[coreboot] VGA and Graphics

Trammell Hudson hudson at trmm.net
Mon Apr 3 00:03:41 CEST 2017


On Sun, Apr 02, 2017 at 09:18:10AM -0700, Todd Weaver wrote:
> [...]
> One of the three reasons we are including TPM in hardware is because of
> your great talk at 33c3 on Heads!

I'm glad to hear that it inspired you to include it!

> But I failed to see that it offered "boot menu type thing"

Currently there isn't any sort of boot selection menu; if
the default doesn't work you can drop into a "recovery shell",
which extends the PCRs to note that this has happened,
and allows the user to manually mount devices, fixup signatures,
run kexec, etc.

Adding a menuing system has been on the todo list for a while --
Zaolin started experimenting with plymouth, although it hasn't been
integrated into the rest of the system.

> [...]
> What we are looking at is to include or develop a solution that
> accomplishes these goals:
> 1) allows us to skip most of vbios (but sounds like still needs the VBT)
> 2) deliver a payload that has a path toward securing the boot process
> (e.g. Heads)
> 3) deliver a payload that can still offer a user to install their own OS
> (thus allowing user-configuration and control)

2 and 3 don't need to be separate stages, although it might make sense to
prototype them in two pieces to deal with ROM size issues.  This is the
approach the the Mass Open Cloud group is doing; their remote attestation
infrastructure is currently in python and has both glibc and OpenSSL
dependencies, so their Heads init script does a fetch, measure and
extract of a tar file from the network.  Porting it to work with
libtpm and musl-libc is later on their roadmap.

-- 
Trammell



More information about the coreboot mailing list