Skip to content

Setup ACM workflow #10

Open
Open
Setup ACM workflow#10
Labels
Stage 1Related to the loader (stage 1)Stage 2Related to the monitor (stage 2)x86_64Specific to x86_64
@CharlyCst

Description

@CharlyCst
CharlyCst
opened on Nov 11, 2022

What/Why?

To enable trusted boot with Intel TXT, we must go through an ACM module that will setup the trusted environement. TXT is not available in QEMU, so we will need to emulate it if we want to keep the same control flow in both QEMU and on real hardware.

How?

  • Create a dummy fake-acm module that can be compiled as a standalone binary, like stage 1 or stage 2
  • Setup headers for the fake-acm and stage 2 (probably handled by stage 1?)
  • Enable emulation of GETSEC[SENTER], might require emulating a few registers
  • Jump into fake-acm, and from there to stage 2 based on headers

At this point, the control flows are identical, but the machine states are different. The next steps are to reproduce the expected environment.

  • Properly setup stage 2 page tables (e.g. respect TXT constraints)
  • Deactivate paging within face-acm

Metadata

Metadata

Assignees

No one assigned

    Labels

    Stage 1Related to the loader (stage 1)Stage 2Related to the monitor (stage 2)x86_64Specific to x86_64

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions