From: Cihula, Joseph <joseph.cihula@in...> - 2011-08-30 18:43:45
> From: Martin Schneider [mailto:martincschneider@...]
> Sent: Monday, August 29, 2011 7:55 AM
Please use the tboot-devel mailing list for discussions and questions; tboot-changelog is just for automated notifications from the source code control system.
> Hi list,
> I am new to tboot / Intel TXT technology and have some questions, mainly concerning the role of
> the TPM in the Intel TXT architecture.
> Up to now I went through the "Intel Safer computing Initiative" book by David Grawrock and think I
> have a basic understanding what SINIT
> does: Preparing a secure launch environment for a hypervisor and doing some measurements which are
> put to the TPM of the system. When my understanding is correct, tboot is a specific implementation
> for SINIT for being used with the XEN hypervisor...?
I would say that tboot is a specific implementation of an MLE (Measured Launched Environment). Tboot encapsulates (most of) the TXT-specific knowledge so that it can launch an OS or VMM that is only minimally aware of TXT. Tboot works with Linux/KVM as well as with Xen.
> What I absolutely do not understand is the role of the TPM in the architecture. Besides holding
> the measurement values of the SHA-1 fingerprints from SINIT (PCR17) and the hypervisor (PCR18) I
> do not see the need for the TPM. I does not enforce anything or make anything more secure? Or am I
> mistaken here? Actually the TPM is only useful when I want to do some kind of remote attestation
> of my environment.
> The big problem I see is, that I can not use e.g. tboot when no TPM is available? Or am I
The TPM is fundamental to the TXT architecture. Without a secure location for the measurements made by the TXT hardware, firmware, and software there would be no secure way of knowing that TXT was actually used for a launch. An MLE that does not use the TPM measurements for remote attestation or sealing cannot really be sure that it was launched with TXT.
> My next big question is: what is different if I use tboot and when I do not. Where is the security
If tboot, or some other TXT MLE, is not used then you are left with a static root of trust based in BIOS. David Grawrock's book should describe the differences between dynamic and static roots of trust (it is a bit much to go into via email).
> It would be very kind of you to de-confuse me a little or point me to some useful reading
> Best regards
> EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that
> offers unified management Up to 160% more powerful than alternatives and 25% more efficient.
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> Tboot-changelog mailing list