From: Ross Philipson <ross.philipson@oracle.com> To: linux-kernel@vger.kernel.org, x86@kernel.org, iommu@lists.linux-foundation.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, luto@amacapital.net, trenchboot-devel@googlegroups.com Subject: [PATCH 01/13] x86: Secure Launch Kconfig Date: Thu, 24 Sep 2020 10:58:29 -0400 [thread overview] Message-ID: <1600959521-24158-2-git-send-email-ross.philipson@oracle.com> (raw) In-Reply-To: <1600959521-24158-1-git-send-email-ross.philipson@oracle.com> Initial bits to bring in Secure Launch functionality. Add Kconfig options for compiling in/out the Secure Launch code. Signed-off-by: Ross Philipson <ross.philipson@oracle.com> --- arch/x86/Kconfig | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 7101ac6..8957981 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1968,6 +1968,42 @@ config EFI_MIXED If unsure, say N. +config SECURE_LAUNCH + bool "Secure Launch support" + default n + depends on X86_64 + help + The Secure Launch feature allows a kernel to be loaded + directly through an Intel TXT measured launch. Intel TXT + establishes a Dynamic Root of Trust for Measurement (DRTM) + where the CPU measures the kernel image. This feature then + continues the measurement chain over kernel configuration + information and init images. + +choice + prompt "Select Secure Launch Algorithm for TPM2" + depends on SECURE_LAUNCH + +config SECURE_LAUNCH_SHA1 + bool "Secure Launch TPM1 SHA1" + help + When using Secure Launch and TPM1 is present, use SHA1 hash + algorithm for measurements. + +config SECURE_LAUNCH_SHA256 + bool "Secure Launch TPM2 SHA256" + help + When using Secure Launch and TPM2 is present, use SHA256 hash + algorithm for measurements. + +config SECURE_LAUNCH_SHA512 + bool "Secure Launch TPM2 SHA512" + help + When using Secure Launch and TPM2 is present, use SHA512 hash + algorithm for measurements. + +endchoice + config SECCOMP def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" -- 1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: Ross Philipson <ross.philipson@oracle.com> To: linux-kernel@vger.kernel.org, x86@kernel.org, iommu@lists.linux-foundation.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org Cc: dpsmith@apertussolutions.com, ross.philipson@oracle.com, luto@amacapital.net, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, tglx@linutronix.de, trenchboot-devel@googlegroups.com Subject: [PATCH 01/13] x86: Secure Launch Kconfig Date: Thu, 24 Sep 2020 10:58:29 -0400 [thread overview] Message-ID: <1600959521-24158-2-git-send-email-ross.philipson@oracle.com> (raw) In-Reply-To: <1600959521-24158-1-git-send-email-ross.philipson@oracle.com> Initial bits to bring in Secure Launch functionality. Add Kconfig options for compiling in/out the Secure Launch code. Signed-off-by: Ross Philipson <ross.philipson@oracle.com> --- arch/x86/Kconfig | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 7101ac6..8957981 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1968,6 +1968,42 @@ config EFI_MIXED If unsure, say N. +config SECURE_LAUNCH + bool "Secure Launch support" + default n + depends on X86_64 + help + The Secure Launch feature allows a kernel to be loaded + directly through an Intel TXT measured launch. Intel TXT + establishes a Dynamic Root of Trust for Measurement (DRTM) + where the CPU measures the kernel image. This feature then + continues the measurement chain over kernel configuration + information and init images. + +choice + prompt "Select Secure Launch Algorithm for TPM2" + depends on SECURE_LAUNCH + +config SECURE_LAUNCH_SHA1 + bool "Secure Launch TPM1 SHA1" + help + When using Secure Launch and TPM1 is present, use SHA1 hash + algorithm for measurements. + +config SECURE_LAUNCH_SHA256 + bool "Secure Launch TPM2 SHA256" + help + When using Secure Launch and TPM2 is present, use SHA256 hash + algorithm for measurements. + +config SECURE_LAUNCH_SHA512 + bool "Secure Launch TPM2 SHA512" + help + When using Secure Launch and TPM2 is present, use SHA512 hash + algorithm for measurements. + +endchoice + config SECCOMP def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" -- 1.8.3.1 _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2020-09-24 15:00 UTC|newest] Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-09-24 14:58 [PATCH 00/13] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` Ross Philipson [this message] 2020-09-24 14:58 ` [PATCH 01/13] x86: Secure Launch Kconfig Ross Philipson 2020-09-25 2:08 ` Randy Dunlap 2020-09-25 2:08 ` Randy Dunlap 2020-09-25 14:59 ` Ross Philipson 2020-09-25 14:59 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 02/13] x86: Secure Launch main header file Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 03/13] x86: Add early SHA support for Secure Launch early measurements Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-29 17:26 ` Jason Andryuk 2020-09-29 17:26 ` Jason Andryuk 2020-09-24 14:58 ` [PATCH 04/13] x86: Add early TPM TIS/CRB interface support for Secure Launch Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 05/13] x86: Add early TPM1.2/TPM2.0 " Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-25 5:43 ` Jarkko Sakkinen 2020-09-25 5:43 ` Jarkko Sakkinen 2020-09-29 23:47 ` Daniel P. Smith 2020-09-29 23:47 ` Daniel P. Smith 2020-09-30 3:19 ` Jarkko Sakkinen 2020-09-30 3:19 ` Jarkko Sakkinen 2020-09-30 3:24 ` Jarkko Sakkinen 2020-09-30 3:24 ` Jarkko Sakkinen 2021-01-20 0:33 ` Daniel P. Smith 2021-01-20 0:33 ` Daniel P. Smith 2020-09-24 14:58 ` [PATCH 06/13] x86: Add early general TPM " Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 07/13] x86: Secure Launch kernel early boot stub Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 17:38 ` Arvind Sankar 2020-09-24 17:38 ` Arvind Sankar 2020-09-25 14:56 ` Ross Philipson 2020-09-25 14:56 ` Ross Philipson 2020-09-25 19:18 ` Arvind Sankar 2020-09-25 19:18 ` Arvind Sankar 2020-09-29 14:03 ` Ross Philipson 2020-09-29 14:03 ` Ross Philipson 2020-09-29 14:53 ` Arvind Sankar 2020-09-29 14:53 ` Arvind Sankar 2020-10-15 18:26 ` Daniel Kiper 2020-10-15 18:26 ` Daniel Kiper 2020-10-16 20:51 ` Arvind Sankar 2020-10-16 20:51 ` Arvind Sankar 2020-10-19 14:38 ` Ross Philipson 2020-10-19 14:38 ` Ross Philipson 2020-10-19 17:06 ` Arvind Sankar 2020-10-19 17:06 ` Arvind Sankar 2020-10-19 19:00 ` Ross Philipson 2020-10-19 19:00 ` Ross Philipson 2020-10-19 14:51 ` Daniel Kiper 2020-10-19 14:51 ` Daniel Kiper 2020-10-19 17:18 ` Arvind Sankar 2020-10-19 17:18 ` Arvind Sankar 2020-10-21 15:28 ` Daniel Kiper 2020-10-21 15:28 ` Daniel Kiper 2020-10-21 16:18 ` Arvind Sankar 2020-10-21 16:18 ` Arvind Sankar 2020-10-21 20:36 ` Ross Philipson 2020-10-21 20:36 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 08/13] x86: Secure Launch kernel late " Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 09/13] x86: Secure Launch SMP bringup support Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 10/13] x86: Secure Launch adding event log securityfs Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 11/13] kexec: Secure Launch kexec SEXIT support Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 12/13] reboot: Secure Launch SEXIT support on reboot paths Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-24 14:58 ` [PATCH 13/13] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch Ross Philipson 2020-09-24 14:58 ` Ross Philipson 2020-09-25 5:30 ` [PATCH 00/13] x86: Trenchboot secure dynamic launch Linux kernel support Jarkko Sakkinen 2020-09-25 5:30 ` Jarkko Sakkinen 2020-09-25 21:32 ` Daniel P. Smith 2020-09-25 21:32 ` Daniel P. Smith 2020-09-27 23:59 ` Jarkko Sakkinen 2020-09-27 23:59 ` Jarkko Sakkinen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1600959521-24158-2-git-send-email-ross.philipson@oracle.com \ --to=ross.philipson@oracle.com \ --cc=bp@alien8.de \ --cc=dpsmith@apertussolutions.com \ --cc=hpa@zytor.com \ --cc=iommu@lists.linux-foundation.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@amacapital.net \ --cc=mingo@redhat.com \ --cc=tglx@linutronix.de \ --cc=trenchboot-devel@googlegroups.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.