Down the rabbit hole of tboot, E820 maps, and Xen PV PCI-passthrough domains

From an OpenXT bug report:

TL;DR: a minor adjustment had to be made in tboot so that it picks the right memory protection for itself in the E820 map. The bug only affected PV Linux guests with PCI-passthrough devices as correctly guessed above.[…]


The EFI TBOOT project is currently under development! EFI TBOOT is mostly a proof of concept at this point. It is not currently functional. It can be built and installed as an EFI boot loader. It only works in conjunction with Xen at the moment. The current development work is being done on Fedora 25 x64. The status as of March 14, 2017 is:
 – EFI TBOOT will boot, but it needs a few key strokes to get going (this is for debugging purposes).
 – EFI TBOOT will relocate itself to EFI runtime memory and setup a shared runtime variable with Xen.
 – EFI related configuration setup is done as well as standard TBOOT pre-launch configuration.
 – Xen is launched and has code to call EFI TBOOT back after EBS.
 – EFI TBOOT then does the SENTER successfully in the callback.
 – The post launch entry point is reached but the switch back to long mode is not working.
EFI TBOOT needs a number of platform support files used with TXT (called Authenticated Code Modules or ACMs). For convenience the packages can be gotten from the OpenXT mirror:

Intel KGT

Wow, I wasn’t aware of Intel’s Kernel-Guard Technology (KGT) for Linux, until today. 😦

As found on the Twitter feed of Alex Bazhaniuk (@ABazhaniuk):

Intel Kernel-Guard Technology (Intel KGT) is a policy specification and enforcement framework for ensuring runtime integrity of kernel and platform assets.  The Intel® KGT framework allows policy writers to specify:
 * Which OS/platform resources to monitor
 * Actions to take when the monitored resource is accessed
 * A policy

A policy can be specified at build-time (embedded in the code), boot-time (such as through grub module), or at runtime (via configfs and script), and is enforced by an outside-OS component.  The Intel KGT framework, along with an appropriate policy, can be used to achieve immutability and runtime integrity of critical resources such as kernel code pages, kernel pagetable mappings, kernel interrupt descriptor table (IDT), control registers (CRs), MSRs, and MMIO regions. The Intel KGT is based on xmon, which is a thin VT-x component. Xmon runs in vmx-root (ring -1), de-privileges the OS, and uses VTx controls to trap access to specified resources and enforce policy specified actions. Xmon is not limited to using VT-x and, in the future, is expected to incorporate other CPU and platform features in addition to VT-x to enforce policy.    

Their Overview page gives a good introduction.

It looks like the last release was August 7th, with Intel TXT/tboot support:

More Information: