[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Xense-devel] [RFC][PATCH][UPDATED] Intel(R) LaGrande Technology support
Jonathan M. McCune <mailto:jonmccune@xxxxxxx> scribbled on Thursday,
April 12, 2007 2:07 PM:
> Has any more work been done on this front? The message below is
> from Sept. 2006. In particular, the LT/TXT Technology Enabling
> Platform (TEP) is now available from MPC Corp. Where can one
> obtain an appropriate AC SINIT module (i.e., like
> lpg_sinit_20050831_pae.auth.bin below)? I would like to begin
> using Xen with TXT support.
A very timely email indeed. We are putting the finishing touches on a
re-design of the TXT support patch per feedback that we received last
year. In addition to breaking the code out into a separate module that
executes before Xen, it will include support for both 32 and 64 bit Xen
and fix some of the TBD's. We're expecting to have it ready in the week
or two (cross-your-fingers before/during the Xen Summit).
As to getting the SINIT AC Module for the MPC TEP system, the person
here who works with MPC tells me that it should be on a CD included with
the system. If this is not the case, please let me know, but I will
send it to you just in case.
> This patch adds SMP support to the previous version. Since that has
> been merged I have included it in this patch. This should apply
> to the tip. Below is the text of the original submittal, slightly
> Attached is a preliminary patch that adds Intel(R) LaGrande Technology
> (LT) (Safer Mode Extensions - SMX) support to Xen. While there are
> still several enhancements needed for complete support, we feel that
> is sufficiently complete for an initial public posting to expose to
> LaGrande Technology in Brief:
> o Provides dynamic root of trust for measurement (DRTM)
> o DMA protection
> o Data protection in case of improper shutdown
> For more information on LT, see the Intel LaGrande Technology website:
> This site also has a link to the LT preliminary specification (an
> updated version that reflects the functionlaity of this code will be
> available later this week).
> The LT functionality this code adds is:
> o Measured Launch. If the processor is detected as being LT-capable
> and enabled then the code will attempt to perform a measured launch.
> the processor is (not capable) or (capable but not enabled) or
> and enabled but the launch process fails (missing SINIT, corrupted
> etc.)) then it will fall-through to a non-LT boot.
> o Teardown of measured environment. When Xen exits the LT
> will be torn down properly.
> o Reset data protection. LT HW prevents access to secrets if the
> system is reset without clearing them from memory (as part of a LT
> teardown). This code will support this by setting the flag indicating
> that memory should be so protected during the measured launch and
> clearing the flag just before teardown.
> o Protection of LT memory ranges. LT reserves certain regions of RAM
> for its use and also defines several MMIO regions. These regions are
> protected from use by any domains (including dom0). Note that there a
> sub-regions of the MMIO space that are left accessible to dom0 (LT
> public configuration space, TPM localities 0,1).
> Patch breakdown:
> Config.mk - add INTEL_SMX build config
> xen/Rules.mk - adds '-DCONFIG_SMX' compile flag if INTEL_SMX=y
> xen/arch/x86/Makefile - add arch/x86/smx dir to build
> xen/arch/x86/boot/x86_32.S - hook startup to launch LT
> environmentxen/arch/x86/setup.c - initialize fixmap entries for LT
> config reg space
> xen/arch/x86/domain_build.c - protect LT private config space
> xen/arch/x86/e820.c - support for E820_PROTECTED mem type
> xen/arch/x86/hvm/vmx/vmx.c - support new LT/VMX
> xen/arch/x86/mm.c - support for E820_PROTECTED mem type
> xen/arch/x86/setup.c - hook to reserve LT RAM regions and initialize
> fixmap entries for LT config reg space
> xen/arch/x86/shutdown.c - hook shutdown to teardown LT environment
> xen/common/domctl.c - prevent XEN_DOMCTL_iomem_permission from being
> able to map LT private config space
> xen/include/asm-x86/cpufeature.h - adds new SMX feature flag
> xen/include/asm-x86/e820.h - export print_e820_memory_map()
> xen/include/asm-x86/fixmap.h - adds fixmap entries for LT config reg
> xen/include/asm-x86/msr.h - adds new VMX and SMX MSR flags
> xen/include/asm-x86/processor.h - adds new CR4 SMX flag
> xen/include/public/hvm/e820.h - add E820_PROTECTED mem type
> xen/arch/x86/smx/Makefile - self explanatory
> xen/arch/x86/smx/acmod.c - LT Authenticated Code (AC) module support
> fns xen/arch/x86/smx/early_printk.c - serial printk() for early in
> xen/arch/x86/smx/errors.c - error parsing/display fns
> xen/arch/x86/smx/mtrrs.c - MTRR handling for AC module launch
> xen/arch/x86/smx/smx.c - main LT/SMX fns and entry points
> xen/arch/x86/smx/tpm.c - basic TPM support fns
> xen/include/asm-x86/smx/* - headers for SMX/LT fns
> This code has been developed and tested on Intel Software Development
> Platform (SDP) 3 systems (available under NDA via the Intel Premier
> Support channel). It will be updated to work with the LT Technology
> Enabling Platform (TEP) that will be publicly available this fall.
> Instructions for use:
> o By default, the functionality is disabled in the build. It can be
> enabled by changing the INTEL_SMX flag to 'y' in Config.mk.
> o The SINIT AC module (available with SDP3 systems) must be added to
> the grub.conf boot config as the last module, e.g.:
> module /initrd-220.127.116.11-xen.img
> module /lpg_sinit_20050831_pae.auth.bin
> o Progress of the LT launch process is indicated via debug printk's
> COM1 (hardcoded). These appear before the normal "(XEN)" output and
> prefixed by "SMX:". The code (in early_printk.c) does not initialize
> the COM port so this needs to be done by GRUB - grub.conf should have:
> serial --speed=115200 --unit=0
> terminal console serial
> Caveats / Notes:
> o x86_64 is not supported yet (IA64 does not support LT at this
> o The code only measures the hypervisor (and its command line), which
> is not the complete TCB.
> o It doesn't cap (extend with invalid value) the dynamic TPM PCRs
> the LT environment is torn down. Instead it disables the BIOS reboot
> option so that any shutdown/reboot will have to reset the platform and
> the TPM.
> o TPM locality 2 is not protected. The defined behavior for access
> unpermitted localities is for reads to return 0xff's and writes to be
> dropped. This will require mapping pages from locality 3 or 4 into
> locality 2 range.
> o No DMA protection has been implemented in this patch. SDP3 only
> supports the NoDMA table for DMA protection and this will be
> by VT-d. VT-d support for LT will be added after it is added for the
> general case.
> These limitations will be addressed in subsequent patches.
> There was a presentation on the code at the Xen Summit. More
> information on LT is available at
> http://www.intel.com/technology/security/. Comments and feedback are
> welcome at any time.
> Joseph Cihula
> (Linux) Software Security Architect
> Open Source Technology Center
> Intel Corp.
> *** These opinions are not necessarily those of my employer ***
Xense-devel mailing list