how to get Measured Boot Supplemental Pack

  • Hi All,
    we plan to test the Measured Boot feature among other security features

    I see all the tools needed to do so tboot,trousers, and xentpm is only avaiable after installing Measured Boot Supplemental Pack

    is there a way to get it

    and if not is this still good ?
    it is very old and not updated for years


  • XCP-ng Team

    Ping @beshleman 🙂

  • Hi @beshleman just noticed you will be working on exact stuff we are interested in

    We are looking into measured boot and vTPM functionality

    I saw XenAPI already have the basics for vTPM not sure what is implemented yet (didnt go through the code) but we plan to test it as well ( i figured even if it is not fully implemented most of the work already done so we need few bits here and there to make it work)

    So if you did some work to compile the xentpm and other tools please share what you did. We will share our progress as well

  • Hey @hani,

    I assume you are looking to both support DRTM for guests (hence your vTPM interest), and for hosts (the Measured Boot Supplemental Pack), is that correct?

    I believe you can get some form of DRTM up and running with tboot, Xen, and xentpm, although I say "some form" because the architecture of such a setup appears to be somewhat broken. If your boot chain contains a compromised component, you can no longer trust the state of subsequent components of the boot chain, which ultimately will include the OS in which xentpm is running, which eliminates any guarantees that the attestation received from xentpm is valid (xentpm itself could be modified to report that everything is okay or the PCR manifest could be spoofed, for instance).

    There is a community effort called TrenchBoot which is attempting to tackle this and other problems related to launching Xen with DRTM. It is definitely worth taking a look at. TrenchBoot will include a tiny kernel as the measured launch environment, into which your attestation software can be incorporated.

    I'm not entirely sure what is in the XenServer Supplemental Pack, and I can't really tell from the manual for it that they released. I suspect it is tboot and xentpm, which has the shortcomings above (please correct me if I am wrong).

    As a part of the TrenchBoot effort, Grub now supports Intel TXT, so tboot may be redundant.

    Regarding xentpm, I have not played with it. AFAIK, it is simply a tool to collect the TPM measurements produced at launch.

    Regarding vTPM, it apparently works more-or-less, although there is some talk about replacing it. The issue with vTPM is that it is backed by a software emulator (I think QEMU's swtpm) and not the physical TPM. The only hardware protections for it lie in the fact that it exists in a separate domain, but this implies the domain and the hypervisor as attack vectors for retrieving TPM secrets, which is far too big of an attack surface to allow you to sleep well at night.

    I hope some of this helps!

  • @beshleman exactly that is the final goal
    getting DRTM for guests and Measured Boot for the host

    My plan was to get the following
    1- Measured Boot for the host
    2- full disk encryption for the guests using vTPM (Storing the keys in the TPM module)
    3- DRTM for the guests

    based on your answer I see the first 2 goals are achievable, Measured boot for the host is fully supported by xenserver so it is just a matter of getting the source code of Supplemental pack and compile it and we can even add it as an option to xcp-ng

    for vTPM i know the xen project emulate it but they keep the seed in the physical TPM device in the host (

    So if i can get the first 2 goals that would be great start for me

  • @hani sounds great, keep us posted on your progress and findings!

Log in to reply

XCP-ng Pro Support

XCP-ng Pro Support