{"id":39469022,"url":"https://github.com/3mdeb/oslo","last_synced_at":"2026-01-18T04:52:55.772Z","repository":{"id":67665774,"uuid":"197983240","full_name":"3mdeb/oslo","owner":"3mdeb","description":"OSLO - Open Secure LOader http://os.inf.tu-dresden.de/~kauer/oslo/","archived":false,"fork":false,"pushed_at":"2019-07-20T21:39:30.000Z","size":69,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2023-09-21T15:10:57.713Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/3mdeb.png","metadata":{"files":{"readme":"README","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-07-20T21:35:48.000Z","updated_at":"2023-09-27T23:35:39.617Z","dependencies_parsed_at":null,"dependency_job_id":"3a4358ef-854b-469e-8615-be02e2f0e5b8","html_url":"https://github.com/3mdeb/oslo","commit_stats":{"total_commits":13,"total_committers":1,"mean_commits":13.0,"dds":0.0,"last_synced_commit":"43f4877fd3d0546c6e6f92ff8c4cb656684abe06"},"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"purl":"pkg:github/3mdeb/oslo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2Foslo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2Foslo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2Foslo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2Foslo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/3mdeb","download_url":"https://codeload.github.com/3mdeb/oslo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3mdeb%2Foslo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28530395,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-18T04:52:55.693Z","updated_at":"2026-01-18T04:52:55.755Z","avatar_url":"https://github.com/3mdeb.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"                     OSLO - Open Secure LOader\n\n \t\t         Bernhard  Kauer\n\t                _kauer@tudos.org_\n\n\nIntroduction\n############\n\nOSLO, the Open Secure Loader, is a boot loader which uses the _skinit_\ninstruction for authenticated booting.\n\nWith around 1000 lines of code and a binary which is in the order\nof 4k auditing, bugfixing and in the end trusting OSLO should be\npossible.\n\n\nPrerequisites\n=============\n\nTo use OSLO a PC platform supporting _skinit_ is needed. There must be\na processor supporting the _skinit_ instruction, a v1.2 TPM [TPM] and\na chipset which provides memory protection for the secure loader.\n\nThe _skinit_ instruction is available with newer AMD64 processors\n[AMD] and used to create a dynamic root of trust for measurement. It\nis a replacement for the static root of trust provided by the BIOS and\nsubsequent secure boot loaders which are used on machines not\nsupporting skinit.\n\n\nFunctionality\n=============\n\nOSLO is started as kernel from a multi-boot compliant [MBI] loader. It\ninitialize the TPM, calls skinit, hashes [SHA] every module it gets\nfrom the parent boot-loader and starts the first module as new kernel\nin the multi-boot way.\n\n\nMinimal\n=======\n\nSince OSLO is the root of trust of the secure system it is as minimized\nas possible. Therefore it neither contain code to load images from\nnetwork nor hard disk. This can be done by another untrusted multi-boot\nloader like GRUB or syslinux.\n\n\nComponents\n##########\n\n:asm.S:\n  Initialize the processor on startup and after skinit by e.g. loading the\n  stack pointer and segments.\n\n:sha.c:\n  A size optimized Sha1 [SHA] implementation which can hash up to 512 MB.\n  Needs around 512 byte but is nearly 4 times slower than a speed\n  optimized version. Since boot loading is not performance critical\n  and OSLO should not hash large amount of data the speed/size\n  tradeoff is acceptable here.\n\n:tis.c:\n  A simple TIS [TIS] driver using the memory mapped interface of\n  version 1.2 TPMs. Tested with TPMs from Infineon, STM, Atmel and\n  Broadcom.\n\n:tpm.c:\n  The needed TPM functions, like TPM_Extend.\n\n:elf.c:\n  The elf decoding.\n\n:osl.c:\n  The main program including hashing the modules and\n  startup of the first one.\n\n:util.c asm.h:\n  Helper functions for string output and low level hardware access\n  like _rdmsr_.\n\n:mp.c mp.h:\n  Helper functions to start and stop processors on an MP system.\n\n\n:beirut.c:\n  A helper program that hashes the command line of other multiboot\n  modules.\n\n:pamplona.c:\n  A helper program that does everything to reverse the steps done by\n  OSLO. For example it removes DEV protection and clears the global\n  interrupt flag. It does allow you to use OSLO but start an\n  unmodified OS in an unsecure way after that.\n\n\n:munich.c:\n  A helper program to start Linux [LBP] from a multiboot compliant\n  loader. The first module is used as linux kernel. The optional\n  second one is used as initrd.\n\n\nFAQ\n###\n\n: Why is DEV protection not implemented? :\n  Mainly time reasons and the realization that the workaround for the\n  DEV init race has to be implemented.\n\n: Why do you extend the PCR for every module? :\n  Previously, OSLO would calc a hash over all multiboot modules. This\n  was a bug since hashing one module or hashing two halves of the same\n  binary with two modules was indistinguishable. The hole between the\n  two halves could be used by an attacker to hide untrusted code.\n\n: Why do you implemented Beirut? :\n  There are applications which can be fooled by giving them a faked\n  commandline. Since someone decided not to fix the applications\n  and handle untrusted command lines like untrusted config files\n  (e.g. simple hash them itself), we have to hash the commandline\n  before we pass it to them. Or in other words: Beirut is just a nasty\n  hack for compatibility reasons.\n\n: Is OSLO bugfree? :\n  Of course not in this version. Currently at least two bugs are\n  known: The DEV initialization is missing and the famous \"type of\n  memory\" bug is still present.\n\n\nReferences\n##########\n\n:AMD:  AMD64 Architecture Programmer's Manual Vol. 2 - http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/24593.pdf \n:LBP:  Linux/I386 Boot Protocol - http://lxr.linux.no/source/Documentation/i386/boot.txt\n:MBI:  multiboot specification  - http://www.gnu.org/software/grub/manual/multiboot/multiboot.txt\n:SHA:  US Secure Hash Algorithm 1 (SHA1) - http://www.ietf.org/rfc/rfc3174.txt\n:TIS:  TPM Interface Specification - https://www.trustedcomputinggroup.org/groups/pc_client/TCG_PCClientTPMSpecification_1-20_1-00_FINAL.pdf\n:TPM:  TCG TPM Specification v1.2 rev 5 Part 3 Commands - https://www.trustedcomputinggroup.org/groups/tpm/mainP3Commands_rev85.zip \n\n\nAcknowledgements\n################\n\nOSLO was funded by OpenTC. Special thanks go to AMD Dresden for the\nconstant support and Infineon Munich for the help with TPMs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F3mdeb%2Foslo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F3mdeb%2Foslo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F3mdeb%2Foslo/lists"}