dbkinder
commented
1 year ago (Contents of attached text file)
ACRN-Hypervisor: ACRN is booted using EFI and GRUB, this is complicated. So as ACRN wants to be embedded, so combine it with coreboot and boot into the hypervisor right away. Having a running ACRN hypervisor just after board bring up, booted from the flash of the x86_64 mainboard's BIOS flash gives you a chain of trust while booting. In the hypervisor ACRN you can try to boot something like linux, xBSD or commecrial operating systems. As ACRN claims to be a type 1 hypervisor this shoud work and one will get a secured embedded platform. This should be tested using a Lenovo X220
https://www.coreboot.org/Board:lenovo/x220 https://github.com/michaelmob/x220-coreboot-guide
So one can try to have a ACRN payload in coreboot.
@junjiemao1 commented:
@openfnord Thanks for bringing up your ideas!
There was a similar idea previously where Slim Bootloader (i.e. SBL), which is another BIOS designed to be minimal, is used to boot ACRN. The hypervisor, however, is still loaded by the OS loader of SBL, with Multiboot being the boot protocol between SBL and ACRN. AFAIK in coreboot HOBs are used as the interface to payloads, which may be one of the main differences from the previous approach.
Contributions are always warmly welcomed in ACRN community. Feel free to bring up any draft you have 😄
Create this issue to track PR#8130 which is originally reported as Pull Request.
integrate ACRN into coreboot so correboot boots securely into ACRN hypervisior as security OS
This accidentially found its way into projectacrn. As I just wanted to add it to my fork (I collect some source that I might use later). While thinking on how to remove it. I thought, maybe you should just read my idea, discuss it and reject my pull request :-)
luja