On 12/05/2023 8:12 pm, Matthew Garrett wrote:
> On Fri, May 12, 2023 at 08:17:21PM +0200, Thomas Gleixner wrote:
>> On Fri, May 12 2023 at 17:13, Matthew Garrett wrote:
>>> On Fri, May 12, 2023 at 03:24:04PM +0200, Thomas Gleixner wrote:
On Fri, May 12 2023 at 12:28, Matthew Garrett wrote:
>>>
On Fri, May 12, 2023 at 08:17:21PM +0200, Thomas Gleixner wrote:
> On Fri, May 12 2023 at 17:13, Matthew Garrett wrote:
> > On Fri, May 12, 2023 at 03:24:04PM +0200, Thomas Gleixner wrote:
> >> On Fri, May 12 2023 at 12:28, Matthew Garrett wrote:
> >> > Unless we assert that SHA-1 events are unsupp
On 2023-05-12, Kees Cook wrote:
On Fri, May 12, 2023 at 02:25:28AM +, Fangrui Song wrote:
Tools like readelf/llvm-readelf use p_align to parse a PT_NOTE program
header as an array of 4-byte entries or 8-byte entries. Currently, there
are workarounds[1] in place for Linux to treat p_align==0
On Fri, May 12, 2023 at 02:25:28AM +, Fangrui Song wrote:
> Tools like readelf/llvm-readelf use p_align to parse a PT_NOTE program
> header as an array of 4-byte entries or 8-byte entries. Currently, there
> are workarounds[1] in place for Linux to treat p_align==0 as 4. However,
> it would be
On Fri, May 12 2023 at 17:13, Matthew Garrett wrote:
> On Fri, May 12, 2023 at 03:24:04PM +0200, Thomas Gleixner wrote:
>> On Fri, May 12 2023 at 12:28, Matthew Garrett wrote:
>> > Unless we assert that SHA-1 events are unsupported, it seems a bit odd
>> > to force a policy on people who have both
On Thu, May 04 2023 at 14:50, Ross Philipson wrote:
>
> +#ifdef CONFIG_SECURE_LAUNCH
> +
> +static atomic_t first_ap_only = {1};
ATOMIC_INIT(1) if at all.
> +
> +/*
> + * Called to fix the long jump address for the waiting APs to vector to
> + * the correct startup location in the Secure Launch
On Thu, May 04 2023 at 14:50, Ross Philipson wrote:
> +
> +/* CPUID: leaf 1, ECX, SMX feature bit */
> +#define X86_FEATURE_BIT_SMX (1 << 6)
> +
> +/* Can't include apiddef.h in asm */
Why not? All it needs is a #ifndef __ASSEMBLY__ guard around the C parts.
> +#define XAPIC_ENABLE (1 << 11)
>
On Fri, May 12, 2023 at 12:17:50PM -0400, Ross Philipson wrote:
> I am not 100% sure what you are asking but we also measure the EFI memory
> map. This comment is just to note that if the e820 exceeded the space in the
> fixed map in boot parameters, we would pick up any extra entries when
> measu
On 5/12/23 07:43, Matthew Garrett wrote:
On Thu, May 04, 2023 at 02:50:22PM +, Ross Philipson wrote:
The Secure Launch MLE environment uses PCRs that are only accessible from
the DRTM locality 2. By default the TPM drivers always initialize the
locality to 0. When a Secure Launch is in progr
On 5/12/23 07:26, Matthew Garrett wrote:
On Thu, May 04, 2023 at 02:50:16PM +, Ross Philipson wrote:
+static void sl_find_event_log(struct slr_table *slrt)
If this is called after the EFI stub then we're presumably
post-ExitBootServices and we're copied the TPM event log into a
configurat
On Fri, May 12, 2023 at 03:24:04PM +0200, Thomas Gleixner wrote:
> On Fri, May 12 2023 at 12:28, Matthew Garrett wrote:
> > Unless we assert that SHA-1 events are unsupported, it seems a bit odd
> > to force a policy on people who have both banks enabled. People with
> > mixed fleets are potentia
On 5/12/23 07:00, Matthew Garrett wrote:
On Thu, May 04, 2023 at 02:50:14PM +, Ross Philipson wrote:
+static inline int tpm12_log_event(void *evtlog_base, u32 evtlog_size,
+ u32 event_size, void *event)
+{
+ struct tpm12_event_log_header *evtlog =
+
On 5/10/23 19:02, Jarkko Sakkinen wrote:
On Thu May 4, 2023 at 5:50 PM EEST, Ross Philipson wrote:
The routine slaunch_setup is called out of the x86 specific setup_arch
routine during early kernel boot. After determining what platform is
present, various operations specific to that platform occ
On 5/10/23 18:40, Jarkko Sakkinen wrote:
On Thu May 4, 2023 at 5:50 PM EEST, Ross Philipson wrote:
From: "Daniel P. Smith"
The Secure Launch platform module is a late init module. During the
init call, the TPM event log is read and measurements taken in the
early boot stub code are located. Th
On 5/10/23 18:39, Jarkko Sakkinen wrote:
On Thu May 4, 2023 at 5:50 PM EEST, Ross Philipson wrote:
From: "Daniel P. Smith"
The Secure Launch platform module is a late init module. During the
init call, the TPM event log is read and measurements taken in the
early boot stub code are located. Th
On Thu, May 04 2023 at 14:50, Ross Philipson wrote:
> The routine slaunch_setup is called out of the x86 specific setup_arch
Can you please make functions visible in changelogs by appending (),
i.e. setup_arch() ?
See https://www.kernel.org/doc/html/latest/process/maintainer-tip.html
for further
On Fri, May 12 2023 at 12:28, Matthew Garrett wrote:
> On Fri, May 12, 2023 at 01:18:45PM +0200, Ard Biesheuvel wrote:
>> On Fri, 12 May 2023 at 13:04, Matthew Garrett wrote:
>> >
>> > On Tue, May 09, 2023 at 06:21:44PM -0700, Eric Biggers wrote:
>> >
>> > > SHA-1 is insecure. Why are you still u
On Thu, May 04 2023 at 14:50, Ross Philipson wrote:
> +KASLR Configuration
> +---
> +
> +Secure Launch does not interoperate with KASLR. If possible, the MLE should
> be
> +built with KASLR disabled::
Why?
> + "Processor type and features" -->
> + "Build a relocatable kerne
On 12/05/2023 12:58 pm, Ard Biesheuvel wrote:
> On Fri, 12 May 2023 at 13:28, Matthew Garrett wrote:
>> On Fri, May 12, 2023 at 01:18:45PM +0200, Ard Biesheuvel wrote:
>>> On Fri, 12 May 2023 at 13:04, Matthew Garrett wrote:
On Tue, May 09, 2023 at 06:21:44PM -0700, Eric Biggers wrote:
On Fri, 12 May 2023 at 13:28, Matthew Garrett wrote:
>
> On Fri, May 12, 2023 at 01:18:45PM +0200, Ard Biesheuvel wrote:
> > On Fri, 12 May 2023 at 13:04, Matthew Garrett wrote:
> > >
> > > On Tue, May 09, 2023 at 06:21:44PM -0700, Eric Biggers wrote:
> > >
> > > > SHA-1 is insecure. Why are you
On Thu, May 04, 2023 at 02:50:22PM +, Ross Philipson wrote:
> The Secure Launch MLE environment uses PCRs that are only accessible from
> the DRTM locality 2. By default the TPM drivers always initialize the
> locality to 0. When a Secure Launch is in progress, initialize the
> locality to 2.
On Thu, May 04, 2023 at 02:50:20PM +, Ross Philipson wrote:
> If the MLE kernel is being powered off, rebooted or halted,
> then SEXIT must be called. Note that the SEXIT GETSEC leaf
> can only be called after a machine_shutdown() has been done on
> these paths. The machine_shutdown() is not ca
On Fri, May 12, 2023 at 01:18:45PM +0200, Ard Biesheuvel wrote:
> On Fri, 12 May 2023 at 13:04, Matthew Garrett wrote:
> >
> > On Tue, May 09, 2023 at 06:21:44PM -0700, Eric Biggers wrote:
> >
> > > SHA-1 is insecure. Why are you still using SHA-1? Don't TPMs support
> > > SHA-2
> > > now?
> >
On Thu, May 04, 2023 at 02:50:16PM +, Ross Philipson wrote:
> +static void sl_find_event_log(struct slr_table *slrt)
If this is called after the EFI stub then we're presumably
post-ExitBootServices and we're copied the TPM event log into a
configuration table so it's available to the runtim
On Fri, 12 May 2023 at 13:04, Matthew Garrett wrote:
>
> On Tue, May 09, 2023 at 06:21:44PM -0700, Eric Biggers wrote:
>
> > SHA-1 is insecure. Why are you still using SHA-1? Don't TPMs support SHA-2
> > now?
>
> TXT is supported on some TPM 1.2 systems as well. TPM 2 systems are also
> at the w
On Tue, May 09, 2023 at 06:21:44PM -0700, Eric Biggers wrote:
> SHA-1 is insecure. Why are you still using SHA-1? Don't TPMs support SHA-2
> now?
TXT is supported on some TPM 1.2 systems as well. TPM 2 systems are also
at the whim of the firmware in terms of whether the SHA-2 banks are
enable
On Thu, May 04, 2023 at 02:50:14PM +, Ross Philipson wrote:
> +static inline int tpm12_log_event(void *evtlog_base, u32 evtlog_size,
> + u32 event_size, void *event)
> +{
> + struct tpm12_event_log_header *evtlog =
> + (struct tpm12_event_log_heade
On Thu, May 04, 2023 at 02:50:13PM +, Ross Philipson wrote:
> +#define SLR_TABLE_MAGIC 0x4452544d
>From convention I'd expect this to be 0x534c5254, but not really an
issue.
> +/* SLR defined bootloaders */
> +#define SLR_BOOTLOADER_INVALID 0
> +#define SLR_BOOTLOADER_GRU
On Thu, May 04, 2023 at 02:50:11PM +, Ross Philipson wrote:
> +Secure Launch does not interoperate with KASLR. If possible, the MLE should
> be
> +built with KASLR disabled::
Why does Secure Launch not interoperate with KASLR?
Re: IOMMUs
> +It is recommended that no other command line optio
On Sun, May 07, 2023 at 06:19:24PM -0700, Luis Chamberlain wrote:
> Here's 3 filesystems converted over to remove the kthread freezer.
>
> Luis Chamberlain (3):
> ext4: replace kthread freezing with auto fs freezing
> btrfs: replace kthread freezing with auto fs freezing
> xfs: replace kthre
30 matches
Mail list logo
