lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 25 Sep 2020 10:59:34 -0400
From:   Ross Philipson <ross.philipson@...cle.com>
To:     Randy Dunlap <rdunlap@...radead.org>, linux-kernel@...r.kernel.org,
        x86@...nel.org, iommu@...ts.linux-foundation.org,
        linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org
Cc:     dpsmith@...rtussolutions.com, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, hpa@...or.com, luto@...capital.net,
        trenchboot-devel@...glegroups.com
Subject: Re: [PATCH 01/13] x86: Secure Launch Kconfig

On 9/24/20 10:08 PM, Randy Dunlap wrote:
> On 9/24/20 7:58 AM, Ross Philipson wrote:
>> Initial bits to bring in Secure Launch functionality. Add Kconfig
>> options for compiling in/out the Secure Launch code.
>>
>> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
> 
> Hi,
> from Documentation/process/coding-style.rst:
> 
> Lines under a ``config`` definition
> are indented with one tab, while help text is indented an additional two
> spaces.

Ok sorry about that. I probably just copied what the previous entry was
doing. Will fix.

Thanks
Ross

> 
>> ---
>>  arch/x86/Kconfig | 36 ++++++++++++++++++++++++++++++++++++
>>  1 file changed, 36 insertions(+)
>>
>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>> index 7101ac6..8957981 100644
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1968,6 +1968,42 @@ config EFI_MIXED
>>  
>>  	   If unsure, say N.
>>  
>> +config SECURE_LAUNCH
>> +	bool "Secure Launch support"
>> +	default n
>> +	depends on X86_64
>> +	help
>> +	   The Secure Launch feature allows a kernel to be loaded
>> +	   directly through an Intel TXT measured launch. Intel TXT
>> +	   establishes a Dynamic Root of Trust for Measurement (DRTM)
>> +	   where the CPU measures the kernel image. This feature then
>> +	   continues the measurement chain over kernel configuration
>> +	   information and init images.
>> +
>> +choice
>> +	prompt "Select Secure Launch Algorithm for TPM2"
>> +	depends on SECURE_LAUNCH
>> +
>> +config SECURE_LAUNCH_SHA1
>> +	bool "Secure Launch TPM1 SHA1"
>> +	help
>> +	   When using Secure Launch and TPM1 is present, use SHA1 hash
>> +	   algorithm for measurements.
>> +
>> +config SECURE_LAUNCH_SHA256
>> +	bool "Secure Launch TPM2 SHA256"
>> +	help
>> +	   When using Secure Launch and TPM2 is present, use SHA256 hash
>> +	   algorithm for measurements.
>> +
>> +config SECURE_LAUNCH_SHA512
>> +	bool "Secure Launch TPM2 SHA512"
>> +	help
>> +	   When using Secure Launch and TPM2 is present, use SHA512 hash
>> +	   algorithm for measurements.
>> +
>> +endchoice
>> +
> 
> 
> thanks.
> 

Powered by blists - more mailing lists