handling the APs on Intel
platforms. The routine sl_main which runs after entering 64b mode is
responsible for measuring configuration and module information before
it is used like the boot params, the kernel command line, the TXT heap,
an external initramfs, etc.
Signed-off-by: Ross Philipson
handling the APs on Intel
platforms. The routine sl_main which runs after entering 64b mode is
responsible for measuring configuration and module information before
it is used like the boot params, the kernel command line, the TXT heap,
an external initramfs, etc.
Signed-off-by: Ross Philipson
From: "Daniel P. Smith"
Introduce background, overview and configuration/ABI information
for the Secure Launch kernel feature.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
Reviewed-by: Bagas Sanjaya
---
Documentation/security/index.rst | 1 +
..
From: "Daniel P. Smith"
Introduce background, overview and configuration/ABI information
for the Secure Launch kernel feature.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
Reviewed-by: Bagas Sanjaya
---
Documentation/security/index.rst | 1 +
..
Curently the locality is hard coded to 0 but for DRTM support, access
is needed to localities 1 through 4.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-chip.c | 24 +++-
include/linux/tpm.h | 4
2 files changed, 27 insertions(+), 1 deletion(-)
diff
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson
---
arch/x86/Kconfig | 11 +++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 007bab9f2a0e
s/TechDocs/24593.pdf
The TrenchBoot project provides a quick start guide to help get a system
up and running with Secure Launch for Linux:
https://github.com/TrenchBoot/documentation/blob/master/QUICKSTART.md
Patch set based on commit:
torvalds/master/77f587896757708780a7e8792efe62939f25a5ab
Thanks
Ro
This support allows the DRTM launch to be initiated after an EFI stub
launch of the Linux kernel is done. This is accomplished by providing
a handler to jump to when a Secure Launch is in progress. This has to be
called after the EFI stub does Exit Boot Services.
Signed-off-by: Ross Philipson
e platform module also registers the securityfs nodes to allow
access to TXT register fields on Intel along with the fetching of
and writing events to the late launch TPM log.
Signed-off-by: Daniel P. Smith
Signed-off-by: garnetgrimm
Signed-off-by: Ross Philipson
---
arch/x86/kernel/Makefi
Expose a sysfs interface to allow user mode to set and query the default
locality set for the TPM chip.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-sysfs.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char
ned-off-by: Ross Philipson
---
drivers/char/tpm/tpm_tis_core.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 22ebf679ea69..20a8b341be0d 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/driver
From: "Daniel P. Smith"
When tis_tis_core initializes, it assumes all localities are closed. There
are cases when this may not be the case. This commit addresses this by
ensuring all localities are closed before initializing begins.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross
ned-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
Reported-by: Kanth Ghatraju
---
drivers/char/tpm/tpm_tis_core.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index fdef214b9f6b..a6967f312837 10
callback (into
ACPI code) or when an emergency reset is done. In these cases,
just the TXT registers are finalized but SEXIT is skipped.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/reboot.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/arch/x86/kernel/reboot.c b/arch/x86
do then jumps to the standard RM piggy protected mode entry point.
Signed-off-by: Ross Philipson
---
arch/x86/include/asm/realmode.h | 3 ++
arch/x86/kernel/smpboot.c| 43 ++--
arch/x86/realmode/init.c | 3 ++
arch/x86/realmode/rm/header.S
annot be used.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/setup.c| 3 +
arch/x86/kernel/slaunch.c | 524 +
drivers/iommu/intel/dmar.c | 4 +
4 files changed, 532 insertions(+)
create mode 100644 arch/x86/k
start of the setup kernel. The support in the linker
file achieves this.
Signed-off-by: Ross Philipson
Suggested-by: Ard Biesheuvel
Reviewed-by: Ard Biesheuvel
---
arch/x86/boot/compressed/kernel_info.S | 50 +++---
arch/x86/boot/compressed/vmlinux.lds.S | 7
2
Prior to running the next kernel via kexec, the Secure Launch code
closes down private SMX resources and does an SEXIT. This allows the
next kernel to start normally without any issues starting the APs etc.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/slaunch.c | 72
Introduce the main Secure Launch header file used in the early SL stub
and the early setup code.
Signed-off-by: Ross Philipson
---
include/linux/slaunch.h | 548
1 file changed, 548 insertions(+)
create mode 100644 include/linux/slaunch.h
diff --git a
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.
Signed-off-by: Ross Philipson
---
include/linux/slr_table.h | 276 ++
1 file changed, 276 insertions(+)
create mode 100644 include/linux
niel P. Smith
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 2 +
arch/x86/boot/compressed/sha1.c | 6 +++
include/crypto/sha1.h | 1 +
lib/crypto/sha1.c | 81 +++
4 files changed, 90 insertions(+)
create
These values are needed by Secure Launch to locate particular CPUs
during AP startup and to restore the MTRR state after a TXT launch.
Signed-off-by: Ross Philipson
---
arch/x86/include/asm/msr-index.h | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/x86/include/asm/msr-index.h b
nel is not uncompressed at this point.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/boot/compressed/sha256.c | 6 ++
2 files changed, 7 insertions(+), 1 deletion(-)
create mode 100644 arch/x86/boot/compressed/sha256.c
N9M2RV99hQ!KhkZK77BXRIR4F24tKkUeIlIrdqXtUW2vcnDV74c_5BmrQBQaQ4FqcDKKv9LB3HQUocTGkrmIxuz-LAC$
]
url:
https://urldefense.com/v3/__https://github.com/intel-lab-lkp/linux/commits/Ross-Philipson/Documentation-x86-Secure-Launch-kernel-documentation/20240827-065225__;!!ACWV5
d in
https://urldefense.com/v3/__https://git-scm.com/docs/git-format-patch*_base_tree_information__;Iw!!ACWV5N9M2RV99hQ!KhkZK77BXRIR4F24tKkUeIlIrdqXtUW2vcnDV74c_5BmrQBQaQ4FqcDKKv9LB3HQUocTGkrmIxuz-LAC$
]
url:
https://urldefense.com/v3/__https://github.com/intel-lab-lkp/linux/commits/Ross-Philipson/Doc
On 8/27/24 11:14 AM, 'Eric Biggers' via trenchboot-devel wrote:
On Thu, May 30, 2024 at 07:16:56PM -0700, Eric Biggers wrote:
On Thu, May 30, 2024 at 06:03:18PM -0700, Ross Philipson wrote:
From: "Daniel P. Smith"
For better or worse, Secure Launch needs SHA-1 and SH
On 8/27/24 3:28 AM, Ard Biesheuvel wrote:
On Tue, 27 Aug 2024 at 00:44, Ross Philipson wrote:
This support allows the DRTM launch to be initiated after an EFI stub
launch of the Linux kernel is done. This is accomplished by providing
a handler to jump to when a Secure Launch is in progress
Introduce the main Secure Launch header file used in the early SL stub
and the early setup code.
Signed-off-by: Ross Philipson
---
include/linux/slaunch.h | 548
1 file changed, 548 insertions(+)
create mode 100644 include/linux/slaunch.h
diff --git a
s/TechDocs/24593.pdf
The TrenchBoot project provides a quick start guide to help get a system
up and running with Secure Launch for Linux:
https://github.com/TrenchBoot/documentation/blob/master/QUICKSTART.md
Patch set based on commit:
torvalds/master/b311c1b497e51a628aa89e7cb954481e5f9dced2
Thanks
Ro
e platform module also registers the securityfs nodes to allow
access to TXT register fields on Intel along with the fetching of
and writing events to the late launch TPM log.
Signed-off-by: Daniel P. Smith
Signed-off-by: garnetgrimm
Signed-off-by: Ross Philipson
---
arch/x86/kernel/Makefi
Curently the locality is hard coded to 0 but for DRTM support, access
is needed to localities 1 through 4.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-chip.c | 24 +++-
include/linux/tpm.h | 4
2 files changed, 27 insertions(+), 1 deletion(-)
diff
This support allows the DRTM launch to be initiated after an EFI stub
launch of the Linux kernel is done. This is accomplished by providing
a handler to jump to when a Secure Launch is in progress. This has to be
called after the EFI stub does Exit Boot Services.
Signed-off-by: Ross Philipson
Expose a sysfs interface to allow user mode to set and query the default
locality set for the TPM chip.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-sysfs.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char
ned-off-by: Ross Philipson
---
drivers/char/tpm/tpm_tis_core.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 22ebf679ea69..20a8b341be0d 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/driver
From: "Daniel P. Smith"
When tis_tis_core initializes, it assumes all localities are closed. There
are cases when this may not be the case. This commit addresses this by
ensuring all localities are closed before initializing begins.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross
ned-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
Reported-by: Kanth Ghatraju
---
drivers/char/tpm/tpm_tis_core.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index fdef214b9f6b..a6967f312837 10
callback (into
ACPI code) or when an emergency reset is done. In these cases,
just the TXT registers are finalized but SEXIT is skipped.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/reboot.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/arch/x86/kernel/reboot.c b/arch/x86
Prior to running the next kernel via kexec, the Secure Launch code
closes down private SMX resources and does an SEXIT. This allows the
next kernel to start normally without any issues starting the APs etc.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/slaunch.c | 72
do then jumps to the standard RM piggy protected mode entry point.
Signed-off-by: Ross Philipson
---
arch/x86/include/asm/realmode.h | 3 ++
arch/x86/kernel/smpboot.c| 43 ++--
arch/x86/realmode/init.c | 3 ++
arch/x86/realmode/rm/header.S
annot be used.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/setup.c| 3 +
arch/x86/kernel/slaunch.c | 524 +
drivers/iommu/intel/dmar.c | 4 +
4 files changed, 532 insertions(+)
create mode 100644 arch/x86/k
start of the setup kernel. The support in the linker
file achieves this.
Signed-off-by: Ross Philipson
Suggested-by: Ard Biesheuvel
---
arch/x86/boot/compressed/kernel_info.S | 50 +++---
arch/x86/boot/compressed/vmlinux.lds.S | 7
2 files changed, 53 insertions(
nel is not uncompressed at this point.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/boot/compressed/sha256.c | 6 ++
2 files changed, 7 insertions(+), 1 deletion(-)
create mode 100644 arch/x86/boot/compressed/sha256.c
These values are needed by Secure Launch to locate particular CPUs
during AP startup and to restore the MTRR state after a TXT launch.
Signed-off-by: Ross Philipson
---
arch/x86/include/asm/msr-index.h | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/x86/include/asm/msr-index.h b
niel P. Smith
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 2 +
arch/x86/boot/compressed/sha1.c | 6 +++
include/crypto/sha1.h | 1 +
lib/crypto/sha1.c | 82 +++
4 files changed, 91 insertions(+)
create
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson
---
arch/x86/Kconfig | 11 +++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 007bab9f2a0e
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.
Signed-off-by: Ross Philipson
---
include/linux/slr_table.h | 276 ++
1 file changed, 276 insertions(+)
create mode 100644 include/linux
On 6/4/24 3:59 PM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
The routine slaunch_setup is called out of the x86 specific setup_arch()
routine during early kernel boot. After determining what platform is
present, various operations specific to that
On 6/19/24 5:18 PM, Jarkko Sakkinen wrote:
On Thu Jun 6, 2024 at 7:49 PM EEST, wrote:
For any architectures dig a similar fact:
1. Is not dead.
2. Will be there also in future.
Make any architecture existentially relevant for and not too much
coloring in the text that is easy to check.
It is
On 6/5/24 11:02 PM, Jarkko Sakkinen wrote:
On Wed Jun 5, 2024 at 10:03 PM EEST, wrote:
So I did not mean to imply that DRTM support on various
platforms/architectures has a short expiration date. In fact we are
actively working on DRTM support through the TrenchBoot project on
several platforms
On 6/4/24 12:56 PM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
The Secure Launch (SL) stub provides the entry point for Intel TXT (and
later AMD SKINIT) to vector to during the late launch. The symbol
sl_stub_entry is that entry point and its offset into
handling the APs on Intel
platforms. The routine sl_main which runs after entering 64b mode is
responsible for measuring configuration and module information before
it is used like the boot params, the kernel command line, the TXT heap,
an external initramfs, etc.
Signed-off-by: Ross Philipson
On 5/31/24 4:00 AM, Ard Biesheuvel wrote:
Hello Ross,
Hi Ard,
On Fri, 31 May 2024 at 03:32, Ross Philipson wrote:
The Secure Launch (SL) stub provides the entry point for Intel TXT (and
later AMD SKINIT) to vector to during the late launch. The symbol
sl_stub_entry is that entry point
Introduce background, overview and configuration/ABI information
for the Secure Launch kernel feature.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
Reviewed-by: Bagas Sanjaya
---
Documentation/security/index.rst | 1 +
.../security/launch-integrity/index.rst
Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.
Signed-off-by: Ross Philipson
If a uarch specific, I'd appreciate Intel SDM reference here so that I
can
On 6/4/24 5:22 PM, Jarkko Sakkinen wrote:
On Wed Jun 5, 2024 at 2:00 AM EEST, wrote:
On 6/4/24 3:36 PM, Jarkko Sakkinen wrote:
On Tue Jun 4, 2024 at 11:31 PM EEST, wrote:
On 6/4/24 11:21 AM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
Introduce the
On 6/4/24 3:50 PM, Jarkko Sakkinen wrote:
On Wed Jun 5, 2024 at 1:14 AM EEST, wrote:
On 6/4/24 1:27 PM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
Curently the locality is hard coded to 0 but for DRTM support, access
is needed to localities 1 through 4
On 6/4/24 3:36 PM, Jarkko Sakkinen wrote:
On Tue Jun 4, 2024 at 11:31 PM EEST, wrote:
On 6/4/24 11:21 AM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post
On 6/4/24 1:27 PM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
Curently the locality is hard coded to 0 but for DRTM support, access
is needed to localities 1 through 4.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-chip.c | 24
On 6/4/24 1:05 PM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
On Intel, the APs are left in a well documented state after TXT performs
the late launch. Specifically they cannot have #INIT asserted on them so
a standard startup via INIT/SIPI/SIPI cannot be
On 6/4/24 12:59 PM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
The routine slaunch_setup is called out of the x86 specific setup_arch()
routine during early kernel boot. After determining what platform is
present, various operations specific to that
On 6/4/24 12:58 PM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
The routine slaunch_setup is called out of the x86 specific setup_arch()
routine during early kernel boot. After determining what platform is
present, various operations specific to that
03:32, Ross Philipson wrote:
The Secure Launch (SL) stub provides the entry point for Intel TXT (and
later AMD SKINIT) to vector to during the late launch. The symbol
sl_stub_entry is that entry point and its offset into the kernel is
conveyed to the launching code using the MLE (Measured Launch
On 6/4/24 11:52 AM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
From: "Daniel P. Smith"
For better or worse, Secure Launch needs SHA-1 and SHA-256. The
choice of hashes used lie with the platform firmware, not with
software, and is often outs
On 6/4/24 11:24 AM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
Introduce the main Secure Launch header file used in the early SL stub
and the early setup code.
Signed-off-by: Ross Philipson
Right and anything AMD specific should also have legit
On 6/4/24 11:21 AM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.
Signed-off-by: Ross Philipson
If a uarch specific, I'd appreciate Inte
On 6/4/24 11:18 AM, Jarkko Sakkinen wrote:
On Fri May 31, 2024 at 4:03 AM EEST, Ross Philipson wrote:
From: Arvind Sankar
There are use cases for storing the offset of a symbol in kernel_info.
For example, the trenchboot series [0] needs to store the offset of the
Measured Launch Environment
On 6/4/24 10:27 AM, Ard Biesheuvel wrote:
On Tue, 4 Jun 2024 at 19:24, wrote:
On 5/31/24 6:33 AM, Ard Biesheuvel wrote:
On Fri, 31 May 2024 at 13:00, Ard Biesheuvel wrote:
Hello Ross,
On Fri, 31 May 2024 at 03:32, Ross Philipson wrote:
The Secure Launch (SL) stub provides the entry
On 5/31/24 7:04 AM, Ard Biesheuvel wrote:
On Fri, 31 May 2024 at 15:33, Ard Biesheuvel wrote:
On Fri, 31 May 2024 at 13:00, Ard Biesheuvel wrote:
Hello Ross,
On Fri, 31 May 2024 at 03:32, Ross Philipson wrote:
The Secure Launch (SL) stub provides the entry point for Intel TXT (and
On 5/31/24 6:33 AM, Ard Biesheuvel wrote:
On Fri, 31 May 2024 at 13:00, Ard Biesheuvel wrote:
Hello Ross,
On Fri, 31 May 2024 at 03:32, Ross Philipson wrote:
The Secure Launch (SL) stub provides the entry point for Intel TXT (and
later AMD SKINIT) to vector to during the late launch. The
On 5/31/24 4:09 AM, Ard Biesheuvel wrote:
On Fri, 31 May 2024 at 03:32, Ross Philipson wrote:
This support allows the DRTM launch to be initiated after an EFI stub
launch of the Linux kernel is done. This is accomplished by providing
a handler to jump to when a Secure Launch is in progress
On 5/30/24 7:16 PM, Eric Biggers wrote:
On Thu, May 30, 2024 at 06:03:18PM -0700, Ross Philipson wrote:
From: "Daniel P. Smith"
For better or worse, Secure Launch needs SHA-1 and SHA-256. The
choice of hashes used lie with the platform firmware, not with
software, and is often outs
Curently the locality is hard coded to 0 but for DRTM support, access
is needed to localities 1 through 4.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-chip.c | 24 +++-
drivers/char/tpm/tpm-interface.c | 15 +++
drivers/char/tpm/tpm.h
e platform module also registers the securityfs nodes to allow
access to TXT register fields on Intel along with the fetching of
and writing events to the late launch TPM log.
Signed-off-by: Daniel P. Smith
Signed-off-by: garnetgrimm
Signed-off-by: Ross Philipson
---
arch/x86/kernel/Makefi
ned-off-by: Ross Philipson
---
drivers/char/tpm/tpm_tis_core.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 9fb53bb3e73f..685bdeadec51 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/driver
protections are in place.
For TXT, this code also reserves the original compressed kernel setup
area where the APs were left looping so that this memory cannot be used.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/setup.c| 3 +
arch/x86/kernel/slaunch.c
From: "Daniel P. Smith"
When tis core initializes, it assumes all localities are closed. There
are cases when this may not be the case. This commit addresses this by
ensuring all localities are closed before initializing begins.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross
Prior to running the next kernel via kexec, the Secure Launch code
closes down private SMX resources and does an SEXIT. This allows the
next kernel to start normally without any issues starting the APs etc.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/slaunch.c | 73
ned-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
Reported-by: Kanth Ghatraju
Fixes: 933bfc5ad213 ("tpm, tpm: Implement usage counter for locality")
---
drivers/char/tpm/tpm_tis_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_
callback (into
ACPI code) or when an emergency reset is done. In these cases,
just the TXT registers are finalized but SEXIT is skipped.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/reboot.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/arch/x86/kernel/reboot.c b/arch/x86
Introduce the main Secure Launch header file used in the early SL stub
and the early setup code.
Signed-off-by: Ross Philipson
---
include/linux/slaunch.h | 542
1 file changed, 542 insertions(+)
create mode 100644 include/linux/slaunch.h
diff --git a
do then jumps to the standard RM piggy protected mode entry point.
Signed-off-by: Ross Philipson
---
arch/x86/include/asm/realmode.h | 3 ++
arch/x86/kernel/smpboot.c| 58 +++-
arch/x86/realmode/init.c | 3 ++
arch/x86/realmode/rm/header.S
Expose a sysfs interface to allow user mode to set and query the preferred
locality for the TPM chip.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-sysfs.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char
nel is not uncompressed at this point.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/boot/compressed/early_sha256.c | 6 ++
2 files changed, 7 insertions(+), 1 deletion(-)
create mode 100644 arch/x86/boot/
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.
Signed-off-by: Ross Philipson
---
include/linux/slr_table.h | 271 ++
1 file changed, 271 insertions(+)
create mode 100644 include/linux
implement base layer for SHA-1")
A modified version of this code was introduced to the lib/crypto/sha1.c
to bring it in line with the SHA-256 code and allow it to be pulled into the
setup kernel in the same manner as SHA-256 is.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
---
p and running with Secure Launch for Linux:
https://github.com/TrenchBoot/documentation/blob/master/QUICKSTART.md
Patch set based on commit:
torvalds/master/ea5f6ad9ad9645733b72ab53a98e719b460d36a6
Thanks
Ross Philipson and Daniel P. Smith
Changes in v2:
- Modified 32b entry code to prevent c
This support allows the DRTM launch to be initiated after an EFI stub
launch of the Linux kernel is done. This is accomplished by providing
a handler to jump to when a Secure Launch is in progress. This has to be
called after the EFI stub does Exit Boot Services.
Signed-off-by: Ross Philipson
ure in the ELF symbol table.
Signed-off-by: Arvind Sankar
Cc: Ross Philipson
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/kernel_info.S | 19 +++
arch/x86/boot/compressed/kernel_info.h | 12
arch/x86/boot/compressed/vmlinux.lds.S | 6 ++
3 files c
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson
---
arch/x86/Kconfig | 11 +++
1 file changed, 11 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index bc47bc9841ff
On 4/3/24 4:56 PM, Eric Biggers wrote:
On Wed, Apr 03, 2024 at 09:32:02AM -0700, Andy Lutomirski wrote:
On Fri, Feb 23, 2024, at 10:30 AM, Eric Biggers wrote:
On Fri, Feb 23, 2024 at 06:20:27PM +, Andrew Cooper wrote:
On 23/02/2024 5:54 pm, Eric Biggers wrote:
On Fri, Feb 23, 2024 at 04:4
On 3/29/24 3:38 PM, 'Kim Phillips' via trenchboot-devel wrote:
Hi Ross,
On 2/14/24 4:18 PM, Ross Philipson wrote:
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.
Signed-off-by: Ross Philipson
---
include/linux/s
On 2/15/24 12:08 AM, Ard Biesheuvel wrote:
On Wed, 14 Feb 2024 at 23:31, Ross Philipson wrote:
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.
Signed-off-by: Ross Philipson
---
include/linux/slr_table.h | 270
On 2/21/24 6:03 PM, 'Andrew Cooper' via trenchboot-devel wrote:
On 15/02/2024 8:08 am, Ard Biesheuvel wrote:
On Wed, 14 Feb 2024 at 23:31, Ross Philipson wrote:
+/*
+ * Primary SLR Table Header
I know it's just a comment, but SLR ought to be written in longhand here.
Will d
On 2/15/24 1:01 AM, Ard Biesheuvel wrote:
On Wed, 14 Feb 2024 at 23:32, Ross Philipson wrote:
This support allows the DRTM launch to be initiated after an EFI stub
launch of the Linux kernel is done. This is accomplished by providing
a handler to jump to when a Secure Launch is in progress
On 2/15/24 12:29 AM, Ard Biesheuvel wrote:
On Wed, 14 Feb 2024 at 23:32, Ross Philipson wrote:
The Secure Launch (SL) stub provides the entry point for Intel TXT (and
later AMD SKINIT) to vector to during the late launch. The symbol
sl_stub_entry is that entry point and its offset into the
On 2/14/24 11:59 PM, Ard Biesheuvel wrote:
On Wed, 14 Feb 2024 at 23:31, Ross Philipson wrote:
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson
---
arch/x86/Kconfig | 12
1
Expose a sysfs interface to allow user mode to set and query the preferred
locality for the TPM chip.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-sysfs.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char
Curently the locality is hard coded to 0 but for DRTM support, access
is needed to localities 1 through 4.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-chip.c | 24 +++-
drivers/char/tpm/tpm-interface.c | 15 +++
drivers/char/tpm/tpm.h
do then jumps to the standard RM piggy protected mode entry point.
Signed-off-by: Ross Philipson
---
arch/x86/include/asm/realmode.h | 3 ++
arch/x86/kernel/smpboot.c| 58 +++-
arch/x86/realmode/init.c | 3 ++
arch/x86/realmode/rm/header.S
callback (into
ACPI code) or when an emergency reset is done. In these cases,
just the TXT registers are finalized but SEXIT is skipped.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/reboot.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/arch/x86/kernel/reboot.c b/arch/x86
1 - 100 of 179 matches
Mail list logo
