On Mon, 2014-11-10 at 14:20 +0500, Alexander E. Patrakov wrote: > 10.11.2014 14:10, Minchev, Todor wrote: > > Hello guys, > > > > I have been working on adding trusted boot (tboot) support to gummiboot > > and since this requires quite a bit of new code to be added to the > > gummiboot code base I wanted to send it out for review and comments. > > > > This is the new functionality that these patches add to the gummiboot > > master branch: > > > > - trusted boot support via the tboot module and Intel's Trusted > > Execution Technology (TXT) > > - partial multiboot2 support for passing data to the trusted boot module > > - booting non efi_stub kernels via tboot > > - no impact on the existing gummiboot functionality > > I have not looked at the code, but looked at the list of commit > messages. In particular: > > > gummiboot: load the loadable segments of the ELF binary and jump > > to its entry point address > > As far as I understand, this goes against the design goals of gummiboot > of being a simple wrapper that is able to execute EFI binaries and only > them. Would it be feasible to convert tboot into an EFI binary instead, > and measure/validate it as such, using the API provided by UEFI for that? Yes, this is what I will be looking at next - adding PE/COFF header to tboot so that gummiboot can launch it as an EFI application. BTW, are there any plans to add multiboot2 support to gummiboot in the future?
>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
