Menu
▾
▴
Re: [tboot-devel] Buying a machine that will actually work with TXT
|
From: Mike H. <mi...@pl...> - 2008-07-17 07:40:47
|
> The early versions of Intel(R) Trusted Execution Technology (TXT), at > that time called LaGrande Technology, included trusted input and output > as well as a NoDMA table for DMA protection. Good. The NoDMA table always seemed like a kludge to me :) > As we continued to develop > TXT and work with the ecosystem, several things changed. We were able > to have VT-d available in time to be used with TXT OK. I don't know what VT-d is. I'll have to investigate more I guess. > VT-d gives software the ability to provide trusted I/O, albeit with its > own set of restrictions. Using VT-d one could either create a UI VM > that managed all of the UI and provided windows/regions to other VMs > (ala Nitpicker) or it could be used to do fullscreen switching between > VMs. Likewise for input, VT-d can be used to assign a USB > keyboard/mouse to a trusted VM either temporarily or permanently. Yes, to be honest despite the issues with compositing both of these alternatives sound like a _downgrade_. Nobody is going to want to lose their operating systems window management. What can you tell us about the state of the current trusted IO research? Have you talked to nVidia/ATI about doing trusted surfaces in a way that's compatible with OpenGL/Direct3D compositing? My idea of a trusted Firefox rather relies on trusted gfx channels rather heavily :-( > I hope this helps explain some of the discrepancies you find in our > earlier material with what we have today. Yeah, thanks, although to be frank the state of the TXT documentation is rather sparse. The book is/was as good as it gets as far as I can tell, so even just one web page somewhere describing the changes since then (mid 2006?) would be a great thing to have. Otherwise everybody outside your team is going to be left in the dark. thanks -mike |
