On 07/14/2011 05:14 AM, Wei, Gang wrote:
Hello,
I am owner of tboot package in Fedora. I am seeking helps from anaconda to install tboot package and configure bootloader entry accordingly. (https://fedoraproject.org/wiki/Features/Trusted_Boot)
Trusted Boot (tboot) is an pre-kernel/VMM module that uses Intel Trusted Execution Technology to perform a measured and verified launch of an OS kernel/VMM. It requires below style of multiboot entry in grub.conf to make it work.
[Linux case]
title Linux w/ Intel(R) Trusted Execution Technology
root (hd0,1)
kernel /tboot.gz logging=serial,vga,memory
module /vmlinuz-2.6.18-xen root=/dev/VolGroup...
module /initrd-2.6.18-xen.img
[Xen case]
title Xen w/ Intel(R) Trusted Execution Technology
root (hd0,1)
kernel /tboot.gz logging=serial,vga,memory
module /xen.gz iommu=required dom0_mem=524288 com1=115200,8n1
module /vmlinuz-2.6.18-xen root=/dev/VolGroup...
module /initrd-2.6.18-xen.img
Would anaconda community agree to accept changes to support above things for tboot?
If no strong objection, then:
I am really a newbie in anaconda world. Can any of you kindly provide some hints about what would be the required changes to achieve my goal - way to opt-in tboot package and provide multiboot grub entry for it?
I am looking into the code, but have no idea yet about how could tboot occur on certain package list such as "Base System/Base" group, or even a new "Base System/Trusted Boot" group.
How could we know the tboot package is installed or not while writing bootloader configure?
When to instantiate a new MultibootLinuxBootLoaderImage derived from LinuxBootLoaderImage?
We should add a new path in GRUB.writeBootloader() to format the multiboot entry, right?
Any comments, suggestion, guidance are welcome and appreciated. I may submit a patch after above puzzles got resolved.
Getting tboot included in the default package set is a FESCo decision.
If they agree, it would be added to the comps database accordingly.
Actually, it should be added to that database anyway, it's just whether
or not it would be installed by default or not.
For the changes necessary in anaconda, I have the following questions:
1) How do we know that setting up tboot is appropriate for the system?
Is there something we can examine in /proc or /sys that tells us whether
or not tboot should be configured? Or (and this is what would be really
nice) can we always set up tboot if the package is installed and then
tboot will either do something related to TXT or just fall through and
boot up normally on systems that lack TXT support?
2) tboot is something that sits on top of grub, correct? Not something
that we use in place of grub on the appropriate systems?
3) The Fedora feature page you link to mentions possibly having to
provide a patch to grubby to handle tboot entries in grub.conf. This
isn't really an optional thing, grubby will need to be modified to
handle tboot settings so that they do not get lost in upgrades.
Thinking about it from an implementation standpoint, I do not feel like
this is too bad for anaconda. Assuming we can get answers to these
questions, it feels like an easy extension to the x86 boot loader class.
--
David Cantrell <dcantrell@xxxxxxxxxx>
Supervisor, Installer Engineering Team
Red Hat, Inc. | Westford, MA | EST5EDT
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
