| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2020 19:06:53 +0100
From: Daniel Kiper <daniel.kiper@...cle.com>
To: Ross Philipson <ross.philipson@...cle.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
linux-doc@...r.kernel.org, dpsmith@...rtussolutions.com,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
trenchboot-devel@...glegroups.com
Subject: Re: [RFC PATCH 01/12] x86: Secure Launch Kconfig
On Wed, Mar 25, 2020 at 03:43:06PM -0400, Ross Philipson wrote:
> Initial bits to bring in Secure Launch functionality. Add Kconfig
> options for compiling in/out the Secure Launch code.
>
> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
> ---
> arch/x86/Kconfig | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 5e8949953660..7f3406a9948b 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -2014,6 +2014,17 @@ config EFI_MIXED
>
> If unsure, say N.
>
> +config SECURE_LAUNCH
> + bool "Secure Launch support"
> + default n
> + depends on X86_64
> + help
> + This Secure Launch kernel feature allows a bzImage to be loaded
> + directly through Intel TXT or AMD SKINIT measured launch. This
I think that you should drop AMD SKINIT from here. This should be added
when AMD secure launch implementation is added.
...and why we need this as separate patch? Could not we add this in
a patch which uses CONFIG_SECURE_LAUNCH for first time?
Daniel
Powered by blists - more mailing lists