Hi,in https://sourceforge.net/p/tboot/mailman/message/37340469/ there was a discussion about needing to get grub to accept a patch to reliably support multiple SINIT modules. Any idea what's the status of this patch?
Using multiple SINIT modules is useful if you want to have a single image that works on multiple devices. The intel-acm package in Debian non-free provides these in /boot and it is very convenient that tboot can choose the matching SINIT module at runtime.
I was reminded of this issue since I hit it again on different hardware.I've attached two serial console logs for tboot mercurial tip (9c625ab2035b):
tboot_9c625ab2035b_2_SINIT_working.txt: - two SINIT ACMs are specified and the system boots correctly. tboot_9c625ab2035b_26_SINIT_reboot.txt:- 26 SINIT ACMs are specified and the system enters an infinïte reboot loop.
I do not see this problem on my BIOS system, only UEFI system, but it is is difficult to say if this is actually related to the issue.
You can see more logs at https://lindi.iki.fi/lindi/tboot/smoketest/results.html The attached logs are all from test run 1646942019.As a workaround, would you accept a patch that modifies tboot/20_linux_tboot to use txt-acminfo to include only matching SINIT modules in grub configuration? I could make this configurable in /etc/default/grub-tboot. We could for example support the following three options:
GRUB_TBOOT_SINIT=all - include all SINIT modules that are found, current behavior GRUB_TBOOT_SINIT=detect - use txt-acminfo to find SINIT modules that match the current system. GRUB_TBOOT_SINIT_LIST="module1 module2 module3" - use only the listed SINIT modules. -Timo
tboot_9c625ab2035b_2_SINIT_working.txt.gz
Description: application/gzip
tboot_9c625ab2035b_26_SINIT_reboot.txt.gz
Description: application/gzip
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
