Hello all, I wanted to provide a quick update on the TXT/sig project and point you at it's new location on GitHub:
* https://github.com/anuvu/tboot ... the TXT/sig changes can be found in the master branch. In addition to the code changes, I've included a README.md with a lot of information on how to use the tboot signature verification code, as well as TXT and tboot in general. Even if you are not interested in using signed kernel images, you may find the README.md documentation helpful. Unfortunately for my TXT/sig efforts, there have been some changes in the product I am working on and the TXT/sig capability is not expected to be a critical part of the product. This means my contributions going forward are likely to be seriously diminished. I do have some interest in pursuing this on my own time, but considering all of the other demands on my time I'm not certain how much I will be able to contribute. I've cleaned the existing patches up as much as time would allow, and I believe they are in half-reasonable shape; if the tboot community wants to merge them as they currently are, I'm happy to do whatever I can on my end to make that happen. If someone wants to take these patches and build on top of them, that's fine too. If there is anything I can do to help, please let me know, just understand my time is likely to be limited. Beyond the TXT/sig patches, I believe the repo mentioned above contains some other patches which I believe have standalone value: * "all: ensure we can build on a modern system" This patch allows tboot to successfully build with GCC v9. I know there have been other GCC related patches posted to the mailing list; it might be worthwhile checking to see if this patch adds additional corrections. * "lcptools-v2: add pconf2 policy element support" Adds the ability to create a TPM2 PCONF policy element to the lcptools- v2 tools. I realize that there is a strong desire on the part of Intel to move to the Python GUI tools, but for those of us who prefer the command line lcptools-v2 tools this may be useful. * "tboot: get the TPM extpol setting from the ACM" This patch adds the ability to query the ACM during boot and adjust the "extpol" setting based on the ACM's reported support (cmdline example: "extpol=acm"). Hopefully some of this work will prove helpful, even if it is just the information in README.md. Thanks for all your help over the past year! -Paul _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
