同事的 RHEL6 透過 uEFI 做全安裝但是安裝完畢卻無法開機,後來才發現是一個 tboot 套件所影響,暫時解決方案是安裝時不要勾選 tboot 套件即可.
但什麼是 tboot , tboot 有什麼用途??
RHEL 官網對於 tboot 套件的說明.
The tboot package provides Trusted Boot (tboot), an open source pre- kernel/VMM module, that uses Intel Trusted Execution Technology (Intel TXT) to initialize the launch of a operating system kernels and virtual machines.
簡單的來說 tboot 是針對 Intel Trusted Execution Technology (Intel TXT) 的功能所對應的套件,他提供了安全性的開機,而且是 pre – kernel / VMM 模組???
Intel®可信賴執行技術(Trusted Execution Technology，TXT) – Intel® TXT 主要保護 BIOS , kernel ,VMM (虛擬管理作業模組), 驗證方式則是搭配 TPM( Trust platform module)來使用.
Intel Trusted Execution Technology (Intel TXT) is the name of a computer hardware technology whose primary goals are (a) Attestation – attest to the authenticity of a platform and its operating system (OS); (b) assure that an authentic OS starts in a trusted environment and thus can be considered a trusted OS; (c) provide the trusted OS with additional security capabilities not available to an unproven OS.
Intel TXT uses a Trusted Platform Module (TPM) and cryptographic techniques to provide measurements of software and platform components so that system software as well as local and remote management applications may use those measurements to make trust decisions. This technology is based on an industry initiative by the Trusted Computing Group (TCG) to promote safer computing. It defends against software-based attacks aimed at stealing sensitive information by corrupting system and/or BIOS code, or modifying the platform’s configuration.