[systemd-devel] [gummiboot][RFC] Add trusted boot (tboot) support to gummiboot
Minchev, Todor
todor.minchev at intel.com
Mon Nov 10 01:10:19 PST 2014
Hello guys,
I have been working on adding trusted boot (tboot) support to gummiboot
and since this requires quite a bit of new code to be added to the
gummiboot code base I wanted to send it out for review and comments.
This is the new functionality that these patches add to the gummiboot
master branch:
- trusted boot support via the tboot module and Intel's Trusted
Execution Technology (TXT)
- partial multiboot2 support for passing data to the trusted boot module
- booting non efi_stub kernels via tboot
- no impact on the existing gummiboot functionality
Tboot
http://sourceforge.net/projects/tboot/
SINIT ACM
https://software.intel.com/en-us/articles/intel-trusted-execution-technology
The config for booting with tboot looks like this:
title tboot
multiboot2 /tboot
multiboot2_options /tboot loglvl=all logging=serial,vga,memory
vga_delay=1 serial=115200,8n1,0x3f8
acm /acm
linux /vmlinuz
initrd /initrd
options root=UUID=c1f42944-05fe-40eb-99b6-4b79161113b5 nomodeset
console=tty0 console=ttyS0,115200n8
Thanks,
Todor
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The following changes since commit
eb3daf2ca4cb1657cf1f780957485d690a552bf6:
build-sys: build gummiboot executable only if HAVE_BLKID (2014-05-15
23:47:18 +0200)
are available in the git repository at:
https://github.com/todorez/gummiboot-multiboot2.git multiboot2
for you to fetch changes up to 70f21ca5f7d9d8aa43e022e2e0b035a855875a48:
gummiboot: fix multiboot2 header validation bug (2014-11-09 18:48:27
+0000)
----------------------------------------------------------------
Todor Minchev (15):
gummiboot: add multiboot2 header option to the bootloader
gummiboot: add whole and partial file loads
gummiboot: load the loadable segments of the ELF binary and jump
to its entry point address
gummiboot: add ELF validation and partial mbi2 population
gummiboot: get EFI mmap and populate some of the MBI2 tags
gummiboot: populate the cmdline, bootloader, modules,
system_table, efi mmap and end tags
gummiboot: convert EFI mmap to E820 mmap
gummiboot: add ACPI v1/v2 support
gummiboot: add MBI2 framebuffer info
gummiboot: add acm option to the config
gummiboot: return the CPU to protected mode before tboot handover
gummiboot: add a new config parameter for passing options to tboot
gummiboot: add the kernel command line to the kernel module tag
gummiboot: improve error reporting & fix indentation
gummiboot: fix multiboot2 header validation bug
Makefile.am | 23 +-
src/efi/gummiboot.c | 105 ++++---
src/elf/elf.c | 138 +++++++++
src/elf/elf.h | 131 +++++++++
src/elf/memcpy.c | 145 ++++++++++
src/multiboot2/acpi.h | 26 ++
src/multiboot2/multiboot2.c | 1012
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/multiboot2/multiboot2.h | 345 ++++++++++++++++++++++
src/multiboot2/multiboot2_util.h | 206 +++++++++++++
9 files changed, 2085 insertions(+), 46 deletions(-)
create mode 100644 src/elf/elf.c
create mode 100644 src/elf/elf.h
create mode 100644 src/elf/memcpy.c
create mode 100644 src/multiboot2/acpi.h
create mode 100644 src/multiboot2/multiboot2.c
create mode 100644 src/multiboot2/multiboot2.h
create mode 100644 src/multiboot2/multiboot2_util.h
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5229 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20141110/76301699/attachment.bin>
More information about the systemd-devel
mailing list