lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <D3GPA85MRNMM.3GMP3BTBEEYFP@kernel.org>
Date: Thu, 15 Aug 2024 21:35:13 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: <ross.philipson@...cle.com>, <linux-kernel@...r.kernel.org>,
 <x86@...nel.org>, <linux-integrity@...r.kernel.org>,
 <linux-doc@...r.kernel.org>, <linux-crypto@...r.kernel.org>,
 <kexec@...ts.infradead.org>, <linux-efi@...r.kernel.org>,
 <iommu@...ts.linux-foundation.org>
Cc: <dpsmith@...rtussolutions.com>, <tglx@...utronix.de>,
 <mingo@...hat.com>, <bp@...en8.de>, <hpa@...or.com>,
 <dave.hansen@...ux.intel.com>, <ardb@...nel.org>, <mjg59@...f.ucam.org>,
 <James.Bottomley@...senpartnership.com>, <peterhuewe@....de>,
 <jgg@...pe.ca>, <luto@...capital.net>, <nivedita@...m.mit.edu>,
 <herbert@...dor.apana.org.au>, <davem@...emloft.net>, <corbet@....net>,
 <ebiederm@...ssion.com>, <dwmw2@...radead.org>, <baolu.lu@...ux.intel.com>,
 <kanth.ghatraju@...cle.com>, <andrew.cooper3@...rix.com>,
 <trenchboot-devel@...glegroups.com>
Subject: Re: [PATCH v9 09/19] x86: Secure Launch kernel late boot stub

On Mon Aug 12, 2024 at 10:02 PM EEST,  wrote:
> On 6/4/24 3:59 PM, Jarkko Sakkinen wrote:
> > On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
> >> The routine slaunch_setup is called out of the x86 specific setup_arch()
> >> routine during early kernel boot. After determining what platform is
> >> present, various operations specific to that platform occur. This
> >> includes finalizing setting for the platform late launch and verifying
> >> that memory protections are in place.
> >>
> >> For TXT, this code also reserves the original compressed kernel setup
> >> area where the APs were left looping so that this memory cannot be used.
> >>
> >> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
> >> ---
> >>   arch/x86/kernel/Makefile   |   1 +
> >>   arch/x86/kernel/setup.c    |   3 +
> >>   arch/x86/kernel/slaunch.c  | 525 +++++++++++++++++++++++++++++++++++++
> >>   drivers/iommu/intel/dmar.c |   4 +
> >>   4 files changed, 533 insertions(+)
> >>   create mode 100644 arch/x86/kernel/slaunch.c
> >>
> >> diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
> >> index 5d128167e2e2..b35ca99ab0a0 100644
> >> --- a/arch/x86/kernel/Makefile
> >> +++ b/arch/x86/kernel/Makefile
> >> @@ -76,6 +76,7 @@ obj-$(CONFIG_X86_32)		+= tls.o
> >>   obj-$(CONFIG_IA32_EMULATION)	+= tls.o
> >>   obj-y				+= step.o
> >>   obj-$(CONFIG_INTEL_TXT)		+= tboot.o
> >> +obj-$(CONFIG_SECURE_LAUNCH)	+= slaunch.o
> > 
> > Hmm... should that be CONFIG_X86_SECURE_LAUNCH?
>
> Further thoughts on this after discussions...
>
> The Secure Launch feature will cover other architectures beyond x86 in 
> the future. We may have to rework/move the config settings at that point 
> but for now I don't think we want to change it.

OK got it.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ