Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Matthew Garrett <mjg59@xxxxxxxxxx>, Daniel Kiper <daniel.kiper@xxxxxxxxxx>
Subject: Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 11 May 2020 15:00:24 -0400
Cc: Ross Philipson <ross.philipson@xxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, the arch/x86 maintainers <x86@xxxxxxxxxx>, linux-doc@xxxxxxxxxxxxxxx, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx, Ard Biesheuvel <ardb@xxxxxxxxxx>, leif@xxxxxxxxxxxx, eric.snowberg@xxxxxxxxxx, piotr.krol@xxxxxxxxx, krystian.hebel@xxxxxxxxx, michal.zygowski@xxxxxxxxx, James Bottomley <james.bottomley@xxxxxxxxxxxxxxxxxxxxx>, andrew.cooper3@xxxxxxxxxx
In-reply-to: <CACdnJutT1F7YJ5KFkyuaZv=nj8GqC+mrnoAsHZfMP1ZRNUQg3Q@mail.gmail.com>
References: <20200325194317.526492-1-ross.philipson@oracle.com> <CACdnJut56WuqO=uLff0qy1Jp=C6f_sRxLpRBsrzb6byBsFYdCg@mail.gmail.com> <20200326134011.c4dswiq2g7eln3qd@tomti.i.net-space.pl> <CACdnJutT1F7YJ5KFkyuaZv=nj8GqC+mrnoAsHZfMP1ZRNUQg3Q@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0

On 3/26/20 4:19 PM, Matthew Garrett wrote:
> How does Windows manage this? Retaining access to EFI runtime services
> is necessary, and the areas in the memory map marked as runtime
> services code or data should be considered part of the TCB and
> measured - they're very much not part of the gap.
> 

Dave Weston was kind enough to speak at PSEC specifically on how they
are leveraging DRTM.

https://www.platformsecuritysummit.com/2019/speaker/weston/

V/r,
DPS

References:
- [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
  - From: Ross Philipson
- Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
  - From: Matthew Garrett
- Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
  - From: Daniel Kiper
- Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
  - From: Matthew Garrett

Prev by Date: Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
Next by Date: Re: [PATCH v5] streamline_config.pl: add LMC_KEEP to preserve some kconfigs
Previous by thread: Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
Next by thread: Re: [RFC PATCH 00/12] x86: Trenchboot secure late launch Linux kernel support
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]