~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/arch/x86/intel_txt.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/arch/x86/intel_txt.rst (Architecture m68k) and /Documentation/arch/alpha/intel_txt.rst (Architecture alpha)


  1 =====================                             
  2 Intel(R) TXT Overview                             
  3 =====================                             
  4                                                   
  5 Intel's technology for safer computing, Intel(    
  6 Technology (Intel(R) TXT), defines platform-le    
  7 provide the building blocks for creating trust    
  8                                                   
  9 Intel TXT was formerly known by the code name     
 10                                                   
 11 Intel TXT in Brief:                               
 12                                                   
 13 -  Provides dynamic root of trust for measurem    
 14 -  Data protection in case of improper shutdow    
 15 -  Measurement and verification of launched en    
 16                                                   
 17 Intel TXT is part of the vPro(TM) brand and is    
 18 non-vPro systems.  It is currently available o    
 19 based on the Q35, X38, Q45, and Q43 Express ch    
 20 Optiplex 755, HP dc7800, etc.) and mobile syst    
 21 PM45, and GS45 Express chipsets.                  
 22                                                   
 23 For more information, see http://www.intel.com    
 24 This site also has a link to the Intel TXT MLE    
 25 which has been updated for the new released pl    
 26                                                   
 27 Intel TXT has been presented at various events    
 28 years, some of which are:                         
 29                                                   
 30       - LinuxTAG 2008:                            
 31           http://www.linuxtag.org/2008/en/conf    
 32                                                   
 33       - TRUST2008:                                
 34           http://www.trust-conference.eu/downl    
 35           3_David-Grawrock_The-Front-Door-of-T    
 36                                                   
 37       - IDF, Shanghai:                            
 38           http://www.prcidf.com.cn/index_en.ht    
 39                                                   
 40       - IDFs 2006, 2007                           
 41           (I'm not sure if/where they are onli    
 42                                                   
 43 Trusted Boot Project Overview                     
 44 =============================                     
 45                                                   
 46 Trusted Boot (tboot) is an open source, pre-ke    
 47 uses Intel TXT to perform a measured and verif    
 48 kernel/VMM.                                       
 49                                                   
 50 It is hosted on SourceForge at http://sourcefo    
 51 The mercurial source repo is available at http    
 52 repos.hg/tboot.hg.                                
 53                                                   
 54 Tboot currently supports launching Xen (open s    
 55 w/ TXT support since v3.2), and now Linux kern    
 56                                                   
 57                                                   
 58 Value Proposition for Linux or "Why should you    
 59 ==============================================    
 60                                                   
 61 While there are many products and technologies    
 62 measure or protect the integrity of a running     
 63 assume the kernel is "good" to begin with.  Th    
 64 Measurement Architecture (IMA) and Linux Integ    
 65 are examples of such solutions.                   
 66                                                   
 67 To get trust in the initial kernel without usi    
 68 static root of trust must be used.  This bases    
 69 starting at system reset and requires measurem    
 70 executed between system reset through the comp    
 71 boot as well as data objects used by that code    
 72 Linux kernel, this means all of BIOS, any opti    
 73 bootloader and the boot config.  In practice,     
 74 code/data, much of which is subject to change     
 75 (e.g. changing NICs may change option ROMs).      
 76 hashes, these measurement changes are difficul    
 77 confirm as benign.  This process also does not    
 78 protection, memory configuration/alias checks     
 79 protection, or policy support.                    
 80                                                   
 81 By using the hardware-based root of trust that    
 82 many of these issues can be mitigated.  Specif    
 83 pre-launch components can be removed from the     
 84 protection is provided to all launched compone    
 85 of platform configuration checks are performed    
 86 protection is provided for any data in the eve    
 87 shutdown, and there is support for policy-base    
 88 This provides a more stable measurement and a     
 89 system configuration and initial state than wo    
 90 possible.  Since the tboot project is open sou    
 91 almost all parts of the trust chain is availab    
 92 Intel-provided firmware).                         
 93                                                   
 94 How Does it Work?                                 
 95 =================                                 
 96                                                   
 97 -  Tboot is an executable that is launched by     
 98    the "kernel" (the binary the bootloader exe    
 99 -  It performs all of the work necessary to de    
100    platform supports Intel TXT and, if so, exe    
101    processor instruction that initiates the dy    
102                                                   
103    -  If tboot determines that the system does    
104       or is not configured correctly (e.g. the    
105       incorrect), it will directly launch the     
106       to any state.                               
107    -  Tboot will output various information ab    
108       terminal, serial port, and/or an in-memo    
109       locations can be configured with a comma    
110                                                   
111 -  The GETSEC[SENTER] instruction will return     
112    tboot then verifies certain aspects of the     
113    lock, e820 table does not have invalid entr    
114 -  It will wake the APs from the special sleep    
115    instruction had put them in and place them     
116    state.                                         
117                                                   
118    -  Because the processors will not respond     
119       in the TXT environment, it is necessary     
120       guest for the APs.  When they run in thi    
121       simply wait for the INIT-SIPI-SIPI seque    
122       VMEXITs, and then disable VT and jump to    
123       approach seemed like a better choice tha    
124       special code into the kernel's MP wakeup    
125                                                   
126 -  Tboot then applies an (optional) user-defin    
127    verify the kernel and initrd.                  
128                                                   
129    -  This policy is rooted in TPM NV and is d    
130       project.  The tboot project also contain    
131       create and provision the policy.            
132    -  Policies are completely under user contr    
133       then any kernel will be launched.           
134    -  Policy action is flexible and can includ    
135       or simply logging them and continuing.      
136                                                   
137 -  Tboot adjusts the e820 table provided by th    
138    its own location in memory as well as to re    
139    TXT-related regions.                           
140 -  As part of its launch, tboot DMA protects a    
141    VT-d PMRs).  Thus, the kernel must be boote    
142    in order to remove this blanket protection     
143    page-level protection.                         
144 -  Tboot will populate a shared page with some    
145    pass this to the Linux kernel as it transfe    
146                                                   
147    -  The location of the shared page is passe    
148       struct as a physical address.               
149                                                   
150 -  The kernel will look for the tboot shared p    
151    exists, map it.                                
152 -  As one of the checks/protections provided b    
153    of the VT-d DMARs in a DMA-protected region    
154    them for correctness.  The VT-d code will d    
155    launched with tboot and use this copy inste    
156    ACPI table.                                    
157 -  At this point, tboot and TXT are out of the    
158    shutdown (S<n>)                                
159 -  In order to put a system into any of the sl    
160    launch, TXT must first be exited.  This is     
161    attempt to crash the system to gain control    
162    data left in memory.                           
163                                                   
164    -  The kernel will perform all of its sleep    
165       populate the shared page with the ACPI d    
166       platform in the desired sleep state.        
167    -  Then the kernel jumps into tboot via the    
168       shared page.                                
169    -  Tboot will clean up the environment and     
170       kernel-provided ACPI information to actu    
171       into the desired sleep state.               
172    -  In the case of S3, tboot will also regis    
173       vector.  This is necessary because it mu    
174       measured environment upon resume.  Once     
175       has been restored, it will restore the T    
176       transfer control back to the kernel's S3    
177       In order to preserve system integrity ac    
178       provides tboot with a set of memory rang    
179       in the e820 table, but not any memory th    
180       the S3 transition) that tboot will calcu    
181       authentication code) over and then seal     
182       and once the measured environment has be    
183       will re-calculate the MAC and verify it     
184       Tboot's policy determines what happens i    
185       Note that the c/s 194 of tboot which has    
186       this.                                       
187                                                   
188 That's pretty much it for TXT support.            
189                                                   
190                                                   
191 Configuring the System                            
192 ======================                            
193                                                   
194 This code works with 32bit, 32bit PAE, and 64b    
195                                                   
196 In BIOS, the user must enable:  TPM, TXT, VT-x    
197 allow these to be individually enabled/disable    
198 which to find them are BIOS-specific.             
199                                                   
200 grub.conf needs to be modified as follows::       
201                                                   
202         title Linux 2.6.29-tip w/ tboot           
203           root (hd0,0)                            
204                 kernel /tboot.gz logging=seria    
205                 module /vmlinuz-2.6.29-tip int    
206                        root=LABEL=/ rhgb conso    
207                 module /initrd-2.6.29-tip.img     
208                 module /Q35_SINIT_17.BIN          
209                                                   
210 The kernel option for enabling Intel TXT suppo    
211 Security top-level menu and is called "Enable     
212 Execution Technology (TXT)".  It is considered    
213 depends on the generic x86 support (to allow m    
214 kernel build options), since the tboot code wi    
215 platform actually supports Intel TXT and thus     
216 kernel code is executed.                          
217                                                   
218 The Q35_SINIT_17.BIN file is what Intel TXT re    
219 Authenticated Code Module.  It is specific to     
220 system and can also be found on the Trusted Bo    
221 (unencrypted) module signed by Intel that is u    
222 DRTM process to verify and configure the syste    
223 because it operates at a higher privilege leve    
224 any other macrocode and its correct operation     
225 establishment of the DRTM.  The process for de    
226 SINIT ACM for a system is documented in the SI    
227 that is on the tboot SourceForge site under th    
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php