lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1746037489.git.sergii.dmytruk@3mdeb.com>
Date: Thu,  1 May 2025 01:44:42 +0300
From: Sergii Dmytruk <sergii.dmytruk@...eb.com>
To: linux-kernel@...r.kernel.org
Cc: trenchboot-devel@...glegroups.com,
	"H. Peter Anvin" <hpa@...or.com>,
	Ard Biesheuvel <ardb@...nel.org>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Ingo Molnar <mingo@...hat.com>,
	Joerg Roedel <joro@...tes.org>,
	Suravee Suthikulpanit <suravee.suthikulpanit@....com>,
	Thomas Gleixner <tglx@...utronix.de>,
	x86@...nel.org
Subject: [RFC PATCH v2 0/9] x86: Trenchboot Secure Launch DRTM for AMD SKINIT (Linux)

NOTE: this patch set follows up on Intel TXT DRTM patches that are
currently under review in their 14th version [0]; therefore, it is not
standalone!

The publication of the patches at this point pursues several goals:
 - Make anyone tracking upstream aware of the maturity of the support
   for AMD SKINIT.
 - Collect early feedback on the SKINIT implementation.
 - Finally, demonstrate the extensibility of Secure Launch for
   incorporating additional platforms.

As the RFC suggest, this series is temporal and will be updated based on
changes made to the initial Secure Launch series. Review comments are
greatly welcomed and will be worked/addressed, but we would caution that
changes to the Secure Launch series will take precedence over review
comments. Once the Secure Launch series is merged, this series will
transition from RFC to a formally submitted series.

-----

The patches extend Secure Launch for legacy and UEFI boot with support
for AMD CPUs and their DRTM in two flavours: SKINIT on its own and SKINIT
with DRTM service running in PSP/ASP.

The code is adjusted to detect CPU type and handle AMD differently.
DRTM-specific differences relative to Intel TXT include:
 - absence of DRTM-specific registers to pass data from bootloader to DLME,
   resulting in passing some information via boot parameters
 - use of a different SLRT entry
 - not sending #INIT to APs
 - special handling for TPM event logs to make them "compatible" with TXT logs

-----

[0]: https://lore.kernel.org/lkml/20250421162712.77452-1-ross.philipson@oracle.com/

Changes in v2:
 - rebase onto v14 of the main patch set
 - cleaner handling of reset in sl_main.c leading to a smaller diff
 - renamed slr_entry_amd_info::boot_params_{base,addr} for consistency with
   slr_entry_intel_info
 - slightly safer slaunch_reset() macro in slmodule.c

-----

Jagannathan Raman (1):
  psp: Perform kernel portion of DRTM procedures

Michał Żygowski (1):
  x86: Implement AMD support for Secure Launch

Ross Philipson (6):
  x86: AMD changes for Secure Launch Resource Table header file
  x86: Secure Launch main header file AMD support
  x86: Split up Secure Launch setup and finalize functions
  x86: Prepare CPUs for post SKINIT launch
  x86/slmodule: Support AMD SKINIT
  x86: AMD changes for EFI stub DRTM launch support

Sergii Dmytruk (1):
  Documentation/x86: update Secure Launch for AMD SKINIT

 .../secure_launch_details.rst                 |  83 +++++-
 .../secure_launch_overview.rst                |  61 ++--
 arch/x86/Kconfig                              |   9 +-
 arch/x86/boot/compressed/sl_main.c            | 271 ++++++++++++++----
 arch/x86/boot/compressed/sl_stub.S            |  41 ++-
 arch/x86/include/asm/svm.h                    |   2 +
 arch/x86/include/uapi/asm/setup_data.h        |   3 +-
 arch/x86/kernel/Makefile                      |   1 +
 arch/x86/kernel/setup.c                       |   2 +-
 arch/x86/kernel/sl-psp.c                      | 239 +++++++++++++++
 arch/x86/kernel/slaunch.c                     | 193 +++++++++++--
 arch/x86/kernel/slmodule.c                    | 161 +++++++++--
 arch/x86/kernel/smpboot.c                     |  15 +-
 arch/x86/kernel/traps.c                       |   4 +
 drivers/firmware/efi/libstub/x86-stub.c       |  12 +-
 drivers/iommu/amd/init.c                      |  12 +
 include/linux/slaunch.h                       |  83 +++++-
 include/linux/slr_table.h                     |  15 +
 18 files changed, 1044 insertions(+), 163 deletions(-)
 create mode 100644 arch/x86/kernel/sl-psp.c


base-commit: 616c6ae2fa0b736552873af08ad0e5532e04ad80
-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ