[Claimed by Superymk] Priority 1. Enable UEFI (and keep the BIOS boot).
Priority 2. TPM functionalities.
Goal: Support TPM functions and be compatible with commodity OSes.
(Possible) Solution:
Question 1: If PCR0-7 (used in UEFI boot, see [1]) has to be changed after booting micro-hypervisor (mHV) before red OSes (regardless using SRTM or DRTM), then you may need to find an approach to be compatible with BitLocker. The approach has the following requirements:
(1) Users can easily re-apply Bitlocker after the installation of mHV.
(2) Users do not need to frequently re-apply Bitlocker due to mHV updates.
For example, an approach for (2) is making PCR 0-7 extend the hash of XMHF secure loader, not XMHF runtime. This approach fulfills the Requirement (2) because the secure loader is less likely to change than the runtime.
If this approach is ok, the TPM solution is:
(1) SRTM XMHF bootloader or secure loader to PCR 0-7.
(2) (In XMHF secure loader) Because DRTM may be not widely available, SRTM XMHF runtime to PCR 17.
(3) Develop easy instructions or a program to help users re-apply Bitlocker after the installation of mHV.
The XMHF runtime should have the following TPM functions:
(1) Deny red OS to access high TPM locality.
(2) Allocate NVRAM and bind the NVRAM to the high TPM locality. The NVRAM stores the keys of the uTPM
(3) Access to NVRAM.
High priority small issues:
~~1. [uTPM] In Trustvisor, create src/uTPM and put TPM related code in src/uTPM.
[uTPM] Replace sha1 in uTPM to be sha256
For example, In line 218 of trustvisor/src/crypto_init.c, modify "int hash_id = register_hash( &sha1_desc);" --> "int hash_id = register_hash( &sha256_desc);"~~
[uTPM] Clear secrets on machine fault, reboot, etc.
4. Upgrade libtomcrypt
Priority 3. Reduce memory usage of XMHF.
Goal: Support machines with 1TB memory and 256 cores. Reduce mHV's memory usage to be below 512MB (assuming 1 rich OS partition + 7 green partitions)
Solution: Use large pages when possible instead of 4K pages.
Priority 4. Implement vAPIC support.
Goal: Enable interrupt separation
Priority 5. Improve nested virtualization's compatibility and performance.
Priority 6. Allow intercepting red OS's memory accesses before booting it.
Priority 7. Remove sudo from GreenBox GUI loader and SecApps' loaders (on both Linux and Windows).
Only the SecOS loader requires sudo.
Priority 8. Reduce UEFI image size to be fit in the 100MB windows boot partition
[Claimed by Superymk] Priority 1. Enable UEFI (and keep the BIOS boot).
Priority 2. TPM functionalities.Goal: Support TPM functions and be compatible with commodity OSes.
(Possible) Solution: Question 1: If PCR0-7 (used in UEFI boot, see [1]) has to be changed after booting micro-hypervisor (mHV) before red OSes (regardless using SRTM or DRTM), then you may need to find an approach to be compatible with BitLocker. The approach has the following requirements: (1) Users can easily re-apply Bitlocker after the installation of mHV. (2) Users do not need to frequently re-apply Bitlocker due to mHV updates.
High priority small issues: ~~1. [uTPM] In Trustvisor, create src/uTPM and put TPM related code in src/uTPM.
4. Upgrade libtomcryptPriority 3. Reduce memory usage of XMHF.
Goal: Support machines with 1TB memory and 256 cores. Reduce mHV's memory usage to be below 512MB (assuming 1 rich OS partition + 7 green partitions)
Solution: Use large pages when possible instead of 4K pages.
Priority 4. Implement vAPIC support.
Goal: Enable interrupt separation
Priority 5. Improve nested virtualization's compatibility and performance.
Priority 6. Allow intercepting red OS's memory accesses before booting it.
Priority 7. Remove sudo from GreenBox GUI loader and SecApps' loaders (on both Linux and Windows).
Only the SecOS loader requires sudo.
Priority 8. Reduce UEFI image size to be fit in the 100MB windows boot partition
GreenBox UEFI files must be <= 3MB in total.
Priority 9. Create installer of GreenBox
Priority 10. Improve overall performance
References
[1] https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/