From: Ross Philipson <ross.philipson@oracle.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
iommu@lists.linux-foundation.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org
Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, luto@amacapital.net,
trenchboot-devel@googlegroups.com
Subject: [PATCH 01/13] x86: Secure Launch Kconfig
Date: Thu, 24 Sep 2020 10:58:29 -0400 [thread overview]
Message-ID: <1600959521-24158-2-git-send-email-ross.philipson@oracle.com> (raw)
In-Reply-To: <1600959521-24158-1-git-send-email-ross.philipson@oracle.com>
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
arch/x86/Kconfig | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7101ac6..8957981 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1968,6 +1968,42 @@ config EFI_MIXED
If unsure, say N.
+config SECURE_LAUNCH
+ bool "Secure Launch support"
+ default n
+ depends on X86_64
+ help
+ The Secure Launch feature allows a kernel to be loaded
+ directly through an Intel TXT measured launch. Intel TXT
+ establishes a Dynamic Root of Trust for Measurement (DRTM)
+ where the CPU measures the kernel image. This feature then
+ continues the measurement chain over kernel configuration
+ information and init images.
+
+choice
+ prompt "Select Secure Launch Algorithm for TPM2"
+ depends on SECURE_LAUNCH
+
+config SECURE_LAUNCH_SHA1
+ bool "Secure Launch TPM1 SHA1"
+ help
+ When using Secure Launch and TPM1 is present, use SHA1 hash
+ algorithm for measurements.
+
+config SECURE_LAUNCH_SHA256
+ bool "Secure Launch TPM2 SHA256"
+ help
+ When using Secure Launch and TPM2 is present, use SHA256 hash
+ algorithm for measurements.
+
+config SECURE_LAUNCH_SHA512
+ bool "Secure Launch TPM2 SHA512"
+ help
+ When using Secure Launch and TPM2 is present, use SHA512 hash
+ algorithm for measurements.
+
+endchoice
+
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
--
1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: Ross Philipson <ross.philipson@oracle.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
iommu@lists.linux-foundation.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org
Cc: dpsmith@apertussolutions.com, ross.philipson@oracle.com,
luto@amacapital.net, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, tglx@linutronix.de,
trenchboot-devel@googlegroups.com
Subject: [PATCH 01/13] x86: Secure Launch Kconfig
Date: Thu, 24 Sep 2020 10:58:29 -0400 [thread overview]
Message-ID: <1600959521-24158-2-git-send-email-ross.philipson@oracle.com> (raw)
In-Reply-To: <1600959521-24158-1-git-send-email-ross.philipson@oracle.com>
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
arch/x86/Kconfig | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7101ac6..8957981 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1968,6 +1968,42 @@ config EFI_MIXED
If unsure, say N.
+config SECURE_LAUNCH
+ bool "Secure Launch support"
+ default n
+ depends on X86_64
+ help
+ The Secure Launch feature allows a kernel to be loaded
+ directly through an Intel TXT measured launch. Intel TXT
+ establishes a Dynamic Root of Trust for Measurement (DRTM)
+ where the CPU measures the kernel image. This feature then
+ continues the measurement chain over kernel configuration
+ information and init images.
+
+choice
+ prompt "Select Secure Launch Algorithm for TPM2"
+ depends on SECURE_LAUNCH
+
+config SECURE_LAUNCH_SHA1
+ bool "Secure Launch TPM1 SHA1"
+ help
+ When using Secure Launch and TPM1 is present, use SHA1 hash
+ algorithm for measurements.
+
+config SECURE_LAUNCH_SHA256
+ bool "Secure Launch TPM2 SHA256"
+ help
+ When using Secure Launch and TPM2 is present, use SHA256 hash
+ algorithm for measurements.
+
+config SECURE_LAUNCH_SHA512
+ bool "Secure Launch TPM2 SHA512"
+ help
+ When using Secure Launch and TPM2 is present, use SHA512 hash
+ algorithm for measurements.
+
+endchoice
+
config SECCOMP
def_bool y
prompt "Enable seccomp to safely compute untrusted bytecode"
--
1.8.3.1
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2020-09-24 15:00 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-24 14:58 [PATCH 00/13] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` Ross Philipson [this message]
2020-09-24 14:58 ` [PATCH 01/13] x86: Secure Launch Kconfig Ross Philipson
2020-09-25 2:08 ` Randy Dunlap
2020-09-25 2:08 ` Randy Dunlap
2020-09-25 14:59 ` Ross Philipson
2020-09-25 14:59 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 02/13] x86: Secure Launch main header file Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 03/13] x86: Add early SHA support for Secure Launch early measurements Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-29 17:26 ` Jason Andryuk
2020-09-29 17:26 ` Jason Andryuk
2020-09-24 14:58 ` [PATCH 04/13] x86: Add early TPM TIS/CRB interface support for Secure Launch Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 05/13] x86: Add early TPM1.2/TPM2.0 " Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-25 5:43 ` Jarkko Sakkinen
2020-09-25 5:43 ` Jarkko Sakkinen
2020-09-29 23:47 ` Daniel P. Smith
2020-09-29 23:47 ` Daniel P. Smith
2020-09-30 3:19 ` Jarkko Sakkinen
2020-09-30 3:19 ` Jarkko Sakkinen
2020-09-30 3:24 ` Jarkko Sakkinen
2020-09-30 3:24 ` Jarkko Sakkinen
2021-01-20 0:33 ` Daniel P. Smith
2021-01-20 0:33 ` Daniel P. Smith
2020-09-24 14:58 ` [PATCH 06/13] x86: Add early general TPM " Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 07/13] x86: Secure Launch kernel early boot stub Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 17:38 ` Arvind Sankar
2020-09-24 17:38 ` Arvind Sankar
2020-09-25 14:56 ` Ross Philipson
2020-09-25 14:56 ` Ross Philipson
2020-09-25 19:18 ` Arvind Sankar
2020-09-25 19:18 ` Arvind Sankar
2020-09-29 14:03 ` Ross Philipson
2020-09-29 14:03 ` Ross Philipson
2020-09-29 14:53 ` Arvind Sankar
2020-09-29 14:53 ` Arvind Sankar
2020-10-15 18:26 ` Daniel Kiper
2020-10-15 18:26 ` Daniel Kiper
2020-10-16 20:51 ` Arvind Sankar
2020-10-16 20:51 ` Arvind Sankar
2020-10-19 14:38 ` Ross Philipson
2020-10-19 14:38 ` Ross Philipson
2020-10-19 17:06 ` Arvind Sankar
2020-10-19 17:06 ` Arvind Sankar
2020-10-19 19:00 ` Ross Philipson
2020-10-19 19:00 ` Ross Philipson
2020-10-19 14:51 ` Daniel Kiper
2020-10-19 14:51 ` Daniel Kiper
2020-10-19 17:18 ` Arvind Sankar
2020-10-19 17:18 ` Arvind Sankar
2020-10-21 15:28 ` Daniel Kiper
2020-10-21 15:28 ` Daniel Kiper
2020-10-21 16:18 ` Arvind Sankar
2020-10-21 16:18 ` Arvind Sankar
2020-10-21 20:36 ` Ross Philipson
2020-10-21 20:36 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 08/13] x86: Secure Launch kernel late " Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 09/13] x86: Secure Launch SMP bringup support Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 10/13] x86: Secure Launch adding event log securityfs Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 11/13] kexec: Secure Launch kexec SEXIT support Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 12/13] reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-24 14:58 ` [PATCH 13/13] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch Ross Philipson
2020-09-24 14:58 ` Ross Philipson
2020-09-25 5:30 ` [PATCH 00/13] x86: Trenchboot secure dynamic launch Linux kernel support Jarkko Sakkinen
2020-09-25 5:30 ` Jarkko Sakkinen
2020-09-25 21:32 ` Daniel P. Smith
2020-09-25 21:32 ` Daniel P. Smith
2020-09-27 23:59 ` Jarkko Sakkinen
2020-09-27 23:59 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1600959521-24158-2-git-send-email-ross.philipson@oracle.com \
--to=ross.philipson@oracle.com \
--cc=bp@alien8.de \
--cc=dpsmith@apertussolutions.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.