On Fri, Sep 13 2024 at 13:04, Ross Philipson wrote: > The larger focus of the TrenchBoot project (https://github.com/TrenchBoot) is to > enhance the boot security and integrity in a unified manner. The first area of > focus has been on the Trusted Computing Group's Dynamic Launch for establishing > a hardware Root of Trust for Measurement, also know as DRTM (Dynamic Root of > Trust for Measurement). The project has been and continues to work on providing > a unified means to Dynamic Launch that is a cross-platform (Intel and AMD) and > cross-architecture (x86 and Arm), with our recent involvment in the upcoming > Arm DRTM specification. The order of introducing DRTM to the Linux kernel > follows the maturity of DRTM in the architectures. Intel's Trusted eXecution > Technology (TXT) is present today and only requires a preamble loader, e.g. a > boot loader, and an OS kernel that is TXT-aware. AMD DRTM implementation has > been present since the introduction of AMD-V but requires an additional > component that is AMD specific and referred to in the specification as the > Secure Loader, which the TrenchBoot project has an active prototype in > development. Finally Arm's implementation is in specification development stage > and the project is looking to support it when it becomes available. > > This patchset provides detailed documentation of DRTM, the approach used for > adding the capbility, and relevant API/ABI documentation. In addition to the > documentation the patch set introduces Intel TXT support as the first platform > for Linux Secure Launch. So this looks pretty reasonable to me by now and I'm inclined to take it through the tip x86 tree, but that needs reviewed/acked-by's from the crypto and TPM folks. EFI has been reviewed already. Can we make progress on this please? Thanks, tglx