Hi Jan,
On 13 May 2014 11:38, Jan Kiszka <jan.kis...@siemens.com> wrote:
> Hi Justin,
>
> On 2014-05-13 11:43, Justin King-Lacroix wrote:
> > Hi Jan,
> >
> > What you're looking for is Flicker [1], which does exactly that.
>
> Thanks a lot! I already got this link off-list.
>
> > If you can't get Flicker to work, you could try something particularly
> > evil, like kexec-ing tboot.
>
> kexec would too evil, i.e. destructive. Our goal is to keep Linux alive. ;)
>
It depends on what you're tying to do -- my interpretation was that you
wanted to late-launch a hypervisor, which feels like it's just using Linux
as a seriously sophisticated bootloader and hardware initializer. In which
case kexec feels like it might actually be what you want: start Linux, get
it to do whatever dirty work it needs to, then kexec tboot to late-launch
your hypervisor. The hard part is then passing some kind of hardware
configuration/state-description data structure across two fairly
destructive operations (kexec and tboot-launch) into the new hypervisor
environment.
That said (having just skim-read the Jailhouse page), if you're just
looking for a way to catapult Jailhouse from inside Linux, Flicker is
probably a much better bet.
>
> Jan
>
> >
> > Regards,
> > Justin
>
Justin
> >
> > [1] http://sourceforge.net/p/flickertcb/wiki/Home/
> >
> >
> >
> >
> > On 13 May 2014 08:55, Jan Kiszka <jan.kis...@siemens.com> wrote:
> >
> >> Hi all,
> >>
> >> sorry in advance for placing a question here that is not directly on
> >> tboot, but I expect to find the highest density of experts here:
> >>
> >> Is it feasible and did someone possibly try so far to do a measured
> >> launch of something from within a running Linux system, specifically one
> >> that was not booted via a chain of trust? According to my still limited
> >> understanding of TXT, there is no technical difference between launching
> >> from a boot loader or from a booted OS a bit later, right?
> >>
> >> As you may guess, the scenario is to lock-down some entity that is
> >> started by Linux (I'm thinking of our hypervisor Jailhouse [1] and its
> >> non-Linux guests) while keeping the kernel itself open.
> >>
> >> Alternatively, what would be required to re-use tboot for doing another
> >> MLE start after a verified Linux already booted?
> >>
> >> Thanks!
> >> Jan
> >>
> >> [1] https://github.com/siemens/jailhouse
> >>
> >> --
> >> Siemens AG, Corporate Technology, CT RTC ITP SES-DE
> >> Corporate Competence Center Embedded Linux
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> >> Instantly run your Selenium tests across 300+ browser/OS combos.
> >> Get unparalleled scalability from the best Selenium testing platform
> >> available
> >> Simple to use. Nothing to install. Get started now for free."
> >> http://p.sf.net/sfu/SauceLabs
> >> _______________________________________________
> >> tboot-devel mailing list
> >> tboot-devel@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/tboot-devel
> >>
> >
>
> --
> Siemens AG, Corporate Technology, CT RTC ITP SES-DE
> Corporate Competence Center Embedded Linux
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
