Home_greyopenFATE - openSUSE feature tracking > #310787
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

Intel(R) Trusted Execution Technology (Intel(R) TXT) Support

Feature state

openSUSE Distribution
Rejected Information


Intel(R) Trusted Execution Technology (Intel(R) TXT) provides a hardware dynamic root of trust for measurement (D-RTM).  Intel TXT can be used to reduce the trusted computing base (TCB) of system SW such as an OS kernel or hypervisor/VMM.  TXT provides platform configuration protection such as memory aliasing checks, register locking, etc.  It also provides reset protection via a hardware memory lock and memory scrubbing.  In multi-processor systems, Intel TXT strengthens the RAS capability through CPU-rooted measurement of the BIOS and hardware-enforced protections of RAS events.  Finally, TXT provides for a platform owner -controlled launch control policy.

Intel TXT support consistes of two parts:  kernel/VMM enabling and the tboot package.

Kernel support involves building the Linux kernel (>= 2.6.35) with the CONFIG_INTEL_TXT flag set.  This will also enable it for KVM.  The default Xen build already supports TXT.

Linux/Xen support actually assumes that TXT is "managed" through the Trusted Boot (tboot) module and thus, the tboot package is also needed for complete support.  Tboot is an open source, pre-kernel/VMM module that uses Intel TXT to perform a measured and verified launch of an OS kernel/VMM.

User benefit:

Enabling Intel TXT in the kernel/VMM will increase the trust and value of the above usage models. And the same value proposition that TXT has for Fedora also applies to openSuSE:
http://lwn.net/Articles/382363/ also compliments the OpenTC work being done by/with SuSE.


  1. Disk encryption
  2. Hardened local key storage/operations
  3. Remote attestation


icons/user_comment.png J. C. wrote: (7 years ago)

A tboot package already exists (and builds) in OBS:  https://build.opensuse.org/package/show?package=tboot&project=security%3ATXT

icons/user_comment.png T. S. wrote: (7 years ago)

Can we set this to 'done' then?

Last change: 7 months ago
Score: 2
  • Negative: 0
  • Neutral: 1
  • Positive: 2
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint