I have run into a couple of issues trying to used the unsigned LCP type and external policy list files. There are basically two things I wanted to ask about and/or bring up.
1. I am trying to use lcp_crtpol to create a type unsigned policy but there doesn’t seem to be a way to specify more than one mle hash as input. Looking at the code in crtpol.c for create_policy(), the count of mle hashes seems to always be 1 though the routine lcp_create_unsigned_poldata() would load multiple ones if there were any. It looks like only one entry in listdata is ever initialized. Maybe I am missing something – any clarification would be great.
2. I came across an odd hang in xen when I put the LCP data module at the end of the list of modules in grub. If I move the LCP data module say in front of the sinit module, the hang goes away. This only happens when tboot does an un-trusted launch (since in the trusted case, it removes sinit and lcp modules from mbi). It has something to do with the module moving code in __start_xen(). I am going to investigate it further to see if it is a bug in xen (I think it might be related to the very small size of the LCP data module). Anyway, in looking at the tboot code I was thinking it might make sense to pop any sinit and lcp modules out of the mbi module list even in the case where tboot doesn’t to a trusted launch as is the case in a trusted launch. The next level kernel modules do not need to see these modules whether it is a trusted boot or not. If folks thinks this is a good idea, I can submit a patch.
Senior Software Engineer
Citrix Systems, Inc
14 Crosby Drive
Bedford, MA 01730