-
-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
USB modules should be measured #16
Comments
Splitting the USB system into a module increased the size of the initrd by 2 MB. That won't work, unless we're much choosier about which modules to include. |
At the moment, the installation instructions expect the user to flash Heads to the motherboard, and then to boot heads, mount a USB drive, and install Qubes from that drive.
Perhaps I am misunderstanding, but how would the user install Qubes if Heads does not have USB enabled? |
This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules
The point made here is to have usb kernel support as module versus built-in
in the kernel. As a module, it is loaded only if required and requested by
the user (u key at prompt) instead of being there by default when the Linux
payload starts.
I'm pretty sure that issue is fixed now, since the modules to be loaded by
the scripts depends of the configuration of the board and its Linux
configuration.
Either way, USB support is there as we speak as modules. This issue should
be closed. Space constraints have been dealt with since 2016.
Le mer. 1 mars 2017 17:06, Jonathan Femideer <[email protected]> a
écrit :
… At the moment, the installation instructions expect the user to flash
Heads to the motherboard, and then to boot heads, mount a USB drive, and
install Qubes from that drive.
The Linux kernel bootloader should not have USB enabled
Perhaps I am misunderstanding, but how would the user install Qubes if
Heads does not have USB enabled?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#16 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAygsqyvbxTpqTxYBJXHykOwqHIiGdUJks5rhevtgaJpZM4J5Jr7>
.
|
The Linux kernel bootloader should not have USB enabled; loading the modules should require measurement and adjustment of the PCRs (to invalidate the disk encryption keys).
The text was updated successfully, but these errors were encountered: