• Fan Wu's avatar
    ipe: introduce 'boot_verified' as a trust provider · a8a74df1
    Fan Wu authored
    IPE is designed to provide system level trust guarantees, this usually
    implies that trust starts from bootup with a hardware root of trust,
    which validates the bootloader. After this, the bootloader verifies
    the kernel and the initramfs.
    
    As there's no currently supported integrity method for initramfs, and
    it's typically already verified by the bootloader. This patch introduces
    a new IPE property `boot_verified` which allows author of IPE policy to
    indicate trust for files from initramfs.
    
    The implementation of this feature utilizes the newly added
    `initramfs_populated` hook. This hook marks the superblock of the rootfs
    after the initramfs has been unpacked into it.
    
    Before mounting the real rootfs on top of the initramfs, initramfs
    script will recursively remove all files and directories on the
    initramfs. This is typically implemented by using switch_root(8)
    (https://man7.org/linux/man-pages/man8/switch_root.8.html).
    Therefore the initramfs will be empty and not accessible after the real
    rootfs takes over. It is advised to switch to a different policy
    that doesn't rely on the `boot_verified` property after this point.
    This ensures that the trust policies remain relevant and effective
    throughout the system's operation.
    Signed-off-by: default avatarDeven Bowers <deven.desai@linux.microsoft.com>
    Signed-off-by: default avatarFan Wu <wufan@linux.microsoft.com>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    a8a74df1
ipe.c 1.34 KB