-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Intel Trusted Execution Technology (TXT) support #396
Comments
Going beyond this, we probably to to ensure compatibility with Intel Converged Boot Guard and Trusted Execution Technology (CBnT). 9elements has implemented support for both in coreboot.
|
+1 |
From https://doc.coreboot.org/security/vboot/measured_boot.html#known-limitations
While https://doc.coreboot.org/security/intel/txt_ibb.html Seems pretty complete, just unsure if coreboot permits to configure IBB from kconfig options directly. What is currently missing from coreboot side? Which platforms and CPU families are the lowest requirements to implement TXT with sinit+acm to measure bootblock as part of IBB with CPU anchored RoT @DemiMarie? Is that documented somewhere? Was there upstream discussions @pietrushnic? Past discussions trails on the subject at linuxboot/heads#1172 |
@tlaurion I’ll leave that question to 3mdeb engineers. |
Posted |
This can be used for Dynamic Root of Trust for Measurement and will enable Qubes OS Anti-Evil Maid (AEM) support in the future.
The text was updated successfully, but these errors were encountered: