Lines Matching refs:and
13 o Measurement and verification of launched environment
15 Intel TXT is part of the vPro(TM) brand and is also available some
17 based on the Q35, X38, Q45, and Q43 Express chipsets (e.g. Dell
18 Optiplex 755, HP dc7800, etc.) and mobile systems based on the GM45,
19 PM45, and GS45 Express chipsets.
40 uses Intel TXT to perform a measured and verified launch of an OS
48 w/ TXT support since v3.2), and now Linux kernels.
54 While there are many products and technologies that attempt to
57 Measurement Architecture (IMA) and Linux Integrity Module interface
62 starting at system reset and requires measurement of all code
66 bootloader and the boot config. In practice, this is a lot of
71 protection, memory configuration/alias checks and locks, crash
78 of platform configuration checks are performed and values locked,
80 shutdown, and there is support for policy-based execution/verification.
81 This provides a more stable measurement and a higher assurance of
82 system configuration and initial state than would be otherwise
84 almost all parts of the trust chain is available (excepting SMM and
93 platform supports Intel TXT and, if so, executes the GETSEC[SENTER]
100 terminal, serial port, and/or an in-memory log; the output
102 o The GETSEC[SENTER] instruction will return control to tboot and
106 instruction had put them in and place them into a wait-for-SIPI
112 VMEXITs, and then disable VT and jump to the SIPI vector. This
116 verify the kernel and initrd.
117 - This policy is rooted in TPM NV and is described in the tboot
119 create and provision the policy.
120 - Policies are completely under user control and if not present
122 - Policy action is flexible and can include halting on failures
123 or simply logging them and continuing.
129 in order to remove this blanket protection and use VT-d's
131 o Tboot will populate a shared page with some data about itself and
135 o The kernel will look for the tboot shared page address and, if it
138 of the VT-d DMARs in a DMA-protected region of memory and verifies
140 launched with tboot and use this copy instead of the one in the
142 o At this point, tboot and TXT are out of the picture until a
146 attempt to crash the system to gain control on reboot and steal
148 - The kernel will perform all of its sleep preparation and
153 - Tboot will clean up the environment and disable TXT, then use the
159 has been restored, it will restore the TPM PCRs and then
162 provides tboot with a set of memory ranges (RAM and RESERVED_KERN
165 authentication code) over and then seal with the TPM. On resume
166 and once the measured environment has been re-established, tboot
167 will re-calculate the MAC and verify it against the sealed value.
178 This code works with 32bit, 32bit PAE, and 64bit (x86_64) kernels.
181 allow these to be individually enabled/disabled and the screens in
194 Security top-level menu and is called "Enable Intel(R) Trusted
195 Execution Technology (TXT)". It is considered EXPERIMENTAL and
198 platform actually supports Intel TXT and thus whether any of the
203 system and can also be found on the Trusted Boot site. It is an
205 DRTM process to verify and configure the system. It is signed
207 any other macrocode and its correct operation is critical to the