Changeset 664e69 fundamentally changes the way tboot command lines need
to be built. I have read the discussions leading to this change, and I
agree that it was the right decision make this change. However, I have
issues with the way it was implemented:
1. tboot has stripped the first command line argument since 36d849
(2008-12-22) (that is, practically forever). People have got used to it,
and many users (everyone who isn't using "tip") are still using tboot
versions that do it. Yet the changes made to the documentation in commit
664e69 don't bother to explain this drastic change of usage. This will
confuse users (it did confuse myself, actually). I think that the
documentation should spell this out much more clearly.
2. /etc/grub.d/20_linux{_,_xen_}tboot haven't been changed. They still
generate grub2 command lines according to the old, now broken assumption
that the first argument will be skipped by tboot.
I reckon that a new tboot release including 664e69 would deserve an
obvious change in the version number, 1.9.x would seem appropriate. That
would also raise the question of an independent 1.8.x release
incorporating the bug fixes in for 1.8.3 that can be applied without
breaking existing configurations (after all, 1.8.3 already contains
change set 0efdaf which fixes the worst part of the vulnerability caused
by command line stripping, at least for the common case of GRUB2 users).
Regards
Martin
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
