Cihula, Joseph
2007-Aug-29 00:26 UTC
[Xen-devel] [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
Changes to Xen for Intel(R <<txt-xen-0828_01-xen.patch>> ) TXT support. Signed-off-by: Joseph Cihula <joseph.cihula@intel.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2007-Aug-30 10:16 UTC
Re: [Xen-devel] [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
On 29/8/07 01:26, "Cihula, Joseph" <joseph.cihula@intel.com> wrote:> Changes to Xen for Intel(R <<txt-xen-0828_01-xen.patch>> ) TXT support.Is there any documentation for the processor changes for TXT support (e.g., the additions to IA32_FEATURE_CONTROL_MSR, among others)? Googling for TXT is not very helpful. :-) -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Cihula, Joseph
2007-Aug-30 16:17 UTC
RE: [Xen-devel] [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
Keir Fraser <mailto:keir@xensource.com> scribbled on Thursday, August 30, 2007 3:17 AM:> On 29/8/07 01:26, "Cihula, Joseph" <joseph.cihula@intel.com> wrote: > >> Changes to Xen for Intel(R <<txt-xen-0828_01-xen.patch>> ) TXT >> support. > > Is there any documentation for the processor changes for TXT support > (e.g., the additions to IA32_FEATURE_CONTROL_MSR, among others)?Googling> for TXT is not very helpful. :-) > > -- KeirThe Intel(R) TXT Preliminary Architecture Specification, at http://www.intel.com/technology/security/ (specifically: http://download.intel.com/technology/security/downloads/31516804.pdf), documents the changes to the MSR, etc. Joe _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2007-Aug-30 17:59 UTC
Re: [Xen-devel] [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
On 30/8/07 17:17, "Cihula, Joseph" <joseph.cihula@intel.com> wrote:>>> Changes to Xen for Intel(R <<txt-xen-0828_01-xen.patch>> ) TXT >>> support. >> >> Is there any documentation for the processor changes for TXT support >> (e.g., the additions to IA32_FEATURE_CONTROL_MSR, among others)? > Googling >> for TXT is not very helpful. :-)Okay, current situation on the Xen path is that it''s all checked in except: * the changes to shutdown.c and smp.c * the bits that actually interface with sboot (that''s most of the bits inside CONFIG_TXT). For the former, I''d like it to be a separate cleanup patch, with some explanation of why it''s required. For example, whay is the code movement in smp.c required at all? For the latter, I would like Xen to have its own asm-x86/sboot.h, even though this causes a small amount of code duplication outside of th esboot module itself. It is supposed to become a stable interface after all. The bit syou need from uuid.h can also be included in Xen''s sboot.h. All the names you create in Xen''s sboot.h should have a suitable common prefix on them. I guess mle_ might do the trick, although I don''t actually know what MLE stands for?! That''s all for now. The sboot module itself is scary big. :-/ Oh, you can find the current tip to re-merge against at http://xenbits.xensource.com/staging/xen-unstable.hg -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2007-Aug-30 18:13 UTC
Re: [Xen-devel] [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
On 30/8/07 18:59, "Keir Fraser" <keir@xensource.com> wrote:> That''s all for now. The sboot module itself is scary big. :-/Actually, to that end, do you have any documentation to go with this patchset? It''d be kind of nice to know how to use sboot, what security guarantees it can provide, how to use the toolset, etc etc. Otherwise we''re going to have 20kloc added to our tree that noone knows how to use! Which I think means some documentation has to be a pre-condition for acceptance. Thanks, Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2007-Aug-30 18:17 UTC
Re: [Xen-devel] [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
On 30/8/07 19:13, "Keir Fraser" <Keir.Fraser@cl.cam.ac.uk> wrote:>> That''s all for now. The sboot module itself is scary big. :-/ > > Actually, to that end, do you have any documentation to go with this > patchset? It''d be kind of nice to know how to use sboot, what security > guarantees it can provide, how to use the toolset, etc etc. Otherwise we''re > going to have 20kloc added to our tree that noone knows how to use! Which I > think means some documentation has to be a pre-condition for acceptance.The patch summary email is a nice start, by the way, but I think you need something in our docs directory that goes into a bit more detail. Perhaps some use cases for sboot? How to use the tools? A plain text file would be fine -- it''s just the content I care about. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2007-Aug-31 11:19 UTC
Re: [Xen-devel] [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
Regarding the sboot module itself, I wonder what all the arrays of magic numbers that make up the bulk of tpm.c are for? Also, given that Xen does not depend on sboot (unless you want its features of course) and sboot does not depend on Xen, it might be best to place sboot and tools in their own repository? We''d be happy to host it and have a link on the front page of the xenbits website. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel