lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <18F9BD47-282D-4225-AB6B-FDA4AD52D7AE@gmail.com>
Date: Fri, 25 Apr 2025 06:12:46 -0400
From: Rich Persaud <persaur@...il.com>
To: Dave Hansen <dave.hansen@...el.com>
Cc: Ross Philipson <ross.philipson@...cle.com>,
 linux-kernel@...r.kernel.org, x86@...nel.org,
 linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org,
 linux-crypto@...r.kernel.org, kexec@...ts.infradead.org,
 linux-efi@...r.kernel.org, iommu@...ts.linux.dev,
 dpsmith@...rtussolutions.com, tglx@...utronix.de, mingo@...hat.com,
 bp@...en8.de, hpa@...or.com, dave.hansen@...ux.intel.com, ardb@...nel.org,
 mjg59@...f.ucam.org, James.Bottomley@...senpartnership.com,
 peterhuewe@....de, jarkko@...nel.org, jgg@...pe.ca, luto@...capital.net,
 nivedita@...m.mit.edu, herbert@...dor.apana.org.au, davem@...emloft.net,
 corbet@....net, ebiederm@...ssion.com, dwmw2@...radead.org,
 baolu.lu@...ux.intel.com, kanth.ghatraju@...cle.com,
 andrew.cooper3@...rix.com, trenchboot-devel@...glegroups.com,
 Sergii Dmytruk <sergii.dmytruk@...eb.com>, openxt@...glegroups.com
Subject: Re: [PATCH v14 00/19] x86: Trenchboot secure dynamic launch Linux kernel support

On Apr 24, 2025, at 2:45 PM, Dave Hansen <dave.hansen@...el.com> wrote:
> On 4/21/25 09:26, Ross Philipson wrote:
>> This patchset provides detailed documentation of DRTM, the approach used for
>> adding the capbility, and relevant API/ABI documentation. In addition to the
>> documentation the patch set introduces Intel TXT support as the first platform
>> for Linux Secure Launch.
> 
> So, I know some of the story here thanks to Andy Cooper. But the
> elephant in the room is:
> 
>> INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT)
>> M:      Ning Sun <ning.sun@...el.com>
>> L:      tboot-devel@...ts.sourceforge.net
>> S:      Supported
>> W:      http://tboot.sourceforge.net
>> T:      hg http://tboot.hg.sourceforge.net:8000/hgroot/tboot/tboot
>> F:      Documentation/arch/x86/intel_txt.rst
>> F:      arch/x86/kernel/tboot.c
>> F:      include/linux/tboot.h
> 
> Linux already supports TXT. Why do we need TrenchBoot?

One reason is to generalize DRTM support to other platforms.

RFC: Trenchboot Secure Launch DRTM for AMD SKINIT 
https://lore.kernel.org/lkml/cover.1734008878.git.sergii.dmytruk@3mdeb.com/

OpenXT.org measured launch usage of tboot originated in 2012, when I was the program manager for XenClient joint development [1][2] by Intel and Citrix. TrenchBoot was proposed in 2018 at Platform Security Summit and evolved [3] based on LKML and conference feedback. The tboot community was introduced [4] to TrenchBoot in 2022.


> I think I know the answer, but it also needs to be a part of the
> documentation, changelogs and cover letter.
> 
> Also, honestly, what do you think we should do with the Linux tboot
> code? Is everyone going to be moving over to Trenchboot

OpenXT will migrate development of measured launch from tboot to TrenchBoot Secure Launch, after upstream Linux and Xen have support for both Intel and AMD DRTM. Previously-deployed Intel devices using tboot, derived from OpenXT, will need support until users upgrade their hardware. Qubes is integrating [5] TrenchBoot into AEM (Anti Evil Maid). Since Oracle has spent several years working on this TrenchBoot series, they might use it, hopefully they can comment. 


> so that Linux support for TXT/tboot can just go away?

[opinion]
Which one will prevail? That may have less to do with tboot-trenchboot differences and more to do with AMD-Intel product marketing and OEM segmentation of DRTM features, some certified by Microsoft as "Secured Core" clients with SMM attestation (Intel PPAM and AMD SMM Supervisor).

Intel requires client vPro devices for TXT, but has slowly expanded the list of eligible SKUs via "vPro Essentials" segmentation. AMD SKINIT is present on most processors, but DRTM currently requires a dTPM instead of the "mobile" fTPM implementation in AMD PSP firmware, with dTPMs mostly present in AMD OEM "PRO" or Embedded SKUs.

If AMD included the full TPM 2.0 reference code in their PSP fTPM,  or if MS Pluton implemented a full TPM 2.0 that was compatible with DRTM, then the number of AMD DRTM-capable devices would be much higher than the number of Intel vPro or AMD PRO devices, expanding the market for DRTM-capable software like Linux (trenchboot) Secure Launch and Windows SystemGuard. That would increase client adoption of trenchboot, as the only option for Linux DRTM on AMD.

On servers, both AMD and Intel hardware support DRTM with dTPM and other roots of trust, but there are other launch considerations, including BMCs, SPDM device attestation & vendor hypervisors.
[/opinion]

In a perfect world, Intel-signed ACM (used in TXT DRTM) binary blobs would be accompanied by public read-only source code, with reproducible builds that generate those ACM blobs. In that perfect world, Intel ACM and tboot developers would review the TrenchBoot Linux series, recommend improvements and guide customers on migration from tboot to upstream-supported Linux DRTM. Neither has yet happened. Both would be welcome.

Rich


[1] https://www.intel.com/content/dam/www/public/us/en/documents/success-stories/3rd-gen-core-vpro-citrix-vendor-spotlight.pdf

[2] http://media12.connectedsocialmedia.com/intel/11/9510/Air_Force_Research_Laboratory_Security_Collaboration_Government.pdf

[3] https://trenchboot.org/events/

[4] https://sourceforge.net/p/tboot/mailman/message/37631560/

[5] https://blog.3mdeb.com/2023/2023-01-31-trenchboot-aem-for-qubesos/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ