Hi Safayet,
Thanks very much for your interest in tboot, trusted boot is an open source
project, anyone can contribute to it with new features,
bug fix, relevant extensions, etc., with an assumption that new changes not
break the current use of tboot.
As I see your extension effort may not be trivial, here are some resources for
your reference:
The Intel(r) TXT Software Development Guide (showing details about what MLE
does): http://download.intel.com/technology/security/downloads/315168.pdf
About Intel(r) SMX instructions: Intel(r) 64 and IA-32 Architectures Software
Developer's Manual, Volumes 2, chapter 5, Safer Mode Extensions Reference
http://www.intel.com/content/www/us/en/architecture-and-technology/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.html?wapkw=325383
Regards,
Ning Sun
Intel Corporation
3621 Juliette Lane
Santa Clara, CA 95054
From: Ahmed, Safayet (GE Global Research) [mailto:safayet.ah...@ge.com]
Sent: Thursday, March 26, 2015 8:05 AM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] AMD SVM Support
Is there an interest in broader architectural support in tboot?
Specifically, I am referring to support for trusted boot on AMD machines using
the AMD SKINIT instruction.
I have gotten something to "work" on an AMD eKabini platform using OSLO and
tboot, but my approach is a bit kludgy.
Open Secure Loader (OSLO) consists of a set of multiboot-compliant chain
loaders to perform a measured launch.
http://os.inf.tu-dresden.de/~kauer/oslo/
Currently, OSLO supports AMD platforms.
I used the "oslo", "beirut", and "pamplona" components from OSLO to perform a
measured launch (extending module
measurements into TPM PCRs). Then, control is transferred to tboot to launch
the Linux kernel.
In addition to being a bit kludgy, this approach is incomplete in a number of
ways. There is no log similar to the log in tboot
to allow the measurements to be replayed for verification. Further, I still
need to look deeper into DEV protection on AMD
platforms (similar to VTd on Intel).
Before proceeding, I wanted to confirm if there would be acceptance of such
extensions to tboot? If yes, I have some ideas
on how to proceed.
Regards,
Safayet N. Ahmed
Computer Engineer
General Electric Company, GE Global Research
GE imagination at work
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
