difference between tboot and UEFI Secure Boot

Hi,

what are the security guarantee differences between tboot and UEFI's Secure Boot (used with TPM)?

I don't really see the difference:

tboot uses TXT to create a MLE to load a kernel (or a hypervisor). It uses a DRTM to bind the integrity of the boot to the HW.

UEFI's Secure Boot used with a TPM uses a signed chain to the kernel that is loaded. Each executable can be measured and verified via the TPM, and so we bind the integrity or the root of trust of the boot to the HW.

Thanks for your help.

gelareh

Concurrent Protected and Standard world?

Hi,

Is it possible to run a protected (MLE) and standard environment concurrently or is it always sequential? (concurrent would be similar to two virtual machines). From my understanding, an MLE can be launched either at boot time or via late launch (using SENTER).

Also does anyone know the differences between the protected environments that are produced as a result of SENTER and ENTERACCS commands?

Thank you for your help!

Gelareh

NPW/PW BIOS/SINIT ACM

Hi,

I was wondering if someone could clarify whether "Allow NPW" (bit 1 in the Policy Control field), applies to both the BIOS and SINIT ACMs? In particular, if I clear this flag, do I need to use a PW BIOS ACM as well as a PW SINIT ACM, or can I get away with using only a PW SINIT ACM?

For context, I'm running into an issue with a server platform which seems to have shipped with an NPW BIOS ACM.

Thanks.

All SINIT binaries

Hi,

I was wondering if it's possible to get an exhaustive set of SINIT binaries from somewhere. My understanding is that for newer platforms these are no longer published on the web, and are provided as part of the BIOS. I want to maintain a full set of these SINIT binaries, along with newer ones as and when they are published.

Thanks.

iTPM vs HW TPM

Hi all,

security

how is very problem or risk in intel trusted execution technologi?

Execute Bit

sorry guys if I sound silly.

Is Execute Bit and Intel® Trusted Execution Technology (Intel® TXT) basically the same thing?
I mean to ask if Intel® Trusted Execution Technology (Intel® TXT) is some kind of advance version of Execute Bit Technology.

IntelTXT VMware vCenter PlugIn

Where can in find a download of the IntelTXTDemoPlugIn referenced in this paper? http://csrc.nist.gov/publications/drafts/ir7904/draft_nistir_7904.pdf

Query on E3 processor

Hi,

I have some questions on choosing a platform for TXT and VT-x experiments.

1. Can I use the combination of E3 1235 and DQ67EP for TXT?
2. Does E3 1235 support "unrestricted guest" and "1g-paging"? I checked E3's datasheet, page 38 states vt-x features and unrestricted guest is not included. But isn't unrestricted guest available for all SNB processors with vt-x?

Thanks in advance!

Jianan Hao

what driver do i need to install

Hi, new to the Intel forum hope it's the right place to ask this question,if it's not the right place can you please navigate me to the right forum?,thanks my problem is that i installed Win 2008 R2 server on a PC machine and now i see that the LAN doesn't work and when looking at manage i can see that it missing a driver.my question is were do i get this driver? the motherboard model i have isdh67bl. if you can help me i'll be very happy and if you can't please can you instruct me were i can get an answer Thanks in advanced

Intel® Developer Zone

Intel® Trusted Execution Technology (Intel® TXT)