Michał Żygowski

This Pull Request contains the application 3mdeb sent to NLNet to obtain the grant: https://github.com/3mdeb/kgpe-osf/pull/1 Feel free to comment and review.

Simply have a look at the coreboot mailing list: - https://mail.coreboot.org/hyperkitty/list/[email protected]/thread/ME4TULTDZGIYJEMNR2IB2W6P7ONG76EU/#GCJF7CIWGCKZCDWYPWAM2LKQW6APHZRJ (memory problems) - https://mail.coreboot.org/hyperkitty/list/[email protected]/thread/ZR7LMBXOFKR5FWVQDI22UB6O3LO5WGQ3/#TH57VEGCY357ZH534PU5PKSDSMYLTLFH (S3 suspend/resume problems) - https://mail.coreboot.org/hyperkitty/list/[email protected]/thread/VWFKH7FDWLO5KGZMIJ7VM67SIUWJRVZL/#OCHSI6UL2XZDSA3HCHOONNN5EX4HLUGE (kernel panic from new microcode) - https://mail.coreboot.org/hyperkitty/list/[email protected]/thread/H5KHOUVDPQA2NSUE43IBRKSYBZQK4DWN/#H5KHOUVDPQA2NSUE43IBRKSYBZQK4DWN (SLUB memory allocator...

@3mdeb is evaluating the effort of porting the POWER9 Talos II and Talos II Lite to coreboot. The plan should be announced soon.

@CptNemooo did you build the heads-docker container yourself or simply pulled from dockerhub?

> txt_bios_policy.bin not present under CBFS (required?) Not required. This is optional if one wants to define some custom policies and deny booting an untrusted OS for example. The advantage...

One does not need any manifestation unless Boot Guard is enabled or the machine is at least 10th gen Intel Core CPU (which uses CBnT)

A quick good read is https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html I think

https://docs.dasharo.com/projects/trenchboot-aem/ https://github.com/TrenchBoot/trenchboot-issues/issues/3 https://github.com/TrenchBoot/trenchboot-issues/issues/4

Just to clarify the possibilities of TXT measuring the IBB to PCR0, a few things that have to be known: 1. There are two Intel TXT variants: client and server....

@ansiwen I believe we cannot get over this one: > Client TXT BIOS ACMs are not SACMs, thus the CPU does not run it, despite it is present in FIT....