SergiiDmytruk
commented
2 weeks ago The prospect of loading Linux using AMD SKINIT was taken into account while implementing https://github.com/TrenchBoot/trenchboot-issues/issues/17 (initial switch to SLRT for loading Xen via Multiboot2 using Intel TXT) and then https://github.com/TrenchBoot/trenchboot-issues/issues/21 (loading Xen via Multiboot2 using AMD SKINIT). Thanks to that preparation code changes made for https://github.com/TrenchBoot/trenchboot-issues/issues/31 already follow the latest SL specification.
As demonstrated by comments in that issue (https://github.com/TrenchBoot/trenchboot-issues/issues/31#issuecomment-2267764167, https://github.com/TrenchBoot/trenchboot-issues/issues/31#issuecomment-2271555724), GRUB is capable of starting SKL that uses SLRT (main changes for that are in https://github.com/TrenchBoot/secure-kernel-loader/pull/15) and SKL successfully parses SLRT to extract information about the bootloader (GRUB2) and DLME (Linux).
krystian-hebel
Brief summary A clear and concise summary of the task that should be done.
The existing AMD support was designed and implemented before the Secure Launch (SL) specification was defined. Therefore, changes are required in GRUB to use the structures expected by the SL specification. These changes will align GRUB with the SL structures and be pushed to the GRUB repository.