On 13/12/2019 20:15, Tamas K Lengyel wrote: >> There is also value when it comes to easier SRTM/DRTM measurements of >> the system in question, including cases where Xen sits on a boot ROM >> rather than on disk. > We've explored that in the past - building things into Xen and Linux > statically - and ultimately it only works if the command line passed > to Xen also gets measured, otherwise you can always override any > built-in component. So for example with OpenXT on UEFI the entire Xen > config file gets measured.
What I meant was "its one fewer random knobble which needs handling specially". > For DRTM I don't think it makes much > difference, I believe the active microcode info is already part of the > measurement, so having it measured as part of the Xen blob doesn't add > anything. I couldn't possibly comment on timelines, but if I could, the answer might be "not for a little while yet". For now, microcode is very definitely software's problem to include in measurements. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
