intel_txt.txt - OpenGrok cross reference for /linux-4.1.27/Documentation/intel

Lines Matching refs:of
11 o  Provides dynamic root of trust for measurement (DRTM)
12 o  Data protection in case of improper shutdown
13 o  Measurement and verification of launched environment
15 Intel TXT is part of the vPro(TM) brand and is also available some
26 years, some of which are:
31           3_David-Grawrock_The-Front-Door-of-Trusted-Computing.pdf
40 uses Intel TXT to perform a measured and verified launch of an OS
55 measure or protect the integrity of a running kernel, they all
58 are examples of such solutions.
61 static root of trust must be used.  This bases trust in BIOS
62 starting at system reset and requires measurement of all code
63 executed between system reset through the completion of the kernel
64 boot as well as data objects used by that code.  In the case of a
65 Linux kernel, this means all of BIOS, any option ROMs, the
66 bootloader and the boot config.  In practice, this is a lot of
67 code/data, much of which is subject to change from boot to boot
74 By using the hardware-based root of trust that Intel TXT provides,
75 many of these issues can be mitigated.  Specifically: many
78 of platform configuration checks are performed and values locked,
79 protection is provided for any data in the event of an improper
81 This provides a more stable measurement and a higher assurance of
84 almost all parts of the trust chain is available (excepting SMM and
92 o  It performs all of the work necessary to determine if the
94    processor instruction that initiates the dynamic root of trust.
103    tboot then verifies certain aspects of the environment (e.g. TPM NV
127 o  As part of its launch, tboot DMA protects all of RAM (using the
133    -  The location of the shared page is passed via the boot_params
137 o  As one of the checks/protections provided by TXT, it makes a copy
138    of the VT-d DMARs in a DMA-protected region of memory and verifies
140    launched with tboot and use this copy instead of the one in the
142 o  At this point, tboot and TXT are out of the picture until a
144 o  In order to put a system into any of the sleep states after a TXT
148    -  The kernel will perform all of its sleep preparation and
156    -  In the case of S3, tboot will also register itself as the resume
162       provides tboot with a set of memory ranges (RAM and RESERVED_KERN
169       Note that the c/s 194 of tboot which has the new MAC code supports
198 platform actually supports Intel TXT and thus whether any of the
204 (unencrypted) module signed by Intel that is used as part of the
208 establishment of the DRTM.  The process for determining the correct