Hello, During my late experiments with tboot, I found the helper scripts in /etc/grub.d not to be helpful. While they may be useful to obtain a first skeleton for a tboot boot entry initially, once users start to work seriously with tboot (e.g. create LCP and VLP), they are actually harmful and must be avoided because they might overwrite carefully crafted command lines. The scripts don't support DA PCR mapping or policy data files, and mess up white space.
I am submitting a series of patches I came up with to to fix this. One thing I did not attempt to tackle was UEFI support in 20_linux_xen_tboot. I am unsure whether there are any general restrictions regarding that scenario, and I currently have no way to test this. A part of the series was to give users the chance to customize the boot loader entries generated. The scripts check for a configuration file /etc/default/grub-tboot with a syntax similar to /etc/default/grub and take configuration settings from there. A sample /etc/default/grub-tboot file might look like this: # Command line for tboot GRUB_CMDLINE_TBOOT="logging=serial,memory,vga loglvl=info pcr_map=da" # Extra kernel command line for Linux+tboot GRUB_CMDLINE_LINUX_TBOOT="intel_iommu=on console=ttyS0,115200n8" # Extra Xen command line for Linux+Xen+tboot GRUB_CMDLINE_XEN_TBOOT="com1=115200,8n1 console=com1" # Extra Kernel command line for Linux+Xen+tboot GRUB_CMDLINE_LINUX_XEN_TBOOT="console=hvc0" # Basename of LCP policy data file under /boot GRUB_TBOOT_POLICY_DATA="lcp.dat" The Xen parameter "iommu=force" is not part of the customization, the script force it to be set, as before. For the Linux parameter "intel_iommu=on" I did not bother, because it's forced by the kernel in TXT mode anyway. Regards Martin ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
