On 6/11/2022 3:24 AM, Timo Lindfors wrote:
On Fri, 10 Jun 2022, Tony Camuso wrote:
If your system is booting in efi mode, then it needs efi.
If it's booting in legacy bios mode, then it doesn't need efi
Commit https://sourceforge.net/p/tboot/code/ci/aad782103a6e
says that
"Note that booting *without* noefi is a security risk since the EFI runtime is not
part of the trust base after a dynamic launch."
This suggests to me that you need to use "noefi" on an EFI system to minimize
risks.
OK, so something is going wrong with the information that tboot is
forwarding to the kernel launch.
On the efi system, with "noefi" removed from the grub command line,
the system boots.
With "noefi" in the grub command line, Device Mapper cannot find
the root and swap devices and drops to the dracut prompt.
How can I determine what info efi is providing that tboot is not?
Where can I instrument the code to gain that visibility?
-Timo
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
