überXMHF: Attestation Testbed

This task will setup a testbed for testing überXMHF attestation and general attestation infrastructure.

Testbed Equipment:

  • 3 (Dell) Intel workstations with TPM and built-in vPRO enabled network
  • 3 additional gigabit ethernet PCIe network cards
  • 2 gigabit switches: switch-1 and switch-2
  • 1 remote web power management unit
  • 1 keyboard + 1 mouse + 1monitor + KVM switch for local control of the 3 workstations

Infrastructure Setup Tasks:

  1. Hook up the three workstations to the remote web power management unit. Hook up keyboard, mouse, monitor and KVM switch to control the three workstations locally.

  2. Install the 3 additional network cards: one in each workstation

  3. Connect the built-in vPro network interfaces of the 3 workstations via ethernet cable to switch-1

  4. Connect the additional network cards (installed in step 2) via ethernet cable to switch-2.

  5. Switch-1 is connected to CMU network; Switch-2 is not connected to any network and is used for internal networking simulation.

  6. Connect remote power switch network interface to switch-1

  7. We need 5 static IP addresses that can be accessible via the internet external to the testbed. One for the remote power switch and one each for each of the vPRO AMT network interface for the workstations. One backup static IP for future debugging expansion.

Software stack setup tasks:

  1. Install Ubuntu 16.04 LTS 32-bit with 32-bit linux kernel; grab pre-built 32-bit kernel from: uberxmhf-linux-kernels/ubuntu/x86_32/v4.4.x at master · uberspark/uberxmhf-linux-kernels · GitHub

  2. Setup Intel AMT for remote management for each workstation: See here for a quick startup: Configuring and Using Intel AMT for Remote Out-of-Band Server Management -- Virtualization Review

  3. Enable ssh on all 3 workstations to allow remote login as well.

  4. Test with an external laptop that we are able to access each of the workstation AMT network static IP and are able to login via ssh into the workstations.

Opened all boxes and am trying to figure out how to connect everything.
There are two Windows desktops connected to the network.
In addition, we have the three Precision 3450 machines that need to be set up.
Do not see any network cards as mentioned in the task.
I wonder if these are in the machines already.

According to this document the desktop machines have only one type of video display ports:

The KVM switch though has HDMI or USB 3.0 inputs for displays.
It seems to me that this is not going to work with I see we have at present.

Hmm. The network cards were separate so will likely not be installed. Please make a note and we can revert back to clarify this. As far as the kvm switch, there should be a displayport to hdmi adapter thwt should be included with the dell workstations, no?

There are 4 HDMI cables.
There are several USB cables.
There are 4 HDMI extenders.
There are no DisplayPort to HDMI converters that I can find.

This was specifically ordered with the workstations; so did you check the workstation boxes? Each workstation box should have had this per our order…

The only DisplayPort cable came with the monitor.
I was able to connect one of the machines, but it could not connect to the Internet because I am guessing it is not registered.

Ok, so no extra network cards and no displayport to hdmi adapters. Will get that sorted.

Yep, that is my guess too.

I will figure out what needs to be done to register these machines,

Since I can’t log into them I can’t see their MAC addresses to register them.

We probably need to install Ubuntu on the workstations off a USB stick and then grab the MAC addresses.

Yes, but in order to install Ubuntu you need network access.

Ok we might have to just do a live USB to grab the MAC address in case that is required to get network access.

We have the 3 MAC addresses captured.
In general, the setup is going to be as follows:

  • Two Windows machines are already connected to the existing network
  • The three Dell machines will run Linux and together with the Web power switch will be connected to a separate network
    We can then install Linux, because we will need the updates to be installed also.

Will the separate network where the three dell machines are installed have access to the internet?

Yes, the idea is that all three machines and the Web power switch will be connected to a network that is separate and will be accessible from the Internet. We will have to create passwords, use ssh and other precautions, because of the exposure to the Internet.

Super. Thanks @antonhristozov !

Hi @antonhristozov ,

Can you provide a quick status update on this thread on what has been accomplished so far on the testbed?

Thanks!