lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87336151-efad-42fb-b48c-0f8a0ec736e8@intel.com>
Date: Tue, 22 Apr 2025 16:21:36 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Ard Biesheuvel <ardb@...nel.org>,
 Andrew Cooper <andrew.cooper3@...rix.com>
Cc: Ross Philipson <ross.philipson@...cle.com>, linux-kernel@...r.kernel.org,
 x86@...nel.org, linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org,
 linux-crypto@...r.kernel.org, kexec@...ts.infradead.org,
 linux-efi@...r.kernel.org, iommu@...ts.linux.dev,
 dpsmith@...rtussolutions.com, tglx@...utronix.de, mingo@...hat.com,
 bp@...en8.de, hpa@...or.com, dave.hansen@...ux.intel.com,
 mjg59@...f.ucam.org, James.Bottomley@...senpartnership.com,
 peterhuewe@....de, jarkko@...nel.org, jgg@...pe.ca, luto@...capital.net,
 nivedita@...m.mit.edu, herbert@...dor.apana.org.au, davem@...emloft.net,
 corbet@....net, ebiederm@...ssion.com, dwmw2@...radead.org,
 baolu.lu@...ux.intel.com, kanth.ghatraju@...cle.com,
 trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v14 00/19] x86: Trenchboot secure dynamic launch Linux
 kernel support

On 4/22/25 14:26, Ard Biesheuvel wrote:
> So if that is true (I'm not a x86 uarch expert by any measure), then
> pushing back on this series on the basis that it is ugly and intrusive
> is not really reasonable. From security pov, I think D-RTM is an
> important feature and it deserves to be upstream if it is used widely
> in the field.

BTW, I'm not pushing back on it for being intrusive. It's actually not
_that_ intrusive. Most of it sits off on the side. It looked like it had
a parallel boot entry point, for instance, that is separate from but
shouldn't break the normal entry points.

BTW. it sounds like folks are pretty unhappy with Intel here on a bunch
of levels. It's not my personal hardware design or anything, so please
don't pull any punches. If Intel screwed up here and that's why we need
5,000 lines of arguably duplicate functionality, then please say so.
You're not going to hurt my feelings.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ