From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LaaE1-0005Yo-Ug for mharc-grub-devel@gnu.org; Fri, 20 Feb 2009 13:35:50 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LaaDz-0005YW-VB for grub-devel@gnu.org; Fri, 20 Feb 2009 13:35:47 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LaaDy-0005YC-Al for grub-devel@gnu.org; Fri, 20 Feb 2009 13:35:47 -0500 Received: from [199.232.76.173] (port=46964 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LaaDy-0005Y9-7J for grub-devel@gnu.org; Fri, 20 Feb 2009 13:35:46 -0500 Received: from mta-out.inet.fi ([195.156.147.13]:37644 helo=kirsi2.inet.fi) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LaaDx-0006f0-KF for grub-devel@gnu.org; Fri, 20 Feb 2009 13:35:45 -0500 Received: from [192.168.1.102] (84.248.105.254) by kirsi2.inet.fi (8.5.014) id 48FC5B8905562ED3 for grub-devel@gnu.org; Fri, 20 Feb 2009 20:35:40 +0200 Message-ID: <499EF7FB.7090609@nic.fi> Date: Fri, 20 Feb 2009 20:35:39 +0200 From: =?ISO-8859-1?Q?Vesa_J=E4=E4skel=E4inen?= User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: The development of GRUB 2 References: <200902200945.51426.michael@gorven.za.net> <499E93A0.2090108@gmail.com> <200902201412.15026.michael@gorven.za.net> <499EE8EF.7070503@student.ethz.ch> In-Reply-To: <499EE8EF.7070503@student.ethz.ch> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 18:35:48 -0000 Jan Alsenz wrote: > I agree too! > > Multiple methods are interesting and everything that can be, should be placed in > modules. > But some parts of a trusted boot chain need to be in the MBR, etc. which is > mainline code (regardless of how how you build it). > > The way I have implemented my version of the MBR right now is with compile flags: > If you don't want/need TPM code it won't be on your system! If you compile it > with TPM support, it won't boot if there is no TPM (I don't like silent failures). In case it will get some day in. I would propose that you make own MBR code like that gets compiled to own img file like tpmboot.img (512 bytes). Then you can just provide img file for tool chain. You are probably throwing code away anyway from normal mbr boot code.