Closed BeataZdunczyk closed 2 weeks ago
Latest changes can be seen at https://github.com/TrenchBoot/grub/compare/b53ec06...tb-2.12-57-linux-amd. There is only one new commit for AMD SKINIT (https://github.com/TrenchBoot/grub/commit/fc42d91bfeb1cb412bbaa5e846d6685a234d42ea), one new commit with a fix (https://github.com/TrenchBoot/grub/commit/cc5e2c006f998d9f4a77b595a666407a98bd0671), the rest of the new changes were integrated into previously existing commits.
When updated GRUB is used along with SKL built from https://github.com/TrenchBoot/secure-kernel-loader/pull/21 on APU3 with Seabios, the following output is produced on slaunch:
``` IOMMU disabled by a firmware, please check your settings Couldn't set up IOMMU, DMA attacks possible! shasum calculated: 0x00000000044aff5c: bc 3c 50 c9 26 5f 8f 28 54 bd cc d0 9b c1 1e c7 .
Log after enabling IOMMU on the same platform:
However, I think that the changes cover also https://github.com/TrenchBoot/trenchboot-issues/issues/32 and https://github.com/TrenchBoot/trenchboot-issues/issues/33. For the latter, we can update Qubes OS builder CI (the config we used was recently removed), but #32 will be complete together with this issue.
I've added two comments that should be fixed: https://github.com/TrenchBoot/grub/commit/fc42d91bfeb1cb412bbaa5e846d6685a234d42ea#r145084754 (suboptimal memory allocation) and https://github.com/TrenchBoot/grub/commit/da0161f28c1c70794aa15c3cf8b5025073b999e6#r145085228 (timing problem that caused unexpected PCR values on release builds earlier).
Addressed the comments, changes: https://github.com/TrenchBoot/grub/compare/fc42d91bfeb1cb412bbaa5e846d6685a234d42ea..tb-2.12-57-linux-amd (also spotted and fixed some incorrect formatting).
For easier tracking and review, changes to GRUB were moved to https://github.com/TrenchBoot/grub/pull/22. That PR has been merged, which closes this task and #32.
Refreshing existing GRUB code and implementing necessary fixes for the most up-to-date TrenchBoot boot protocol. This also includes changes to code style to make it compatible with GRUB's expectations. The code will be pushed to the TrenchBoot GRUB repository to serve as a foundation for future TrenchBoot activities.