[systemd-devel] [gummiboot][RFC] Add trusted boot (tboot) support to gummiboot
Alexander E. Patrakov
patrakov at gmail.com
Mon Nov 10 01:20:30 PST 2014
10.11.2014 14:10, Minchev, Todor wrote:
> Hello guys,
>
> I have been working on adding trusted boot (tboot) support to gummiboot
> and since this requires quite a bit of new code to be added to the
> gummiboot code base I wanted to send it out for review and comments.
>
> This is the new functionality that these patches add to the gummiboot
> master branch:
>
> - trusted boot support via the tboot module and Intel's Trusted
> Execution Technology (TXT)
> - partial multiboot2 support for passing data to the trusted boot module
> - booting non efi_stub kernels via tboot
> - no impact on the existing gummiboot functionality
I have not looked at the code, but looked at the list of commit
messages. In particular:
> gummiboot: load the loadable segments of the ELF binary and jump
> to its entry point address
As far as I understand, this goes against the design goals of gummiboot
of being a simple wrapper that is able to execute EFI binaries and only
them. Would it be feasible to convert tboot into an EFI binary instead,
and measure/validate it as such, using the API provided by UEFI for that?
--
Alexander E. Patrakov
More information about the systemd-devel
mailing list