[PATCH 0/1] [RFC] Secure Launch boot protocol
From: Ross Philipson
Date: Mon Mar 11 2019 - 11:05:20 EST
All,
As is noted in the patch that follows, the open source project called
Trenchboot aims to make Linux directly bootable into a secure late launch
environment via Intel TXT or AMD SKINIT. This new feature is referred to as
Secure Launch as seen in the subject lines. In addition to changes to the
Linux kernel to support this feature, boot loaders will also have additional
functionality to initiate the secure late launch.
The patch that follows introduces a new boot parameter. There are of course
other patches that add further functionality to achieve our aims including the
changes to boot loaders that consume this parameter. This posting is as an early
RFC to elicit feedback on whether this is an acceptable approach for our boot
protocol and an acceptable usage of boot parameters.
The project is in its early stages; it is hosted here:
https://github.com/trenchboot
For an overview of the Secure Launch architecture:
https://github.com/TrenchBoot/documentation/blob/master/documentation/Architecture.md"
Links:
https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf
https://www.amd.com/system/files/TechDocs/24593.pdf
Thank you,
Ross Philipson
Ross Philipson (1):
x86: Secure Launch boot protocol
Documentation/x86/boot.txt | 15 +++++++++++++++
arch/x86/Kconfig | 7 +++++++
arch/x86/boot/Makefile | 2 +-
arch/x86/boot/header.S | 3 ++-
arch/x86/boot/tools/build.c | 16 ++++++++++++++++
arch/x86/include/uapi/asm/bootparam.h | 1 +
6 files changed, 42 insertions(+), 2 deletions(-)
--
2.13.6