Looking for the latest version? Download flicker-0.7.tar.gz (148.1 kB)
Home
Name Modified Size Downloads / Week Status
Totals: 4 Items   444.4 kB 7
README 2012-06-18 4.7 kB 22 weekly downloads
flicker-0.7.tar.gz 2012-06-18 148.1 kB 33 weekly downloads
flicker-0.6.tar.gz 2012-06-01 148.0 kB 11 weekly downloads
flicker-0.5.tar.gz 2011-05-17 143.6 kB 11 weekly downloads
Please see the full README file in the source distribution for more information. All information here is redundant with respect to it. Flicker is a technique to execute a piece of application logic (PAL) code with an extremely small TCB, while maintaining compatibility with a legacy operating system. Flicker requires that the computer have support for dynamic root of trust. The legacy operating system for this version is 32-bit non-PAE Linux, or 32-bit non-PAE Windows 7. Flicker is derived from a research project at CMU: http://sparrow.ece.cmu.edu/group/flicker.html Prerequisites ============= Hardware -------- To use Flicker, a PC platform supporting dynamic root of trust is needed. AMD and Intel have implemented this differently. A v1.2 TPM is also required (and it must be enabled and activated in the BIOS). The AMD version of Flicker requires a processor supporting the SKINIT instruction, a v1.2 TPM [2], and a chipset which provides memory protection for the Flicker code. The SKINIT instruction is available with newer AMD64 processors [3]. Look for 'svm' in /proc/cpuinfo. In the BIOS, you must enable hardware virtualization support. The Intel version of Flicker requires a processor supporting the GETSEC[SENTER] instruction, a v1.2 TPM [2], and a chipset which provides memory protection for the Flicker code. These features are available on vPro-branded systems supporting Intel Trusted eXecution Technology (TXT) [6]. Look for 'smx' and 'vmx' in /proc/cpuinfo. In BIOS, you must enable hardware virtualization support (VT), Trusted eXecution Technology (TXT), and VT-d. There are known-bad (really bad; you could RUIN YOUR MOTHERBOARD) BIOSes out there for TXT. Upgrade your BIOS to the newest available version. To verify that your system has a v1.2 TPM: $ modprobe tpm_tis force=1 interrupts=0 $ cat `find /sys -name pcrs` You should have 24 PCRs listed (0-23). If you have only 16 PCRs (0-15), then you have a v1.1b TPM, and Flicker won't work. Changelog ######### flicker-0.1: Initial public release of AMD-specific code - code corresponds to all claims in the EuroSys paper flicker-0.2: Add support for Intel TXT - Intel and AMD versions independent; no integration flicker-0.3: Intel-only TPM NV RAM experimentation; no public release flicker-0.4: Memoir-related [9]; no public release - includes AMD microcode clear support (NO reloading of microcode currently; use at your own risk) - improvements to AMD version to support large parameters, etc as part of Memoir project - improvements to AMD version to work without special kernel compilation (i.e., stock Ubuntu non-PAE 32-bit kernel) flicker-0.5: - removed all GPL'd code. release is strictly BSD-style licensed or Dual BSD/GPL for Linux kernel module - code from tboot project obsoletes the TPM-related code from older versions - unification of Linux kmod across AMD and Intel - unification of PAL across AMD and Intel, [TODO] Windows and Linux - added support for Windows 7 32-bit - Linux version no longer depends on special linux kernel, but must be 32-bit and non-PAE - run Intel PAL code in ring 3, isolated from the legacy OS state - clear microcode before SKINIT on AMD processors - in-memory logging for systems with no serial port - single unified kernel module and PAL codebase that is processor-agnostic. - compatible with most distributions' shipped non-PAE 32-bit Linux kernel builds flicker-0.51 (alpha release for internal testing): - changes exclusively to Linux x Intel. Linux x AMD unchanged, Windows probably will not even build. - minor tweak to sysfs code to keep pace with Linux-internal APIs - modify Linux kmalloc() invocations to always be 2MB-aligned for PAL - add support to debug Intel VT-d DMAR configuration information - add support to explicitly disable VT-d DMAR PMR facility - invoke disable_vtd_pmr() immediately following Flicker session, before restoring interrupts flicker-0.52 (alpha release for internal testing): - minor bugfixes flicker-0.53 (alpha release for internal testing): - refactor Linux kmod to use existing Linux DMAR capabilities - requires Linux kernel built with CONFIG_DMAR=y and CONFIG_DMAR_DEFAULT_ON not set - Ubuntu 11.04 -generic kernels (2.6.38-13-generic) confirmed to work flicker-0.6: - fix build issues on Windows - stability improvements confirmed on Intel, Linux, Ubuntu 11.04 (primarily due to 2MB-aligned PAL and explicit disabling of VT-d PMRs after a Flicker session completes) flicker-0.7: - build successfully with gcc-4.6 on Ubuntu 12.04 LTS - link with libgcc.a to gain 64-bit emulation, etc. - add compiler flags -ffreestanding, -nostdlib
Source: README, updated 2012-06-18