Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-36446

edk2: enable MOR [rhel-9]

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.5
    • None
    • edk2
    • edk2-20240524-1.el9
    • rhel-sst-virtualization
    • ssg_virtualization
    • 5
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Feature
    • Hide
      Feature, enhancement (describe the feature or enhancement from the user’s point of view):
      Reason (why has the feature or enhancement been implemented):
      Result (what is the current user experience):
      Show
      Feature, enhancement (describe the feature or enhancement from the user’s point of view): Reason (why has the feature or enhancement been implemented): Result (what is the current user experience):
    • Proposed
    • None

      MOR is a security feature, it will clear all memory in case of a unclean reboot,
      to make sure no secrets are left there.

      More background:
      https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-requirements

      Upstream edk2 ships drivers, on a quick glance it looks like we only need to include them in the OVMF builds.

      Note: TPM is required to see this feature active.

        1. host_440-27_cpu_info.log
          2 kB
        2. host-efi-vars.log
          29 kB
        3. virt-fw-vars.log
          3 kB
        4. win11_boot_MOR.sh
          4 kB

              rhn-engineering-ghoffman Gerd Hoffmann
              rhn-engineering-ghoffman Gerd Hoffmann
              virt-maint virt-maint
              Xueqiang Wei Xueqiang Wei
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: