Public bug reported: This is a public version of https://bugs.launchpad.net/bugs/2058835
[Description] When a TD is created, during the boot process, steps like loading the firmware, bootloader, kernel image, etc are measured and stored in RTMR registers to support the trusted boot model. After boot, this measured value is used to validate the integrity of the boot process. During the direct boot process, bootloader is responsible for measuring the kernel image before loading the kernel. But if the kernel is loaded from EFI bootstub, the related measurements needs to be owned by the EFI bootstub. This support needs to be added to Linux EFI boot stub code. Also, as per the following discussion, the kernel command line or initrd section measurements also needs be owned by the EFI bootsub. https://edk2.groups.io/g/devel/topic/93737108?p=Created%2C%2C%2C20%2C2%2C0%2C0%3A%3A%2C%2C%2C0%2C0%2C0%2C93737108 [Fix] Cherry pick cleanly: d228814b1913 efi/libstub: Add get_event_log() support for CC platforms ac93cbfc2a2c efi/libstub: Measure into CC protocol if TCG2 protocol is absent 0bbe5b0ea97a efi/libstub: Add Confidential Computing (CC) measurement typedefs 7a1381e8313f efi/tpm: Use symbolic GUID name from spec for final events table 3e0b0f880e9e efi/libstub: Use TPM event typedefs from the TCG PC Client spec Those are all merged into upstream. [Test Plan] Build/sign/boot with secure boot enabled. [Where problems could occur] At boot time, as this is modifying the efi libstub. Could be impacting secure boot. ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2060130 Title: [SPR][EMR][GNR] TDX: efi: TD Measurement support for kernel cmdline/initrd sections from EFI stub Status in linux package in Ubuntu: New Bug description: This is a public version of https://bugs.launchpad.net/bugs/2058835 [Description] When a TD is created, during the boot process, steps like loading the firmware, bootloader, kernel image, etc are measured and stored in RTMR registers to support the trusted boot model. After boot, this measured value is used to validate the integrity of the boot process. During the direct boot process, bootloader is responsible for measuring the kernel image before loading the kernel. But if the kernel is loaded from EFI bootstub, the related measurements needs to be owned by the EFI bootstub. This support needs to be added to Linux EFI boot stub code. Also, as per the following discussion, the kernel command line or initrd section measurements also needs be owned by the EFI bootsub. https://edk2.groups.io/g/devel/topic/93737108?p=Created%2C%2C%2C20%2C2%2C0%2C0%3A%3A%2C%2C%2C0%2C0%2C0%2C93737108 [Fix] Cherry pick cleanly: d228814b1913 efi/libstub: Add get_event_log() support for CC platforms ac93cbfc2a2c efi/libstub: Measure into CC protocol if TCG2 protocol is absent 0bbe5b0ea97a efi/libstub: Add Confidential Computing (CC) measurement typedefs 7a1381e8313f efi/tpm: Use symbolic GUID name from spec for final events table 3e0b0f880e9e efi/libstub: Use TPM event typedefs from the TCG PC Client spec Those are all merged into upstream. [Test Plan] Build/sign/boot with secure boot enabled. [Where problems could occur] At boot time, as this is modifying the efi libstub. Could be impacting secure boot. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2060130/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
