On 04/01/2017 04:55 PM, Trammell Hudson wrote:
On Sat, Apr 01, 2017 at 07:43:40PM +0000, ron minnich wrote:
Annnnnnnd with the linux payload we're back to linuxbios :-)
It was a good idea in 1999, and it is still a good idea.
We *may* party like it's 1999 in 2017 then...
For a payload chooser and such I can offer two options:
- petitboot has a boot menu type thing
- u-root (u-root.tk) is going to have a boot menu type thing, as we've
been asked to do one.
Heads is coming along in usability and has a strong focus on securing the boot process through TPM measurement and using the flash security features.
Trammell, One of the three reasons we are including TPM in hardware is because of your great talk at 33c3 on Heads! But I failed to see that it offered "boot menu type thing"
It fits the 4.9.20 Linux kernel + initrd into 4 MB, including all of the crypto, networking and other features. The eventual user kernel (or Xen hypervisor and dom0 kernel) are GPG verified and invoked via kexec for a slightly more secure, legacy free boot process.
So this is referring more about "linux payload" than "boot menu type thing" correct?
More docs are online and pull requests are always appreciated:
What we are looking at is to include or develop a solution that accomplishes these goals: 1) allows us to skip most of vbios (but sounds like still needs the VBT) 2) deliver a payload that has a path toward securing the boot process (e.g. Heads) 3) deliver a payload that can still offer a user to install their own OS (thus allowing user-configuration and control)
Thanks for writing!
Todd.