Re: RE: RE: [Xen-devel] Help: Could anybo dy k now about the Intel' s "LaGrande" te chno l ogies? Did the Xen be under develo pment u sing this stuff?

From: "Cihula, Joseph" To: "" Date: Tue, 16 Jan 2007 13:13:01 +0800 (CST) Subject: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under development u sing this stuff? > (Including xense-devel again.) > > > On Monday, January 15, 2007 1:37 AM, xenway@... wrote: > > Hi, Joseph > > I really appreciate your help :) > > I have read the web page you mentioned before. It seems that > you integrate it > > into Xen as Secure Boot interacting with TPM module or something like > that, don't you :) > > The current patch integrates the TXT code into the Xen binary, invoked > at the very beginning of launch. > > > The goal of our project is that we have studied the > framework of Microsoft(R)'s > > "NGSCB". We are trying to implement a rough prototype or something > alike in Linux or *nix > > rather than Windows(R) where "NGSCB" was going. However, the "NGSCB" > needs some hardware > > supports such as "Trusted Mode", "Memory Protection", "DMA Control" > and "Secure Path to the > > User", etc. Fortunately, the Intel(R) Corp has developed their > technologies called "Lagrande" > > which can feed the needs of Nexus which is the secure kernel of the > "NGSCB". The "NGSCB" is > > not described clearly by Microsoft :(. We can't find more details > about that stuff. Finally, > > we found some stuff which came out from the "Intel Developer > Center" like "Domain Manager" > > and "SENTER Progress", etc. The project "NGSCB" seems to be defunct > and there is no further > > information about that, on the other hand, the Intel(R) Corp seems to > continue its works on > > hardware support to "NGSCB". So we found out some stuff about the > "Lagrande" technologies in > > the Xen communities. > > We are curious that whether the patch you contribute to the > Xen is the beginning of > > building a prototype of "Domain Manager" or something alike? If not, > what is the goal of > > integrating "Lagrande" into Xen? Could you give me further information > about that? > > The term "domain manager" that you're referring to was the term used in > place of VMM in some of our early slides. So our TXT work with Xen is > not to replace Xen (the hypervisor), but rather to enhance it to support > TXT. > > You can get more up to date information from this past Fall's Intel > Developer Forum (IDF) at: > http://www.intel.com/idf/us/fall2006/index.htm. There were two sessions > specifically on TXT. > > > By the way, the Intel(R) Corp has announced its "Lagrande" > technologies, has it > > been integrated into some processors? Has the motherboard's chips the > functions like > > "IOMMU" and "DMA Protection" to support "Curtained Memory"? > > A TXT-capable system is available for purchase; please visit > http://www.mpccorp.com/clientpro_txt for details. > > > The next work we are going to do is to find out whether it > is feasible to introduce > > the Xen to construct our secure kernel. Do you have some constructive > advices for us? > > Thanks a lot :) > > My foils from this past Xen Summit > (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techno > logy.pdf) describe how to enable Xen for TXT are a good basis for > enabling any VMM or kernel to use TXT. > > Joe >