lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <DM3PR84MB3714A4632C4C7B6B50D7A0F4AB562@DM3PR84MB3714.NAMPRD84.PROD.OUTLOOK.COM>
Date: Fri, 1 Nov 2024 19:31:06 +0000
From: "Elliott, Robert (Servers)" <elliott@....com>
To: Ross Philipson <ross.philipson@...cle.com>,
        "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>,
        "x86@...nel.org" <x86@...nel.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        "kexec@...ts.infradead.org" <kexec@...ts.infradead.org>,
        "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        "iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>
CC: "dpsmith@...rtussolutions.com" <dpsmith@...rtussolutions.com>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "mingo@...hat.com"
	<mingo@...hat.com>, "bp@...en8.de" <bp@...en8.de>,
        "hpa@...or.com"
	<hpa@...or.com>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "ardb@...nel.org" <ardb@...nel.org>,
        "mjg59@...f.ucam.org"
	<mjg59@...f.ucam.org>,
        "James.Bottomley@...senpartnership.com"
	<James.Bottomley@...senpartnership.com>,
        "peterhuewe@....de"
	<peterhuewe@....de>,
        "jarkko@...nel.org" <jarkko@...nel.org>,
        "jgg@...pe.ca"
	<jgg@...pe.ca>,
        "luto@...capital.net" <luto@...capital.net>,
        "nivedita@...m.mit.edu" <nivedita@...m.mit.edu>,
        "herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "corbet@....net"
	<corbet@....net>,
        "ebiederm@...ssion.com" <ebiederm@...ssion.com>,
        "dwmw2@...radead.org" <dwmw2@...radead.org>,
        "baolu.lu@...ux.intel.com"
	<baolu.lu@...ux.intel.com>,
        "kanth.ghatraju@...cle.com"
	<kanth.ghatraju@...cle.com>,
        "andrew.cooper3@...rix.com"
	<andrew.cooper3@...rix.com>,
        "trenchboot-devel@...glegroups.com"
	<trenchboot-devel@...glegroups.com>
Subject: RE: [PATCH v11 01/20] Documentation/x86: Secure Launch kernel
 documentation

> diff --git a/Documentation/security/launch-integrity/index.rst
> b/Documentation/security/launch-integrity/index.rst
> new file mode 100644
> +++ b/Documentation/security/launch-integrity/index.rst
...

> +This document serves to establish a common understanding of what a system
> +launch is, the integrity concern for system launch, and why using a Root of Trust
> +(RoT) from a Dynamic Launch may be desirable. Throughout this document,
> +terminology from the Trusted Computing Group (TCG) and National Institute for
> +Science and Technology (NIST) is used to ensure that vendor natural language is
> +used to describe and reference security-related concepts.

NIST = National Institute of Standards and Technology

> +Glossary
> +========

> +    - NIST CNSSI No. 4009 -
> https://www.cnss.gov/CNSS/issuances/Instructions.cfm

That is not a NIST publication.

CNSS = Committee on National Security Systems.
I = Instruction.
NIST is just a non-voting observer of that committee.

That web site uses a root certificate that is not recognized by most
browsers. 

The NIST glossary includes all the CNSSI 4009, NIST SP, and NIST IR
terms, and is more easily accessible (but the entries are subject
to change as the source material changes).
https://csrc.nist.gov/glossary

That currently covers all the terms except "transitive trust"
from TCG.

> +    - NIST Special Publication 800-160 (VOLUME 1 ) -
> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1.pdf

That's been replaced by v1r1.

The NIST-recommended URL is
https://doi.org/10.6028/NIST.SP.800-160v1r1

> +    - NIST SP 800-30 Rev. 1 -
> https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

The NIST-recommended URL is:
https://doi.org/10.6028/NIST.SP.800-30r1

> +    - NIST SP 800-57 Part 1 Rev. 5 -
> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf

The NIST-recommended URL is:
https://doi.org/10.6028/NIST.SP.800-57pt1r5

> +    - NISTIR 8320A -
> https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8320A.pdf

The NIST-recommended URL is:
https://doi.org/10.6028/NIST.IR.8320A

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ