diff options
Diffstat (limited to 'Documentation/intel_txt.txt')
| -rw-r--r-- | Documentation/intel_txt.txt | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt index f40a1f030019..5dc59b04a71f 100644 --- a/Documentation/intel_txt.txt +++ b/Documentation/intel_txt.txt | |||
| @@ -126,7 +126,7 @@ o Tboot then applies an (optional) user-defined launch policy to | |||
| 126 | o Tboot adjusts the e820 table provided by the bootloader to reserve | 126 | o Tboot adjusts the e820 table provided by the bootloader to reserve |
| 127 | its own location in memory as well as to reserve certain other | 127 | its own location in memory as well as to reserve certain other |
| 128 | TXT-related regions. | 128 | TXT-related regions. |
| 129 | o As part of it's launch, tboot DMA protects all of RAM (using the | 129 | o As part of its launch, tboot DMA protects all of RAM (using the |
| 130 | VT-d PMRs). Thus, the kernel must be booted with 'intel_iommu=on' | 130 | VT-d PMRs). Thus, the kernel must be booted with 'intel_iommu=on' |
| 131 | in order to remove this blanket protection and use VT-d's | 131 | in order to remove this blanket protection and use VT-d's |
| 132 | page-level protection. | 132 | page-level protection. |
| @@ -161,13 +161,15 @@ o In order to put a system into any of the sleep states after a TXT | |||
| 161 | has been restored, it will restore the TPM PCRs and then | 161 | has been restored, it will restore the TPM PCRs and then |
| 162 | transfer control back to the kernel's S3 resume vector. | 162 | transfer control back to the kernel's S3 resume vector. |
| 163 | In order to preserve system integrity across S3, the kernel | 163 | In order to preserve system integrity across S3, the kernel |
| 164 | provides tboot with a set of memory ranges (kernel | 164 | provides tboot with a set of memory ranges (RAM and RESERVED_KERN |
| 165 | code/data/bss, S3 resume code, and AP trampoline) that tboot | 165 | in the e820 table, but not any memory that BIOS might alter over |
| 166 | will calculate a MAC (message authentication code) over and then | 166 | the S3 transition) that tboot will calculate a MAC (message |
| 167 | seal with the TPM. On resume and once the measured environment | 167 | authentication code) over and then seal with the TPM. On resume |
| 168 | has been re-established, tboot will re-calculate the MAC and | 168 | and once the measured environment has been re-established, tboot |
| 169 | verify it against the sealed value. Tboot's policy determines | 169 | will re-calculate the MAC and verify it against the sealed value. |
| 170 | what happens if the verification fails. | 170 | Tboot's policy determines what happens if the verification fails. |
| 171 | Note that the c/s 194 of tboot which has the new MAC code supports | ||
| 172 | this. | ||
| 171 | 173 | ||
| 172 | That's pretty much it for TXT support. | 174 | That's pretty much it for TXT support. |
| 173 | 175 | ||