lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3a193231-82cd-4b42-96fc-ea1859b5a8b9@intel.com>
Date: Thu, 24 Apr 2025 11:45:01 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Ross Philipson <ross.philipson@...cle.com>, linux-kernel@...r.kernel.org,
 x86@...nel.org, linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org,
 linux-crypto@...r.kernel.org, kexec@...ts.infradead.org,
 linux-efi@...r.kernel.org, iommu@...ts.linux.dev
Cc: dpsmith@...rtussolutions.com, tglx@...utronix.de, mingo@...hat.com,
 bp@...en8.de, hpa@...or.com, dave.hansen@...ux.intel.com, ardb@...nel.org,
 mjg59@...f.ucam.org, James.Bottomley@...senpartnership.com,
 peterhuewe@....de, jarkko@...nel.org, jgg@...pe.ca, luto@...capital.net,
 nivedita@...m.mit.edu, herbert@...dor.apana.org.au, davem@...emloft.net,
 corbet@....net, ebiederm@...ssion.com, dwmw2@...radead.org,
 baolu.lu@...ux.intel.com, kanth.ghatraju@...cle.com,
 andrew.cooper3@...rix.com, trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v14 00/19] x86: Trenchboot secure dynamic launch Linux
 kernel support

On 4/21/25 09:26, Ross Philipson wrote:
> This patchset provides detailed documentation of DRTM, the approach used for
> adding the capbility, and relevant API/ABI documentation. In addition to the
> documentation the patch set introduces Intel TXT support as the first platform
> for Linux Secure Launch.

So, I know some of the story here thanks to Andy Cooper. But the
elephant in the room is:

> INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT)
> M:      Ning Sun <ning.sun@...el.com>
> L:      tboot-devel@...ts.sourceforge.net
> S:      Supported
> W:      http://tboot.sourceforge.net
> T:      hg http://tboot.hg.sourceforge.net:8000/hgroot/tboot/tboot
> F:      Documentation/arch/x86/intel_txt.rst
> F:      arch/x86/kernel/tboot.c
> F:      include/linux/tboot.h

Linux already supports TXT. Why do we need TrenchBoot?

I think I know the answer, but it also needs to be a part of the
documentation, changelogs and cover letter.

Also, honestly, what do you think we should do with the Linux tboot
code? Is everyone going to be moving over to Trenchboot so that Linux
support for TXT/tboot can just go away?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ