GRUB and TPM

For GRUB 0.x, there is the Trusted GRUB, from TrouSerS and the GRUB Legacy project:

https://firmwaresecurity.com/2015/12/20/new-uefi-patched-grub-legacy/
http://trousers.sourceforge.net/grub.html

I may have missed it, but I don’t think the recent GRUB Legacy project has Trusted GRUB ‘s TPM support. I hope they pick it up, it would be nice to have a single GRUB Legacy with latest UEFI and TPM support. I wonder what other forks of GRUB 0.x are worth watching?

For GRUB2, I missed this activity from Matthew back in September, but it appears that he’s added TPM support to GRUB2:

http://mjg59.dreamwidth.org/37656.html
https://github.com/mjg59/grub

The above blog post mentions Sirrix AG’s TrustedGRUB, that it was based on.

I just noticed that the TrustedGRUB2 project from Sirrix AG has also been recently updated:

https://github.com/Sirrix-AG/TrustedGRUB2
https://github.com/Sirrix-AG/TrustedGRUB2/commits/master

Hmm, there’s some UEFI 2.5-centric checks in the Sirrix tree, too:
https://github.com/Sirrix-AG/TrustedGRUB2/commit/c79c59f1295df8ea660f8a858f9532d76a5f67b7

https://www.gnu.org/software/grub/

So it appears that both Matthew’s GRUB2 as well as Sirrix’s current TrustedGRUB2 are both of interest, probably others (how many others??).  Why doesn’t upstream GRUB2 take all these patches, anyway? Is it an FSF issue with TPM/UEFI-centric code? I wish UEFI Form was a bit more proactive with GRUB[2], two of the most influential UEFI ‘pre-OS’ applications in use.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s