From: Jarkko Sakkinen <jarkko@kernel.org>
To: Ross Philipson <ross.philipson@oracle.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux.dev,
dpsmith@apertussolutions.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
dave.hansen@linux.intel.com, ardb@kernel.org,
mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com,
peterhuewe@gmx.de, jgg@ziepe.ca, luto@amacapital.net,
nivedita@alum.mit.edu, herbert@gondor.apana.org.au,
davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com,
dwmw2@infradead.org, baolu.lu@linux.intel.com,
kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com,
trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v15 00/28] x86: Secure Launch support for Intel TXT
Date: Tue, 16 Dec 2025 05:46:05 +0200 [thread overview]
Message-ID: <aUDV_e19I0I3GIzN@kernel.org> (raw)
In-Reply-To: <20251215233316.1076248-1-ross.philipson@oracle.com>
On Mon, Dec 15, 2025 at 03:32:48PM -0800, Ross Philipson wrote:
> Secure Launch is a vendor-neutral approach to implementing TGC Dynamic
> Root of Trust (DRTM) support in the kernel. This is complementary to
> better known Static Root of Trust (SRTM) schemes such as UEFI SecureBoot.
>
> This series provides the common infrastructure along with Intel TXT
> support, without needing the tboot exokernel. Support for AMD SKINIT is
> pending the common infrastructure getting nailed down, and ARM are
> looking to build on it too.
>
> Originally, tboot were approached to see if they'd take support for
> other vendors, but they elected not to. Hence this approach instead.
>
> Work is being coordinated by the Trenchboot project, https://trenchboot.org/,
> organising Secure Launch support for upstream open source projects including
> Grub, iPXE and Xen. The goal of the Trenchboot project is to make DTRM easy
> to use. e.g. for Grub, it's simply adding "slaunch" as a command in the boot
> stanza. See https://trenchboot.org/user-docs/QUICKSTART/#linux-quick-start-guide
> for more details
>
> Patch set based on commit:
> torvalds/master/fd57572253bc356330dbe5b233c2e1d8426c66fd
>
> Depends on v3 of the following TPM patch set (note this patch
> set is being actively worked on separately):
> [PATCH v3 00/10] tpm: Decouple Trenchboot dependencies
> Message ID: 20250929194832.2913286-1-jarkko@kernel.org
>
> Finally we would like to thank everyone for their input and
> assistance. It has all been very helpful in improving the quality of
> our solution and in reviewing/strengthening our security posture.
>
> Thanks
> Ross Philipson and Daniel P. Smith
>
> Changes in v15:
>
> - Rewriting and reformatting of the cover letter, commit message and
> code comments per requests from maintainers.
> - Introduction of a early TPM driver in the x86 setup kernel to allow
> TPM extend command very early in the boot.
> - Remove previous TPM extending architecture that attempted to update
> the TPM PCRs later in the boot process.
> - Split slaunch.h into 2 files, with a new txt.h. The former contains
> platform agnostic definitions for the SL feature. The new txt.h file
> contains Intel TXT definitions from the public specs.
> - Split TPM headers up following the specifications where the
> technologies are defined.
> - Include set of split up TPM header files to allow TPM driver reuse
> in other environments (e.g. early kernel, x86).
> - Fix code formatting and type-os.
>
>
> Alec Brown (1):
> tpm: Remove main TPM header from TPM event log header
>
> Daniel P. Smith (6):
> tpm/tpm_tis: Close all localities
> tpm/tpm_tis: Address positive localities in tpm_tis_request_locality()
> Documentation/x86: Secure Launch kernel documentation
> x86: Add early SHA-1 support for Secure Launch early measurements
> x86: Add early SHA-256 support for Secure Launch early measurements
> x86: Secure Launch late initcall platform module
>
> Ross Philipson (21):
> tpm: Initial step to reorganize TPM public headers
> tpm: Move TPM1 specific definitions and functions to new headers
> tpm: Move TPM2 specific definitions and functions to new headers
> tpm: Move TPM common base definitions to new public common header
> tpm: Move platform specific definitions to the new PTP header
> tpm: Add TPM buffer support header for standalone reuse
> tpm/tpm_tis: Allow locality to be set to a different value
> tpm/sysfs: Show locality used by kernel
> x86: Secure Launch Kconfig
> x86: Secure Launch Resource Table header file
> x86: Secure Launch main header file
> x86/txt: Intel Trusted eXecution Technology (TXT) definitions
> x86/tpm: Early TPM PCR extending driver
> x86/msr: Add variable MTRR base/mask and x2apic ID registers
> x86/boot: Place TXT MLE header in the kernel_info section
> x86: Secure Launch kernel early boot stub
> x86: Secure Launch kernel late boot stub
> x86: Secure Launch SMP bringup support
> kexec: Secure Launch kexec SEXIT support
> x86/reboot: Secure Launch SEXIT support on reboot paths
> x86/efi: EFI stub DRTM launch support for Secure Launch
>
> Documentation/arch/x86/boot.rst | 21 +
> Documentation/security/index.rst | 1 +
> .../security/launch-integrity/index.rst | 11 +
> .../security/launch-integrity/principles.rst | 308 +++++++
> .../secure_launch_details.rst | 587 +++++++++++++
> .../secure_launch_overview.rst | 240 ++++++
> arch/x86/Kconfig | 14 +
> arch/x86/boot/compressed/Makefile | 8 +
> arch/x86/boot/compressed/early_tpm_extend.c | 601 ++++++++++++++
> arch/x86/boot/compressed/head_64.S | 29 +
> arch/x86/boot/compressed/kernel_info.S | 50 +-
> arch/x86/boot/compressed/sha1.c | 7 +
> arch/x86/boot/compressed/sha256.c | 6 +
> arch/x86/boot/compressed/sl_main.c | 638 +++++++++++++++
> arch/x86/boot/compressed/sl_stub.S | 770 ++++++++++++++++++
> arch/x86/boot/compressed/tpm.h | 42 +
> arch/x86/boot/compressed/vmlinux.lds.S | 7 +
> arch/x86/include/asm/msr-index.h | 5 +
> arch/x86/include/asm/realmode.h | 3 +
> arch/x86/include/asm/txt.h | 330 ++++++++
> arch/x86/include/uapi/asm/bootparam.h | 1 +
> arch/x86/kernel/Makefile | 2 +
> arch/x86/kernel/asm-offsets.c | 20 +
> arch/x86/kernel/reboot.c | 14 +
> arch/x86/kernel/setup.c | 3 +
> arch/x86/kernel/slaunch.c | 615 ++++++++++++++
> arch/x86/kernel/slmodule.c | 348 ++++++++
> arch/x86/kernel/smpboot.c | 47 +-
> arch/x86/realmode/init.c | 8 +
> arch/x86/realmode/rm/header.S | 3 +
> arch/x86/realmode/rm/trampoline_64.S | 32 +
> drivers/char/tpm/tpm-buf.c | 10 +-
> drivers/char/tpm/tpm-chip.c | 34 +-
> drivers/char/tpm/tpm-sysfs.c | 10 +
> drivers/char/tpm/tpm.h | 180 +---
> drivers/char/tpm/tpm1-cmd.c | 18 +-
> drivers/char/tpm/tpm1_structs.h | 97 +++
> drivers/char/tpm/tpm2-cmd.c | 32 +-
> drivers/char/tpm/tpm2-space.c | 13 -
> drivers/char/tpm/tpm2_structs.h | 58 ++
> drivers/char/tpm/tpm_tis_core.c | 21 +-
> drivers/char/tpm/tpm_tis_core.h | 64 +-
> drivers/firmware/efi/libstub/efistub.h | 8 +
> drivers/firmware/efi/libstub/x86-stub.c | 100 +++
> drivers/iommu/intel/dmar.c | 4 +
> include/keys/trusted_tpm.h | 1 -
> include/linux/slaunch.h | 251 ++++++
> include/linux/slr_table.h | 308 +++++++
> include/linux/tpm.h | 240 +-----
> include/linux/tpm1.h | 87 ++
> include/linux/tpm2.h | 247 ++++++
> include/linux/tpm_buf.h | 57 ++
> include/linux/tpm_command.h | 30 -
> include/linux/tpm_common.h | 99 +++
> include/linux/tpm_eventlog.h | 4 +-
> include/linux/tpm_ptp.h | 139 ++++
> kernel/kexec_core.c | 8 +
> security/keys/trusted-keys/trusted_tpm1.c | 1 -
> security/keys/trusted-keys/trusted_tpm2.c | 1 -
> 59 files changed, 6319 insertions(+), 574 deletions(-)
> create mode 100644 Documentation/security/launch-integrity/index.rst
> create mode 100644 Documentation/security/launch-integrity/principles.rst
> create mode 100644 Documentation/security/launch-integrity/secure_launch_details.rst
> create mode 100644 Documentation/security/launch-integrity/secure_launch_overview.rst
> create mode 100644 arch/x86/boot/compressed/early_tpm_extend.c
> create mode 100644 arch/x86/boot/compressed/sha1.c
> create mode 100644 arch/x86/boot/compressed/sha256.c
> create mode 100644 arch/x86/boot/compressed/sl_main.c
> create mode 100644 arch/x86/boot/compressed/sl_stub.S
> create mode 100644 arch/x86/boot/compressed/tpm.h
> create mode 100644 arch/x86/include/asm/txt.h
> create mode 100644 arch/x86/kernel/slaunch.c
> create mode 100644 arch/x86/kernel/slmodule.c
> create mode 100644 drivers/char/tpm/tpm1_structs.h
> create mode 100644 drivers/char/tpm/tpm2_structs.h
> create mode 100644 include/linux/slaunch.h
> create mode 100644 include/linux/slr_table.h
> create mode 100644 include/linux/tpm1.h
> create mode 100644 include/linux/tpm2.h
> create mode 100644 include/linux/tpm_buf.h
> delete mode 100644 include/linux/tpm_command.h
> create mode 100644 include/linux/tpm_common.h
> create mode 100644 include/linux/tpm_ptp.h
>
> --
> 2.43.7
>
Most likely I'll review this after the holidays (for heads up).
BR, Jarkko
next prev parent reply other threads:[~2025-12-16 3:46 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-15 23:32 [PATCH v15 00/28] x86: Secure Launch support for Intel TXT Ross Philipson
2025-12-15 23:32 ` [PATCH v15 01/28] tpm: Initial step to reorganize TPM public headers Ross Philipson
2025-12-15 23:32 ` [PATCH v15 02/28] tpm: Move TPM1 specific definitions and functions to new headers Ross Philipson
2025-12-15 23:32 ` [PATCH v15 03/28] tpm: Move TPM2 " Ross Philipson
2025-12-15 23:32 ` [PATCH v15 04/28] tpm: Move TPM common base definitions to new public common header Ross Philipson
2025-12-15 23:32 ` [PATCH v15 05/28] tpm: Move platform specific definitions to the new PTP header Ross Philipson
2025-12-15 23:32 ` [PATCH v15 06/28] tpm: Add TPM buffer support header for standalone reuse Ross Philipson
2025-12-15 23:32 ` [PATCH v15 07/28] tpm: Remove main TPM header from TPM event log header Ross Philipson
2025-12-15 23:32 ` [PATCH v15 08/28] tpm/tpm_tis: Close all localities Ross Philipson
2025-12-15 23:32 ` [PATCH v15 09/28] tpm/tpm_tis: Address positive localities in tpm_tis_request_locality() Ross Philipson
2025-12-15 23:32 ` [PATCH v15 10/28] tpm/tpm_tis: Allow locality to be set to a different value Ross Philipson
2025-12-15 23:32 ` [PATCH v15 11/28] tpm/sysfs: Show locality used by kernel Ross Philipson
2025-12-15 23:33 ` [PATCH v15 13/28] x86: Secure Launch Kconfig Ross Philipson
2025-12-16 3:20 ` Randy Dunlap
2025-12-17 18:11 ` ross.philipson
2025-12-15 23:33 ` [PATCH v15 14/28] x86: Secure Launch Resource Table header file Ross Philipson
2025-12-15 23:33 ` [PATCH v15 15/28] x86: Secure Launch main " Ross Philipson
2025-12-15 23:33 ` [PATCH v15 16/28] x86/txt: Intel Trusted eXecution Technology (TXT) definitions Ross Philipson
2025-12-16 22:14 ` Dave Hansen
2025-12-17 18:44 ` ross.philipson
2025-12-15 23:33 ` [PATCH v15 17/28] x86: Add early SHA-1 support for Secure Launch early measurements Ross Philipson
2025-12-16 0:21 ` Eric Biggers
2025-12-17 18:10 ` ross.philipson
2025-12-15 23:33 ` [PATCH v15 18/28] x86: Add early SHA-256 " Ross Philipson
2025-12-15 23:33 ` [PATCH v15 19/28] x86/tpm: Early TPM PCR extending driver Ross Philipson
2025-12-16 21:53 ` Dave Hansen
2025-12-17 18:40 ` ross.philipson
2025-12-17 19:06 ` Dave Hansen
2025-12-15 23:33 ` [PATCH v15 20/28] x86/msr: Add variable MTRR base/mask and x2apic ID registers Ross Philipson
2025-12-15 23:33 ` [PATCH v15 21/28] x86/boot: Place TXT MLE header in the kernel_info section Ross Philipson
2025-12-15 23:33 ` [PATCH v15 23/28] x86: Secure Launch kernel late boot stub Ross Philipson
2025-12-15 23:33 ` [PATCH v15 24/28] x86: Secure Launch SMP bringup support Ross Philipson
2025-12-15 23:33 ` [PATCH v15 25/28] kexec: Secure Launch kexec SEXIT support Ross Philipson
2025-12-15 23:33 ` [PATCH v15 26/28] x86/reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2025-12-15 23:33 ` [PATCH v15 27/28] x86: Secure Launch late initcall platform module Ross Philipson
2025-12-15 23:33 ` [PATCH v15 28/28] x86/efi: EFI stub DRTM launch support for Secure Launch Ross Philipson
2025-12-16 3:46 ` Jarkko Sakkinen [this message]
2025-12-17 18:15 ` [PATCH v15 00/28] x86: Secure Launch support for Intel TXT ross.philipson
2025-12-16 22:14 ` Dave Hansen
[not found] ` <20251215233316.1076248-23-ross.philipson@oracle.com>
2025-12-16 22:32 ` [PATCH v15 22/28] x86: Secure Launch kernel early boot stub Dave Hansen
2025-12-17 18:47 ` ross.philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aUDV_e19I0I3GIzN@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).