When I left off my last discussin of tboot PCR calculations I gave a quick intro but little more. In this post I’ll go into details for calculating the first of them: PCR[17]. There have been a number of discussions with regard to calculating or verifying PCR values on the tboot-devel mailing list and they [...]
Over the past few weeks I’ve run into a few misconceptions about XenClient XT and OpenEmbedded. First is that XT is some sort of magical system that mere mortals can’t customize. Second is that building a special-purpose, super small Linux image on OpenEmbedded is an insurmountable task. This post is an attempt to dispel both [...]
After the initial work on meta-measured it was very clear that configuring an MLE is great but alone it has little value. Sure tboot will measure things for you, it will even store these measurements in your TPM’s PCRs! But the “so what?” remains unanswered: there are hashes in your TPM, who cares? Even after [...]
It’s been 4 months since my last post but I’ve been working on some fun stuff. Said work has progressed to the point where it’s actually worth talking about publically so I’m crawling out from under my favorite rock and putting it “out there”. My last few bits of writing were about some random OpenEmbedded [...]
A while back I wrote about some problems I was having with native OpenEmbedded recipes that were building packages with raw Makefiles (no autotools). I wrote up the problem and the work around I was using here. I got some feedback pointing out what I was doing wrong but I guess my brain just didn’t [...]
Having worked on XenClient XT for the past year I’ve experienced the pain of debugging vendors TXT implementations first hand. TXT may be a nearly 6 year old technology but it’s just now coming into use and many vendors platforms have only received internal testing. We’ve found a number of ways for platforms to fail [...]
There’s lots of software out there that sets up a “sandbox” to protect your system from untrusted code. The examples that come to mind are Chrome and Adobe for the flash sandbox. The strength of these sandboxes are an interesting point of discussion. Strength is always related to the mechanism and if you’re running on [...]
NOTE: I took the time to get to the bottom of the issue discussed in this post. There’s a new post here that explains the “right way” to use Makefiles with yocto. As always, the error in this post was mine I’ve officially “drank the Kool-Aid” and I’m convinced openembedde and Yocto are pretty awesome. [...]
XenClient is no different from other Xen configurations in that the networking hardware is shared between guests through a bridge hosted in dom0 (or a network driver domain in the case of XenClient XT). For most use cases the standard Linux bridge will route your traffic as expected. We ran into an interesting problem however [...]
I’ve been thrashing around trying to get the upstream OE to build an image for me. Today I finally made a concerted effort over a few hours to dive deep and do this right. It turns out I was using the “old” OE repos when I should have been using the “new” build system from [...]
