In my last post about Intel TXT, I showed how to  Enable Trusted Boot on Linux OS using Intel TXT. In this post, I will show you how create custom policies, and in this particular example, you will learn how to Measure Launch the Linux kernel and initial RAM disk (initrd).

 

In this 14min29sec video, I'll guide you on the steps required to create a simple policy:

 

 

At this point, if you successfully completed these steps, then you configured the Trusted Boot verifying Linux kernel and initial RAM disk. If any of these components aren't in a well-known state the machine halt the boot process.

 

Further references can be found here:

 

Intel Trusted Execution Technology Software Development Guide 

 

Best Regards!

After years of heavy usage, the physical drive on one of my lab systems had failed.   Although I had the convenience of a lab\test system, I took the approach of a production environment to restore the system back to a functional state.

 

Some additional background on my lab.   It is physically located in Hillsboro Oregon inside a Farady cage (i.e. no wireless communications).   I am able to login to and interact with my lab systems from any intranet or Internet (with VPN) connection, with a wired connection into the cage.   My desk is located in a separate building on the same campus - about a 5 minute walk if I don't stop by the cafeteria or stop to talk with others in the hallway.   In general, a majority of my interaction with the lab is remote.   Physically touching systems is only required during setup or if systems are not managed via Intel vPro Technology.

 

First - a temporary operational environment was delivered to the client.   One example http://communities.intel.com/community/openportit/vproexpert/blog/2011/02/26/deliver-a-temporary-work-environment-using-intel-vpro-technology

 

Second - the physical hard-drive was replaced. (i.e. I'll be there in 5 minutes.... when in reality it may be more than 15 minutes)

 

Third - The last backup was restored to the client.  One example how this can be done is shown at http://www.youtube.com/watch?v=5VD7wAky3aU   (focus on the latter half where Symantec System Recovery Disk bootable ISO is delivered along with process to restore the last backup). 

 

Except for a short visit to the lab to physically change the harddrive, the scenario was remediated remotely in relatively short timeframe.

 

Welcome to the power of Intel vPro Technology delivered within a Symantec Client Management Suite environment.

I recently blogged about using More Secure VPN Login. In the demonstration video I used a Cisco SA540 Small business appliance. But what about Enterprise VPNs? Well, since then one of my colleagues has configured a Citrix Access Gateway to use IPT as well. Here it is in action.

 

 

Be on the lookout for more information on this and other VPNs that can be used with IPT. Do you have a favorite VPN you'd like to try? Oh, and if you need a system that supports IPT, check out Build your own PC with Identity Protection Technology (IPT) capable.

Filter Blog

By author:
By date:
By tag: