| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9b18e8e3-f3e2-48d4-839a-56e1d8f62657@intel.com> Date: Fri, 25 Apr 2025 07:12:51 -0700 From: Dave Hansen <dave.hansen@...el.com> To: Rich Persaud <persaur@...il.com> Cc: Ross Philipson <ross.philipson@...cle.com>, linux-kernel@...r.kernel.org, x86@...nel.org, linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org, linux-crypto@...r.kernel.org, kexec@...ts.infradead.org, linux-efi@...r.kernel.org, iommu@...ts.linux.dev, dpsmith@...rtussolutions.com, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com, dave.hansen@...ux.intel.com, ardb@...nel.org, mjg59@...f.ucam.org, James.Bottomley@...senpartnership.com, peterhuewe@....de, jarkko@...nel.org, jgg@...pe.ca, luto@...capital.net, nivedita@...m.mit.edu, herbert@...dor.apana.org.au, davem@...emloft.net, corbet@....net, ebiederm@...ssion.com, dwmw2@...radead.org, baolu.lu@...ux.intel.com, kanth.ghatraju@...cle.com, andrew.cooper3@...rix.com, trenchboot-devel@...glegroups.com, Sergii Dmytruk <sergii.dmytruk@...eb.com>, openxt@...glegroups.com, "Mowka, Mateusz" <mateusz.mowka@...el.com>, Ning Sun <ning.sun@...el.com>, tboot-devel@...ts.sourceforge.net Subject: Re: [PATCH v14 00/19] x86: Trenchboot secure dynamic launch Linux kernel support On 4/25/25 03:12, Rich Persaud wrote: > On Apr 24, 2025, at 2:45 PM, Dave Hansen <dave.hansen@...el.com> > wrote: >> On 4/21/25 09:26, Ross Philipson wrote: >>> This patchset provides detailed documentation of DRTM, the >>> approach used for adding the capbility, and relevant API/ABI >>> documentation. In addition to the documentation the patch set >>> introduces Intel TXT support as the first platform for Linux >>> Secure Launch. >> >> So, I know some of the story here thanks to Andy Cooper. But the >> elephant in the room is: >> >>> INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT) M: Ning Sun >>> <ning.sun@...el.com> L: tboot-devel@...ts.sourceforge.net >>> S: Supported W: http://tboot.sourceforge.net T: hg >>> http://tboot.hg.sourceforge.net:8000/hgroot/tboot/tboot F: >>> Documentation/arch/x86/intel_txt.rst F: arch/x86/ kernel/ >>> tboot.c F: include/linux/tboot.h >> >> Linux already supports TXT. Why do we need TrenchBoot? > > One reason is to generalize DRTM support to other platforms. OK, but why do this in Linux as opposed to tboot? Right now, much of the TXT magic is done outside of the kernel. Why do it *IN* the kernel? >> Also, honestly, what do you think we should do with the Linux >> tboot code? Is everyone going to be moving over to Trenchboot> > OpenXT will migrate development of measured launch from tboot to > TrenchBoot Secure Launch, after upstream Linux and Xen have support > for both Intel and AMD DRTM. Previously-deployed Intel devices using > tboot, derived from OpenXT, will need support until users upgrade > their hardware. Say we axed tboot support from 6.16, but merged Trenchboot. A user on old hardware upgrades their kernel. What happens to them? >> so that Linux support for TXT/tboot can just go away? You didn't _really_ answer the question. Summarizing, I think you're saying that TXT/tboot Linux support can just go away, but it will be help if its maintainers help its users transition. Does anybody disagree with that? > In that perfect world, Intel ACM and tboot developers would review > the TrenchBoot Linux series So, I was looking on the cc list and I didn't see them on there. Shouldn't they be cc'd if you want them to review the series? A little poking at lore makes me think that they were *NEVER* cc'd. Is that right, or is my lore-foo weak?
Powered by blists - more mailing lists