FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-14-2011, 09:14 AM
"Wei, Gang"
 
Default support multiboot bootloader entry

Hello,

I am owner of tboot package in Fedora. I am seeking helps from anaconda to install tboot package and configure bootloader entry accordingly. (https://fedoraproject.org/wiki/Features/Trusted_Boot)

Trusted Boot (tboot) is an pre-kernel/VMM module that uses Intel Trusted Execution Technology to perform a measured and verified launch of an OS kernel/VMM. It requires below style of multiboot entry in grub.conf to make it work.

[Linux case]
title Linux w/ Intel(R) Trusted Execution Technology
root (hd0,1)
kernel /tboot.gz logging=serial,vga,memory
module /vmlinuz-2.6.18-xen root=/dev/VolGroup...
module /initrd-2.6.18-xen.img

[Xen case]
title Xen w/ Intel(R) Trusted Execution Technology
root (hd0,1)
kernel /tboot.gz logging=serial,vga,memory
module /xen.gz iommu=required dom0_mem=524288 com1=115200,8n1
module /vmlinuz-2.6.18-xen root=/dev/VolGroup...
module /initrd-2.6.18-xen.img

Would anaconda community agree to accept changes to support above things for tboot?

If no strong objection, then:

I am really a newbie in anaconda world. Can any of you kindly provide some hints about what would be the required changes to achieve my goal - way to opt-in tboot package and provide multiboot grub entry for it?

I am looking into the code, but have no idea yet about how could tboot occur on certain package list such as "Base System/Base" group, or even a new "Base System/Trusted Boot" group.

How could we know the tboot package is installed or not while writing bootloader configure?

When to instantiate a new MultibootLinuxBootLoaderImage derived from LinuxBootLoaderImage?

We should add a new path in GRUB.writeBootloader() to format the multiboot entry, right?

Any comments, suggestion, guidance are welcome and appreciated. I may submit a patch after above puzzles got resolved.

Jimmy (gwei3)

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 07-14-2011, 01:59 PM
David Cantrell
 
Default support multiboot bootloader entry

On 07/14/2011 05:14 AM, Wei, Gang wrote:

Hello,

I am owner of tboot package in Fedora. I am seeking helps from anaconda to install tboot package and configure bootloader entry accordingly. (https://fedoraproject.org/wiki/Features/Trusted_Boot)

Trusted Boot (tboot) is an pre-kernel/VMM module that uses Intel Trusted Execution Technology to perform a measured and verified launch of an OS kernel/VMM. It requires below style of multiboot entry in grub.conf to make it work.

[Linux case]
title Linux w/ Intel(R) Trusted Execution Technology
root (hd0,1)
kernel /tboot.gz logging=serial,vga,memory
module /vmlinuz-2.6.18-xen root=/dev/VolGroup...
module /initrd-2.6.18-xen.img

[Xen case]
title Xen w/ Intel(R) Trusted Execution Technology
root (hd0,1)
kernel /tboot.gz logging=serial,vga,memory
module /xen.gz iommu=required dom0_mem=524288 com1=115200,8n1
module /vmlinuz-2.6.18-xen root=/dev/VolGroup...
module /initrd-2.6.18-xen.img

Would anaconda community agree to accept changes to support above things for tboot?

If no strong objection, then:

I am really a newbie in anaconda world. Can any of you kindly provide some hints about what would be the required changes to achieve my goal - way to opt-in tboot package and provide multiboot grub entry for it?

I am looking into the code, but have no idea yet about how could tboot occur on certain package list such as "Base System/Base" group, or even a new "Base System/Trusted Boot" group.

How could we know the tboot package is installed or not while writing bootloader configure?

When to instantiate a new MultibootLinuxBootLoaderImage derived from LinuxBootLoaderImage?

We should add a new path in GRUB.writeBootloader() to format the multiboot entry, right?

Any comments, suggestion, guidance are welcome and appreciated. I may submit a patch after above puzzles got resolved.


Getting tboot included in the default package set is a FESCo decision.
If they agree, it would be added to the comps database accordingly.
Actually, it should be added to that database anyway, it's just whether
or not it would be installed by default or not.


For the changes necessary in anaconda, I have the following questions:

1) How do we know that setting up tboot is appropriate for the system?
Is there something we can examine in /proc or /sys that tells us whether
or not tboot should be configured? Or (and this is what would be really
nice) can we always set up tboot if the package is installed and then
tboot will either do something related to TXT or just fall through and
boot up normally on systems that lack TXT support?


2) tboot is something that sits on top of grub, correct? Not something
that we use in place of grub on the appropriate systems?


3) The Fedora feature page you link to mentions possibly having to
provide a patch to grubby to handle tboot entries in grub.conf. This
isn't really an optional thing, grubby will need to be modified to
handle tboot settings so that they do not get lost in upgrades.


Thinking about it from an implementation standpoint, I do not feel like
this is too bad for anaconda. Assuming we can get answers to these
questions, it feels like an easy extension to the x86 boot loader class.


--
David Cantrell <dcantrell@redhat.com>
Supervisor, Installer Engineering Team
Red Hat, Inc. | Westford, MA | EST5EDT

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 07-14-2011, 03:48 PM
"Wei, Gang"
 
Default support multiboot bootloader entry

David Cantrell wrote on*2011-07-14:
> Getting tboot included in the default package set is a FESCo decision.
> If they agree, it would be added to the comps database accordingly.
> Actually, it should be added to that database anyway, it's just
> whether or not it would be installed by default or not.

Does the default package set mean those packages included in the install
iso image or those by default installed packages?

So far, we could already yum install tboot for f15, does it mean it has
already been added to the comps database right? I could not find it in
f15 install iso image yet.

> For the changes necessary in anaconda, I have the following questions:
>
> 1) How do we know that setting up tboot is appropriate for the system?
> Is there something we can examine in /proc or /sys that tells us
> whether or not tboot should be configured? Or (and this is what would
> be really
> nice) can we always set up tboot if the package is installed and then
> tboot will either do something related to TXT or just fall through and
> boot up normally on systems that lack TXT support?

Correct. We can always set up tboot if the package is installed. Tboot will fall
through and just boot up kernel on systems that lack TXT support.

> 2) tboot is something that sits on top of grub, correct? Not
> something that we use in place of grub on the appropriate systems?

Correct. Tboot sits on top of grub. It just takes advantage of the multiboot
capability of grub.

> 3) The Fedora feature page you link to mentions possibly having to
> provide a patch to grubby to handle tboot entries in grub.conf. This
> isn't really an optional thing, grubby will need to be modified to
> handle tboot settings so that they do not get lost in upgrades.

The grubby already support updates for single level multiboot cases such
as xen+linux or tboot+linux. What it lacks of is support for updating two
level multiboot case such as tboot+xen+linux. The two level multiboot may
not be a must to support in grubby, right? But anyway, I would try to
make it after anaconda support done.

> Thinking about it from an implementation standpoint, I do not feel
> like this is too bad for anaconda. Assuming we can get answers to
> these questions, it feels like an easy extension to the x86 boot loader class.

Yes, I agree. I will try to make a patch after we get answers to those implementation questions.

After all, thanks for the timely response.

Jimmy

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 

Thread Tools




All times are GMT. The time now is 02:54 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org