| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z8qF7bP7vSL6c_Z9@kernel.org> Date: Fri, 7 Mar 2025 07:36:45 +0200 From: Jarkko Sakkinen <jarkko@...nel.org> To: Ross Philipson <ross.philipson@...cle.com> Cc: linux-kernel@...r.kernel.org, x86@...nel.org, linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org, linux-crypto@...r.kernel.org, kexec@...ts.infradead.org, linux-efi@...r.kernel.org, iommu@...ts.linux-foundation.org, dpsmith@...rtussolutions.com, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com, dave.hansen@...ux.intel.com, ardb@...nel.org, mjg59@...f.ucam.org, James.Bottomley@...senpartnership.com, peterhuewe@....de, jgg@...pe.ca, luto@...capital.net, nivedita@...m.mit.edu, herbert@...dor.apana.org.au, davem@...emloft.net, corbet@....net, ebiederm@...ssion.com, dwmw2@...radead.org, baolu.lu@...ux.intel.com, kanth.ghatraju@...cle.com, andrew.cooper3@...rix.com, trenchboot-devel@...glegroups.com Subject: Re: [PATCH v12 06/19] x86: Add early SHA-256 support for Secure Launch early measurements On Thu, Dec 19, 2024 at 11:42:03AM -0800, Ross Philipson wrote: > From: "Daniel P. Smith" <dpsmith@...rtussolutions.com> > > The SHA-256 algorithm is necessary to measure configuration information into > the TPM as early as possible before using the values. This implementation > uses the established approach of #including the SHA-256 libraries directly in > the code since the compressed kernel is not uncompressed at this point. > > Signed-off-by: Daniel P. Smith <dpsmith@...rtussolutions.com> > Signed-off-by: Ross Philipson <ross.philipson@...cle.com> > --- > arch/x86/boot/compressed/Makefile | 2 +- > arch/x86/boot/compressed/sha256.c | 6 ++++++ > 2 files changed, 7 insertions(+), 1 deletion(-) > create mode 100644 arch/x86/boot/compressed/sha256.c > > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile > index 7eb03afb841b..40dc0b9babd5 100644 > --- a/arch/x86/boot/compressed/Makefile > +++ b/arch/x86/boot/compressed/Makefile > @@ -107,7 +107,7 @@ vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o > vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o > vmlinux-libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a > > -vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/sha1.o > +vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/sha1.o $(obj)/sha256.o > > $(obj)/vmlinux: $(vmlinux-objs-y) $(vmlinux-libs-y) FORCE > $(call if_changed,ld) > diff --git a/arch/x86/boot/compressed/sha256.c b/arch/x86/boot/compressed/sha256.c > new file mode 100644 > index 000000000000..293742a90ddc > --- /dev/null > +++ b/arch/x86/boot/compressed/sha256.c > @@ -0,0 +1,6 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Copyright (c) 2024 Apertus Solutions, LLC > + */ > + > +#include "../../../../lib/crypto/sha256.c" > -- > 2.39.3 > Ditto, nothing particular on this at this point of time. Probably 80-90% what it should be. BR, Jarkko
Powered by blists - more mailing lists