This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] [RFC][PATCH][0/4] Intel(R) Trusted Execution Technologys

>o  Once we have performed a TXT measured launch, we do not want to go
>back and execute any unmeasured code.  So going back into BIOS (and
>really not necessarily BIOS, but whatever later code may have set
>vectors in the real mode IDT) breaks the trust of the TCB.

Which makes sense. You just have to provide a means to obtain all the info
normally obtained from BIOS then.

>o  While the initial target for sboot is to launch Xen, we would like it
>to be generic enough that it could be used by other VMMs or OS kernels,
>e.g. Linux.  So we've tried to minimize the necessary post-sboot code
>changes and altering the e820 table seems like a pretty generic way to
>do that.  Now if all modern kernels/VMMs ignore GRUB's table and go back
>to BIOS to read it (and can't have that disabled like Xen can) then this
>approach won't be useful even if it is generic.

I don't think Linux has any plans on going multiboot. While (for paravirt
support) there are now ways to bypass real mode code, it is still being
assumed that the information no longer collected that way will be provided
another way if the kernel is privileged (aka dom0 in Xen).

For the even more generic question of supporting arbitrary(?) OSes, I
wonder how you can make assumptions about these, namely their
intentions/needs to boot from and/or switch back to real mode. To me this
seems like a conceptual issue then.


Xen-devel mailing list