Re: [Xen-devel] [BUG] After upgrade to Xen 4.12.0 iommu=no-igfx

[Roman Shaposhnik <roman@xxxxxxxxxx>]

On Wed, Jul 24, 2019 at 10:42 AM Rich Persaud <persaur@xxxxxxxxx> wrote:
>
> On Jul 19, 2019, at 15:31, Roman Shaposhnik <roman@xxxxxxxxxx> wrote:
>
> Hi!
>
> we're using Xen on Advantech ARK-2250 Embedded Box PC:
>    
> https://www.elmark.com.pl/web/uploaded/karty_produktow/advantech/ark-2250l/ark-2250l_instrukcja-uzytkownika.pdf
>
>
> Roman,
>
> Good to see Xen being used on fanless devices.

Oh, there's WAY more of those in EVE under Xen management ;-)
     https://wiki.lfedge.org/display/EVE/Hardware+Platforms+Supporting+EVE

> Does the AMI BIOS for the i7 6600U Skylake CPU [1] variant of ARK-2250 [2]
> support Intel TXT DRTM and discrete TPM, which would enable boot integrity 
> [3] protection for Xen, read-only dom0 and stateless VMs?
> Boot integrity is valuable on edge devices.

Funny you should mention this -- that's exactly what we're playing
with right now in LF Edge Project EVE. Do you want to pop up on the
mailing list or slack channel there? (not sure this is the right topic
for Xen-devel).

And just so that we're on the same page, here's what we are after when
it comes to root of trust in EVE (I really need to do a write up on
this soon):
   * measured boot (we're really not interested secure boot that much)
   * measured boot of the DomUs
   * proxy TPM to the DomUs

> [1] CPU spec: 
> https://ark.intel.com/content/www/us/en/ark/products/88192/intel-core-i7-6600u-processor-4m-cache-up-to-3-40-ghz.html
>
> [2] PC spec: 
> https://www.advantech.com/products/ark-2000_series_embedded_box_pcs/ark-2250l/mod_66ebc4e0-9a0c-489c-96a5-70a8054e9037
>
> [3] TrenchBoot, Xen Summit 2019, https://youtube.com/watch?v=f0LZFSq4Ack

Thanks for the notes! Much appreciated!

Thanks,
Roman.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel