kexec GRUB, multiboot port and qemu

[Ague Mill <ague@mailoo.org>]

[-- Attachment #1: Type: text/plain, Size: 1712 bytes --]

Hi!

As a developer working on Tails [1], a live distribution aimed at
protecting its users' privacy, I am trying to tackle one of our
long-standing issue: we need to properly overwrite the system memory
with zeros on shutdown in order to erase traces of the user activity.

Actually, after some long hours of hacking, it looks like GRUB could
be all what we needed to nail this issue. Have a look at the current
state of affairs [2] if you are interested in the details.

[1] https://tails.boum.org/
[2] https://tails.boum.org/bugs/sdmem_does_not_clear_all_memory/grub/


I am currently stuck on how to obtain a standalone GRUB image that could
be kexec'ed from Linux.

When building an ELF image with the 'pc' port, kexec replies:

    Base address: 8200 is not page aligned

The next candidate looked like the 'multiboot' port. But I can't get an
image that will work in qemu. I have tried to build a strictly minimal
boot image using the following commands:

    ./configure --with-platform=multiboot --target=i386
    make -j4
    ./grub-mkimage -O i386-multiboot -C xz -d ./grub-core \
        -o /tmp/multiboot.img

Here is how I start qemu after:

    qemu -kernel /tmp/multiboot.img -vga std -m 256

And I get the following error:

    Missing Multiboot memory information
    Aborted.


Is there any known working way to test multiboot images?
Is there a better path to be able to use kexec to load and execute GRUB?


I would very much like to offer the `wipe_memory` command for inclusion
in GRUB (and do the necessary refinements on the patch) once we have
something that works from one end to the other for Tails.

Thanks for your help,
-- 
Ague

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]