[tboot-devel] SINIT question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I have a quick question regarding the SINIT module.

I am currently creating a proof-of-concept of a VMM which can be
securely late-launched multiple times. The VMM itself is very similar
in design to Intel's LVMM, and I am in the process of getting it to be
launched through tboot, but am having a few problems with SINIT
executing properly.

I have the "Intel Desktop Board DQ965CO" which i believe is in the
ICH8 family, and with the board came the following SINIT module:
filename: bwr_sinit_20060922_release.bin
sha1sum: 8ad582e50be40df7da9c1b8db6ed77499e920613

Also I have downloaded the SINIT offered from the tboot package:
filename: BRLK_SINIT_20070910_release.BIN
sha1sum: 46f4e1c199c2983e8a8a115cd90c88353e7b08dc

My questions are:

1. Should I be able to use either of the SINIT modules for my
hardware, or are they specific to a certain chipset?

1b. If they are chipset specific, where can I get the latest version
of SINIT for my particular chipset?

2. In order to make the proof-of-concept easier to develop and debug,
I disabled one of the cores for the time being. However, with a core
disabled, neither of the SINIT modules listed above would execute
properly. (actually, the one offered on the tboot website doesn't boot
at all under any circumstance) What happens is that tboot goes through
its first pass, confirms that the SINIT is correct, and then attempts
to execute GETSEC[SENTER]. However, it never returns to tboot for the
second pass. If I turn both cores on, the
bwr_sinit_20060922_release.bin SINIT will at least get back to tboot,
and go through a second pass. So here's my question:

Does SINIT require multiple cores to be enabled in order for it to
work properly?

Thanks for all the questions you have answered on this mailing list.
Everything I have seen so far has been very interesting and
educational.

Emil Meng
University of Tsukuba
MS Computer Science