> There is also value when it comes to easier SRTM/DRTM measurements of > the system in question, including cases where Xen sits on a boot ROM > rather than on disk.
We've explored that in the past - building things into Xen and Linux statically - and ultimately it only works if the command line passed to Xen also gets measured, otherwise you can always override any built-in component. So for example with OpenXT on UEFI the entire Xen config file gets measured. For DRTM I don't think it makes much difference, I believe the active microcode info is already part of the measurement, so having it measured as part of the Xen blob doesn't add anything. Tamas _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
