[coreboot] Rettungsboot
Charlotte Plusplus
pluspluscharlotte at gmail.com
Mon Nov 28 02:55:24 CET 2016
I don't know about you, but once I have a minimal working kernel or a
coreboot fallback, I never really update them. So having no way to recover
them without hardware intervention is fine. The kernel I may recompile,
patch, etc would be somewhere else.
The job of this minimal kernel and initrd would just be to kexec the other
kernel, and let you recover coreboot if needed.
Having both of them write protected is just fine, if the cmdline used for
the kexec is be read from another part of the spi for when you have to add
some kernel parameters
On Sun, Nov 27, 2016 at 8:09 PM, Trammell Hudson <hudson at trmm.net> wrote:
> On Sun, Nov 27, 2016 at 07:30:07PM -0500, Charlotte Plusplus wrote:
> > [...]
> > With the amount of flash we have, sharing the kernel and initrd doesn't
> > seem like a bad idea.
>
> The problem is if a bad kernel or initrd is flashed then there is no
> way to recover without hardware intervention. Having a truly minimal
> recovery kernel with USB and a spiflash writer makes it possible
> to boot into some sort of mode to reocver from that failure.
>
> For both root of trust as well as reliability concerns, the recovery
> image at the top of the SPI flash should be read-only with the BP bits
> and the WP# pin enabled. That way hardware is required to really mess
> it up.
>
> --
> Trammell
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20161127/4fcc53fe/attachment.html>
More information about the coreboot
mailing list