Re: [PATCH v6 02/14] Documentation/x86: Secure Launch kernel documentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/5/23 12:19, Simon Horman wrote:
On Thu, May 04, 2023 at 02:50:11PM +0000, Ross Philipson wrote:
Introduce background, overview and configuration/ABI information
for the Secure Launch kernel feature.

Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx>

Hi Ross and Daniel,

some minor nits from my side.

All good points. We will fix those.

Thanks
Ross


---
  Documentation/security/index.rst                   |   1 +
  Documentation/security/launch-integrity/index.rst  |  10 +
  .../security/launch-integrity/principles.rst       | 313 ++++++++++++
  .../launch-integrity/secure_launch_details.rst     | 564 +++++++++++++++++++++
  .../launch-integrity/secure_launch_overview.rst    | 220 ++++++++
  5 files changed, 1108 insertions(+)
  create mode 100644 Documentation/security/launch-integrity/index.rst
  create mode 100644 Documentation/security/launch-integrity/principles.rst
  create mode 100644 Documentation/security/launch-integrity/secure_launch_details.rst
  create mode 100644 Documentation/security/launch-integrity/secure_launch_overview.rst

diff --git a/Documentation/security/index.rst b/Documentation/security/index.rst
index 6ed8d2f..fade37e 100644
--- a/Documentation/security/index.rst
+++ b/Documentation/security/index.rst
@@ -18,3 +18,4 @@ Security Documentation
     digsig
     landlock
     secrets/index
+   launch-integrity/index
diff --git a/Documentation/security/launch-integrity/index.rst b/Documentation/security/launch-integrity/index.rst
new file mode 100644
index 0000000..28eed91d
--- /dev/null
+++ b/Documentation/security/launch-integrity/index.rst
@@ -0,0 +1,10 @@

I believe an SPDX tag should go at the top of each .rst file.

+=====================================
+System Launch Integrity documentation
+=====================================
+
+.. toctree::
+
+   principles
+   secure_launch_overview
+   secure_launch_details
+
diff --git a/Documentation/security/launch-integrity/principles.rst b/Documentation/security/launch-integrity/principles.rst
new file mode 100644
index 0000000..73cf063
--- /dev/null
+++ b/Documentation/security/launch-integrity/principles.rst
@@ -0,0 +1,313 @@
+=======================
+System Launch Integrity
+=======================
+
+This document serves to establish a common understanding of what is system
+launch, the integrity concern for system launch, and why using a Root of Trust
+(RoT) from a Dynamic Launch may be desired. Through out this document
+terminology from the Trusted Computing Group (TCG) and National Institue for

s/Institue/Institute/

...

+Trust Chains
+============
+
+Bulding upon the understanding of security mechanisms to establish load-time

s/Bulding/Building/

...

diff --git a/Documentation/security/launch-integrity/secure_launch_details.rst b/Documentation/security/launch-integrity/secure_launch_details.rst

...

+Secure Launch Resource Table
+============================
+
+The Secure Launch Resource Table (SLRT) is a platform-agnostic, standard format
+for providing information for the pre-launch environment and to pass
+information to the post-launch environment. The table is populated by one or
+more bootloaders in the boot chain and used by Secure Launch on how to setup
+the environment during post-launch. The details for the SLRT are documented
+in the TrenchBoot Secure Launch Specifcation [3]_.

s/Specifcation/Specification/

...




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux