[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [HACKATHON] xSplice session note



>>> On 20.04.16 at 19:33, <wei.liu2@xxxxxxxxxx> wrote:
> * Userspace tooling
> 
>  Plan to move to xl / libxl.  Need to have stable interface in libxl
>  Tool is simple now, but might be more complex when sig verification
>  is involved.
> 
>  Jan: use external utility to veirfy, better. Xl should only do basic
>  uploading etc. Verification should either be in HV, or completely
>  with human intervention.

Not exactly: This is only one of the two options, and my current
understanding is that this wouldn't be sufficient from a measuring
standpoint (but that understanding of mine could be wrong). As
said later, i.e. ...

> * tboot, secure boot and xsplice
> 
>  Jan: secure boot works for xen now, not sure how it works with
>  xsplice. xen verifies dom0 kernel in secure boot.
> 
>  Daniel: where is the sig in the kernel?
> 
>  Jan: don't know, but currently works.
> 
>  Jan: with secure boot, how to verify xsplice payload? Need to verify
>  by Xen eotherwise breaks chains of trust, which in turn requris whole
>  infrastructure.

... here.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.