Hello guys, I have been working on adding trusted boot (tboot) support to gummiboot and since this requires quite a bit of new code to be added to the gummiboot code base I wanted to send it out for review and comments.
This is the new functionality that these patches add to the gummiboot master branch: - trusted boot support via the tboot module and Intel's Trusted Execution Technology (TXT) - partial multiboot2 support for passing data to the trusted boot module - booting non efi_stub kernels via tboot - no impact on the existing gummiboot functionality Tboot http://sourceforge.net/projects/tboot/ SINIT ACM https://software.intel.com/en-us/articles/intel-trusted-execution-technology The config for booting with tboot looks like this: title tboot multiboot2 /tboot multiboot2_options /tboot loglvl=all logging=serial,vga,memory vga_delay=1 serial=115200,8n1,0x3f8 acm /acm linux /vmlinuz initrd /initrd options root=UUID=c1f42944-05fe-40eb-99b6-4b79161113b5 nomodeset console=tty0 console=ttyS0,115200n8 Thanks, Todor ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ The following changes since commit eb3daf2ca4cb1657cf1f780957485d690a552bf6: build-sys: build gummiboot executable only if HAVE_BLKID (2014-05-15 23:47:18 +0200) are available in the git repository at: https://github.com/todorez/gummiboot-multiboot2.git multiboot2 for you to fetch changes up to 70f21ca5f7d9d8aa43e022e2e0b035a855875a48: gummiboot: fix multiboot2 header validation bug (2014-11-09 18:48:27 +0000) ---------------------------------------------------------------- Todor Minchev (15): gummiboot: add multiboot2 header option to the bootloader gummiboot: add whole and partial file loads gummiboot: load the loadable segments of the ELF binary and jump to its entry point address gummiboot: add ELF validation and partial mbi2 population gummiboot: get EFI mmap and populate some of the MBI2 tags gummiboot: populate the cmdline, bootloader, modules, system_table, efi mmap and end tags gummiboot: convert EFI mmap to E820 mmap gummiboot: add ACPI v1/v2 support gummiboot: add MBI2 framebuffer info gummiboot: add acm option to the config gummiboot: return the CPU to protected mode before tboot handover gummiboot: add a new config parameter for passing options to tboot gummiboot: add the kernel command line to the kernel module tag gummiboot: improve error reporting & fix indentation gummiboot: fix multiboot2 header validation bug Makefile.am | 23 +- src/efi/gummiboot.c | 105 ++++--- src/elf/elf.c | 138 +++++++++ src/elf/elf.h | 131 +++++++++ src/elf/memcpy.c | 145 ++++++++++ src/multiboot2/acpi.h | 26 ++ src/multiboot2/multiboot2.c | 1012 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/multiboot2/multiboot2.h | 345 ++++++++++++++++++++++ src/multiboot2/multiboot2_util.h | 206 +++++++++++++ 9 files changed, 2085 insertions(+), 46 deletions(-) create mode 100644 src/elf/elf.c create mode 100644 src/elf/elf.h create mode 100644 src/elf/memcpy.c create mode 100644 src/multiboot2/acpi.h create mode 100644 src/multiboot2/multiboot2.c create mode 100644 src/multiboot2/multiboot2.h create mode 100644 src/multiboot2/multiboot2_util.h
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
