xenbits.xensource.com Git - unikraft/unikraft.git/commit

author	Sergiu Moga <sergiu.moga@protonmail.com>
	Wed, 26 Apr 2023 10:12:40 +0000 (13:12 +0300)
committer	Unikraft <monkey@unikraft.io>
	Fri, 11 Aug 2023 10:47:30 +0000 (10:47 +0000)
commit	26313ec58d27a96c8f6427cf6e90a7b385ff9790
tree	9c7cd1297c4f3d4d7e8cb5ae027e54fd8b283cb1	tree
parent	170a8a4fb242d908a3cb2c1ad58d36363dfa90ad	commit \| diff

plat/common/efi: Add support for `TCG`'s `Reset Attack Mitigation`

Add `Trusted Computing Group`'s `Reset Attack Mitigation` mechanism.
Whenever a machine shuts down or reboots, due to lack of electric
charge, the contents of RAM may dissipate after a short amount of
time. However this may be enough for an attacker to quickly boot
again into a custom program and dump memory contents. Thus, by using
this, the OS instructs POST BIOS to overwrite memory contents before
continuing to boot into the rest of the BIOS code.

Since this is not really implemented in `OVMF`'s `NVRAM` variables
we disable this by default.

Signed-off-by: Sergiu Moga <sergiu.moga@protonmail.com>
Reviewed-by: Michalis Pappas <michalis@unikraft.io>
Approved-by: Razvan Deaconescu <razvand@unikraft.io>
Tested-by: Unikraft CI <monkey@unikraft.io>
GitHub-Closes: #909

plat/kvm/Config.uk		diff \| blob \| blame \| history
plat/kvm/efi.c		diff \| blob \| blame \| history
plat/kvm/include/kvm/efi.h		diff \| blob \| blame \| history