summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-05-18 09:28:24 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2010-05-18 09:28:24 -0700
commit3ae684e1c48e6deedc9b9faff8fa1c391ca8a652 (patch)
tree07082b3239c24799e8aaf2e6a8a0ac059870d34a /Documentation
parentc4fd308ed62f292518363ea9c6c2adb3c2d95f9d (diff)
parent4bd96a7a8185755b091233b16034c7436cbf57af (diff)
Merge branch 'x86-txt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-txt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86, tboot: Add support for S3 memory integrity protection
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/intel_txt.txt16
1 files changed, 9 insertions, 7 deletions
diff --git a/Documentation/intel_txt.txt b/Documentation/intel_txt.txt
index f40a1f03001..87c8990dbbd 100644
--- a/Documentation/intel_txt.txt
+++ b/Documentation/intel_txt.txt
@@ -161,13 +161,15 @@ o In order to put a system into any of the sleep states after a TXT
has been restored, it will restore the TPM PCRs and then
transfer control back to the kernel's S3 resume vector.
In order to preserve system integrity across S3, the kernel
- provides tboot with a set of memory ranges (kernel
- code/data/bss, S3 resume code, and AP trampoline) that tboot
- will calculate a MAC (message authentication code) over and then
- seal with the TPM. On resume and once the measured environment
- has been re-established, tboot will re-calculate the MAC and
- verify it against the sealed value. Tboot's policy determines
- what happens if the verification fails.
+ provides tboot with a set of memory ranges (RAM and RESERVED_KERN
+ in the e820 table, but not any memory that BIOS might alter over
+ the S3 transition) that tboot will calculate a MAC (message
+ authentication code) over and then seal with the TPM. On resume
+ and once the measured environment has been re-established, tboot
+ will re-calculate the MAC and verify it against the sealed value.
+ Tboot's policy determines what happens if the verification fails.
+ Note that the c/s 194 of tboot which has the new MAC code supports
+ this.
That's pretty much it for TXT support.