Closed GZibrat closed 1 year ago
julian-klode
commented
1 year ago We probably should avoid this workaround, options are bad (who tests them, why do systems behave differently, etc), and the right approach to this is integrating the fallback into shim directly which is already planned.
GZibrat
commented
1 year ago Thanks for taking a look!
the right approach to this is integrating the fallback into shim directly which is already planned.
That is great news! Do you have an ETA for this work or a place where I can track its progress?
We probably should avoid this workaround, options are bad
IMO, Options are not bad. All software has options which includes the shim. But I agree that if there is a more proper solution we can drop this one. This is a very high priority item for us so I'd like to avoid the case where integrating the fallback into the shim slips or dropped without notification or a back up plan. If the proper solution is still > a few months out could we think about a short term solution and remove it later?
who tests them
Google will be using it extensively.
Thanks again!
GZibrat
commented
1 year ago https://github.com/rhboot/shim/issues/429
Perhaps this is the issue to track?
I am happy to work on it if it doesn't seem terribly complicated or if I can get some pointers on the general idea.
GZibrat
commented
1 year ago @vathpela
Any answers or thoughts on this?
vathpela
commented
1 year ago Hopefully this branch https://github.com/vathpela/mallory/tree/merge-mm-and-fb-into-shim (still very much a work in progress) should address the issue for you? But yes, this is issue #429
On GCE we have the TPM enabled by default so we hit this reboot on every VM start. Some VM types have a very expensive reboot so we'd like to avoid this reboot if possible.
The mechanism here does that by not having the fallback change the boot order so that it always remains in the boot path. This should keep TPM measurements stable to make the reboot not needed.
author: Gary Zibrat gzibrat@google.com