Measured Launch, SRTM and DRTM

Introduction


The measured launch implementation requires an x86 device with a Trusted Platform Module (TPM), Intel CPU and firmware that supports Intel Trusted Execution Technology (TXT).

The following items are measured:

  • Device firmware
  • BIOS configuration
  • grub2 bootloader and boot config file
  • CPU microcode loaded at runtime
  • TXT Authenticated Code Modules
  • tboot, trusted boot measurement and launch pre-VMM software module
  • Xen hypervisor and the Xen boot command line
  • XSM/flask policy
  • Linux kernel and the kernel boot command line
  • Linux initial ramdisk, initrd
  • dom0 filesystem (read-only)
  • network driver VM filesystem (read-only)

Capabilities

Version 6.x (2016)

  • TPM 1.2

Version 7.x (2017)

Version 8.x (2018)

  • UEFI/SecureBoot support:  RFCv1  • RFCv2

Future Work

  • Virtual TPMs

  • Attestation

  • UEFI multi-boot modules

  • Key recovery

Related Documentation

Measured Launch Source Code

OpenXT

OpenEmbedded

Intel

TPM Emulation

Related Work

Secure Boot

Ecosystem

Xen

OpenXT ML JIRA Issues

key summary type created priority resolution
Loading...
Refresh


Copyright 2017 by BAE Systems, Inc. Created by Rich Persaud. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.