[liberationtech] PrivateCore and secure hosting

[Steve Weis]

Hi Maxim. This area is a bit murky since there is a lot of overlap between
the notions of secure boot, trusted boot, and measured boot.

If it had to venture an answer, I'd say the benefit of TXT is that it
provides finer-grained measurements and visibility into the secure boot
process. I don't know enough about the measured boot component of UEFI
Secure Boot, though. It may already be using TXT.

Intel answered a forum question similar to yours here:
http://software.intel.com/en-us/forums/topic/391211

They refer to a summary article by Microsoft here:
http://technet.microsoft.com/en-us/windows/dn168167.aspx

Here's a post about an open source UEFI secure boot shim:
http://mjg59.dreamwidth.org/20303.html

And we have some general TXT-related links here:
http://privatecore.com/resources-overview/server-attestation/


On Sat, Jun 22, 2013 at 7:38 AM, Maxim Kammerer <mk at dee.su> wrote:

> Hi Steve, a technical (and perhaps stupid) question:
>
> On Sat, Jun 22, 2013 at 1:49 AM, Steve Weis <steveweis at gmail.com> wrote:
> > The host H will have a trusted platform module (TPM). When H boots up, it
> > will measure all software state into platform control registers (PCRs) in
> > the TPM. See Intel Trusted Execution Technology (TXT) for more info how
> this
> > works.
>
> Does TXT provide any benefit over UEFI Secure Boot? I remember looking
> into integrating TXT, and it seemed like something not too
> well-supported, and essentially superseded by better-established
> standards like Secure Boot.
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130622/54d21683/attachment.html>