[PATCH] txt: 0/6 - Overview

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] txt: 0/6 - Overview

Cihula, Joseph
This patch series are changes to Xen to support new functionality, and a changed API, in the tboot project (see http://sourceforge.net/projects/tboot for more info about tboot).  Some of these changes originated from comments received when the first set of Linux tboot/Intel(r) TXT patches were posted to LKML.

Attached to this patch is a single patch to be applied to the current tip of the tboot source tree (located at http://www.bughost.org/repos.hg/tboot.hg).  Due to the API change, for those who wish to test the patches, it would be best to apply all of the tboot patch at once and test with all of the Xen patches applied to Xen.

Since the API changes are not backwards compatible, the resulting tboot will not work with a Xen that does not have the patches applied.  Likewise, a Xen with these patches applied will not work with the un-patched tboot.  To keep backward compatibility would have left the interface and code fairly ugly and didn't seem worth the trouble.

The Xen patches are as follows:

xen-txt-01-xen_phys_addr_start_fix.patch  - "fix" xen_phys_start for 32b builds
xen-txt-02-protect_txt_ranges.patch       - explicitly protect TXT addr ranges from dom0
xen-txt-03-use_protected_dmar.patch       - use TXT's DMA-protected DMAR table to setup VT-d
xen-txt-04-acpi_gas_support.patch         - ACPI Generic Address Structure for tboot shutdown
xen-txt-05-unified_shutdown_entry.patch   - single tboot entry point for shutdown
xen-txt-06-hypervisor_s3_integrity.patch  - hypervisor integrity on S3

We are currently working on a patch that will extend the S3 integrity to domains, as configurable via a domain's config file (and always for dom0).

The patches apply cleanly to the latest xen-unstable.

Joe and Shane

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel

tboot-latest.patch (251K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: [PATCH] txt: 0/6 - Overview

Cihula, Joseph
Hold off on these patches--there appear to be a few issues when I run them on the current tip.

Joe

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]
> On Behalf Of Cihula, Joseph
> Sent: Monday, January 19, 2009 9:48 PM
> To: [hidden email]; [hidden email]
> Cc: Wang, Shane; Keir Fraser
> Subject: [Xense-devel] [PATCH] txt: 0/6 - Overview
>
> This patch series are changes to Xen to support new functionality, and a changed API, in the
> tboot project (see http://sourceforge.net/projects/tboot for more info about tboot).  Some of
> these changes originated from comments received when the first set of Linux tboot/Intel(r) TXT
> patches were posted to LKML.
>
> Attached to this patch is a single patch to be applied to the current tip of the tboot source
> tree (located at http://www.bughost.org/repos.hg/tboot.hg).  Due to the API change, for those
> who wish to test the patches, it would be best to apply all of the tboot patch at once and
> test with all of the Xen patches applied to Xen.
>
> Since the API changes are not backwards compatible, the resulting tboot will not work with a
> Xen that does not have the patches applied.  Likewise, a Xen with these patches applied will
> not work with the un-patched tboot.  To keep backward compatibility would have left the
> interface and code fairly ugly and didn't seem worth the trouble.
>
> The Xen patches are as follows:
>
> xen-txt-01-xen_phys_addr_start_fix.patch  - "fix" xen_phys_start for 32b builds
> xen-txt-02-protect_txt_ranges.patch       - explicitly protect TXT addr ranges from dom0
> xen-txt-03-use_protected_dmar.patch       - use TXT's DMA-protected DMAR table to setup VT-d
> xen-txt-04-acpi_gas_support.patch         - ACPI Generic Address Structure for tboot shutdown
> xen-txt-05-unified_shutdown_entry.patch   - single tboot entry point for shutdown
> xen-txt-06-hypervisor_s3_integrity.patch  - hypervisor integrity on S3
>
> We are currently working on a patch that will extend the S3 integrity to domains, as
> configurable via a domain's config file (and always for dom0).
>
> The patches apply cleanly to the latest xen-unstable.
>
> Joe and Shane

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel