|
|
|
|
|
|
|
|
|
|
xense-devel
[Xen-devel] Re: [PATCH] txt: 1/6 - "fix" xen_phys_start for 32b builds
On 20/01/2009 09:16, "Wang, Shane" <shane.wang@xxxxxxxxx> wrote:
> Yes, we have patch to check domains as well, but this kind of verification is
> configurable, considering we don't want to spend much time on S3 and resume.
> That will make S3 slow.
>
> In our approach, we check domains in Xen and check Xen (Xen + Xen heap) in
> tboot. We can't check Xen in Xen, since the memory is changing.
>
> I think we need to figure out another approach, if Xen heap needs to be
> checked.
The Xen page_info structure array which tells you about per-page usages is
itself not allocated out of Xen heap. :-)
What is your threat model for badness across S3? Untrusted BIOS, so you keep
your Xen measurement stashed in the TPM somehow?
-- Keir
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|