Intel(R) Trusted Execution Technology (Intel(R) TXT) Support
Intel(R) Trusted Execution Technology (Intel(R) TXT) provides a hardware dynamic root of trust for measurement (D-RTM). Intel TXT can be used to reduce the trusted computing base (TCB) of system SW such as an OS kernel or hypervisor/VMM. TXT provides platform configuration protection such as memory aliasing checks, register locking, etc. It also provides reset protection via a hardware memory lock and memory scrubbing. In multi-processor systems, Intel TXT strengthens the RAS capability through CPU-rooted measurement of the BIOS and hardware-enforced protections of RAS events. Finally, TXT provides for a platform owner -controlled launch control policy.
Intel TXT support consistes of two parts: kernel/VMM enabling and the tboot package.
Kernel support involves building the Linux kernel (>= 2.6.35) with the CONFIG_INTEL_TXT flag set. This will also enable it for KVM. The default Xen build already supports TXT.
Linux/Xen support actually assumes that TXT is "managed" through the Trusted Boot (tboot) module and thus, the tboot package is also needed for complete support. Tboot is an open source, pre-kernel/VMM module that uses Intel TXT to perform a measured and verified launch of an OS kernel/VMM.
Enabling Intel TXT in the kernel/VMM will increase the trust and value of the above usage models. And the same value proposition that TXT has for Fedora also applies to openSuSE:
http://lwn.net/Articles/382363/ also compliments the OpenTC work being done by/with SuSE.
Set user benefit
You can add different relations here, for example duplicate features, obs projects, urls...
To embedd an image you can simply upload it to paste.opensuse.org and add a relation to its raw url.
Set release notes
- Disk encryption
- Hardened local key storage/operations
- Remote attestation
Last change: 3 years ago