Design and implementation of a bootstrap trust chain

The chain of trust in bootstrap process is the basis of whole system trust in the trusted computing group (TCG) definition. This paper presents a design and implementation of a bootstrap trust chain in PC based on the Windows and today's commodity hardware, merely depends on availability of an embedded security module (ESM). ESM and security enhanced BIOS is the root of trust, PMBR (PreMBR) checks the integrity of boot data and Windows kernel, which is a checking agent stored in ESM. In the end, the paper analyzed the mathematic expression of the chain of trust and the runtime performance compared with the common booting process. The trust chain bootstrap greatly strengthens the security of personal computer system, and affects the runtime performance with only adding about 12% booting time.