On Sun, Apr 02, 2017 at 09:18:10AM -0700, Todd Weaver wrote:
[...] One of the three reasons we are including TPM in hardware is because of your great talk at 33c3 on Heads!
I'm glad to hear that it inspired you to include it!
But I failed to see that it offered "boot menu type thing"
Currently there isn't any sort of boot selection menu; if the default doesn't work you can drop into a "recovery shell", which extends the PCRs to note that this has happened, and allows the user to manually mount devices, fixup signatures, run kexec, etc.
Adding a menuing system has been on the todo list for a while -- Zaolin started experimenting with plymouth, although it hasn't been integrated into the rest of the system.
[...] What we are looking at is to include or develop a solution that accomplishes these goals:
- allows us to skip most of vbios (but sounds like still needs the VBT)
- deliver a payload that has a path toward securing the boot process
(e.g. Heads) 3) deliver a payload that can still offer a user to install their own OS (thus allowing user-configuration and control)
2 and 3 don't need to be separate stages, although it might make sense to prototype them in two pieces to deal with ROM size issues. This is the approach the the Mass Open Cloud group is doing; their remote attestation infrastructure is currently in python and has both glibc and OpenSSL dependencies, so their Heads init script does a fetch, measure and extract of a tar file from the network. Porting it to work with libtpm and musl-libc is later on their roadmap.