lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190311150423.15979-1-ross.philipson@oracle.com>
Date:   Mon, 11 Mar 2019 11:04:22 -0400
From:   Ross Philipson <ross.philipson@...cle.com>
To:     linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org
Cc:     x86@...nel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        hpa@...or.com, corbet@....net, konrad.wilk@...cle.com,
        kanth.ghatraju@...cle.com, daniel.kiper@...cle.com,
        boris.ostrovsky@...cle.com, dpsmith@...rtussolutions.com,
        ross.philipson@...cle.com
Subject: [PATCH 0/1] [RFC] Secure Launch boot protocol

All,

As is noted in the patch that follows, the open source project called
Trenchboot aims to make Linux directly bootable into a secure late launch
environment via Intel TXT or AMD SKINIT. This new feature is referred to as
Secure Launch as seen in the subject lines. In addition to changes to the
Linux kernel to support this feature, boot loaders will also have additional
functionality to initiate the secure late launch.

The patch that follows introduces a new boot parameter. There are of course
other patches that add further functionality to achieve our aims including the
changes to boot loaders that consume this parameter. This posting is as an early
RFC to elicit feedback on whether this is an acceptable approach for our boot
protocol and an acceptable usage of boot parameters.

The project is in its early stages; it is hosted here:

https://github.com/trenchboot

For an overview of the Secure Launch architecture:

https://github.com/TrenchBoot/documentation/blob/master/documentation/Architecture.md"

Links:

https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf
https://www.amd.com/system/files/TechDocs/24593.pdf

Thank you,
Ross Philipson


Ross Philipson (1):
  x86: Secure Launch boot protocol

 Documentation/x86/boot.txt            | 15 +++++++++++++++
 arch/x86/Kconfig                      |  7 +++++++
 arch/x86/boot/Makefile                |  2 +-
 arch/x86/boot/header.S                |  3 ++-
 arch/x86/boot/tools/build.c           | 16 ++++++++++++++++
 arch/x86/include/uapi/asm/bootparam.h |  1 +
 6 files changed, 42 insertions(+), 2 deletions(-)

-- 
2.13.6

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ