|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] [RFC][PATCH][0/4] Intel(R) Trusted Execution Technologysupport: Overview
>o Once we have performed a TXT measured launch, we do not want to go >back and execute any unmeasured code. So going back into BIOS (and >really not necessarily BIOS, but whatever later code may have set >vectors in the real mode IDT) breaks the trust of the TCB. Which makes sense. You just have to provide a means to obtain all the info normally obtained from BIOS then. >o While the initial target for sboot is to launch Xen, we would like it >to be generic enough that it could be used by other VMMs or OS kernels, >e.g. Linux. So we've tried to minimize the necessary post-sboot code >changes and altering the e820 table seems like a pretty generic way to >do that. Now if all modern kernels/VMMs ignore GRUB's table and go back >to BIOS to read it (and can't have that disabled like Xen can) then this >approach won't be useful even if it is generic. I don't think Linux has any plans on going multiboot. While (for paravirt support) there are now ways to bypass real mode code, it is still being assumed that the information no longer collected that way will be provided another way if the kernel is privileged (aka dom0 in Xen). For the even more generic question of supporting arbitrary(?) OSes, I wonder how you can make assumptions about these, namely their intentions/needs to boot from and/or switch back to real mode. To me this seems like a conceptual issue then. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |