* Re: [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
[not found] <D936D925018D154694D8A362EEB0892002463CFC@orsmsx416.amr.corp.intel.com>
@ 2007-08-30 10:16 ` Keir Fraser
2007-08-30 16:17 ` Cihula, Joseph
2007-08-31 11:19 ` Keir Fraser
0 siblings, 2 replies; 6+ messages in thread
From: Keir Fraser @ 2007-08-30 10:16 UTC (permalink / raw)
To: Cihula, Joseph, xen-devel, xense-devel
Cc: Xu, James, Wang, Shane, Wei, Gang, Zhai, Edwin
On 29/8/07 01:26, "Cihula, Joseph" <joseph.cihula@intel.com> wrote:
> Changes to Xen for Intel(R <<txt-xen-0828_01-xen.patch>> ) TXT support.
Is there any documentation for the processor changes for TXT support (e.g.,
the additions to IA32_FEATURE_CONTROL_MSR, among others)? Googling for TXT
is not very helpful. :-)
-- Keir
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
2007-08-30 10:16 ` [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen Keir Fraser
@ 2007-08-30 16:17 ` Cihula, Joseph
2007-08-30 17:59 ` Keir Fraser
2007-08-31 11:19 ` Keir Fraser
1 sibling, 1 reply; 6+ messages in thread
From: Cihula, Joseph @ 2007-08-30 16:17 UTC (permalink / raw)
To: Keir Fraser, xen-devel, xense-devel
Cc: Xu, James, Wang, Shane, Wei, Gang, Zhai, Edwin
Keir Fraser <mailto:keir@xensource.com> scribbled on Thursday, August
30, 2007 3:17 AM:
> On 29/8/07 01:26, "Cihula, Joseph" <joseph.cihula@intel.com> wrote:
>
>> Changes to Xen for Intel(R <<txt-xen-0828_01-xen.patch>> ) TXT
>> support.
>
> Is there any documentation for the processor changes for TXT support
> (e.g., the additions to IA32_FEATURE_CONTROL_MSR, among others)?
Googling
> for TXT is not very helpful. :-)
>
> -- Keir
The Intel(R) TXT Preliminary Architecture Specification, at
http://www.intel.com/technology/security/ (specifically:
http://download.intel.com/technology/security/downloads/31516804.pdf),
documents the changes to the MSR, etc.
Joe
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
2007-08-30 16:17 ` Cihula, Joseph
@ 2007-08-30 17:59 ` Keir Fraser
2007-08-30 18:13 ` Keir Fraser
0 siblings, 1 reply; 6+ messages in thread
From: Keir Fraser @ 2007-08-30 17:59 UTC (permalink / raw)
To: Cihula, Joseph, xen-devel, xense-devel
Cc: Xu, James, Wang, Shane, Wei, Gang, Zhai, Edwin
On 30/8/07 17:17, "Cihula, Joseph" <joseph.cihula@intel.com> wrote:
>>> Changes to Xen for Intel(R <<txt-xen-0828_01-xen.patch>> ) TXT
>>> support.
>>
>> Is there any documentation for the processor changes for TXT support
>> (e.g., the additions to IA32_FEATURE_CONTROL_MSR, among others)?
> Googling
>> for TXT is not very helpful. :-)
Okay, current situation on the Xen path is that it's all checked in except:
* the changes to shutdown.c and smp.c
* the bits that actually interface with sboot (that's most of the bits
inside CONFIG_TXT).
For the former, I'd like it to be a separate cleanup patch, with some
explanation of why it's required. For example, whay is the code movement in
smp.c required at all?
For the latter, I would like Xen to have its own asm-x86/sboot.h, even
though this causes a small amount of code duplication outside of th esboot
module itself. It is supposed to become a stable interface after all. The
bit syou need from uuid.h can also be included in Xen's sboot.h. All the
names you create in Xen's sboot.h should have a suitable common prefix on
them. I guess mle_ might do the trick, although I don't actually know what
MLE stands for?!
That's all for now. The sboot module itself is scary big. :-/
Oh, you can find the current tip to re-merge against at
http://xenbits.xensource.com/staging/xen-unstable.hg
-- Keir
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
2007-08-30 17:59 ` Keir Fraser
@ 2007-08-30 18:13 ` Keir Fraser
2007-08-30 18:17 ` Keir Fraser
0 siblings, 1 reply; 6+ messages in thread
From: Keir Fraser @ 2007-08-30 18:13 UTC (permalink / raw)
To: Cihula, Joseph, xen-devel, xense-devel
Cc: Xu, James, Wang, Shane, Wei, Gang, Zhai, Edwin
On 30/8/07 18:59, "Keir Fraser" <keir@xensource.com> wrote:
> That's all for now. The sboot module itself is scary big. :-/
Actually, to that end, do you have any documentation to go with this
patchset? It'd be kind of nice to know how to use sboot, what security
guarantees it can provide, how to use the toolset, etc etc. Otherwise we're
going to have 20kloc added to our tree that noone knows how to use! Which I
think means some documentation has to be a pre-condition for acceptance.
Thanks,
Keir
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
2007-08-30 18:13 ` Keir Fraser
@ 2007-08-30 18:17 ` Keir Fraser
0 siblings, 0 replies; 6+ messages in thread
From: Keir Fraser @ 2007-08-30 18:17 UTC (permalink / raw)
To: Cihula, Joseph, xen-devel, xense-devel
Cc: Xu, James, Wang, Shane, Wei, Gang, Zhai, Edwin
On 30/8/07 19:13, "Keir Fraser" <Keir.Fraser@cl.cam.ac.uk> wrote:
>> That's all for now. The sboot module itself is scary big. :-/
>
> Actually, to that end, do you have any documentation to go with this
> patchset? It'd be kind of nice to know how to use sboot, what security
> guarantees it can provide, how to use the toolset, etc etc. Otherwise we're
> going to have 20kloc added to our tree that noone knows how to use! Which I
> think means some documentation has to be a pre-condition for acceptance.
The patch summary email is a nice start, by the way, but I think you need
something in our docs directory that goes into a bit more detail. Perhaps
some use cases for sboot? How to use the tools? A plain text file would be
fine -- it's just the content I care about.
-- Keir
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen
2007-08-30 10:16 ` [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen Keir Fraser
2007-08-30 16:17 ` Cihula, Joseph
@ 2007-08-31 11:19 ` Keir Fraser
1 sibling, 0 replies; 6+ messages in thread
From: Keir Fraser @ 2007-08-31 11:19 UTC (permalink / raw)
To: Cihula, Joseph, xen-devel, xense-devel
Cc: Xu, James, Wang, Shane, Wei, Gang, Zhai, Edwin
Regarding the sboot module itself, I wonder what all the arrays of magic
numbers that make up the bulk of tpm.c are for? Also, given that Xen does
not depend on sboot (unless you want its features of course) and sboot does
not depend on Xen, it might be best to place sboot and tools in their own
repository? We'd be happy to host it and have a link on the front page of
the xenbits website.
-- Keir
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-08-31 11:19 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <D936D925018D154694D8A362EEB0892002463CFC@orsmsx416.amr.corp.intel.com>
2007-08-30 10:16 ` [RFC][PATCH][1/4] Intel(R) Trusted Execution Technology support: xen Keir Fraser
2007-08-30 16:17 ` Cihula, Joseph
2007-08-30 17:59 ` Keir Fraser
2007-08-30 18:13 ` Keir Fraser
2007-08-30 18:17 ` Keir Fraser
2007-08-31 11:19 ` Keir Fraser
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.