| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200325194317.526492-2-ross.philipson@oracle.com>
Date: Wed, 25 Mar 2020 15:43:06 -0400
From: Ross Philipson <ross.philipson@...cle.com>
To: linux-kernel@...r.kernel.org, x86@...nel.org,
linux-doc@...r.kernel.org
Cc: ross.philipson@...cle.com, dpsmith@...rtussolutions.com,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
trenchboot-devel@...glegroups.com
Subject: [RFC PATCH 01/12] x86: Secure Launch Kconfig
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
---
arch/x86/Kconfig | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 5e8949953660..7f3406a9948b 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2014,6 +2014,17 @@ config EFI_MIXED
If unsure, say N.
+config SECURE_LAUNCH
+ bool "Secure Launch support"
+ default n
+ depends on X86_64
+ help
+ This Secure Launch kernel feature allows a bzImage to be loaded
+ directly through Intel TXT or AMD SKINIT measured launch. This
+ allows extablishing a Dynamic Root of Trust Measurement (DRTM)
+ of all the modules and configuration information used for
+ boooting the operating system.
+
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
--
2.25.1
Powered by blists - more mailing lists