Re: Linux DRTM on UEFI platforms

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux DRTM on UEFI platforms

From:	Brendan Trotter
Subject:	Re: Linux DRTM on UEFI platforms
Date:	Wed, 6 Jul 2022 09:33:23 +0930

Hi,

On Wed, Jul 6, 2022 at 4:52 AM Daniel P. Smith
<dpsmith@apertussolutions.com> wrote:
> On 6/10/22 12:40, Ard Biesheuvel wrote:> On Thu, 19 May 2022 at 22:59,
> To help provide clarity, consider the following flows for comparison,
>
> Normal/existing efi-stub:
>   EFI -> efi-stub -> head_64.S
>
> Proposed secure launch:
>   EFI -> efi-stub -> dl-handler -> [cpu] -> sl_stub ->head_64.S

For more clarity; the entire point is to ensure that the kernel only
has to trust itself and the CPU/TPM hardware (and does not have to
trust a potentially malicious boot loader)..Any attempt to avoid a
one-off solution for Linux is an attempt to weaken security.

The only correct approach is "efi-stub -> head_64.S -> kernel's own
secure init"; where (on UEFI systems) neither GRUB nor Trenchboot has
a valid reason to exist and should never be installed.

Cheers,

Brendan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Linux DRTM on UEFI platforms, Daniel P. Smith, 2022/07/05
- Re: Linux DRTM on UEFI platforms, Brendan Trotter <=
  - Re: Linux DRTM on UEFI platforms, Matthew Garrett, 2022/07/05
  - Re: Linux DRTM on UEFI platforms, Daniel P. Smith, 2022/07/07
    - Re: Linux DRTM on UEFI platforms, Brendan Trotter, 2022/07/07
    - Re: Linux DRTM on UEFI platforms, Matthew Garrett, 2022/07/08
    - Re: Linux DRTM on UEFI platforms, Daniel P. Smith, 2022/07/22
    - Re: Linux DRTM on UEFI platforms, Brendan Trotter, 2022/07/23

Prev by Date: Re: Linux DRTM on UEFI platforms
Next by Date: Re: Linux DRTM on UEFI platforms
Previous by thread: Re: Linux DRTM on UEFI platforms
Next by thread: Re: Linux DRTM on UEFI platforms
Index(es):
- Date
- Thread