From: Pavel Machek <pavel@ucw.cz>
To: Joseph Cihula <joseph.cihula@intel.com>
Cc: linux-kernel@vger.kernel.org, mingo@elte.hu,
arjan@linux.intel.com, hpa@zytor.com, andi@firstfloor.org,
chrisw@sous-sol.org, jmorris@namei.org, jbeulich@novell.com,
peterm@redhat.com, gang.wei@intel.com, shane.wang@intel.com
Subject: Re: [RFC v5][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support
Date: Wed, 24 Jun 2009 17:04:53 +0200 [thread overview]
Message-ID: <20090624150453.GJ1784@ucw.cz> (raw)
In-Reply-To: <4A4024BE.5090206@intel.com>
On Mon 2009-06-22 17:41:34, Joseph Cihula wrote:
> Support for graceful handling of kernel reboots after an Intel(R) TXT launch.
>
> Without this patch, attempting to reboot or halt the system will cause the
> TXT hardware to lock memory upon system restart because the secrets-in-memory
> flag that was set on launch was never cleared. This will in turn cause BIOS
> to execute a TXT Authenticated Code Module (ACM) that will scrub all of memory
> and then unlock it. Depending on the amount of memory in the system and its type,
> this may take some time.
>
> This patch creates a 1:1 address mapping to the tboot module and then calls back
> into tboot so that it may properly and securely clean up system state and clear
> the secrets-in-memory flag. When it has completed these steps, the tboot module
> will reboot or halt the system.
Is it faster to clean memory from OS as opposed to bios doing the
clearing? If so, why?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
prev parent reply other threads:[~2009-06-27 11:29 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-23 0:41 [RFC v5][PATCH 2/4] intel_txt: Intel(R) TXT reboot/halt shutdown support Joseph Cihula
2009-06-24 10:46 ` James Morris
2009-06-24 15:04 ` Pavel Machek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090624150453.GJ1784@ucw.cz \
--to=pavel@ucw.cz \
--cc=andi@firstfloor.org \
--cc=arjan@linux.intel.com \
--cc=chrisw@sous-sol.org \
--cc=gang.wei@intel.com \
--cc=hpa@zytor.com \
--cc=jbeulich@novell.com \
--cc=jmorris@namei.org \
--cc=joseph.cihula@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=peterm@redhat.com \
--cc=shane.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.