Two options:
Option 1: simply include kvm module into initrd/initramfs, and make it loaded before remount to final disk filesystem. Option 2: recompile the kernel and include the kvm module in kernel instead of making it a standalone module. Jimmy From: Jason Chow [mailto:jasonchow....@gmail.com] Sent: Thursday, July 26, 2012 10:22 PM To: Justin King-Lacroix; tboot-devel@lists.sourceforge.net Subject: Re: [tboot-devel] TBOOT supports KVM by including kvm kernel module in the trust chain ? 2012/7/26 Jason Chow <jasonchow....@gmail.com> Hi Justin, Thank you for your suggestion. So make the KVM inline in the kernel as a whole rather than a later loaded module is the solution for tboot with kvm. Am I correct ? Regards, Jason 2012/7/26 Justin King-Lacroix <justin.king-lacr...@cs.ox.ac.uk> Hi Jason, Tboot measures the kernel and the initrd/initramfs, so you should just need to make sure the KVM modules are in it (and installed at boot, before the root filesystem is mounted, of course). Regards, Justin On 26/07/2012 2:44 PM, Jason Chow wrote: Hi, As we all know, tboot can work with bare linux kernel. Howerver, does tboot support KVM as well as Xen ? Since kvm is treated as a kernel module, which will not be measured during the process of trusted boot (In my knowledge, only kernel will be measureed rather than kernel modules.). How can tboot provide a clean hypervisor environment as well as Xen does ? Is there any additional support in tboot to keep KVM module in a well-known status. Thanks and regards, Jason ---------------------------------------------------------------------------- -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
