[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC] Add SUPPORT.md

To: George Dunlap <george.dunlap@xxxxxxxxxx>
From: Rich Persaud <persaur@xxxxxxxxx>
Date: Mon, 11 Sep 2017 16:13:12 -0400
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx>, Dario Faggioli <dario.faggioli@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Mon, 11 Sep 2017 20:13:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Sep 11, 2017, at 10:16, George Dunlap <george.dunlap@xxxxxxxxxx> wrote:

+### vTPM Support
+
+ Status: Supported, x86 only

This should probably be x86/vTPM. TPM, the way we are discussing it, is
an x86-only implementation. ARM-based alternatives are not called TPM
AFAIK.

Someone said that because this was implemented entirely in userspace,
there's no reason the PV TPM couldn't work on ARM. OTOH I suppose it
would be a lot less valuable if there weren't a physical TPM to back it up.

Any thoughts on that?

Physical TPMs are present on both x86 and ARM Chromebooks:

https://www.chromium.org/developers/design-documents/tpm-usage

e.g. see Step 9 in this Samsung Series 3 teardown, "Infineon SLB9635":

https://www.ifixit.com/Teardown/Samsung+Chromebook+Series+3+Teardown/12225

+### Intel/TXT ???

Same here

Well unless someone actually says something about this I'm just going go
delete it.

That's one way to motivate a response :)

Slide 11 of Joe Cihula's 2007 presentation documents the Xen changes for TXT:

http://www-archive.xenproject.org/files/xensummit_fall07/23_JosephCihula.pdf

More info in the 2007 patch and the Linux kernel doc:

http://old-list-archives.xen.org/archives/html/xen-devel/2007-10/msg00897.html

https://www.kernel.org/doc/Documentation/intel_txt.txt

Intel TXT is used with Xen by (at least) Qubes, OpenXT and Skyport Systems. There was a design discussion at Xen Summit about implementing a frequently-used subset of tboot logic in Xen. Hopefully Intel TXT will continue to be a Xen feature with security support.

Rich

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH RFC] Add SUPPORT.md
  - From: Stefano Stabellini

References:
- Re: [Xen-devel] [PATCH RFC] Add SUPPORT.md
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH RFC] Add SUPPORT.md
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [stage1-xen PATCH v1 09/10] build/fedora: Add `RUNNING_STAGE1_XEN.md`
Next by Date: Re: [Xen-devel] [stage1-xen PATCH v1 06/10] build/fedora: Add `xen-unstable-runit/*` scripts
Previous by thread: Re: [Xen-devel] [PATCH RFC] Add SUPPORT.md
Next by thread: Re: [Xen-devel] [PATCH RFC] Add SUPPORT.md
Index(es):
- Date
- Thread