RE: RE: Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under development u sing this stuff?

RE: RE: Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under development u sing this stuff?

[Cihula, Joseph]

(Including xense-devel again.)
 
 
On Monday, January 15, 2007 1:37 AM,  xenway@163.com wrote:
>	Hi, Joseph
>	    I really appreciate your help :)
>	    I have read the web page you mentioned before. It seems that
you integrate it
> into Xen as Secure Boot interacting with TPM module or something like
that, don't you :) 

The current patch integrates the TXT code into the Xen binary, invoked
at the very beginning of launch.

>	    The goal of  our project is that we have studied the
framework of Microsoft(R)'s
> "NGSCB". We are trying to implement a rough prototype or something
alike in Linux or *nix
> rather than Windows(R) where "NGSCB" was going. However, the "NGSCB"
needs some hardware
> supports such as "Trusted Mode", "Memory Protection", "DMA Control"
and "Secure Path to the
> User", etc. Fortunately, the Intel(R) Corp has developed their
technologies called "Lagrande"
> which can feed the needs of Nexus which is the secure kernel of the
"NGSCB". The "NGSCB" is
> not described clearly by Microsoft :(. We can't find more details
about that stuff. Finally,
> we found some stuff which came out  from  the "Intel  Developer
Center" like "Domain Manager"
> and "SENTER Progress", etc. The project "NGSCB" seems to be defunct
and there is no further
> information about that, on the other hand, the Intel(R) Corp seems to
continue its works on
> hardware support to "NGSCB". So we found out some stuff about the
"Lagrande" technologies in
> the Xen communities. 
>	    We are curious that whether the patch you contribute to the
Xen is the beginning of
> building a prototype of "Domain Manager" or something alike? If not,
what is the goal of
> integrating "Lagrande" into Xen? Could you give me further information
about that?

The term "domain manager" that you're referring to was the term used in
place of VMM in some of our early slides.  So our TXT work with Xen is
not to replace Xen (the hypervisor), but rather to enhance it to support
TXT.

You can get more up to date information from this past Fall's Intel
Developer Forum (IDF) at:
http://www.intel.com/idf/us/fall2006/index.htm.  There were two sessions
specifically on TXT.

>	    By the way, the Intel(R) Corp has announced its "Lagrande"
technologies, has it
> been integrated into some processors? Has the motherboard's chips  the
functions like
> "IOMMU" and "DMA Protection" to support "Curtained Memory"?

A TXT-capable system is available for purchase; please visit
http://www.mpccorp.com/clientpro_txt for details.

>	    The next work we are going to do is to find out whether it
is feasible to introduce
> the Xen to construct our secure kernel. Do you have some constructive
advices for us?
> Thanks a lot :)

My foils from this past Xen Summit
(http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techno
logy.pdf) describe how to enable Xen for TXT are a good basis for
enabling any VMM or kernel to use TXT.

Joe

Re: RE: RE: Help: Could anybo dy k now about the Intel' s "LaGrande" te chno l ogies? Did the Xen be under develo pment u sing this stuff?

[xenway]

[-- Attachment #1.1: Type: text/plain, Size: 4067 bytes --]

Hi, Joseph
     It is very kind of you to give me your advices :) I really appreciate that. I have contracted with David Pilger several days before. He just said that some people was trying to do the same stuff that we were going to. Do you know about that? I am a freshman in this area and have little experience. I think it is an good idea to stand on the shoulders of giants and see further. Could you give me the further information ? Thank you.
  


on 2007-01-16，"Cihula, Joseph" <joseph.cihula@intel.com> wrote：
 From: "Cihula, Joseph" 
To: "" 
Date: Tue, 16 Jan 2007 13:13:01 +0800 (CST)
Subject: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under development u sing this stuff?



> (Including xense-devel again.)

>  

>  

> On Monday, January 15, 2007 1:37 AM,  xenway@163.com wrote:

> >	Hi, Joseph

> >	    I really appreciate your help :)

> >	    I have read the web page you mentioned before. It seems that

> you integrate it

> > into Xen as Secure Boot interacting with TPM module or something like

> that, don't you :) 

> 

> The current patch integrates the TXT code into the Xen binary, invoked

> at the very beginning of launch.

> 

> >	    The goal of  our project is that we have studied the

> framework of Microsoft(R)'s

> > "NGSCB". We are trying to implement a rough prototype or something

> alike in Linux or *nix

> > rather than Windows(R) where "NGSCB" was going. However, the "NGSCB"

> needs some hardware

> > supports such as "Trusted Mode", "Memory Protection", "DMA Control"

> and "Secure Path to the

> > User", etc. Fortunately, the Intel(R) Corp has developed their

> technologies called "Lagrande"

> > which can feed the needs of Nexus which is the secure kernel of the

> "NGSCB". The "NGSCB" is

> > not described clearly by Microsoft :(. We can't find more details

> about that stuff. Finally,

> > we found some stuff which came out  from  the "Intel  Developer

> Center" like "Domain Manager"

> > and "SENTER Progress", etc. The project "NGSCB" seems to be defunct

> and there is no further

> > information about that, on the other hand, the Intel(R) Corp seems to

> continue its works on

> > hardware support to "NGSCB". So we found out some stuff about the

> "Lagrande" technologies in

> > the Xen communities. 

> >	    We are curious that whether the patch you contribute to the

> Xen is the beginning of

> > building a prototype of "Domain Manager" or something alike? If not,

> what is the goal of

> > integrating "Lagrande" into Xen? Could you give me further information

> about that?

> 

> The term "domain manager" that you're referring to was the term used in

> place of VMM in some of our early slides.  So our TXT work with Xen is

> not to replace Xen (the hypervisor), but rather to enhance it to support

> TXT.

> 

> You can get more up to date information from this past Fall's Intel

> Developer Forum (IDF) at:

> http://www.intel.com/idf/us/fall2006/index.htm.  There were two sessions

> specifically on TXT.

> 

> >	    By the way, the Intel(R) Corp has announced its "Lagrande"

> technologies, has it

> > been integrated into some processors? Has the motherboard's chips  the

> functions like

> > "IOMMU" and "DMA Protection" to support "Curtained Memory"?

> 

> A TXT-capable system is available for purchase; please visit

> http://www.mpccorp.com/clientpro_txt for details.

> 

> >	    The next work we are going to do is to find out whether it

> is feasible to introduce

> > the Xen to construct our secure kernel. Do you have some constructive

> advices for us?

> > Thanks a lot :)

> 

> My foils from this past Xen Summit

> (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techno

> logy.pdf) describe how to enable Xen for TXT are a good basis for

> enabling any VMM or kernel to use TXT.

> 

> Joe

> 

[-- Attachment #1.2: Type: text/html, Size: 4945 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

RE: RE: RE: Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under develo pment u sing this stuff?

[Cihula, Joseph]

[-- Attachment #1.1: Type: text/plain, Size: 5246 bytes --]

I'm not sure what work David was specifically referring to, but Xen can be used to build a model similar to that of NGSCB (though I'm not aware of anyone (else) trying to do so).  
 
There has been a general consensus among the people working on security-related aspects of Xen that it should be better "partitioned" to follow the principle of least privilege.  This would include moving the vTPM system into a separate domain, de-privileging dom0, etc.  I had started work on extracting vTPM but that has been postponed due to more pressing work at my real job.  I have not heard of any active work on dom0 de-privileging.
 
Any contributions you would like to make to the security of Xen would be most welcomed and I'm sure that you will have no difficulty finding people willing to answer any questions that you may have as you work on it.
 
Joe


________________________________

	From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of xenway@163.com
	Sent: Monday, January 15, 2007 11:34 PM
	To: Cihula, Joseph
	Cc: xen-devel@lists.xensource.com; xense-devel@lists.xensource.com
	Subject: Re: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under develo pment u sing this stuff?
	Importance: High
	
	
	Hi, Joseph
	     It is very kind of you to give me your advices :) I really appreciate that. I have contracted with David Pilger several days before. He just said that some people was trying to do the same stuff that we were going to. Do you know about that? I am a freshman in this area and have little experience. I think it is an good idea to stand on the shoulders of giants and see further. Could you give me the further information ? Thank you.
	



	on 2007-01-16，"Cihula, Joseph" <joseph.cihula@intel.com> wrote：
	

		From: "Cihula, Joseph" To: "" Date: Tue, 16 Jan 2007 13:13:01 +0800 (CST) Subject: RE: RE: [Xen-devel] Help: Could anybody k now about the Intel' s "LaGrande" techno l ogies? Did the Xen be under development u sing this stuff? > (Including xense-devel again.) > > > On Monday, January 15, 2007 1:37 AM, xenway@163.com wrote: > > Hi, Joseph > > I really appreciate your help :) > > I have read the web page you mentioned before. It seems that > you integrate it > > into Xen as Secure Boot interacting with TPM module or something like > that, don't you :) > > The current patch integrates the TXT code into the Xen binary, invoked > at the very beginning of launch. > > > The goal of our project is that we have studied the > framework of Microsoft(R)'s > > "NGSCB". We are trying to implement a rough prototype or something > alike in Linux or *nix > > rather than Windows(R) where "NGSCB" was going. However, the "NGSCB" > needs some hardware > > supports such as "Trusted Mode", "Memory Protection", "DMA Control" > and "Secure Path to the > > User", etc. Fortunately, the Intel(R) Corp has developed their > technologies called "Lagrande" > > which can feed the needs of Nexus which is the secure kernel of the > "NGSCB". The "NGSCB" is > > not described clearly by Microsoft :(. We can't find more details > about that stuff. Finally, > > we found some stuff which came out from the "Intel Developer > Center" like "Domain Manager" > > and "SENTER Progress", etc. The project "NGSCB" seems to be defunct > and there is no further > > information about that, on the other hand, the Intel(R) Corp seems to > continue its works on > > hardware support to "NGSCB". So we found out some stuff about the > "Lagrande" technologies in > > the Xen communities. > > We are curious that whether the patch you contribute to the > Xen is the beginning of > > building a prototype of "Domain Manager" or something alike? If not, > what is the goal of > > integrating "Lagrande" into Xen? Could you give me further information > about that? > > The term "domain manager" that you're referring to was the term used in > place of VMM in some of our early slides. So our TXT work with Xen is > not to replace Xen (the hypervisor), but rather to enhance it to support > TXT. > > You can get more up to date information from this past Fall's Intel > Developer Forum (IDF) at: > http://www.intel.com/idf/us/fall2006/index.htm. There were two sessions > specifically on TXT. > > > By the way, the Intel(R) Corp has announced its "Lagrande" > technologies, has it > > been integrated into some processors? Has the motherboard's chips the > functions like > > "IOMMU" and "DMA Protection" to support "Curtained Memory"? > > A TXT-capable system is available for purchase; please visit > http://www.mpccorp.com/clientpro_txt for details. > > > The next work we are going to do is to find out whether it > is feasible to introduce > > the Xen to construct our secure kernel. Do you have some constructive > advices for us? > > Thanks a lot :) > > My foils from this past Xen Summit > (http://www.xensource.com/files/summit_3/Xen_support_for_LaGrande_Techno > logy.pdf) describe how to enable Xen for TXT are a good basis for > enabling any VMM or kernel to use TXT. > > Joe > 



________________________________

	独家！网易3G免费邮，还赠送280兆网盘 www.126.com <http://www.126.com/> 


[-- Attachment #1.2: Type: text/html, Size: 7553 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel