WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xense-devel] RE: [Xen-devel] [PATCH] Intel(R) Trusted Execution Technol

To: "Keir Fraser" <Keir.Fraser@xxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>, <xense-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xense-devel] RE: [Xen-devel] [PATCH] Intel(R) Trusted Execution Technology support
From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Date: Mon, 29 Oct 2007 12:26:57 -0700
Cc: "Xu, James" <james.xu@xxxxxxxxx>, "Wang, Shane" <shane.wang@xxxxxxxxx>, "Wei, Gang" <gang.wei@xxxxxxxxx>
Delivery-date: Mon, 29 Oct 2007 12:28:02 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C34BDB16.F9D0%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
References: <D936D925018D154694D8A362EEB0892002C7C4B6@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <C34BDB16.F9D0%Keir.Fraser@xxxxxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcgYPKeHAh+s/rrjQ0OzxTZHSH6adQB0Zgj0AAzUsnAAA3v0QgAAvpSgAAB6yw4AAD/usAAAM7T7AACBpTAAAPRgXgABVtmQ
Thread-topic: [Xen-devel] [PATCH] Intel(R) Trusted Execution Technology support
On Monday, October 29, 2007 11:47 AM, Keir Fraser wrote:
> On 29/10/07 18:34, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx> wrote:
> 
>>> Okay, we should limit the scan to page-aligned addresses in UNUSABLE
regions
>>> below 1MB. It makes sense to put the UNUSABLE->RESERVED hack in Xen
itself,
>>> rather than in tboot. Once the interface is baked into 3.2.0 it's
not
>>> changing on our side.
>> 
>> I'd like to allow for the shared page to be moved to a higher memory
>> location in the future, so I'd prefer not to limit the search to
below
>> 1MB.  Since only tboot is using the UNUSABLE type and it should find
the
>> shared page in the first UNUSABLE section anyway (whether it gets
moved
>> or not), the search should still be quick.  Also, I'll only change
the
>> type from UNUSABLE->RESERVED if it is found in the lower 1MB.
> 
> Actually I have a better idea to avoid the scan entirely. tboot should
> append 'tboot=<address of shared area>' to Xen's command line (e.g.,
> tboot=0x71000). This gives a better more guaranteed handoff from tboot
to
> Xen, it avoids the user needing to manually add any options to Xen's
command
> line (we can make tboot= imply no-real-mode), and means that rather
than
> doing a scan we simply need to confirm the UUID is at the given
address.
> 
> I can easily do the Xen side of this if you agree it makes sense.

Sounds good.  I'll work up a patch for tboot and post a new tarball
tonight.

Joe

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel