henry del wrote onĀ 2013-05-21: > > On Tue, May 21, 2013 at 2:31 PM, Wei, Gang <gang....@intel.com> wrote: > > > >The control flow is right. And it is supposed that even Xen is not tboot > >aware, it should still be able to boot up and able to bring up guest, but > >this is not a design goal for tboot. If it doesn't then you need to check > >what is the really cause. > > Yes, I agree with you on this point. And I've checked the initialization part > of xen and found that: once xen detects the existence of tboot during the > process of command line parsing, it will skip one part of read-mode(mem.S: the > main task is to get system memory map) and enter into the protected and > paging on mode. I think the reason why xen skips is that it has already been > aware of the tboot and it does not have to initiate a BIOS interrupt (int 0x15). > After that, xen will take some measure to protect TXT-related memory regions > from DMA attack. Also, xen has done some protection measures to do with the > sleep and shutdown events. > > > However, what puzzles me is that how tboot determines whether > kernel/VMM supports tboot? It's just as what you said: " it is supposed that > even Xen is not tboot aware, it should still be able to boot up and able to bring > up guest". I think tboot has a verifcation mechanism to distinguish xen with > tboot from xen without tboot. Can you give me some references?
We just expect tboot to be used together with VMM/Kernel with tboot support. The tboot support should be confirmed before adding tboot to the control flow. So we don't add any interface in Xen/Linux to indicate the tboot support to tboot in the runtime. Jimmy
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
