The participating components shall include TCM/TPM, TPCM, trusted main board and TSB.
At the hardware and firmware layer, TPCM shall be the first running component of the trusted computing node. As the root of trust of the trusted computing node, it shall apply TCM/TPM or other cryptographic algorithms and integrity
measurement functions to actively initiate integrity measurement operations on computing components such as BIOS and host basic software, and actively arbitrate and control based on the measurement results.
At the host basic software and middleware layer, TPCM provides support for

View full details