View Source

Introduction

The measured launch implementation requires an x86 device with a Trusted Platform Module (TPM), Intel CPU and firmware that supports Intel Trusted Execution Technology (TXT).

The following items are measured:

Device firmware
BIOS configuration
grub2 bootloader and boot config file
CPU microcode loaded at runtime
TXT Authenticated Code Modules
tboot, trusted boot measurement and launch pre-VMM software module
Xen hypervisor and the Xen boot command line
XSM/flask policy
Linux kernel and the kernel boot command line
Linux initial ramdisk, initrd
dom0 filesystem (read-only)
network driver VM filesystem (read-only)

Capabilities

Version 6.x (2016)

TPM 1.2

Version 7.x (2017)

TPM 2.0
Forward Seal Test Procedures (pre-compute PCRs for unattended upgrade)
Improved key management (2015 design discussion)

Version 8.x (2018)

UEFI/SecureBoot support: RFCv1 • RFCv2

Future Work

Virtual TPMs
Attestation
UEFI multi-boot modules
Key recovery

Measured Launch Source Code

OpenXT

OpenEmbedded

https://github.com/flihp/meta-measured

Intel

TPM Emulation

Related Work

Secure Boot

Ecosystem

Qubes: Anti Evil Maid (2011)
OpenXT: In Device We Trust: Measure Twice, Compute Once with Xen, Linux, TPM 2.0 and TXT (2017)
Open Source Foundries: Secure OTA Collaboration (2017)
Google: Replace UEFI with Linux (2017) • Video
HP SureStart BIOS protection: Coprocessor detection of attacks against SMM (2017)
Microsoft: Hardening with Hardware (2018) • Video

Xen

https://wiki.xenproject.org/wiki/Category:OpenEmbedded

OpenXT ML JIRA Issues

Documentation > Documentation Guidelines > cc-by.png
Copyright 2017 by BAE Systems, Inc. Created by Rich Persaud. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.