lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 5 May 2023 13:32:17 -0400
From:   Ross Philipson <ross.philipson@...cle.com>
To:     Simon Horman <horms@...nel.org>
Cc:     linux-kernel@...r.kernel.org, x86@...nel.org,
        linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-crypto@...r.kernel.org, iommu@...ts.linux-foundation.org,
        kexec@...ts.infradead.org, linux-efi@...r.kernel.org,
        dpsmith@...rtussolutions.com, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, hpa@...or.com, ardb@...nel.org, mjg59@...f.ucam.org,
        James.Bottomley@...senpartnership.com, luto@...capital.net,
        nivedita@...m.mit.edu, kanth.ghatraju@...cle.com,
        trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v6 02/14] Documentation/x86: Secure Launch kernel
 documentation

On 5/5/23 12:19, Simon Horman wrote:
> On Thu, May 04, 2023 at 02:50:11PM +0000, Ross Philipson wrote:
>> Introduce background, overview and configuration/ABI information
>> for the Secure Launch kernel feature.
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@...rtussolutions.com>
>> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
> 
> Hi Ross and Daniel,
> 
> some minor nits from my side.

All good points. We will fix those.

Thanks
Ross

> 
>> ---
>>   Documentation/security/index.rst                   |   1 +
>>   Documentation/security/launch-integrity/index.rst  |  10 +
>>   .../security/launch-integrity/principles.rst       | 313 ++++++++++++
>>   .../launch-integrity/secure_launch_details.rst     | 564 +++++++++++++++++++++
>>   .../launch-integrity/secure_launch_overview.rst    | 220 ++++++++
>>   5 files changed, 1108 insertions(+)
>>   create mode 100644 Documentation/security/launch-integrity/index.rst
>>   create mode 100644 Documentation/security/launch-integrity/principles.rst
>>   create mode 100644 Documentation/security/launch-integrity/secure_launch_details.rst
>>   create mode 100644 Documentation/security/launch-integrity/secure_launch_overview.rst
>>
>> diff --git a/Documentation/security/index.rst b/Documentation/security/index.rst
>> index 6ed8d2f..fade37e 100644
>> --- a/Documentation/security/index.rst
>> +++ b/Documentation/security/index.rst
>> @@ -18,3 +18,4 @@ Security Documentation
>>      digsig
>>      landlock
>>      secrets/index
>> +   launch-integrity/index
>> diff --git a/Documentation/security/launch-integrity/index.rst b/Documentation/security/launch-integrity/index.rst
>> new file mode 100644
>> index 0000000..28eed91d
>> --- /dev/null
>> +++ b/Documentation/security/launch-integrity/index.rst
>> @@ -0,0 +1,10 @@
> 
> I believe an SPDX tag should go at the top of each .rst file.
> 
>> +=====================================
>> +System Launch Integrity documentation
>> +=====================================
>> +
>> +.. toctree::
>> +
>> +   principles
>> +   secure_launch_overview
>> +   secure_launch_details
>> +
>> diff --git a/Documentation/security/launch-integrity/principles.rst b/Documentation/security/launch-integrity/principles.rst
>> new file mode 100644
>> index 0000000..73cf063
>> --- /dev/null
>> +++ b/Documentation/security/launch-integrity/principles.rst
>> @@ -0,0 +1,313 @@
>> +=======================
>> +System Launch Integrity
>> +=======================
>> +
>> +This document serves to establish a common understanding of what is system
>> +launch, the integrity concern for system launch, and why using a Root of Trust
>> +(RoT) from a Dynamic Launch may be desired. Through out this document
>> +terminology from the Trusted Computing Group (TCG) and National Institue for
> 
> s/Institue/Institute/
> 
> ...
> 
>> +Trust Chains
>> +============
>> +
>> +Bulding upon the understanding of security mechanisms to establish load-time
> 
> s/Bulding/Building/
> 
> ...
> 
>> diff --git a/Documentation/security/launch-integrity/secure_launch_details.rst b/Documentation/security/launch-integrity/secure_launch_details.rst
> 
> ...
> 
>> +Secure Launch Resource Table
>> +============================
>> +
>> +The Secure Launch Resource Table (SLRT) is a platform-agnostic, standard format
>> +for providing information for the pre-launch environment and to pass
>> +information to the post-launch environment. The table is populated by one or
>> +more bootloaders in the boot chain and used by Secure Launch on how to setup
>> +the environment during post-launch. The details for the SLRT are documented
>> +in the TrenchBoot Secure Launch Specifcation [3]_.
> 
> s/Specifcation/Specification/
> 
> ...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ