On Thu, May 04, 2023 at 02:50:11PM +0000, Ross Philipson wrote: > Introduce background, overview and configuration/ABI information > for the Secure Launch kernel feature. > > Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx> Hi Ross and Daniel, some minor nits from my side. > --- > Documentation/security/index.rst | 1 + > Documentation/security/launch-integrity/index.rst | 10 + > .../security/launch-integrity/principles.rst | 313 ++++++++++++ > .../launch-integrity/secure_launch_details.rst | 564 +++++++++++++++++++++ > .../launch-integrity/secure_launch_overview.rst | 220 ++++++++ > 5 files changed, 1108 insertions(+) > create mode 100644 Documentation/security/launch-integrity/index.rst > create mode 100644 Documentation/security/launch-integrity/principles.rst > create mode 100644 Documentation/security/launch-integrity/secure_launch_details.rst > create mode 100644 Documentation/security/launch-integrity/secure_launch_overview.rst > > diff --git a/Documentation/security/index.rst b/Documentation/security/index.rst > index 6ed8d2f..fade37e 100644 > --- a/Documentation/security/index.rst > +++ b/Documentation/security/index.rst > @@ -18,3 +18,4 @@ Security Documentation > digsig > landlock > secrets/index > + launch-integrity/index > diff --git a/Documentation/security/launch-integrity/index.rst b/Documentation/security/launch-integrity/index.rst > new file mode 100644 > index 0000000..28eed91d > --- /dev/null > +++ b/Documentation/security/launch-integrity/index.rst > @@ -0,0 +1,10 @@ I believe an SPDX tag should go at the top of each .rst file. > +===================================== > +System Launch Integrity documentation > +===================================== > + > +.. toctree:: > + > + principles > + secure_launch_overview > + secure_launch_details > + > diff --git a/Documentation/security/launch-integrity/principles.rst b/Documentation/security/launch-integrity/principles.rst > new file mode 100644 > index 0000000..73cf063 > --- /dev/null > +++ b/Documentation/security/launch-integrity/principles.rst > @@ -0,0 +1,313 @@ > +======================= > +System Launch Integrity > +======================= > + > +This document serves to establish a common understanding of what is system > +launch, the integrity concern for system launch, and why using a Root of Trust > +(RoT) from a Dynamic Launch may be desired. Through out this document > +terminology from the Trusted Computing Group (TCG) and National Institue for s/Institue/Institute/ ... > +Trust Chains > +============ > + > +Bulding upon the understanding of security mechanisms to establish load-time s/Bulding/Building/ ... > diff --git a/Documentation/security/launch-integrity/secure_launch_details.rst b/Documentation/security/launch-integrity/secure_launch_details.rst ... > +Secure Launch Resource Table > +============================ > + > +The Secure Launch Resource Table (SLRT) is a platform-agnostic, standard format > +for providing information for the pre-launch environment and to pass > +information to the post-launch environment. The table is populated by one or > +more bootloaders in the boot chain and used by Secure Launch on how to setup > +the environment during post-launch. The details for the SLRT are documented > +in the TrenchBoot Secure Launch Specifcation [3]_. s/Specifcation/Specification/ ...
