Last year we released our Intel Trusted Execution Technology test suite TXT-Suite. It's purpose is to test Intel processor based systems with respect to correct configuration of Intel TXT in every aspect.
This was not the end. Not even close. Last week we reached a new milestone with version 2.0 and with that we plan to extend it. "How?", you may ask. Well, from testing a system to provisioning a new system and checking your own configuration is just a small step. With this said, there is only one thing left to do:
We proudly announce the Converged Security Suite.
At the moment, its foundation is the TXT-Suite with its testing capabilities, but we will implement provisioning capabilities and extend it to other Intel Security Technologies like Intel Software Guard Extention(Website), Intel Boot Guard(PDF) and Platform Firmware Resilience(PDF).
But wait....there's more - we will do it from userspace! That's right! You will be able to set up AND test your configuration, let's say, in your LinuxBoot shell. This enables a even faster provisioning and testing mechanism than building up a new firmware image, deploying it over and over again manually.
Added features in Converged-Security-Suite
- Abstraction of hardware access via an interface
- Mocking of hardware access utilizing the said interface
- Abstraction of software tools via an interface
- More specific TPM1.2 and TPM2.0 configuration check and LCP Policy check
- Check of TXT mode (Auto-Promotion or SignedPolicy)
- Introduction of warnings
- Extended report generator with more information about tests, specifications, dependencies and possible outcomes
- Removed some unviable tests
- Improvement error messages
- Delivery of RPM, DEP packages and pure binary for x86_64
If you want to start contributing to Converged Security Suite, you always can start doing so via Github.
If you want to know more about our firmware and security work please feel free to contact us at firstname.lastname@example.org