From: Hal F. <hal...@gm...> - 2008-11-20 19:01:33
|
On Thu, Nov 20, 2008 at 8:33 AM, Mike Hearn <mi...@pl...> wrote: > What's the rationale for tboot not being a late launch project? My > understanding was that the whole point of TXT was to enable late launch. It seems that the problem with late launch is not so much launching something like tboot, it's what happens next. The simplest case would be to just abandon the original OS from which you performed the late launch, and to go ahead and do what tboot does now, measure and launch a VM monitor like Xen, which then launches a new set of VMs from scratch. But that doesn't give you any advantages over simply rebooting into today's tboot. Jon McCune's Flicker project does a late launch of a small executable program that performs secure functions for a relatively brief moment (a flicker of time, hence the name), and then tears down the secure environment and returns to the original OS. This has also required substantial work and research to accomplish, and seems to require OS specific code. A very ambitious possibility would be to encapsulate the state of the OS you were running before launching tboot, and to transfer it into a VM, allowing it to continue to run under a VMM launched by tboot. Ideally the user would hardly notice that the late launch had happened and that his OS had gone from running on the real hardware, to running in a VM managed by a measured VMM that tboot had started. I think this was the original idea of Microsoft's Palladium project, renamed NGSCB and then seemingly abandoned in the face of a firestorm of criticism. Clearly it would be extremely challenging to accomplish, and would very likely be OS specific. The "Blue Pill" project, http://bluepillproject.org/ , is a sort of root kit which does something similar, not using tboot but wrapping the OS in a VM and keeping it running, maybe without the user noticing. It could probably be modified to use tboot and might be a good starting point for this kind of late launch architecture. Hal Finney |