On Wed, 30 Mar 2022 at 09:11, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > On Wed, Mar 30, 2022 at 09:02:18AM +0200, Ard Biesheuvel wrote: > > > Wouldn't it be better for the secure launch kernel to boot the EFI > > entrypoint directly? As it happens, I just completed a PoC last week > > for a minimal implementation of EFI (in Rust) that only carries the > > pieces that the EFI stub needs to boot Linux. It is currently just a > > proof of concept that only works on QEMU/arm64, but it should not be > > too hard to adapt it for x86 and for booting a kernel that has already > > been loaded to memory. > > The EFI stub carries out a bunch of actions that have meaningful > security impact, and that's material that should be measured. Having the > secure launch kernel execute the stub without awareness of what it does > means it would need to measure the code without measuring the state, > while the goal of DRTM solutions is to measure state rather than the > code. But how is that any different from the early kernel code?
