Retest the solution on Intel hardware with TPM 1.2 and TPM 2.0 using legacy boot mode

[BeataZdunczyk]

Is your feature request related to a problem? Please describe.

It is necessary to retest the solution on Intel hardware with TPM 1.2 and TPM 2.0 using legacy boot mode to ensure proper functionality after updating the TrenchBoot support in Qubes OS AEM.

Is your feature request related to a new idea or technology that
would benefit the project? Please describe.

This issue is required to ensure that the TrenchBoot support continues to work properly on Intel hardware with TPM 1.2 and TPM 2.0 using legacy boot mode after the code rebase onto the most recent work implementing Secure Launch protocol being upstreamed to Linux and GRUB implementation (#17).

Describe the solution you'd like

Retest the TrenchBoot support on Intel hardware with TPM 1.2 and TPM 2.0 using legacy boot mode after the code rebase onto the most recent work implementing Secure Launch protocol being upstreamed to Linux and GRUB to ensure proper functionality.

Describe alternatives you've considered

N/A

Additional context

This feature request is part of Phase 3 in TrenchBoot as Anti Evil Maid project, as outlined in the documentation: https://docs.dasharo.com/projects/trenchboot-aem-v2/.

Relevant documentation you've consulted

N/A

[krystian-hebel]

There is an issue with installation in legacy mode for R4.2.0, but rc3 still works.

Tests on HP Elitedesk 800 G2 with TPM 2.0 were successful:

There are only two small issues, I'll describe them in the blog post, but I don't think they are blocking this release:

• Xen doesn't use TXT_EVTYPE_SLAUNCH_START and TXT_EVTYPE_SLAUNCH_END
• qubes-antievilmaid version was bumped upstream, so updates would overwrite our changes. Documentation modified by us mentions the version number, so we can't just rebase on top of upstream without modifying those numbers in documentation.

[krystian-hebel]

Tests on Optiplex with TPM 1.2 were also successful:

Issue with SLAUNCH_START/_END not being used is still present, but we bumped qubes-antievilmaid version so it should be safe against the updates for now. This was retested on HP with no visible difference. Both TPM 1.2 and TPM 2.0 platforms work as expected on release binaries:

• https://github.com/TrenchBoot/qubes-antievilmaid/releases/tag/aem_v0.3
• https://github.com/TrenchBoot/grub/releases/tag/aem_v0.3
• https://github.com/TrenchBoot/xen/releases/tag/aem_v0.3

[BeataZdunczyk]

Closing this issue as both platforms have been successfully tested. An in-depth summary of the work conducted in milestone Phase 3: Update to the newest TrenchBoot boot protocol is available here: https://blog.3mdeb.com/2024/2024-01-12-aem_phase3/.