|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [HACKATHON] xSplice session note
>>> On 20.04.16 at 19:33, <wei.liu2@xxxxxxxxxx> wrote: > * Userspace tooling > > Plan to move to xl / libxl. Need to have stable interface in libxl > Tool is simple now, but might be more complex when sig verification > is involved. > > Jan: use external utility to veirfy, better. Xl should only do basic > uploading etc. Verification should either be in HV, or completely > with human intervention. Not exactly: This is only one of the two options, and my current understanding is that this wouldn't be sufficient from a measuring standpoint (but that understanding of mine could be wrong). As said later, i.e. ... > * tboot, secure boot and xsplice > > Jan: secure boot works for xen now, not sure how it works with > xsplice. xen verifies dom0 kernel in secure boot. > > Daniel: where is the sig in the kernel? > > Jan: don't know, but currently works. > > Jan: with secure boot, how to verify xsplice payload? Need to verify > by Xen eotherwise breaks chains of trust, which in turn requris whole > infrastructure. ... here. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |