Discussion:
Requirements to start Grub properly
(too old to reply)
Jeremy Fields
2018-08-15 17:13:50 UTC
Permalink
Hello Grub developers;

I'm working on a project similar to Intel's trusted boot (tboot) project
(1) that uses Intel's TXT features to call the special GETSEC[SENTER]
instruction. If I try to start Grub at any point after executing that
instruction, Grub loads in its minimal mode, cannot find any partitions,
and has almost no commands available. Grub works fine when utilizing AMD's
equivalent secure kernel initialize (SKINIT) function.

I doubt this is any fault of Grub, but to diagnose, I'm struggling to find
what it is that Grub is looking for, that it can't find. When booting the
Linux kernel, the linux kernel boot protocol must be followed. Is there
something similar for Grub? Another way to phrase it would be: what does
Grub require to properly run? (this is in a standard x86 consumer
laptop/desktop environment)

My only thought thus far was to check that the MBR was not erased from
memory (512 bytes @ phys addr: 0x7c00), since that contains the partition
map that Grub seemingly isn't finding/loading, but this is not the case.

Any guidance or thoughts would be appreciated!

(1) https://sourceforge.net/p/tboot/wiki/Home/
--
Sincerely,
Jeremy
______________________________
Software Engineer
Critical Technologies Inc.
Daniel Smith
2018-09-06 11:13:07 UTC
Permalink
Post by Jeremy Fields
Hello Grub developers;
Greetings Jeremy.
Post by Jeremy Fields
I'm working on a project similar to Intel's trusted boot (tboot) project (1) that uses Intel's TXT features to call the special GETSEC[SENTER] instruction. If I try to start Grub at any point after executing that instruction, Grub loads in its minimal mode, cannot find any partitions, and has almost no commands available. Grub works fine when utilizing AMD's equivalent secure kernel initialize (SKINIT) function.
I am glad to see others interested in using x86 late-launch
capabilities. I too am working on late launch in an effort to make it
more accessible across AMD and Intel, please see my presentation at
PSEC[1] and the project git repo[2] or in depth details. The project
is still in its infancy with my time split between code and
documentation but we have a goal to have an end-to-end capability
later this year. The part of the approach we are taking that might be
of interest to you is that we are working to enable grub to initiate
the late launch itself. I am not sure about your approach, but if you
think the approach we are taking would work for you, we would enjoy
more people/groups to join in.

[1] https://www.platformsecuritysummit.com/2018/speaker/smith/
[2] https://github.com/TrenchBoot/trenchboot

V/r,
Daniel P. Smith

Continue reading on narkive:
Loading...