[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux DRTM on UEFI platforms

From: Matthew Garrett
Subject: Re: Linux DRTM on UEFI platforms
Date: Wed, 30 Mar 2022 08:18:59 +0100
User-agent: Mutt/1.10.1 (2018-07-13)

On Wed, Mar 30, 2022 at 09:12:19AM +0200, Ard Biesheuvel wrote:
> On Wed, 30 Mar 2022 at 09:11, Matthew Garrett <> wrote:
> > The EFI stub carries out a bunch of actions that have meaningful
> > security impact, and that's material that should be measured. Having the
> > secure launch kernel execute the stub without awareness of what it does
> > means it would need to measure the code without measuring the state,
> > while the goal of DRTM solutions is to measure state rather than the
> > code.
> But how is that any different from the early kernel code?

>From a conceptual perspective we've thought of the EFI stub as being 
logically part of the bootloader rather than the early kernel, and the 
bootloader is a point where the line is drawn. My guy feeling is that 
jumping into the secure kernel environment before EBS has been called is 
likely to end badly.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]