[coreboot] VGA and Graphics

[Sam Kuper]

On 02/04/2017, Todd Weaver <todd at puri.sm> wrote:
> On 04/01/2017 04:55 PM, Trammell Hudson wrote:
>> On Sat, Apr 01, 2017 at 07:43:40PM +0000, ron minnich wrote:
>>> For a payload chooser and such I can offer two options:
>>> 1) petitboot has a boot menu type thing
>>> 2) u-root (u-root.tk) is going to have a boot menu type thing, as we've
>>> been asked to do one.
>> Heads is coming along in usability and has a strong focus on securing
>> the boot process through TPM measurement and using the flash security
>> features.
>
> One of the three reasons we are including TPM in hardware is because of
> your great talk at 33c3 on Heads! But I failed to see that it offered
> "boot menu type thing"
>
>> It fits the 4.9.20 Linux kernel + initrd into 4 MB, including
>> all of the crypto, networking and other features.  The eventual user
>> kernel (or Xen hypervisor and dom0 kernel) are GPG verified and invoked
>> via
>> kexec for a slightly more secure, legacy free boot process.
>
> So this is referring more about "linux payload" than "boot menu type
> thing" correct? [...]
>
> What we are looking at is to include or develop a solution that
> accomplishes these goals:
> 1) allows us to skip most of vbios (but sounds like still needs the VBT)
> 2) deliver a payload that has a path toward securing the boot process
> (e.g. Heads)
> 3) deliver a payload that can still offer a user to install their own OS
> (thus allowing user-configuration and control)

Presumably petitboot, u-root, or another "boot menu type thing" could
be included in Heads? This would seem to be the best outcome.*

Whether that would still fit into 4MB is another matter, but it seems
worth a try. Even 8MB or 12MB would make it usable on some existing
motherboards without the need to desolder anything.

I look forward to seeing what emerges from your (hopeful) collaboration!

* Formal verification of all this would be even better, but that's
probably several years in the future :)