Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher

[Andy Lutomirski]

> On Jun 1, 2020, at 5:14 PM, Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> wrote:
> 
> ïOn 6/1/20 3:39 PM, Andy Lutomirski wrote:
>>>> .
> 
> In other words, the log for the relaunch to attest what is currently
> running is really no less useful than using the first launch log to
> attest to the what was running in the first launch.
> 

Maybe it would help if you give some examples of whatâs actually in this log and why anyone, Linux or otherwise, cares for any purpose other than debugging.  Weâre talking about a log written by something like GRUB, right?  If so, Iâm imagining things like:

GRUB: loading such-and-such module
GRUB: loading the other module
GRUB: loading Linux at /boot/vmlinuz-whatever
GRUB: about to do the DRTM launch. Bye-bye.

This is surely useful for debugging.  But, if I understand your security model correctly, itâs untrustworthy in the sense that this all comes from before the DRTM launch and it could have been tampered with by SMM code or even just a malicious USB stick.  Or even a malicious compromised kernel on the same machine. So you could hash this log into a PCR, but I donât see what youâve accomplished by doing so.

Or have I misunderstood what this log is?  Perhaps youâre talking about something else entirely.