Xen project Mailing List

[Xense-devel] RE: [Xen-devel] [RFC][PATCH][0/2] Intel(r) Trusted Execution Technology

To: "Jonathan M. McCune" <jonmccune@xxxxxxx>, <xense-devel@xxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>

From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>

Date: Thu, 12 Jul 2007 09:54:01 -0700

Cc: junkoi2004@xxxxxxxxx

Delivery-date: Thu, 12 Jul 2007 09:51:42 -0700

List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>

Thread-index: AcfEika8qBuSLUPlTc61RQeyRK/31gAGY/LA

Thread-topic: [Xen-devel] [RFC][PATCH][0/2] Intel(r) Trusted Execution Technology

Jonathan M. McCune <mailto:jonmccune@xxxxxxx> scribbled on Thursday, July 12, 2007 9:41 PM: > Hello again, > > I made a mistake counting line numbers. The macro that was causing > problems was SYM_TRAMP_PHYS, which was removed somewhere between > changeset 15331 and 15364. I have successfully built and used the TXT > patch with changeset 15331. Glad to hear it. In the original patch I forgot to mention which changeset it was based on (15200). I'm glad to see that it works on a bit later version as well. > > Sorry for the spam, > -Jon > > > Jonathan M. McCune wrote: >> Hi Joseph, Jun, Xen developers, >> >> I'm trying to get this patch to build, but I've encountered some >> difficulty. Applying the patch to today's tip results in three >> failures which I was able to correct manually. I also tried an >> older changeset (15369) from the day Jun reported success, and >> txt-xen-0608_01-xen.patch applied with `patch -p1 -F 3`. >> txt-xen-0608_02-sboot.patch applied successfully in both cases. >> >> I tried both gcc 4.1.2 and 3.4.6. The failure is the same both ways. >> >> If I disable the TXT patch (CONFIG_TXT ?= n in Config.mk), Xen >> builds successfully. >> >> Here is the compilation step that fails: >> >> gcc -D__ASSEMBLY__ -O2 -fomit-frame-pointer -m32 -march=i686 -DNDEBUG >> -Wall -Wstrict-prototypes -Wno-unused-value >> -Wdeclaration-after-statement -nostdinc -fno-builtin -fno-common >> -fno-strict-aliasing -iwithprefix include -Werror -Wno-pointer-arith >> -pipe -I/export/txt/xen-unstable.hg-15369-sboot/xen/include >> -I/export/txt/xen-unstable.hg-15369-sboot/xen/include/asm-x86/mach-gener ic >> -I/export/txt/xen-unstable.hg-15369-sboot/xen/include/asm-x86/mach-defau lt >> -msoft-float -fno-stack-protector -DCONFIG_X86_PAE=1 -g -D__XEN__ >> -DCONFIG_TXT -c head.S -o head.o >> trampoline.S: Assembler messages: >> trampoline.S:49: Error: junk `(trampoline_cpu_started)' after >> expression trampoline.S:51: Error: junk `(idt_48)' after expression >> trampoline.S:52: Error: junk `(gdt_48)' after expression >> make[4]: *** [head.o] Error 1 >> make[4]: Leaving directory >> `/export/txt/xen-unstable.hg-15369-sboot/xen/arch/x86/boot' >> make[3]: *** >> [/export/txt/xen-unstable.hg-15369-sboot/xen/arch/x86/boot/built_in.o] >> Error 2 make[3]: Leaving directory >> `/export/txt/xen-unstable.hg-15369-sboot/xen/arch/x86' >> make[2]: *** [/export/txt/xen-unstable.hg-15369-sboot/xen/xen] Error >> 2 make[2]: Leaving directory >> `/export/txt/xen-unstable.hg-15369-sboot/xen' make[1]: *** [install] >> Error 2 >> make[1]: Leaving directory >> `/export/txt/xen-unstable.hg-15369-sboot/xen' make: *** >> [install-xen] Error 2 >> >> The lines of trampoline.S that trigger this error are not changed by >> the patches, so I'm at a bit of a loss as to what is causing the >> error. Those three symbols are inside a bootsym() macro which is >> itself defined in trampoline.S. The macro is not complicated, and >> makes reference to a symbol from head.S (from whence trampoline.S is >> included). >> >> Help is greatly appreciated. >> >> Thanks, >> -Jon >> >> >> >> >> >> >> >> >> Hi Joseph, >> >> I compiled TXT patch with the latest unstable, and it works well. I >> mean my machine boot wtih /sboot.gz in grub file, and Xen runs like >> normal. Sweet! >> >> Few questions: >> - Now, how can I confirm that TXT is actully running on my machine? >> - What to do next to take the advantage of TXT? Any application for >> it? >> >> Thanks, >> Jun >> >> >> On 6/9/07, Cihula, Joseph <joseph.cihula@xxxxxxxxx> wrote: >> >> Attached is a preliminary patch that adds Intel(r) Trusted Execution >> Technology (Intel(r) TXT) support to Xen. Intel(r) TXT was formerly >> known by the codename LaGrande Technology (LT). >> >> This version of the patch (the previous version was posted last year) >> re-factors the Intel(r) TXT code into a separate module/binary that >> is passed as the 'kernel' to GRUB and which then launches Xen itself >> (after having performed the measured launch). >> >> This patch supports all of the Xen processor modes >> (32bit/32bitPAE/64bit) and supports multi-core/thread systems. It >> will run on either an Intel LT SDV3 or on the Intel(r) TXT TEP >> (Technology Enabling Platform) from MPC. >> >> >> Intel(r) TXT in Brief: >> ---------------------- >> o Provides dynamic root of trust for measurement (DRTM) >> o DMA protection (on SDV3/TEP platforms only) >> o Data protection in case of improper shutdown >> >> For more information, see http://www.intel.com/technology/security/. >> This site also has a link to the Intel(r) TXT Preliminary >> Architecture Specification. >> >> >> Overview of Patch Functionality: >> -------------------------------- >> o Measured Launch. If the processor is detected as being >> TXT-capable and enabled then the code will attempt to perform a >> measured launch. If the measured launch process fails (processor is >> not capable, TXT is not enabled, missing SINIT, corrupted data, >> etc.)) then it will fall-through to a non-TXT boot of Xen. >> >> o Teardown of measured environment. When Xen exits the measured >> environment will be torn down properly. >> >> o Reset data protection. Intel(r) TXT HW prevents access to >> secrets if the system is reset without clearing them from memory (as >> part of a TXT teardown). This code will support this by setting the >> flag indicating that memory should be so protected during the >> measured launch and clearing the flag just before teardown. >> >> o Protection of TXT memory ranges. Intel(r) TXT reserves certain >> regions of RAM for its use and also defines several MMIO regions. >> These regions (excluding the TXT public configuration space) are >> protected from use by any domains (including dom0). >> >> >> Patch Contents: >> --------------- >> txt-xen-0608_01-xen.patch - the changes to Xen for Intel(r) TXT >> support txt-xen-0608_02-sboot.patch - the new sboot module that >> performs the measured launch >> >> >> Instructions for use: >> --------------------- >> o By default, the functionality is disabled in the build. It can be >> enabled by changing the INTEL_TXT flag to 'y' in Config.mk. >> >> o The new sboot module must be added as the 'kernel' and xen made a >> 'module'. The SINIT AC module (available with SDV3 and TEP systems) >> must be added to the grub.conf boot config as the last module, e.g.: >> title Xen 3.1.0 w/ Intel(r) Trusted Execution Technology >> kernel /sboot.gz >> module /xen.gz dom0_mem=524288 com1=115200,8n1 >> module /vmlinuz-2.6.18-xen >> root=/dev/VolGroup00/LogVol00 ro module >> /initrd-2.6.18-xen.img module >> /lpg_sinit_20050831_pae.auth.bin >> >> o Progress of the launch process is indicated via debug printk's to >> COM1 (hardcoded). These appear before the normal "(XEN)" output and >> are prefixed by "SBOOT:". The code (in early_printk.c) does not >> initialize the COM port so this needs to be done by GRUB - grub.conf >> should have: serial --speed=115200 --unit=0 >> terminal console serial >> >> >> Interesting Items of Note: >> -------------------------- >> o A Xen that is not compiled for Intel(r) TXT can still be launched >> by sboot, however it will not protect any of the TXT memory nor sboot >> itself. Further, it will not be able to use any threads or cores >> beyond the BSP. And it will hang on reboot/shutdown. >> >> o A Xen compiled for Intel(r) TXT can be used without sboot and will >> simply detect that it was not launched in a measured environment and >> behave as normal. >> >> o The patch defines two new E820 types, E820_PROTECTED and >> E820_MLE_SHARED. sboot will copy and alter the e820 table provided >> by GRUB to "reserve" its own memory plus the TXT memory regions. >> These are marked as E820_PROTECTED so that the patched Xen code can >> prevent them from being assigned to dom0. The E820_MLE_SHARED type >> is for a single page that sboot reserves for communication (sharing) >> with Xen. The patched Xen code will look for this page when parsing >> the e820 table and uses its presence as the indicator that a >> measured launch took place (the e820 table is not altered if the >> measured launch fails for any reason). >> >> o sboot is always built 32bit and runs in protected mode without >> PAE or paging enabled. sboot lives at (copies itself to) 0x70000. >> This seems like a safe location so far, but is not a good long-term >> location. We'd like to discuss moving Xen a little higher to allow >> sboot to live at 0x100000--this is a separate thread. >> >> o Because a proper teardown requires turning off VMX on every >> core/thread before executing GETSEC[SEXIT], some changes were made to >> the Xen shutdown code. An initial commonization of the reboot and >> shutdown routines was done so that this new code would only have to >> be put in one place. Future patches will commonize the other >> routines in Xen that shutdown or reboot the system, such that they >> will also perform a teardown of the measured environment. >> >> o The code requires that VT be enabled as well as TXT. This is >> because the mechanism for bringing up the APs uses VMX to create a >> mini-VM in order to trap on INIT-SIPI-SIPI. >> >> o Currently only sboot is measured. We plan to extend this to xen >> and dom0 in the future. >> >> o The patch doesn't cap (extend with invalid value) the dynamic TPM >> PCRs when the measured environment is torn down. This will be added >> when we have a method for re-entering sboot on shutdown implemented. >> >> o No DMA protection has been implemented in this patch. SDV3/TEP >> only support the NoDMA table for DMA protection and this is >> superseded by VT-d. VT-d support will be added shortly, though it >> will only be available on new platforms. >> >> >> >> Comments and feedback are very welcome. We'd especially like to see >> a discussion about what changes are required for this code to be >> merged into the -unstable tree. >> >> We have many enhancements planned, as well as support for newer TXT >> Software Development Platforms (SDPs). >> >> >> Joseph Cihula >> Jimmy Wei >> Shane Wang >> Zhai Edwin >> >> Open Source Technology Center >> Intel Corp. _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.