Cihula, Joseph wrote: >> From: Atanas Filyanov [mailto:[email protected]] >> Sent: Wednesday, March 25, 2009 1:52 PM >> >> Hi all, >> >> I'm currently doing some experiments with dynamic root of trust. From >> the tboot boot log I can see that the SENTER instruction is executed and >> the PCRs 17 and above are set to 0 and that PCRs 17 and 18 are extended. >> My question, if somebody could help me, is how to set PCR 17 or any >> other PCR to 0 from the running system and if I understand correctly the >> PCR value should change if I boot another XEN domain and should change >> back to the original value if I shut it down? Or am I mistaken? >> I'd appriciate any help. >> >> Best, >> Atanas >> > > The dynamic PCRs (16-23) are only resettable by the establishment of a > hardware root of trust (e.g. GETSEC[SENTER]). Xen uses TXT via the tboot > module that performs SENTER at boot time. The measurements for TXT are those > of tboot, Xen, and dom0. So non-dom0 domains are not measured as part of the > current implementation. Because the SENTER is performed at boot time, it > will require a hard or soft reboot to re-execute tboot and the SENTER > instruction. > > Non- tboot or Xen uses of TXT could invoke SENTER multiple times within a > single boot (after performing SEXIT) and the PCRs will be reset each time. > > Joe >
Hi Joe, Thank you very much for the reply. Could you also give some hints about invoking the SEXIT and SENTER instructions in order to reset the dynamic PCRs without reboot? Thanks, Atanas ------------------------------------------------------------------------------ _______________________________________________ tboot-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tboot-devel
