On Wed, Nov 12, 2014 at 10:30 AM, Minchev, Todor <[email protected]> wrote: > > On Mon, 2014-11-10 at 14:20 +0500, Alexander E. Patrakov wrote: > > 10.11.2014 14:10, Minchev, Todor wrote: > > > Hello guys, > > > > > > I have been working on adding trusted boot (tboot) support to gummiboot > > > and since this requires quite a bit of new code to be added to the > > > gummiboot code base I wanted to send it out for review and comments.
May I ask what the use case for this is? Are there any plans to deploy such a gummiboot in future products? > > > This is the new functionality that these patches add to the gummiboot > > > master branch: > > > > > > - trusted boot support via the tboot module and Intel's Trusted > > > Execution Technology (TXT) > > > - partial multiboot2 support for passing data to the trusted boot module > > > - booting non efi_stub kernels via tboot > > > - no impact on the existing gummiboot functionality > > > > I have not looked at the code, but looked at the list of commit > > messages. In particular: > > > > > gummiboot: load the loadable segments of the ELF binary and jump > > > to its entry point address > > > > As far as I understand, this goes against the design goals of gummiboot > > of being a simple wrapper that is able to execute EFI binaries and only > > them. Would it be feasible to convert tboot into an EFI binary instead, > > and measure/validate it as such, using the API provided by UEFI for that? > Yes, this is what I will be looking at next - adding PE/COFF header to > tboot so that gummiboot can launch it as an EFI application. > BTW, are there any plans to add multiboot2 support to gummiboot in the > future? There are no such plans so far. What actual problem would multiboot2 support solve and where would it be actively used? Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
