WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

Re: [Xen-devel] [PATCH] Intel(R) Trusted Execution Technology support

To: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>, <xense-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] Intel(R) Trusted Execution Technology support
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Sun, 28 Oct 2007 06:24:49 +0000
Cc: "Xu, James" <james.xu@xxxxxxxxx>, "Wang, Shane" <shane.wang@xxxxxxxxx>, "Wei, Gang" <gang.wei@xxxxxxxxx>
Delivery-date: Sat, 27 Oct 2007 23:20:08 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <D936D925018D154694D8A362EEB0892002C7BE05@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcgYPKeHAh+s/rrjQ0OzxTZHSH6adQANNIIDABnLhfAAFKWFxQ==
Thread-topic: [Xen-devel] [PATCH] Intel(R) Trusted Execution Technology support
User-agent: Microsoft-Entourage/11.3.6.070618
On 27/10/07 20:39, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx> wrote:

>> If that's the only reason, we could add another command-line option,
> or a
>> multiboot info flag, to prevent just the e820 part of real-mode
> execution.
>> Then you could still set video mode and get disc EDD info even when
> running
>> on tboot.
> 
> It isn't the only reason:  the current tboot code will measure and
> verify xen and dom0; if we let xen call into BIOS then we will be
> transferring control to code that has not been verified.
> 
> If it is very important to initialize the video and disc from BIOS, we
> could copy that code into tboot and execute it before tboot launches the
> measured environment.  Is this necessary on current model systems (since
> TXT is only available on Intel Core 2 -based systems)?

It'd be nice to have, but it's not essential.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel