A　formal　method　is　used　to　analyze　the　integrity　of　trust　chain　in　trusted　computing　platform.　Based　on　Biba＇s　security　model,　components　of　the　platform　are　tagged　with　different　security　level　when　system　boots.　With　the　satisfaction　of　＇read-up,　write-down＇,　information　flow　analysis　mechanism　is　used　to　describe　the　security　threats　between　different　components.　An　evaluation　model　is　built　and　realized.　©　2012　Springer-Verlag　GmbH.