TrenchBoot boot protocol for Xen in UEFI boot mode

Owner: miczyg

There are various ways to boot Xen hypervisor in UEFI boot mode:

• EFI multiboot2 protocol
• native EFI PE entry point

TrenchBoot [1] is a project that helps integrate the Dynamic Root of Trust for Measurement (DRTM) in various open-source projects. The main principle of Dynamic Launch (platform booted with DRTM technology) is to provide certain guarantees about the launched software by measuring it in a secure environment without external intervention of BIOS/System Management Mode/peripherals. It also assumes that whatever was executed before Dynamic Launch does not persist in the form of runtime callable code. With modern UEFI-compliant firmware, it is nearly impossible to achieve with the presence of Runtime Services, System Management Interrupts, etc. The goal of the design session is to come up with the solution which is the most suitable for UEFI boot mode:

• plain multiboot2 like in legacy BIOS (information about UEFI is lost, but also is the usage of runtime services)
• EFI multiboot2 protocol (using the Secure Launch Resource Table per Secure Launch specification[2])
• native EFI PE entry (using the Secure Launch Resource Table per Secure Launch specification[2])

The design session is related to the session presentation: Challenges and Status of Enabling TrenchBoot in Xen Hypervisor [3]

[1] https://trenchboot.org/

[2] https://trenchboot.org/specifications/Secure_Launch/

[3] https://xenprojectsummit2024.sched.com/event/1bCFO