krystian-hebel
commented
7 months ago There is an issue with installation in legacy mode for R4.2.0, but rc3 still works.
Tests on HP Elitedesk 800 G2 with TPM 2.0 were successful:
There are only two small issues, I'll describe them in the blog post, but I don't think they are blocking this release:
- Xen doesn't use TXT_EVTYPE_SLAUNCH_START and TXT_EVTYPE_SLAUNCH_END
- qubes-antievilmaid version was bumped upstream, so updates would overwrite our changes. Documentation modified by us mentions the version number, so we can't just rebase on top of upstream without modifying those numbers in documentation.
BeataZdunczyk
Is your feature request related to a problem? Please describe.
It is necessary to retest the solution on Intel hardware with TPM 1.2 and TPM 2.0 using legacy boot mode to ensure proper functionality after updating the TrenchBoot support in Qubes OS AEM.
Is your feature request related to a new idea or technology that would benefit the project? Please describe.
This issue is required to ensure that the TrenchBoot support continues to work properly on Intel hardware with TPM 1.2 and TPM 2.0 using legacy boot mode after the code rebase onto the most recent work implementing Secure Launch protocol being upstreamed to Linux and GRUB implementation (https://github.com/TrenchBoot/trenchboot-issues/issues/17).
Describe the solution you'd like
Retest the TrenchBoot support on Intel hardware with TPM 1.2 and TPM 2.0 using legacy boot mode after the code rebase onto the most recent work implementing Secure Launch protocol being upstreamed to Linux and GRUB to ensure proper functionality.
Describe alternatives you've considered
N/A
Additional context
This feature request is part of Phase 3 in TrenchBoot as Anti Evil Maid project, as outlined in the documentation: https://docs.dasharo.com/projects/trenchboot-aem-v2/.
Relevant documentation you've consulted
N/A