[New: openFATE 310787] Intel(R) Trusted Execution Technology (Intel(R) TXT) Support
Feature added by: Joseph Cihula (jcihula) Feature #310787, revision 1 Title: Intel(R) Trusted Execution Technology (Intel(R) TXT) Support openSUSE-11.4: Unconfirmed Priority Requester: Important Requested by: Joseph Cihula (jcihula) Partner organization: openSUSE.org Description: Intel(R) Trusted Execution Technology (Intel(R) TXT) provides a hardware dynamic root of trust for measurement (D-RTM). Intel TXT can be used to reduce the trusted computing base (TCB) of system SW such as an OS kernel or hypervisor/VMM. TXT provides platform configuration protection such as memory aliasing checks, register locking, etc. It also provides reset protection via a hardware memory lock and memory scrubbing. In multi-processor systems, Intel TXT strengthens the RAS capability through CPU-rooted measurement of the BIOS and hardware-enforced protections of RAS events. Finally, TXT provides for a platform owner -controlled launch control policy. Intel TXT support consistes of two parts: kernel/VMM enabling and the tboot package. Kernel support involves building the Linux kernel (>= 2.6.35) with the CONFIG_INTEL_TXT flag set. This will also enable it for KVM. The default Xen build already supports TXT. Linux/Xen support actually assumes that TXT is "managed" through the Trusted Boot (tboot) module and thus, the tboot package is also needed for complete support. Tboot is an open source, pre-kernel/VMM module that uses Intel TXT to perform a measured and verified launch of an OS kernel/VMM. Use Case: 1) Disk encryption 2) Hardened local key storage/operations 3) Remote attestation Business case (Partner benefit): openSUSE.org: Enabling Intel TXT in the kernel/VMM will increase the trust and value of the above usage models. And the same value proposition that TXT has for Fedora also applies to openSuSE: http://lwn.net/Articles/382363/ TXT also compliments the OpenTC work being done by/with SuSE. -- openSUSE Feature: https://features.opensuse.org/310787
Feature changed by: Joseph Cihula (jcihula) Feature #310787, revision 2 Title: Intel(R) Trusted Execution Technology (Intel(R) TXT) Support openSUSE-11.4: Unconfirmed Priority Requester: Important Requested by: Joseph Cihula (jcihula) Partner organization: openSUSE.org Description: Intel(R) Trusted Execution Technology (Intel(R) TXT) provides a hardware dynamic root of trust for measurement (D-RTM). Intel TXT can be used to reduce the trusted computing base (TCB) of system SW such as an OS kernel or hypervisor/VMM. TXT provides platform configuration protection such as memory aliasing checks, register locking, etc. It also provides reset protection via a hardware memory lock and memory scrubbing. In multi-processor systems, Intel TXT strengthens the RAS capability through CPU-rooted measurement of the BIOS and hardware- enforced protections of RAS events. Finally, TXT provides for a platform owner -controlled launch control policy. Intel TXT support consistes of two parts: kernel/VMM enabling and the tboot package. Kernel support involves building the Linux kernel (>= 2.6.35) with the CONFIG_INTEL_TXT flag set. This will also enable it for KVM. The default Xen build already supports TXT. Linux/Xen support actually assumes that TXT is "managed" through the Trusted Boot (tboot) module and thus, the tboot package is also needed for complete support. Tboot is an open source, pre-kernel/VMM module that uses Intel TXT to perform a measured and verified launch of an OS kernel/VMM. Use Case: 1) Disk encryption 2) Hardened local key storage/operations 3) Remote attestation Business case (Partner benefit): openSUSE.org: Enabling Intel TXT in the kernel/VMM will increase the trust and value of the above usage models. And the same value proposition that TXT has for Fedora also applies to openSuSE: http://lwn.net/Articles/382363/ TXT also compliments the OpenTC work being done by/with SuSE. + Discussion: + #1: Joseph Cihula (jcihula) (2010-11-04 05:20:56) + A tboot package already exists (and builds) in OBS: https://build.opensuse.org/package/show?package=tboot&project=security% + 3ATXT -- openSUSE Feature: https://features.opensuse.org/310787
Feature changed by: Marc Ruehrschneck (macrue) Feature #310787, revision 3 Title: Intel(R) Trusted Execution Technology (Intel(R) TXT) Support openSUSE-11.4: Unconfirmed Priority Requester: Important Requested by: Joseph Cihula (jcihula) Partner organization: openSUSE.org Description: Intel(R) Trusted Execution Technology (Intel(R) TXT) provides a hardware dynamic root of trust for measurement (D-RTM). Intel TXT can be used to reduce the trusted computing base (TCB) of system SW such as an OS kernel or hypervisor/VMM. TXT provides platform configuration protection such as memory aliasing checks, register locking, etc. It also provides reset protection via a hardware memory lock and memory scrubbing. In multi-processor systems, Intel TXT strengthens the RAS capability through CPU-rooted measurement of the BIOS and hardware- enforced protections of RAS events. Finally, TXT provides for a platform owner -controlled launch control policy. Intel TXT support consistes of two parts: kernel/VMM enabling and the tboot package. Kernel support involves building the Linux kernel (>= 2.6.35) with the CONFIG_INTEL_TXT flag set. This will also enable it for KVM. The default Xen build already supports TXT. Linux/Xen support actually assumes that TXT is "managed" through the Trusted Boot (tboot) module and thus, the tboot package is also needed for complete support. Tboot is an open source, pre-kernel/VMM module that uses Intel TXT to perform a measured and verified launch of an OS kernel/VMM. Use Case: - - 1) Disk encryption 2) Hardened local key storage/operations 3) Remote attestation - Business case (Partner benefit): openSUSE.org: Enabling Intel TXT in the kernel/VMM will increase the trust and value of the above usage models. And the same value proposition that TXT has for Fedora also applies to openSuSE: http://lwn.net/Articles/382363/ TXT also compliments the OpenTC work being done by/with SuSE. Discussion: #1: Joseph Cihula (jcihula) (2010-11-04 05:20:56) A tboot package already exists (and builds) in OBS: https://build.opensuse.org/package/show?package=tboot&project=security% 3ATXT -- openSUSE Feature: https://features.opensuse.org/310787
Feature changed by: Thomas Schmidt (digitaltomm) Feature #310787, revision 4 Title: Intel(R) Trusted Execution Technology (Intel(R) TXT) Support - openSUSE-11.4: Unconfirmed + openSUSE-11.4: New Priority Requester: Important Requested by: Joseph Cihula (jcihula) Partner organization: openSUSE.org Description: Intel(R) Trusted Execution Technology (Intel(R) TXT) provides a hardware dynamic root of trust for measurement (D-RTM). Intel TXT can be used to reduce the trusted computing base (TCB) of system SW such as an OS kernel or hypervisor/VMM. TXT provides platform configuration protection such as memory aliasing checks, register locking, etc. It also provides reset protection via a hardware memory lock and memory scrubbing. In multi-processor systems, Intel TXT strengthens the RAS capability through CPU-rooted measurement of the BIOS and hardware- enforced protections of RAS events. Finally, TXT provides for a platform owner -controlled launch control policy. Intel TXT support consistes of two parts: kernel/VMM enabling and the tboot package. Kernel support involves building the Linux kernel (>= 2.6.35) with the CONFIG_INTEL_TXT flag set. This will also enable it for KVM. The default Xen build already supports TXT. Linux/Xen support actually assumes that TXT is "managed" through the Trusted Boot (tboot) module and thus, the tboot package is also needed for complete support. Tboot is an open source, pre-kernel/VMM module that uses Intel TXT to perform a measured and verified launch of an OS kernel/VMM. Use Case: 1) Disk encryption 2) Hardened local key storage/operations 3) Remote attestation Business case (Partner benefit): openSUSE.org: Enabling Intel TXT in the kernel/VMM will increase the trust and value of the above usage models. And the same value proposition that TXT has for Fedora also applies to openSuSE: - http://lwn.net/Articles/382363/ TXT also compliments the OpenTC work - being done by/with SuSE. + http://lwn.net/Articles/382363/ (http://lwn.net/Articles/382363/) also + compliments the OpenTC work being done by/with SuSE. Discussion: #1: Joseph Cihula (jcihula) (2010-11-04 05:20:56) A tboot package already exists (and builds) in OBS: https://build.opensuse.org/package/show?package=tboot&project=security% 3ATXT + #3: Thomas Schmidt (digitaltomm) (2010-12-20 14:01:33) + Can we set this to 'done' then? -- openSUSE Feature: https://features.opensuse.org/310787
Feature changed by: Karl Cheng (qantas94heavy) Feature #310787, revision 6 Title: Intel(R) Trusted Execution Technology (Intel(R) TXT) Support - openSUSE-11.4: New + openSUSE-11.4: Rejected by Karl Cheng (qantas94heavy) + reject reason: Not done for 11.4. Priority Requester: Important + openSUSE Distribution: Done + Priority + Requester: Desirable Requested by: Joseph Cihula (jcihula) Partner organization: openSUSE.org Description: Intel(R) Trusted Execution Technology (Intel(R) TXT) provides a hardware dynamic root of trust for measurement (D-RTM). Intel TXT can be used to reduce the trusted computing base (TCB) of system SW such as an OS kernel or hypervisor/VMM. TXT provides platform configuration protection such as memory aliasing checks, register locking, etc. It also provides reset protection via a hardware memory lock and memory scrubbing. In multi-processor systems, Intel TXT strengthens the RAS capability through CPU-rooted measurement of the BIOS and hardware- enforced protections of RAS events. Finally, TXT provides for a platform owner -controlled launch control policy. Intel TXT support consistes of two parts: kernel/VMM enabling and the tboot package. Kernel support involves building the Linux kernel (>= 2.6.35) with the CONFIG_INTEL_TXT flag set. This will also enable it for KVM. The default Xen build already supports TXT. Linux/Xen support actually assumes that TXT is "managed" through the Trusted Boot (tboot) module and thus, the tboot package is also needed for complete support. Tboot is an open source, pre-kernel/VMM module that uses Intel TXT to perform a measured and verified launch of an OS kernel/VMM. Use Case: 1) Disk encryption 2) Hardened local key storage/operations 3) Remote attestation Business case (Partner benefit): openSUSE.org: Enabling Intel TXT in the kernel/VMM will increase the trust and value of the above usage models. And the same value proposition that TXT has for Fedora also applies to openSuSE: http://lwn.net/Articles/382363/ (http://lwn.net/Articles/382363/) also compliments the OpenTC work being done by/with SuSE. Discussion: #1: Joseph Cihula (jcihula) (2010-11-04 05:20:56) A tboot package already exists (and builds) in OBS: https://build.opensuse.org/package/show?package=tboot&project=security% 3ATXT #3: Thomas Schmidt (digitaltomm) (2010-12-20 14:01:33) Can we set this to 'done' then? -- openSUSE Feature: https://features.opensuse.org/310787
participants (1)
-
fate_noreply@suse.de