[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher

From: Lukasz Hawrylko
Subject: Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher
Date: Tue, 05 May 2020 16:38:02 +0200
User-agent: Evolution 3.34.4 (3.34.4-1.fc31)

On Tue, 2020-05-05 at 01:21 +0200, Daniel Kiper wrote:
> Hi,
> This is an RFC patchset for the GRUB introducing the Intel TXT secure 
> launcher.
> This is a part of larger work known as the TrenchBoot. Patchset can be split
> into two distinct parts:
>   - 01-12: preparatory patches,
>   - 13-18: the Intel TXT secure launcher itself.
> The initial implementation of the Intel TXT secure launcher works. However,
> there are still some missing bits and pieces, e.g.:
>   - SINIT ACM auto loader,
>   - lack of RMRR support,
>   - lack of support for MLEs larger than 1 GiB,
>   - lack of TPM 1.2 support.
>   - various fixes and cleanups.
> Commands introduced by this patchset: tpm_type, slaunch, slaunch_module (not
> required on server platforms) and slaunch_state (useful for checking platform
> configuration and state; based on tboot's txt-stat).
> Daniel

Hi Daniel

Your patch looks promising, however I have few concerns.

In OS-MLE table there is a buffer for TPM event log, however I see that
you are not using it, but instead allocate space somewhere in the
memory. I am just wondering if, from security perspective, it will be
better to use memory from TXT heap for event log, like we do in TBOOT.

There is a function that verifies if platform is TXT capable
-grub_txt_verify_platform(), it only checks SMX and GETSEC features.
Although BIOS should enforce both VMX and VT-d enabled when enabling
TXT, I think that adding these check here as redundancy may be a good
idea. The same situation is with TPM presence.

I suggest to add possibility to skip TXT launch when last boot ended
with TXT error. This option can avoid boot loops when something goes

How will you read LCP from storage? I see that there is slaunch_module
command that currently you are using only for loading SINIT. In the
future it can be expanded to support LCP file too, what do you think?

Do not forget to apply changes required by latest Intel's platforms, you
should check following commits in TBOOT's repository: 2f03b57ffdba,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]