[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 00/21] x86: Trenchboot Secure Launch DRTM (Xen)

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
  • Date: Tue, 22 Apr 2025 21:01:04 +0200
  • Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1745348464; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=+s+gggOC/GE1hGe36xVfHIlyY2icP3Fbq0H5LB/hC5Q=; b=TYQrR7Y2+vkZmdD281B0bUpNIP0+GED/sovi3SKb2XO21RG8xCJQdHzAryzy+rI2ayot XazXkYaSzl/4PsyKTwFdLtKmXzyoSxCKYzbSqBMXW5ujhVbSVdObpVOe6v+HhUGnDKPre 70qWDItxCGgXUIAedqA4kPtkwYiUb2R7xergZNI2NrEInIf71c7gIRlL3Q/X47u/rMXCU 6484xcQ5ARp/rfiU5jCLAvDaCKl5RQ4IX4OUvBrL7TzdHRe2GHBhNOBi8wi6i2US8hNqN ZseE/hBplJG/lnaO6fSIVSo1nUQekBrFnH03cSxb+vkd+u9lADeTBQje2Sep1gFOKAUF3 ahR8K6we9iGBoNsBiC5iN1uAXIE/+2iHmcES2h5wjjFrV9wsLZWjGbZwFbq6RkyLfwEDt T76041sTGzT6oPSL1+TJ87Oc9KiYaI1Mk0JmNxTf08udHWfSSy8APloNmm6qeU8qghakV t5wtZUZnRAw8gFhrFJxXgkdVnPwGBiA7pfKSUQjqELdxiEvePer7NimfZ8NOzwfOlTL60 98p9Y8ZP/UC2mE4R5g1MiNKN5uU3j+aCwNQHnQreQaxf/9pywoElbvP62EI7zD+RpA2C+ D2D47ALriB9I2Na5K7QYX5kmkafePt+CkIPtllpjayLXHC52g8wMPFaWEs/8ZJ8=
  • Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1745348464; b=ZtuFp38PxVWP+1y0nRu7U88Qqc9SVOeFVYSwF1EH3lYyKI+5b1blxDFSGZKbejr46Gvc SrK/KTISb1GUA7E3du2iZiqc9Zo12pe7HMN6DQm/b+7c7zljTilw4rS3euDK5hSd9NfUq F59dbIZNbp+mOYibd4m6rk9609PYFzj3T240N7G7nuZEvVeO1JblrSG0jhPkHecolZgNG dFqGEQvE6eLdbI2/Mu31ksgaZFHhWi4dTZNUvZ3NlYZbDam8N/hwu+LP1ycctwgBU4cXS Py/FULIllmmDG7VZBPNt2Zvx/4odeB0w1rtsm/YBiR2OXILMBu/rKVJI/kcEbshJbQQ68 1Uwm96rF0m8K1A76deYIcRPBKgRiY3yOAcxxRyjJY/5eKbmh0o6fXoI5E5jT5evmL5yLA 2SbyNp8I8Opfq3CYP59kiQYo/f2ki1XKip6GxJEAszQc3OAZS3LdFvrUdCSGzxJkbG31Q BQtcuMNG18BUy2B8dCcHRkwqYXvD8EkZfBVy6dhN8VlJpUjjn+kGq4uhLFjkWCzjrwPbr 4r7NOh1huhJ1O/FEn3uR2tsO7l7VKsANLgXndZWnsPGluxF6pwrSxB/jglmRwOAlaBSpA NV3h8gsXrSDtfRr+Y788c4Nf2AwPDc6RuyjMP1nB0rcbCHGiHokeuZkJGaPLbDE=
  • Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
  • Cc: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Lukasz Hawrylko <lukasz@xxxxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Mateusz Mówka <mateusz.mowka@xxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 22 Apr 2025 19:01:23 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-04-22 19:14, Andrew Cooper wrote:

On 22/04/2025 4:06 pm, Sergii Dmytruk wrote:

The aim of the [TrenchBoot] project is to provide an implementation of
DRTM that is generic enough to cover various use cases:
 - Intel TXT and AMD SKINIT on x86 CPUs
 - legacy and UEFI boot
 - TPM1.2 and TPM2.0
 - (in the future) DRTM on Arm CPUs

DRTM is a version of a measured launch that starts on request rather
than at the start of a boot cycle.  One of its advantages is in not
including the firmware in the chain of trust.

Xen already supports DRTM via [tboot] which targets Intel TXT only.
tboot employs encapsulates some of the DRTM details within itself while 
with TrenchBoot Xen (or Linux) is meant to be a self-contained payload
for a TrenchBoot-enabled bootloader (think GRUB). The one exception is 
that UEFI case requires calling back into bootloader to initiate DRTM,
which is necessary to give Xen a chance of querying all the information 
it needs from the firmware before performing DRTM start.
From reading the above tboot might seem like a more abstracted, but the reality is that the payload needs to have DRTM-specific knowledge either 
way.  TrenchBoot in principle allows coming up with independent
implementations of bootloaders and payloads that are compatible with
each other.

The "x86/boot: choose AP stack based on APIC ID" patch is shared with
[Parallelize AP bring-up] series which is required here because Intel
TXT always releases all APs simultaneously. The rest of the patches are 
unique.


I've stripped out the sha2 patch and fixed up to use the existing sha2,
then kicked off some CI testing:

https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/1780285393
https://cirrus-ci.com/build/5452335868018688

When the dust has settled, I'll talk you through the failures.



Accidental use of C18 here

https://saas.eclairit.com:3787/fs/var/local/eclair/xen-project.ecdf/xen-project/hardware/xen-staging/ECLAIR_normal/andrew/tb-v1.1/X86_64/9791028023/PROJECT.ecd;/by_service/MC3A2.D1.1.html


~Andrew


--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.