[systemd-devel] [gummiboot][RFC] Add trusted boot (tboot) support to gummiboot
Minchev, Todor
todor.minchev at intel.com
Wed Nov 12 01:30:54 PST 2014
On Mon, 2014-11-10 at 14:20 +0500, Alexander E. Patrakov wrote:
> 10.11.2014 14:10, Minchev, Todor wrote:
> > Hello guys,
> >
> > I have been working on adding trusted boot (tboot) support to gummiboot
> > and since this requires quite a bit of new code to be added to the
> > gummiboot code base I wanted to send it out for review and comments.
> >
> > This is the new functionality that these patches add to the gummiboot
> > master branch:
> >
> > - trusted boot support via the tboot module and Intel's Trusted
> > Execution Technology (TXT)
> > - partial multiboot2 support for passing data to the trusted boot module
> > - booting non efi_stub kernels via tboot
> > - no impact on the existing gummiboot functionality
>
> I have not looked at the code, but looked at the list of commit
> messages. In particular:
>
> > gummiboot: load the loadable segments of the ELF binary and jump
> > to its entry point address
>
> As far as I understand, this goes against the design goals of gummiboot
> of being a simple wrapper that is able to execute EFI binaries and only
> them. Would it be feasible to convert tboot into an EFI binary instead,
> and measure/validate it as such, using the API provided by UEFI for that?
Yes, this is what I will be looking at next - adding PE/COFF header to
tboot so that gummiboot can launch it as an EFI application.
BTW, are there any plans to add multiboot2 support to gummiboot in the
future?
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5229 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20141112/43ccecef/attachment.bin>
More information about the systemd-devel
mailing list