From: Ross Philipson <ross.philipson@oracle.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org,
kexec@lists.infradead.org, linux-efi@vger.kernel.org
Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, ardb@kernel.org, mjg59@srcf.ucam.org,
James.Bottomley@hansenpartnership.com, luto@amacapital.net,
nivedita@alum.mit.edu, kanth.ghatraju@oracle.com,
trenchboot-devel@googlegroups.com
Subject: [PATCH v7 03/13] x86: Secure Launch Kconfig
Date: Fri, 10 Nov 2023 17:27:41 -0500 [thread overview]
Message-ID: <20231110222751.219836-4-ross.philipson@oracle.com> (raw)
In-Reply-To: <20231110222751.219836-1-ross.philipson@oracle.com>
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
arch/x86/Kconfig | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 3762f41bb092..1b983e336611 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2066,6 +2066,18 @@ config EFI_RUNTIME_MAP
See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
+config SECURE_LAUNCH
+ bool "Secure Launch support"
+ default n
+ depends on X86_64 && X86_X2APIC
+ help
+ The Secure Launch feature allows a kernel to be loaded
+ directly through an Intel TXT measured launch. Intel TXT
+ establishes a Dynamic Root of Trust for Measurement (DRTM)
+ where the CPU measures the kernel image. This feature then
+ continues the measurement chain over kernel configuration
+ information and init images.
+
source "kernel/Kconfig.hz"
config ARCH_SUPPORTS_KEXEC
--
2.39.3
WARNING: multiple messages have this Message-ID (diff)
From: Ross Philipson <ross.philipson@oracle.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org,
kexec@lists.infradead.org, linux-efi@vger.kernel.org
Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, ardb@kernel.org, mjg59@srcf.ucam.org,
James.Bottomley@hansenpartnership.com, luto@amacapital.net,
nivedita@alum.mit.edu, kanth.ghatraju@oracle.com,
trenchboot-devel@googlegroups.com
Subject: [PATCH v7 03/13] x86: Secure Launch Kconfig
Date: Fri, 10 Nov 2023 17:27:41 -0500 [thread overview]
Message-ID: <20231110222751.219836-4-ross.philipson@oracle.com> (raw)
In-Reply-To: <20231110222751.219836-1-ross.philipson@oracle.com>
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
arch/x86/Kconfig | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 3762f41bb092..1b983e336611 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2066,6 +2066,18 @@ config EFI_RUNTIME_MAP
See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
+config SECURE_LAUNCH
+ bool "Secure Launch support"
+ default n
+ depends on X86_64 && X86_X2APIC
+ help
+ The Secure Launch feature allows a kernel to be loaded
+ directly through an Intel TXT measured launch. Intel TXT
+ establishes a Dynamic Root of Trust for Measurement (DRTM)
+ where the CPU measures the kernel image. This feature then
+ continues the measurement chain over kernel configuration
+ information and init images.
+
source "kernel/Kconfig.hz"
config ARCH_SUPPORTS_KEXEC
--
2.39.3
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2023-11-10 22:28 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-10 22:27 [PATCH v7 00/13] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 22:27 ` [PATCH v7 01/13] x86/boot: Place kernel_info at a fixed offset Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 22:27 ` [PATCH v7 02/13] Documentation/x86: Secure Launch kernel documentation Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-12 18:07 ` Alyssa Ross
2023-11-12 18:07 ` Alyssa Ross
2023-11-16 17:55 ` ross.philipson
2023-11-16 17:55 ` ross.philipson
2024-01-31 19:40 ` Daniel P. Smith
2024-01-31 19:40 ` Daniel P. Smith
2023-11-10 22:27 ` Ross Philipson [this message]
2023-11-10 22:27 ` [PATCH v7 03/13] x86: Secure Launch Kconfig Ross Philipson
2023-11-10 22:27 ` [PATCH v7 04/13] x86: Secure Launch Resource Table header file Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 22:27 ` [PATCH v7 05/13] x86: Secure Launch main " Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 22:27 ` [PATCH v7 06/13] x86: Add early SHA support for Secure Launch early measurements Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-11 17:44 ` Eric Biggers
2023-11-11 17:44 ` Eric Biggers
2023-11-11 18:19 ` Andrew Cooper
2023-11-11 18:19 ` Andrew Cooper
2023-11-11 20:36 ` James Bottomley
2023-11-11 20:36 ` James Bottomley
2023-11-13 23:21 ` Andrew Cooper
2023-11-13 23:21 ` Andrew Cooper
2023-11-10 22:27 ` [PATCH v7 07/13] x86: Secure Launch kernel early boot stub Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 22:27 ` [PATCH v7 08/13] x86: Secure Launch kernel late " Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 22:27 ` [PATCH v7 09/13] x86: Secure Launch SMP bringup support Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-11 10:41 ` kernel test robot
2023-11-11 10:41 ` kernel test robot
2023-11-10 22:27 ` [PATCH v7 10/13] kexec: Secure Launch kexec SEXIT support Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 23:41 ` Sean Christopherson
2023-11-10 23:41 ` Sean Christopherson
2023-11-16 0:50 ` ross.philipson
2023-11-16 0:50 ` ross.philipson
2023-11-10 22:27 ` [PATCH v7 11/13] reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 22:27 ` [PATCH v7 12/13] x86: Secure Launch late initcall platform module Ross Philipson
2023-11-10 22:27 ` Ross Philipson
2023-11-10 22:27 ` [PATCH v7 13/13] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch Ross Philipson
2023-11-10 22:27 ` Ross Philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231110222751.219836-4-ross.philipson@oracle.com \
--to=ross.philipson@oracle.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=dpsmith@apertussolutions.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.