Commit 00a2df1e authored by Cody Cutler's avatar Cody Cutler

Mike's patch that he sent to me

parent 765d2a59
Some notes about the TPM-enforced boot path (SECURELOAD state machine).
The current implementation requires that we boot from a flash device
BEFORE we network boot (see the paper for details). Unfortunately,
there is a lot of magic associated with the PXEBOOTING state, which is
assumed to always be the first state we will see when a node boots.
However, in the secure boot path the first thing we see is a secure
transition to the GPXEBOOTING state, so magic had to be added for that!
In particular:
* When stated gets a transition to GPXEBOOTING, it forces the node into
the SECURELOAD op_mode. This is a new trigger called SECURELOAD and
a new trigger table entry:
insert into state_triggers values \
* Later, when we do get a PXEBOOTING state, we DON'T push the machine
into the PXEBOOT op_mode. We do this with an override trigger:
insert into state_triggers values \
This is supposed to override the more general any ('*') op_mode trigger
for the PXEBOOTING state and will just make sure we state in SECURELOAD.
......@@ -140,6 +140,9 @@ my $TB_OSID_MBKERNEL = TB_OSID_MBKERNEL;
# Special PXEBOOT state machine that all local nodes use.
# Even special-er SECURELOAD state machine that local nodes may use.
# Protos.
sub debug(@);
sub fatal($);
......@@ -726,6 +729,19 @@ sub stateTransition($$) {
/^SECURELOAD$/ && do {
# Force machine into the SECURELOAD op_mode.
# Currently triggered only by receipt of GPXEBOOTING state.
debug("Running $SECURELOAD trigger\n");
if ($mode ne $SECURELOAD) {
info("$node: Forcing mode transition into $SECURELOAD!\n");
opModeTransition($node, $SECURELOAD, 1);
/^$BOOTING$/ && do {
# See if we are in the right mode/osid.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment