From: Ard Biesheuvel <ardb@kernel.org>
To: Ross Philipson <ross.philipson@oracle.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, dpsmith@apertussolutions.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, dave.hansen@linux.intel.com, mjg59@srcf.ucam.org,
James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de,
jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net,
nivedita@alum.mit.edu, herbert@gondor.apana.org.au,
davem@davemloft.net, kanth.ghatraju@oracle.com,
trenchboot-devel@googlegroups.com,
Eric Biggers <ebiggers@kernel.org>
Subject: Re: [PATCH v8 06/15] x86: Add early SHA support for Secure Launch early measurements
Date: Thu, 15 Feb 2024 09:17:16 +0100 [thread overview]
Message-ID: <CAMj1kXEmMBY_jc0uM5UgZbuZ3-C7NPKzg5AScaunyu9XzLgzZA@mail.gmail.com> (raw)
In-Reply-To: <20240214221847.2066632-7-ross.philipson@oracle.com>
On Wed, 14 Feb 2024 at 23:31, Ross Philipson <ross.philipson@oracle.com> wrote:
>
> From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
>
> The SHA algorithms are necessary to measure configuration information into
> the TPM as early as possible before using the values. This implementation
> uses the established approach of #including the SHA libraries directly in
> the code since the compressed kernel is not uncompressed at this point.
>
> The SHA code here has its origins in the code from the main kernel:
>
> commit c4d5b9ffa31f ("crypto: sha1 - implement base layer for SHA-1")
>
> A modified version of this code was introduced to the lib/crypto/sha1.c
> to bring it in line with the sha256 code and allow it to be pulled into the
> setup kernel in the same manner as sha256 is.
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
We have had some discussions about this, and you really need to
capture the justification in the commit log for introducing new code
that implements an obsolete and broken hashing algorithm.
SHA-1 is broken and should no longer be used for anything. Introducing
new support for a highly complex boot security feature, and then
relying on SHA-1 in the implementation makes this whole effort seem
almost futile, *unless* you provide some rock solid reasons here why
this is still safe.
If the upshot would be that some people are stuck with SHA-1 so they
won't be able to use this feature, then I'm not convinced we should
obsess over that.
> ---
> arch/x86/boot/compressed/Makefile | 2 +
> arch/x86/boot/compressed/early_sha1.c | 12 ++++
> arch/x86/boot/compressed/early_sha256.c | 6 ++
> include/crypto/sha1.h | 1 +
> lib/crypto/sha1.c | 81 +++++++++++++++++++++++++
This needs to be a separate patch in any case.
> 5 files changed, 102 insertions(+)
> create mode 100644 arch/x86/boot/compressed/early_sha1.c
> create mode 100644 arch/x86/boot/compressed/early_sha256.c
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index f19c038409aa..a1b018eb9801 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -118,6 +118,8 @@ vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o
> vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o
> vmlinux-objs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
>
> +vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/early_sha1.o $(obj)/early_sha256.o
> +
> $(obj)/vmlinux: $(vmlinux-objs-y) FORCE
> $(call if_changed,ld)
>
> diff --git a/arch/x86/boot/compressed/early_sha1.c b/arch/x86/boot/compressed/early_sha1.c
> new file mode 100644
> index 000000000000..0c7cf6f8157a
> --- /dev/null
> +++ b/arch/x86/boot/compressed/early_sha1.c
> @@ -0,0 +1,12 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2022 Apertus Solutions, LLC.
> + */
> +
> +#include <linux/init.h>
> +#include <linux/linkage.h>
> +#include <linux/string.h>
> +#include <asm/boot.h>
> +#include <asm/unaligned.h>
> +
> +#include "../../../../lib/crypto/sha1.c"
> diff --git a/arch/x86/boot/compressed/early_sha256.c b/arch/x86/boot/compressed/early_sha256.c
> new file mode 100644
> index 000000000000..54930166ffee
> --- /dev/null
> +++ b/arch/x86/boot/compressed/early_sha256.c
> @@ -0,0 +1,6 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2022 Apertus Solutions, LLC
> + */
> +
> +#include "../../../../lib/crypto/sha256.c"
> diff --git a/include/crypto/sha1.h b/include/crypto/sha1.h
> index 044ecea60ac8..d715dd5332e1 100644
> --- a/include/crypto/sha1.h
> +++ b/include/crypto/sha1.h
> @@ -42,5 +42,6 @@ extern int crypto_sha1_finup(struct shash_desc *desc, const u8 *data,
> #define SHA1_WORKSPACE_WORDS 16
> void sha1_init(__u32 *buf);
> void sha1_transform(__u32 *digest, const char *data, __u32 *W);
> +void sha1(const u8 *data, unsigned int len, u8 *out);
>
> #endif /* _CRYPTO_SHA1_H */
> diff --git a/lib/crypto/sha1.c b/lib/crypto/sha1.c
> index 1aebe7be9401..10152125b338 100644
> --- a/lib/crypto/sha1.c
> +++ b/lib/crypto/sha1.c
> @@ -137,4 +137,85 @@ void sha1_init(__u32 *buf)
> }
> EXPORT_SYMBOL(sha1_init);
>
> +static void __sha1_transform(u32 *digest, const char *data)
> +{
> + u32 ws[SHA1_WORKSPACE_WORDS];
> +
> + sha1_transform(digest, data, ws);
> +
> + memzero_explicit(ws, sizeof(ws));
> +}
> +
> +static void sha1_update(struct sha1_state *sctx, const u8 *data, unsigned int len)
> +{
> + unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
> +
> + sctx->count += len;
> +
> + if (likely((partial + len) >= SHA1_BLOCK_SIZE)) {
> + int blocks;
> +
> + if (partial) {
> + int p = SHA1_BLOCK_SIZE - partial;
> +
> + memcpy(sctx->buffer + partial, data, p);
> + data += p;
> + len -= p;
> +
> + __sha1_transform(sctx->state, sctx->buffer);
> + }
> +
> + blocks = len / SHA1_BLOCK_SIZE;
> + len %= SHA1_BLOCK_SIZE;
> +
> + if (blocks) {
> + while (blocks--) {
> + __sha1_transform(sctx->state, data);
> + data += SHA1_BLOCK_SIZE;
> + }
> + }
> + partial = 0;
> + }
> +
> + if (len)
> + memcpy(sctx->buffer + partial, data, len);
> +}
> +
> +static void sha1_final(struct sha1_state *sctx, u8 *out)
> +{
> + const int bit_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
> + unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
> + __be64 *bits = (__be64 *)(sctx->buffer + bit_offset);
> + __be32 *digest = (__be32 *)out;
> + int i;
> +
> + sctx->buffer[partial++] = 0x80;
> + if (partial > bit_offset) {
> + memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial);
> + partial = 0;
> +
> + __sha1_transform(sctx->state, sctx->buffer);
> + }
> +
> + memset(sctx->buffer + partial, 0x0, bit_offset - partial);
> + *bits = cpu_to_be64(sctx->count << 3);
> + __sha1_transform(sctx->state, sctx->buffer);
> +
> + for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++)
> + put_unaligned_be32(sctx->state[i], digest++);
> +
> + *sctx = (struct sha1_state){};
> +}
> +
> +void sha1(const u8 *data, unsigned int len, u8 *out)
> +{
> + struct sha1_state sctx = {0};
> +
> + sha1_init(sctx.state);
> + sctx.count = 0;
> + sha1_update(&sctx, data, len);
> + sha1_final(&sctx, out);
> +}
> +EXPORT_SYMBOL(sha1);
> +
> MODULE_LICENSE("GPL");
> --
> 2.39.3
>
WARNING: multiple messages have this Message-ID (diff)
From: Ard Biesheuvel <ardb@kernel.org>
To: Ross Philipson <ross.philipson@oracle.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, dpsmith@apertussolutions.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, dave.hansen@linux.intel.com, mjg59@srcf.ucam.org,
James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de,
jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net,
nivedita@alum.mit.edu, herbert@gondor.apana.org.au,
davem@davemloft.net, kanth.ghatraju@oracle.com,
trenchboot-devel@googlegroups.com,
Eric Biggers <ebiggers@kernel.org>
Subject: Re: [PATCH v8 06/15] x86: Add early SHA support for Secure Launch early measurements
Date: Thu, 15 Feb 2024 09:17:16 +0100 [thread overview]
Message-ID: <CAMj1kXEmMBY_jc0uM5UgZbuZ3-C7NPKzg5AScaunyu9XzLgzZA@mail.gmail.com> (raw)
In-Reply-To: <20240214221847.2066632-7-ross.philipson@oracle.com>
On Wed, 14 Feb 2024 at 23:31, Ross Philipson <ross.philipson@oracle.com> wrote:
>
> From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
>
> The SHA algorithms are necessary to measure configuration information into
> the TPM as early as possible before using the values. This implementation
> uses the established approach of #including the SHA libraries directly in
> the code since the compressed kernel is not uncompressed at this point.
>
> The SHA code here has its origins in the code from the main kernel:
>
> commit c4d5b9ffa31f ("crypto: sha1 - implement base layer for SHA-1")
>
> A modified version of this code was introduced to the lib/crypto/sha1.c
> to bring it in line with the sha256 code and allow it to be pulled into the
> setup kernel in the same manner as sha256 is.
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
We have had some discussions about this, and you really need to
capture the justification in the commit log for introducing new code
that implements an obsolete and broken hashing algorithm.
SHA-1 is broken and should no longer be used for anything. Introducing
new support for a highly complex boot security feature, and then
relying on SHA-1 in the implementation makes this whole effort seem
almost futile, *unless* you provide some rock solid reasons here why
this is still safe.
If the upshot would be that some people are stuck with SHA-1 so they
won't be able to use this feature, then I'm not convinced we should
obsess over that.
> ---
> arch/x86/boot/compressed/Makefile | 2 +
> arch/x86/boot/compressed/early_sha1.c | 12 ++++
> arch/x86/boot/compressed/early_sha256.c | 6 ++
> include/crypto/sha1.h | 1 +
> lib/crypto/sha1.c | 81 +++++++++++++++++++++++++
This needs to be a separate patch in any case.
> 5 files changed, 102 insertions(+)
> create mode 100644 arch/x86/boot/compressed/early_sha1.c
> create mode 100644 arch/x86/boot/compressed/early_sha256.c
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index f19c038409aa..a1b018eb9801 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -118,6 +118,8 @@ vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o
> vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o
> vmlinux-objs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
>
> +vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/early_sha1.o $(obj)/early_sha256.o
> +
> $(obj)/vmlinux: $(vmlinux-objs-y) FORCE
> $(call if_changed,ld)
>
> diff --git a/arch/x86/boot/compressed/early_sha1.c b/arch/x86/boot/compressed/early_sha1.c
> new file mode 100644
> index 000000000000..0c7cf6f8157a
> --- /dev/null
> +++ b/arch/x86/boot/compressed/early_sha1.c
> @@ -0,0 +1,12 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2022 Apertus Solutions, LLC.
> + */
> +
> +#include <linux/init.h>
> +#include <linux/linkage.h>
> +#include <linux/string.h>
> +#include <asm/boot.h>
> +#include <asm/unaligned.h>
> +
> +#include "../../../../lib/crypto/sha1.c"
> diff --git a/arch/x86/boot/compressed/early_sha256.c b/arch/x86/boot/compressed/early_sha256.c
> new file mode 100644
> index 000000000000..54930166ffee
> --- /dev/null
> +++ b/arch/x86/boot/compressed/early_sha256.c
> @@ -0,0 +1,6 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2022 Apertus Solutions, LLC
> + */
> +
> +#include "../../../../lib/crypto/sha256.c"
> diff --git a/include/crypto/sha1.h b/include/crypto/sha1.h
> index 044ecea60ac8..d715dd5332e1 100644
> --- a/include/crypto/sha1.h
> +++ b/include/crypto/sha1.h
> @@ -42,5 +42,6 @@ extern int crypto_sha1_finup(struct shash_desc *desc, const u8 *data,
> #define SHA1_WORKSPACE_WORDS 16
> void sha1_init(__u32 *buf);
> void sha1_transform(__u32 *digest, const char *data, __u32 *W);
> +void sha1(const u8 *data, unsigned int len, u8 *out);
>
> #endif /* _CRYPTO_SHA1_H */
> diff --git a/lib/crypto/sha1.c b/lib/crypto/sha1.c
> index 1aebe7be9401..10152125b338 100644
> --- a/lib/crypto/sha1.c
> +++ b/lib/crypto/sha1.c
> @@ -137,4 +137,85 @@ void sha1_init(__u32 *buf)
> }
> EXPORT_SYMBOL(sha1_init);
>
> +static void __sha1_transform(u32 *digest, const char *data)
> +{
> + u32 ws[SHA1_WORKSPACE_WORDS];
> +
> + sha1_transform(digest, data, ws);
> +
> + memzero_explicit(ws, sizeof(ws));
> +}
> +
> +static void sha1_update(struct sha1_state *sctx, const u8 *data, unsigned int len)
> +{
> + unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
> +
> + sctx->count += len;
> +
> + if (likely((partial + len) >= SHA1_BLOCK_SIZE)) {
> + int blocks;
> +
> + if (partial) {
> + int p = SHA1_BLOCK_SIZE - partial;
> +
> + memcpy(sctx->buffer + partial, data, p);
> + data += p;
> + len -= p;
> +
> + __sha1_transform(sctx->state, sctx->buffer);
> + }
> +
> + blocks = len / SHA1_BLOCK_SIZE;
> + len %= SHA1_BLOCK_SIZE;
> +
> + if (blocks) {
> + while (blocks--) {
> + __sha1_transform(sctx->state, data);
> + data += SHA1_BLOCK_SIZE;
> + }
> + }
> + partial = 0;
> + }
> +
> + if (len)
> + memcpy(sctx->buffer + partial, data, len);
> +}
> +
> +static void sha1_final(struct sha1_state *sctx, u8 *out)
> +{
> + const int bit_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
> + unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
> + __be64 *bits = (__be64 *)(sctx->buffer + bit_offset);
> + __be32 *digest = (__be32 *)out;
> + int i;
> +
> + sctx->buffer[partial++] = 0x80;
> + if (partial > bit_offset) {
> + memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial);
> + partial = 0;
> +
> + __sha1_transform(sctx->state, sctx->buffer);
> + }
> +
> + memset(sctx->buffer + partial, 0x0, bit_offset - partial);
> + *bits = cpu_to_be64(sctx->count << 3);
> + __sha1_transform(sctx->state, sctx->buffer);
> +
> + for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++)
> + put_unaligned_be32(sctx->state[i], digest++);
> +
> + *sctx = (struct sha1_state){};
> +}
> +
> +void sha1(const u8 *data, unsigned int len, u8 *out)
> +{
> + struct sha1_state sctx = {0};
> +
> + sha1_init(sctx.state);
> + sctx.count = 0;
> + sha1_update(&sctx, data, len);
> + sha1_final(&sctx, out);
> +}
> +EXPORT_SYMBOL(sha1);
> +
> MODULE_LICENSE("GPL");
> --
> 2.39.3
>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2024-02-15 8:17 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-14 22:18 [PATCH v8 00/15] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 01/15] x86/boot: Place kernel_info at a fixed offset Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-15 7:56 ` Ard Biesheuvel
2024-02-15 7:56 ` Ard Biesheuvel
2024-02-15 10:56 ` Daniel Kiper
2024-02-15 10:56 ` Daniel Kiper
2024-03-21 13:45 ` Daniel P. Smith
2024-03-21 13:45 ` Daniel P. Smith
2024-03-22 14:18 ` H. Peter Anvin
2024-03-22 14:18 ` H. Peter Anvin
2024-03-23 1:33 ` Daniel P. Smith
2024-03-23 1:33 ` Daniel P. Smith
2024-02-14 22:18 ` [PATCH v8 02/15] Documentation/x86: Secure Launch kernel documentation Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 03/15] x86: Secure Launch Kconfig Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-15 7:59 ` Ard Biesheuvel
2024-02-15 7:59 ` Ard Biesheuvel
2024-02-15 22:20 ` ross.philipson
2024-02-15 22:20 ` ross.philipson
2024-02-14 22:18 ` [PATCH v8 04/15] x86: Secure Launch Resource Table header file Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-15 8:08 ` Ard Biesheuvel
2024-02-15 8:08 ` Ard Biesheuvel
2024-02-22 2:03 ` Andrew Cooper
2024-02-22 2:03 ` Andrew Cooper
2024-02-22 2:10 ` ross.philipson
2024-02-22 2:10 ` ross.philipson
2024-02-22 17:49 ` ross.philipson
2024-02-22 17:49 ` ross.philipson
2024-03-29 22:38 ` Kim Phillips
2024-03-29 22:38 ` Kim Phillips
2024-03-29 22:38 ` Kim Phillips
2024-03-29 22:38 ` Kim Phillips
2024-03-29 22:38 ` Kim Phillips
2024-03-29 22:38 ` Kim Phillips
2024-04-01 18:25 ` ross.philipson
2024-04-01 18:25 ` ross.philipson
2024-02-14 22:18 ` [PATCH v8 05/15] x86: Secure Launch main " Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 06/15] x86: Add early SHA support for Secure Launch early measurements Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-15 8:17 ` Ard Biesheuvel [this message]
2024-02-15 8:17 ` Ard Biesheuvel
2024-02-22 3:04 ` Andrew Cooper
2024-02-22 3:04 ` Andrew Cooper
2024-02-22 9:34 ` Ard Biesheuvel
2024-02-22 9:34 ` Ard Biesheuvel
2024-02-22 12:30 ` Andrew Cooper
2024-02-22 12:30 ` Andrew Cooper
2024-02-23 9:27 ` Ard Biesheuvel
2024-02-23 9:27 ` Ard Biesheuvel
2024-02-23 16:42 ` Andrew Cooper
2024-02-23 16:42 ` Andrew Cooper
2024-02-23 17:54 ` Eric Biggers
2024-02-23 17:54 ` Eric Biggers
2024-02-23 18:20 ` Andrew Cooper
2024-02-23 18:20 ` Andrew Cooper
2024-02-23 18:30 ` Eric Biggers
2024-02-23 18:30 ` Eric Biggers
2024-04-03 16:32 ` Andy Lutomirski
2024-04-03 16:32 ` Andy Lutomirski
2024-04-03 23:56 ` Eric Biggers
2024-04-03 23:56 ` Eric Biggers
2024-04-04 4:55 ` ross.philipson
2024-04-04 4:55 ` ross.philipson
2024-04-04 14:55 ` Jarkko Sakkinen
2024-04-04 14:55 ` Jarkko Sakkinen
2024-02-14 22:18 ` [PATCH v8 07/15] x86: Secure Launch kernel early boot stub Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-15 8:29 ` Ard Biesheuvel
2024-02-15 8:29 ` Ard Biesheuvel
2024-02-15 22:26 ` ross.philipson
2024-02-15 22:26 ` ross.philipson
2024-02-14 22:18 ` [PATCH v8 08/15] x86: Secure Launch kernel late " Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 09/15] x86: Secure Launch SMP bringup support Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 10/15] kexec: Secure Launch kexec SEXIT support Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 11/15] reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 12/15] tpm: Add ability to set the preferred locality the TPM chip uses Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 13/15] tpm: Add sysfs interface to allow setting and querying the preferred locality Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-14 22:18 ` [PATCH v8 14/15] x86: Secure Launch late initcall platform module Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-15 8:40 ` Ard Biesheuvel
2024-02-15 8:40 ` Ard Biesheuvel
2024-02-22 13:57 ` Daniel P. Smith
2024-02-22 13:57 ` Daniel P. Smith
2024-02-23 9:36 ` Ard Biesheuvel
2024-02-23 9:36 ` Ard Biesheuvel
2024-03-21 14:11 ` Daniel P. Smith
2024-03-21 14:11 ` Daniel P. Smith
2024-02-16 1:53 ` kernel test robot
2024-02-16 1:53 ` kernel test robot
2024-02-17 7:53 ` kernel test robot
2024-02-17 7:53 ` kernel test robot
2024-02-14 22:18 ` [PATCH v8 15/15] x86: EFI stub DRTM launch support for Secure Launch Ross Philipson
2024-02-14 22:18 ` Ross Philipson
2024-02-15 9:01 ` Ard Biesheuvel
2024-02-15 9:01 ` Ard Biesheuvel
2024-02-21 20:17 ` ross.philipson
2024-02-21 20:17 ` ross.philipson
2024-02-21 20:37 ` H. Peter Anvin
2024-02-21 20:37 ` H. Peter Anvin
2024-02-21 23:24 ` Ard Biesheuvel
2024-02-21 23:24 ` Ard Biesheuvel
2024-02-17 7:31 ` kernel test robot
2024-02-17 7:31 ` kernel test robot
2024-02-17 20:06 ` kernel test robot
2024-02-17 20:06 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXEmMBY_jc0uM5UgZbuZ3-C7NPKzg5AScaunyu9XzLgzZA@mail.gmail.com \
--to=ardb@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.