| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACdnJut56WuqO=uLff0qy1Jp=C6f_sRxLpRBsrzb6byBsFYdCg@mail.gmail.com>
Date: Wed, 25 Mar 2020 13:29:03 -0700
From: Matthew Garrett <mjg59@...gle.com>
To: Ross Philipson <ross.philipson@...cle.com>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"the arch/x86 maintainers" <x86@...nel.org>,
linux-doc@...r.kernel.org, dpsmith@...rtussolutions.com,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>, trenchboot-devel@...glegroups.com
Subject: Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
On Wed, Mar 25, 2020 at 12:43 PM Ross Philipson
<ross.philipson@...cle.com> wrote:
> To enable the kernel to be launched by GETSEC or SKINIT, a stub must be
> built into the setup section of the compressed kernel to handle the
> specific state that the late launch process leaves the BSP. This is a
> lot like the EFI stub that is found in the same area. Also this stub
> must measure everything that is going to be used as early as possible.
> This stub code and subsequent code must also deal with the specific
> state that the late launch leaves the APs in.
How does this integrate with the EFI entry point? That's the expected
entry point on most modern x86. What's calling ExitBootServices() in
this flow, and does the secure launch have to occur after it? It'd be
a lot easier if you could still use the firmware's TPM code rather
than carrying yet another copy.
Powered by blists - more mailing lists