[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC][PATCH][0/2] Intel(r) Trusted Execution Technology support: Overview

On 9/6/07 01:39, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx> wrote:

> o  sboot is always built 32bit and runs in protected mode without PAE or
> paging enabled.  sboot lives at (copies itself to) 0x70000.  This seems
> like a safe location so far, but is not a good long-term location.  We'd
> like to discuss moving Xen a little higher to allow sboot to live at
> 0x100000--this is a separate thread.

What's wrong with 0x70000?

> o  The code requires that VT be enabled as well as TXT.  This is because
> the mechanism for bringing up the APs uses VMX to create a mini-VM in
> order to trap on INIT-SIPI-SIPI.

It looks like you do your best to avoid real mode. Unfortunately the BP now
returns to real mode to do various system initialisation work. Do you need a
VMX container for any reason other than to trap INIT-SIPI-SIPI? Possibly we
could agree on a higher-level method for cpu online/offline.

The Xen changes are largely pretty reasonable I think. It would be nice to
know that they are sufficient for the AMD secure boot module also, since we
obviously don't want two sets of changes for the same overall purpose.

It'd be nice to have some way of detecting sboot other than through e820
(which can sometimes be a bit random). If you keep the VMX container then
maybe CPUID(0x40000000)?

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.