Re: [tboot-devel] user-provided AC modules

2016-09-20 Thread Sun, Ning 
Hi,

For Intel TXT client platform there is no SINIT ACM embedded in BIOS, user has 
to install client platform specific SINIT ACM to make tboot work on the 
platform.
For Intel TXT server platform, there always has a SINIT ACM in BIOS by default, 
but user have the chance to install a newer version of server specific SINIT 
ACM on your platform storage, like hard drive, tboot will check and use the 
newer version SINIT ACM among those loaded from hard drive and BIOS.

On the same page of TXT dev. Guide, there is also a line says “BIOSes that 
support this element type should report all ACMs that they carry; both BIOS 
ACMs and SINIT ACMs.”
BIOS ACM here refers to another kind of ACM from Intel, which is transparent to 
end user.

-Ning
From: Daniel Mueller [mailto:danielmul...@vmware.com]
Sent: Tuesday, September 20, 2016 9:38 AM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] user-provided AC modules


Hi,

Looking at the tboot source code it seems to support finding and installing a 
user-provided AC module. Is this feature actually used with recent systems or 
do all systems ship with an ACM installed?

I found the following line in the TXT development 
guide<http://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development-guide.html>:

Since the TXT architecture requires that BIOS provide at least one BIOS ACM, 
NumAcms must always be greater than 0.

So it appears an ACM must be installed. Are there any known systems violating 
this constraint?

Thanks,
Daniel
​
--
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Re: [tboot-devel] user-provided AC modules

2016-09-20 Thread Jan Schermer 
I'd also like to know this - including all the ACMs in a distribution seems... 
hackish.

This is most likely vendor-specific.
Older machines that I tried didn't include it (old Thinkpads for example), the 
newest one that didn't include it that I've seen was of ~2014 vintage (pre-EFI 
methinks].
Servers should include it (always?), but if they don't then the vendor doesn't 
care, and then it's doubtul how well it will work anyway.

Jan

> On 20 Sep 2016, at 18:37, Daniel Mueller  wrote:
> 
> Hi,
> 
> Looking at the tboot source code it seems to support finding and installing a 
> user-provided AC module. Is this feature actually used with recent systems or 
> do all systems ship with an ACM installed?
> 
> I found the following line in the TXT development guide 
> :
> 
> Since the TXT architecture requires that BIOS provide at least one BIOS ACM, 
> NumAcms must always be greater than 0.
> So it appears an ACM must be installed. Are there any known systems violating 
> this constraint?
> 
> Thanks,
> Daniel
> 
> --
> ___
> tboot-devel mailing list
> tboot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tboot-devel

--
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel