Trusted Computing 3.0

As digital transformation deepens, network attacks become more complex and harder to detect than before. While attack methods continue to evolve, traditional security measures remain largely reactive and passive, unable to meet the needs of defense systems. This not only poses major challenges to enterprise systems, but also imposes new and higher requirements on the stability of critical information infrastructure. Facing challenges from technical compliance, industry needs, and evolving threats, proactive security has become the trend for future network defense. The consensus is that trusted computing must evolve from passive measurement to active control.

Huawei, in compliance with the international standards related to trusted computing and the Trusted Computing 3.0 framework of the Zhongguancun Trusted Computing Industry Alliance, has introduced a BMC-based TPCM solution built on the Kunpeng server architecture. The solution overcomes the limitations of traditional trusted computing technologies in architecture, security boundaries, and response capabilities, achieving the transition from trusted measurement to trusted control. Unlike the early passive trusted modules such as TPM or TCM, the Kunpeng TPCM adopts an innovative dual-system design that proactively intervenes in system boot and running processes. It emphasizes on building trust from the root as soon as the system power is on, so as to ensure integrity control on system firmware, operating systems, and application components.

The core technological innovation of Kunpeng's trusted computing 3.0 solution lies in its advanced RoT design and deployment. While traditional solutions integrate the TPM on the server board or PCIe cards, the TPCM RoT is deployed in a server's baseboard management controller (BMC). The BMC, responsible for device management and power control, is activated first when the server boots. This gives it a natural advantage in building the Core Root of Trust for Measurement (CRTM). The CRTM logic is fixed in the BMC, and a dedicated TCM chip enables commercial cryptographic algorithms. This measures the integrity of critical system components like the BIOS firmware and boot loader during server startup, so a trust baseline that cannot be bypassed is set before the CPU gains execution rights. This method effectively eliminates the hundreds-of-millisecond vulnerability window between BMC startup and CPU power-on, preventing malicious implantation or tampering during pre-startup. Figure 1 shows the overall implementation architecture of the Kunpeng's trusted computing 3.0 solution.

Kunpeng's trusted computing 3.0 architecture relies on physical and logical isolation between the computing component and the security component. Security component is integrated into the BMC chip, which is naturally separated from the computing component. Security core firmware is built-in the BMC chip to implement the TPCM security functions independently of the BMC service core. A secure channel is established between the TSB and the TCM. Through this channel, the measurement policy engine and the policy matching module proactively measure critical applications, such as the BIOS, boot loader, OS kernel, driver modules, and measurement agents, and compare the results against baseline values. In addition, the measurement agent in the host OS collects system status and dynamic integrity information, and reports this data to the BMC's measurement control module. If any unauthorized components are loaded, program behavior violates defined security policies, or trustlist matching fails, the TPCM responds immediately by stopping abnormal processes, disabling compromised CPU cores, blocking suspicious module loading, or forcibly rebooting the server if necessary. This forms a closed-loop defense mechanism of detection, verification, and control. Kunpeng's trusted computing 3.0 solution has obtained the enhanced-level security certification under the highest security level defined in Trusted Computing 3.0.