Xen to gain Intel LaGrande Technology support

Intel codename LaGrande Technology (LT) is the Intel implementation of the Trusted Computing (TC) concept and is expected for the H2 2007 within the Intel Bearlake chipset (which will used with quad-core Intel Kentsfield CPU, expected Q1 2007).

Joseph Cihula, Linux Software Security Architect at Intel, posted on the Xen-devel mailing list a preliminary patch for the open source hypervisor introducing support for it:

The LT functionality this code adds is:

  • Measured Launch
    If the processor is detected as being LT-capable and enabled then the code will attempt to perform a measured launch. If the processor is (not capable) or (capable but not enabled) or (capable and enabled but the launch process fails (missing SINIT, corrupted data, etc.)) then it will fall-through to a non-LT boot
  • Teardown of measured environment
    When Xen exits the LT environment will be torn down properly
  • Reset data protection
    LT HW prevents access to secrets if the system is reset without clearing them from memory (as part of a LT teardown).
    This code will support this by setting the flag indicating that memory should be so protected during the measured launch and clearing the flag just before teardown
  • Protection of LT memory ranges
    LT reserves certain regions of RAM for its use and also defines several MMIO regions. These regions are protected from use by any domains (including dom0).
    Note that there a sub-regions of the MMIO space that are left accessible to dom0 (LT public configuration space, TPM localities 0,1)

Read the whole thread and download the patch at source.