1 =====================
2 Intel(R) TXT Overview
3 =====================
4
5 Intel's technology for safer computing, Intel(
6 Technology (Intel(R) TXT), defines platform-le
7 provide the building blocks for creating trust
8
9 Intel TXT was formerly known by the code name
10
11 Intel TXT in Brief:
12
13 - Provides dynamic root of trust for measurem
14 - Data protection in case of improper shutdow
15 - Measurement and verification of launched en
16
17 Intel TXT is part of the vPro(TM) brand and is
18 non-vPro systems. It is currently available o
19 based on the Q35, X38, Q45, and Q43 Express ch
20 Optiplex 755, HP dc7800, etc.) and mobile syst
21 PM45, and GS45 Express chipsets.
22
23 For more information, see http://www.intel.com
24 This site also has a link to the Intel TXT MLE
25 which has been updated for the new released pl
26
27 Intel TXT has been presented at various events
28 years, some of which are:
29
30 - LinuxTAG 2008:
31 http://www.linuxtag.org/2008/en/conf
32
33 - TRUST2008:
34 http://www.trust-conference.eu/downl
35 3_David-Grawrock_The-Front-Door-of-T
36
37 - IDF, Shanghai:
38 http://www.prcidf.com.cn/index_en.ht
39
40 - IDFs 2006, 2007
41 (I'm not sure if/where they are onli
42
43 Trusted Boot Project Overview
44 =============================
45
46 Trusted Boot (tboot) is an open source, pre-ke
47 uses Intel TXT to perform a measured and verif
48 kernel/VMM.
49
50 It is hosted on SourceForge at http://sourcefo
51 The mercurial source repo is available at http
52 repos.hg/tboot.hg.
53
54 Tboot currently supports launching Xen (open s
55 w/ TXT support since v3.2), and now Linux kern
56
57
58 Value Proposition for Linux or "Why should you
59 ==============================================
60
61 While there are many products and technologies
62 measure or protect the integrity of a running
63 assume the kernel is "good" to begin with. Th
64 Measurement Architecture (IMA) and Linux Integ
65 are examples of such solutions.
66
67 To get trust in the initial kernel without usi
68 static root of trust must be used. This bases
69 starting at system reset and requires measurem
70 executed between system reset through the comp
71 boot as well as data objects used by that code
72 Linux kernel, this means all of BIOS, any opti
73 bootloader and the boot config. In practice,
74 code/data, much of which is subject to change
75 (e.g. changing NICs may change option ROMs).
76 hashes, these measurement changes are difficul
77 confirm as benign. This process also does not
78 protection, memory configuration/alias checks
79 protection, or policy support.
80
81 By using the hardware-based root of trust that
82 many of these issues can be mitigated. Specif
83 pre-launch components can be removed from the
84 protection is provided to all launched compone
85 of platform configuration checks are performed
86 protection is provided for any data in the eve
87 shutdown, and there is support for policy-base
88 This provides a more stable measurement and a
89 system configuration and initial state than wo
90 possible. Since the tboot project is open sou
91 almost all parts of the trust chain is availab
92 Intel-provided firmware).
93
94 How Does it Work?
95 =================
96
97 - Tboot is an executable that is launched by
98 the "kernel" (the binary the bootloader exe
99 - It performs all of the work necessary to de
100 platform supports Intel TXT and, if so, exe
101 processor instruction that initiates the dy
102
103 - If tboot determines that the system does
104 or is not configured correctly (e.g. the
105 incorrect), it will directly launch the
106 to any state.
107 - Tboot will output various information ab
108 terminal, serial port, and/or an in-memo
109 locations can be configured with a comma
110
111 - The GETSEC[SENTER] instruction will return
112 tboot then verifies certain aspects of the
113 lock, e820 table does not have invalid entr
114 - It will wake the APs from the special sleep
115 instruction had put them in and place them
116 state.
117
118 - Because the processors will not respond
119 in the TXT environment, it is necessary
120 guest for the APs. When they run in thi
121 simply wait for the INIT-SIPI-SIPI seque
122 VMEXITs, and then disable VT and jump to
123 approach seemed like a better choice tha
124 special code into the kernel's MP wakeup
125
126 - Tboot then applies an (optional) user-defin
127 verify the kernel and initrd.
128
129 - This policy is rooted in TPM NV and is d
130 project. The tboot project also contain
131 create and provision the policy.
132 - Policies are completely under user contr
133 then any kernel will be launched.
134 - Policy action is flexible and can includ
135 or simply logging them and continuing.
136
137 - Tboot adjusts the e820 table provided by th
138 its own location in memory as well as to re
139 TXT-related regions.
140 - As part of its launch, tboot DMA protects a
141 VT-d PMRs). Thus, the kernel must be boote
142 in order to remove this blanket protection
143 page-level protection.
144 - Tboot will populate a shared page with some
145 pass this to the Linux kernel as it transfe
146
147 - The location of the shared page is passe
148 struct as a physical address.
149
150 - The kernel will look for the tboot shared p
151 exists, map it.
152 - As one of the checks/protections provided b
153 of the VT-d DMARs in a DMA-protected region
154 them for correctness. The VT-d code will d
155 launched with tboot and use this copy inste
156 ACPI table.
157 - At this point, tboot and TXT are out of the
158 shutdown (S<n>)
159 - In order to put a system into any of the sl
160 launch, TXT must first be exited. This is
161 attempt to crash the system to gain control
162 data left in memory.
163
164 - The kernel will perform all of its sleep
165 populate the shared page with the ACPI d
166 platform in the desired sleep state.
167 - Then the kernel jumps into tboot via the
168 shared page.
169 - Tboot will clean up the environment and
170 kernel-provided ACPI information to actu
171 into the desired sleep state.
172 - In the case of S3, tboot will also regis
173 vector. This is necessary because it mu
174 measured environment upon resume. Once
175 has been restored, it will restore the T
176 transfer control back to the kernel's S3
177 In order to preserve system integrity ac
178 provides tboot with a set of memory rang
179 in the e820 table, but not any memory th
180 the S3 transition) that tboot will calcu
181 authentication code) over and then seal
182 and once the measured environment has be
183 will re-calculate the MAC and verify it
184 Tboot's policy determines what happens i
185 Note that the c/s 194 of tboot which has
186 this.
187
188 That's pretty much it for TXT support.
189
190
191 Configuring the System
192 ======================
193
194 This code works with 32bit, 32bit PAE, and 64b
195
196 In BIOS, the user must enable: TPM, TXT, VT-x
197 allow these to be individually enabled/disable
198 which to find them are BIOS-specific.
199
200 grub.conf needs to be modified as follows::
201
202 title Linux 2.6.29-tip w/ tboot
203 root (hd0,0)
204 kernel /tboot.gz logging=seria
205 module /vmlinuz-2.6.29-tip int
206 root=LABEL=/ rhgb conso
207 module /initrd-2.6.29-tip.img
208 module /Q35_SINIT_17.BIN
209
210 The kernel option for enabling Intel TXT suppo
211 Security top-level menu and is called "Enable
212 Execution Technology (TXT)". It is considered
213 depends on the generic x86 support (to allow m
214 kernel build options), since the tboot code wi
215 platform actually supports Intel TXT and thus
216 kernel code is executed.
217
218 The Q35_SINIT_17.BIN file is what Intel TXT re
219 Authenticated Code Module. It is specific to
220 system and can also be found on the Trusted Bo
221 (unencrypted) module signed by Intel that is u
222 DRTM process to verify and configure the syste
223 because it operates at a higher privilege leve
224 any other macrocode and its correct operation
225 establishment of the DRTM. The process for de
226 SINIT ACM for a system is documented in the SI
227 that is on the tboot SourceForge site under th
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.