10.11.2014 14:10, Minchev, Todor wrote:
Hello guys,
I have been working on adding trusted boot (tboot) support to gummiboot
and since this requires quite a bit of new code to be added to the
gummiboot code base I wanted to send it out for review and comments.
This is the new functionality that these patches add to the gummiboot
master branch:
- trusted boot support via the tboot module and Intel's Trusted
Execution Technology (TXT)
- partial multiboot2 support for passing data to the trusted boot module
- booting non efi_stub kernels via tboot
- no impact on the existing gummiboot functionality
I have not looked at the code, but looked at the list of commit
messages. In particular:
gummiboot: load the loadable segments of the ELF binary and jump
to its entry point address
As far as I understand, this goes against the design goals of gummiboot
of being a simple wrapper that is able to execute EFI binaries and only
them. Would it be feasible to convert tboot into an EFI binary instead,
and measure/validate it as such, using the API provided by UEFI for that?
--
Alexander E. Patrakov
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
