As previous discussed in my last post about what is Intel TXT (aka Trusted Execution Technology), showing how this technology can Measure Launch the OS/Hypervisor, now I would like to show you something practical, how to use it with Linux.
In this demonstration, I used an HP 8440p box, but it works with any Intel vPro with AMT 3.0 and superior, and Linux Fedora 14 (kernel 2.6.38).
Praparing the BIOS:
Enable Intel VT/VTd, TPM and TXT in BIOS;
Some tools and updates are required in order to configure and enable Trusted Boot in Linux and in this particular demo, I used the following commands:
# yum update yum hg openssl openssl-devel trousers trousers-devel rpmdevtools yum-utils ncurses-devel
# yum groupinstall 'Development Tools'
I created a 15:06 video long showing configurations steps:
At this point, if you completed successfuly these steps, you enabled the Trusted Boot with ANY Policy, that means that now you have it ready to define policies about TXT measurement and behavior. It'll be a subject of a future post.
Further references can be found here: