The Trenchboot project[0][1] project aims to develop and upstream support for
TCG DRTM support into various open source projects in the ecosystem, to
improve boot security. Trenchboot has been discussed at previous
XenSummits[2], and the work across the ecosystem is extensively blogged
about[3].
This series forms the start of the work within Xen, and for now simply covers
the ability to boot in the AMD SKINIT/Secure Startup environment.
Full details are available in AMD APM Vol2 15.27 "Secure Startup with SKINIT"
Future work will cover related support for Intel TXT in a non-tboot system,
and the common logic to interact with the TPM and extend the hardware measured
chain of trust into dom0.
[0] https://trenchboot.org/
[1] https://github.com/TrenchBoot/documentation
[2] https://www.youtube.com/watch?v=SwByVrw7-08&list=PLYyw7IQjL-zFYmEoZEYswoVuXrHvXAWxj&index=13
[3] https://blog.3mdeb.com/tags/trenchboot/
Andrew Cooper (2):
x86/smpboot: Re-position the call to tboot_wake_ap()
x86/smpboot: Allow making an INIT IPI conditional
Norbert Kami?ski (1):
x86: Support booting under Secure Startup via SKINIT
xen/arch/x86/cpu/common.c | 32 +++++++++++++
xen/arch/x86/smpboot.c | 98 ++++++++++++++++++++++++----------------
xen/include/asm-x86/cpufeature.h | 1 +
xen/include/asm-x86/msr-index.h | 1 +
xen/include/asm-x86/processor.h | 6 +++
5 files changed, 99 insertions(+), 39 deletions(-)
--
2.11.0
TCG DRTM support into various open source projects in the ecosystem, to
improve boot security. Trenchboot has been discussed at previous
XenSummits[2], and the work across the ecosystem is extensively blogged
about[3].
This series forms the start of the work within Xen, and for now simply covers
the ability to boot in the AMD SKINIT/Secure Startup environment.
Full details are available in AMD APM Vol2 15.27 "Secure Startup with SKINIT"
Future work will cover related support for Intel TXT in a non-tboot system,
and the common logic to interact with the TPM and extend the hardware measured
chain of trust into dom0.
[0] https://trenchboot.org/
[1] https://github.com/TrenchBoot/documentation
[2] https://www.youtube.com/watch?v=SwByVrw7-08&list=PLYyw7IQjL-zFYmEoZEYswoVuXrHvXAWxj&index=13
[3] https://blog.3mdeb.com/tags/trenchboot/
Andrew Cooper (2):
x86/smpboot: Re-position the call to tboot_wake_ap()
x86/smpboot: Allow making an INIT IPI conditional
Norbert Kami?ski (1):
x86: Support booting under Secure Startup via SKINIT
xen/arch/x86/cpu/common.c | 32 +++++++++++++
xen/arch/x86/smpboot.c | 98 ++++++++++++++++++++++++----------------
xen/include/asm-x86/cpufeature.h | 1 +
xen/include/asm-x86/msr-index.h | 1 +
xen/include/asm-x86/processor.h | 6 +++
5 files changed, 99 insertions(+), 39 deletions(-)
--
2.11.0