summaryrefslogtreecommitdiff
path: root/Documentation/security/intel/txt.md
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/security/intel/txt.md')
-rw-r--r--Documentation/security/intel/txt.md117
1 files changed, 117 insertions, 0 deletions
diff --git a/Documentation/security/intel/txt.md b/Documentation/security/intel/txt.md
new file mode 100644
index 0000000000..f67b63942e
--- /dev/null
+++ b/Documentation/security/intel/txt.md
@@ -0,0 +1,117 @@
+# Intel Trusted Execution Technology
+
+Intel TXT allows
+1. Attestation of the authenticity of a platform and its operating system.
+2. Assuring that an authentic operating system starts in a
+ trusted environment, which can then be considered trusted.
+3. Providing of a trusted operating system with additional
+ security capabilities not available to an unproven one.
+
+Intel TXT requirements:
+
+1. Intel TXT requires a **TPM** to measure parts of the firmware before it's
+ run on the BSP.
+2. Intel TXT requires signed **Authenticated Code Modules** ([ACM]s), provided
+ by Intel.
+3. Intel TXT requires **CPU and Chipset** support (supported since
+ Intel Core 2 Duo/ICH9).
+
+## Authenticated Code Modules
+
+The ACMs are Intel digitally signed modules that contain code to be run
+before the traditional x86 CPU reset vector.
+
+More details can be found here: [Intel ACM].
+
+## Modified bootflow with Intel TXT
+
+With Intel TXT the first instruction executed on the BSP isn't the
+*reset vector*, but the [Intel ACM].
+It initializes the TPM and measures parts of the firmware, the IBB.
+
+### Marking the Initial Boot Block
+
+Individual files in the CBFS can be marked as IBB.
+
+More details can be found in the [Intel TXT IBB] chapter.
+
+### Measurements
+The IBBs (Initial Boot Blocks) are measured into TPM's PCR0 by the BIOS [ACM]
+before the CPU reset vector is executed. To indentify the regions that need
+to be measured, the [FIT] contains one ore multiple *Type 7* entries, that
+point to the IBBs.
+
+### Authentication
+
+After the IBBs have been measured, the ACM decides if the boot firmware is
+trusted. There exists two validation modes:
+1. HASH Autopromotion
+ * Uses a known good HASH stored in TPM NVRAM
+ * Doesn't allow to boot a fallback IBB
+2. Signed BIOS policy
+ * Uses a signed policy stored in flash containing multiple HASHes
+ * The public key HASH of BIOS policy is burned into TPM by manufacturer
+ * Can be updated by firmware
+ * Allows to boot a fallback IBB
+
+At the moment only *Autopromotion mode* is implemented and tested well.
+
+In the next step the ACM terminates and the regular x86 CPU reset vector
+is being executed on the BSP.
+
+### Protecting Secrets in Memory
+
+Intel TXT sets the `Secrets in Memory` bit, whenever the launch of the SINIT
+ACM was successful.
+The bit is reset when leaving the *MLE* by a regular shutdown or by removing
+the CMOS battery.
+
+When `Secrets in Memory` bit is set and the IBB isn't trusted, the memory
+controller won't be unlocked, resulting in a platform that cannot access DRAM.
+
+When `Secrets in Memory` bit is set and the IBB is trusted, the memory
+controller will be unlocked, and it's the responsibility of the firmware to
+[clear all DRAM] and wipe any secrets of the MLE.
+The platform will be reset after all DRAM has been wiped and will boot
+with the `Secrets in Memory` bit cleared.
+
+### Configuring protected regions for SINIT ACM
+
+The memory regions used by the SINIT ACM need to be prepared and protected
+against DMA attacks.
+The SINIT ACM as well as the SINIT handoff data are placed in memory.
+
+### Locking TXT register
+
+As last step the TXT registers are locked.
+
+Whenever the SINIT ACM is invoked, it verifies that the hardware is in the
+correct state. If it's not the SINIT ACM will reset the platform.
+
+## For developers
+### Configuring Intel TXT in Kconfig
+Enable ``TEE_INTEL_TXT`` and set the following:
+
+``TEE_INTEL_TXT_BIOSACM_FILE`` to the path of the BIOS ACM provided by Intel
+
+``TEE_INTEL_TXT_SINITACM_FILE`` to the path of the SINIT ACM provided by Intel
+### Print TXT status as early as possible
+Add platform code to print the TXT status as early as possible, as the register
+is cleared on cold reset.
+
+## References
+More information can be found here:
+* [Intel TXT Software Development Guide]
+* [Intel TXT enabling]
+* [FIT]
+* [Intel TXT Lab Handout]
+
+[Intel TXT IBB]: txt_ibb.md
+[FIT]: ../../soc/intel/fit.md
+[Intel ACM]: acm.md
+[ACM]: acm.md
+[FIT table]: ../../soc/intel/fit.md
+[clear all DRAM]: ../memory_clearing.md
+[Intel TXT Lab Handout]: https://downloadmirror.intel.com/18931/eng/Intel%20TXT%20LAB%20Handout.pdf
+[Intel TXT Software Development Guide]: https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf
+[Intel TXT enabling]: https://www.intel.com/content/dam/www/public/us/en/documents/guides/txt-enabling-guide.pdf