Re: [tboot-devel] tboot launch bitvisor(vmm)

Fri, 17 May 2013 18:59:26 -0700 

On Fri, May 17, 2013 at 8:24 AM, Wei, Gang <gang....@intel.com> wrote:

> henry del wrote on 2013-05-16:
> >> Hi,
> >>
> >>  According to Joseph, Tboot is a specific implementation of an MLE
> >> (Measured Launched Environment). Tboot encapsulates most of the
> >> TXT-specific knowledge so that it can launch an OS or VMM that is only
> >> minimally aware of TXT.
> >>
> >>    As for bitvisor, it is a tiny hypervisor, which runs directly on the
> >> hardware(Type-I VMM).
> >>
> >>    The question is that if I want to launch bitvisor using Tboot, what
> >> should I
> >> do? Do I need to take a look at and modify the source code of Tboot and
> then
> >> rebuild Tboot?
>
> >You should modify the code of bitvisor to make it aware of tboot. Please
> refer
> >to xen/arch/x86/tboot.c.
>   Thank you for your prompt reply. Yet I have another question. According
> to the TXT spec, if GETSEC[SENTER] leaf function has not been used to
> launch a measured environment, it's impossible to make use of locality 1-4.
> Because registers in the private space can only be accessed after a
> measured environment has been established, while these registers control
> whether to unlock the locality 1-4.  That means that if bitvisor wants to
> use PCR, locality of which is above 0, bitvisor need to support txt. Is
> that correct?**
> >>
> >>
> >>    It does not work just to add a menuentry including Tboot and bitvisor
> >> image
> >> in the grub.cfg. But it works fine when I add a menuentry including
> Tboot
> >> and
> >> Xen according to Tboot spec.
>
> >If you port tboot.c into bitvisor, then this way should also work for
> >bitvisor.
>   So if I port xen/arch/x86/tboot.c and relevant files into bitvisor and
> modify the grub.lst, this way will work for bitvisor?


     thanks
     henry


> >Thanks
> >Jimmy
>
> >>
> >>
> >>    Thanks!
> >> Best regards,
> >>
> >> henry
>
>
>
> >Jimmy
>
>
>

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to