RE: how to get Measured Boot Supplemental Pack

@beshleman exactly that is the final goal
getting DRTM for guests and Measured Boot for the host

My plan was to get the following
1- Measured Boot for the host
2- full disk encryption for the guests using vTPM (Storing the keys in the TPM module)
3- DRTM for the guests

based on your answer I see the first 2 goals are achievable, Measured boot for the host is fully supported by xenserver so it is just a matter of getting the source code of Supplemental pack and compile it and we can even add it as an option to xcp-ng

for vTPM i know the xen project emulate it but they keep the seed in the physical TPM device in the host (https://fossies.org/linux/xen/docs/man/xen-vtpmmgr.7.pod)

So if i can get the first 2 goals that would be great start for me

Hi @beshleman just noticed you will be working on exact stuff we are interested in

We are looking into measured boot and vTPM functionality

I saw XenAPI already have the basics for vTPM not sure what is implemented yet (didnt go through the code) but we plan to test it as well ( i figured even if it is not fully implemented most of the work already done so we need few bits here and there to make it work)

So if you did some work to compile the xentpm and other tools please share what you did. We will share our progress as well

Hi All,
we plan to test the Measured Boot feature among other security features

I see all the tools needed to do so tboot,trousers, and xentpm is only avaiable after installing Measured Boot Supplemental Pack

is there a way to get it

and if not is this still good ?
https://github.com/xenserver/xentpm
it is very old and not updated for years

thanks