RE: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under develo pment u sing this stuff?

["Cihula, Joseph" <joseph.cihula@xxxxxxxxx>]

I'm not sure what work David was specifically referring to, but Xen can be used to build a model similar to that of NGSCB (though I'm not aware of anyone (else) trying to do so). 

 

There has been a general consensus among the people working on security-related aspects of Xen that it should be better "partitioned" to follow the principle of least privilege.  This would include moving the vTPM system into a separate domain, de-privileging dom0, etc.  I had started work on extracting vTPM but that has been postponed due to more pressing work at my real job.  I have not heard of any active work on dom0 de-privileging.

 

Any contributions you would like to make to the security of Xen would be most welcomed and I'm sure that you will have no difficulty finding people willing to answer any questions that you may have as you work on it.

 

Joe

---

From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of xenway@xxxxxxx
Sent: Monday, January 15, 2007 11:34 PM
To: Cihula, Joseph
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; xense-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under develo pment u sing this stuff?
Importance: High

Hi, Joseph
     It is very kind of you to give me your advices :) I really appreciate that. I have contracted with David Pilger several days before. He just said that some people was trying to do the same stuff that we were going to. Do you know about that? I am a freshman in this area and have little experience. I think it is an good idea to stand on the shoulders of giants and see further. Could you give me the further information ? Thank you.

on 2007-01-16，"Cihula, Joseph" <joseph.cihula@xxxxxxxxx> wrote：

From: "Cihula, Joseph" To: "" Date: Tue, 16 Jan 2007 13:13:01 +0800 (CST) Subject: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under development u sing this stuff? > (Including xense-devel again.) > > > On Monday, January 15, 2007 1:37 AM, xenway@xxxxxxx wrote: > > Hi, Joseph > > I really appreciate your help :) > > I have read the web page you mentioned before. It seems that > you integrate it > > into Xen as Secure Boot interacting with TPM module or something like > that, don't you :) > > The current patch integrates the TXT code into the Xen binary, invoked > at the very beginning of launch. > > > The goal of our project is that we have studied the > framework of Microsoft(R)'s > > "NGSCB". We are trying to implement a rough prototype or something > alike in Linux or *nix > > rather than Windows(R) where "NGSCB" was going. However, the "NGSCB" > needs some hardware > > supports such as "Trusted Mode", "Memory Protection", "DMA Control" > and "Secure Path to the > > User", etc. Fortunately, the Intel(R) Corp has developed their > technologies called "Lagrande" > > which can feed the needs of Nexus which is the secure kernel of the > "NGSCB". The "NGSCB" is > > not described clearly by Microsoft :(. We can't find more details > about that stuff. Finally, > > we found some stuff which came out from the "Intel Developer > Center" like "Domain Manager" > > and "SENTER Progress", etc. The project "NGSCB" seems to be defunct > and there is no further > > information about that, on the other hand, the Intel(R) Corp seems to > continue its works on > > hardware support to "NGSCB". So we found out some stuff about the > "Lagrande" technologies in > > the Xen communities. > > We are curious that whether the patch you contribute to the > Xen is the beginning of > > building a prototype of "Domain Manager" or something alike? If not, > what is the goal of > > integrating "Lagrande" into Xen? Could you give me further information > about that? > > The term "domain manager" that you're referring to was the term used in > place of VMM in some of our early slides. So our TXT work with Xen is > not to replace Xen (the hypervisor), but rather to enhance it to support > TXT. > > You can get more up to date information from this past Fall's Intel > Developer Forum (IDF) at: > http://www.intel.com/idf/us/fall2006/index.htm. There were two sessions > specifically on TXT. > > > By the way, the Intel(R) Corp has announced its "Lagrande" > technologies, has it > > been integrated into some processors? Has the motherboard's chips the > functions like > > "IOMMU" and "DMA Protection" to support "Curtained Memory"? > > A TXT-capable system is available for purchase; please visit > http://www.mpccorp.com/clientpro_txt for details. > > > The next work we are going to do is to find out whether it > is feasible to introduce > > the Xen to construct our secure kernel. Do you have some constructive > advices for us? > > Thanks a lot :) > > My foils from this past Xen Summit > (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techno > logy.pdf) describe how to enable Xen for TXT are a good basis for > enabling any VMM or kernel to use TXT. > > Joe >

---

独家！网易3G免费邮，还赠送280兆网盘 www.126.com

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel