[PATCH v2] txt: 0/5 - Overview

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH v2] txt: 0/5 - Overview

Cihula, Joseph
This patch series are changes to Xen to support new functionality, and a changed API, in the tboot project (see http://sourceforge.net/projects/tboot for more info about tboot).  Some of these changes originated from comments received when the first set of Linux tboot/Intel(r) TXT patches were posted to LKML.

Attached to this patch is a single patch to be applied to the current tip of the tboot source tree (located at http://www.bughost.org/repos.hg/tboot.hg).  Due to the API change, for those who wish to test the patches, it would be best to apply all of the tboot patch at once and test with all of the Xen patches applied to Xen.

Since the API changes are not backwards compatible, the resulting tboot will not work with a Xen that does not have the patches applied.  Likewise, a Xen with these patches applied will not work with the un-patched tboot.  To keep backward compatibility would have left the interface and code fairly ugly and didn't seem worth the trouble.

The Xen patches are as follows:

xen-txt-01-unified_shutdown_entry.patch    - single tboot entry point for shutdown
xen-txt-02c-acpi_gas_support.patch         - ACPI Generic Address Structure for tboot shutdown
xen-txt-03c-protect_txt_ranges.patch       - explicitly protect TXT addr ranges from dom0
xen-txt-04c-hypervisor_s3_integrity.patch  - hypervisor integrity on S3
xen-txt-05b-use_protected_dmar.patch       - use TXT's DMA-protected DMAR table to setup VT-d

We are currently working on a patch that will extend the S3 integrity to domains, as configurable via a domain's config file (and always for dom0).

The patches apply cleanly to the latest xen-unstable (c/s 19104:31983c30c460).

Joe and Shane

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel

tboot-combined.patch (71K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: [PATCH v2] txt: 0/5 - Overview

Cihula, Joseph
> From: Ross Philipson [mailto:[hidden email]]
> Sent: Thursday, January 29, 2009 5:58 AM
>
> Joe,
>
> So if I read this correctly, the current tboot.hg repo on bughost does not have the new
> patches and therefore will work with older versions on xen (without your latest patches),
> correct? Are you going to be putting the patches in the main tboot repo or are you going to
> branch it - how will you make tboot available for both cases?
>
> Thanks
> Ross

I will create a new tarball today for the latest pre-change tboot code and then I will check in the changes once the corresponding Xen changes are accepted.  The next set of Linux patches will also be based on the new tboot code.

To the best of my knowledge, the only commercial distro with a Xen version >=3.2 is SLES10SP2 and SLES11 and so I'm not intending to support the earlier versions of tboot.  Also, the Xen changes are not that large and are mostly independent of anything in Xen that changed since 3.2, so it should not be hard to backport them is there is interest.

Joe

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On
> Behalf Of Cihula, Joseph
> Sent: Thursday, January 29, 2009 3:55 AM
> To: '[hidden email]'; [hidden email]
> Cc: Wang, Shane; Keir Fraser
> Subject: [Xen-devel] [PATCH v2] txt: 0/5 - Overview
>
> This patch series are changes to Xen to support new functionality, and a changed API, in the
> tboot project (see http://sourceforge.net/projects/tboot for more info about tboot).  Some of
> these changes originated from comments received when the first set of Linux tboot/Intel(r) TXT
> patches were posted to LKML.
>
> Attached to this patch is a single patch to be applied to the current tip of the tboot source
> tree (located at http://www.bughost.org/repos.hg/tboot.hg).  Due to the API change, for those
> who wish to test the patches, it would be best to apply all of the tboot patch at once and
> test with all of the Xen patches applied to Xen.
>
> Since the API changes are not backwards compatible, the resulting tboot will not work with a
> Xen that does not have the patches applied.  Likewise, a Xen with these patches applied will
> not work with the un-patched tboot.  To keep backward compatibility would have left the
> interface and code fairly ugly and didn't seem worth the trouble.
>
> The Xen patches are as follows:
>
> xen-txt-01-unified_shutdown_entry.patch    - single tboot entry point for shutdown
> xen-txt-02c-acpi_gas_support.patch         - ACPI Generic Address Structure for tboot shutdown
> xen-txt-03c-protect_txt_ranges.patch       - explicitly protect TXT addr ranges from dom0
> xen-txt-04c-hypervisor_s3_integrity.patch  - hypervisor integrity on S3
> xen-txt-05b-use_protected_dmar.patch       - use TXT's DMA-protected DMAR table to setup VT-d
>
> We are currently working on a patch that will extend the S3 integrity to domains, as
> configurable via a domain's config file (and always for dom0).
>
> The patches apply cleanly to the latest xen-unstable (c/s 19104:31983c30c460).
>
> Joe and Shane

_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel