Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dasharo (coreboot+SeaBIOS) with TrenchBoot for Protectli VP4670 #1167

Open
pietrushnic opened this issue Dec 11, 2024 · 5 comments
Open

Dasharo (coreboot+SeaBIOS) with TrenchBoot for Protectli VP4670 #1167

pietrushnic opened this issue Dec 11, 2024 · 5 comments
Assignees
@pietrushnic
Milestone
Protectli VP4670 ...

Comments

@pietrushnic
Copy link

Digest https://youtu.be/RVK52BCM-ZM and provide a plan for TechPreview publication.
@pietrushnic pietrushnic self-assigned this Dec 11, 2024
@pietrushnic
Copy link
Author

@miczyg1 any chance I can get your input here?

@miczyg1
Copy link
Contributor

miczyg1 commented Dec 16, 2024

  1. If it may be part of the plan, this is something to look into:
  1. Platform preparation for shipping/testing:
  • Connecting a dTPM
  • Provisioning the dTPM for Intel TXT (requires UEFI environment to run the provisioning tools, although 9e suite has the support for provisioning a TPM, I could not get it to work, the suite tools did not detect a TPM, despite Linux detected it...)
  • Flashing the TechPreview firmware
  1. Testing:

I guess we are mainly interested only in a couple of test cases:

  • Installing Qubes OS
  • Installing and verifying TrenchBoot works (e.g. DRTM PCR are non-zero and event log reproduces PCR values)
  • Other OSes? Which ones?
  1. Release publication. As usual, newsletter and docs.dasharo.com via templates.
  2. Product in the shop. Some description for the shop would be needed.

@pietrushnic
Copy link
Author

Provisioning the dTPM for Intel TXT (requires UEFI environment to run the provisioning tools, although 9e suite has the support for provisioning a TPM, I could not get it to work, the suite tools did not detect a TPM, despite Linux detected it...)

This sounds like something that an additional package in DTS, which could be available under the Dasharo Pro Package, needs to do.

Other OSes? Which ones?

For now, I don't think we have to extend the scope here. In the long run, maybe mainstream distros could benefit from this when upstream accepts DRTM support.

@pietrushnic
Copy link
Author

Anyway, thanks for the input and the plan. I will try to see if I can schedule anything internally.

@miczyg1
Copy link
Contributor

miczyg1 commented Dec 16, 2024

This sounds like something that an additional package in DTS, which could be available under the Dasharo Pro Package, needs to do.

Technically speaking, raw commands from tpm2-tools should also work... One has to simply know what commands to invoke. It mainly requires creating TPM NV indices with correct policies (which are nearly fixed).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pietrushnic pietrushnic

Labels
None yet
Projects
None yet
Milestone
Protectli VP4670 (coreboot+SeaBIOS) v...
Development

No branches or pull requests
2 participants
@pietrushnic @miczyg1