From: Dave Hansen <dave.hansen@intel.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Ross Philipson <ross.philipson@oracle.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux.dev
Cc: dpsmith@apertussolutions.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
dave.hansen@linux.intel.com, ardb@kernel.org,
mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com,
peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca,
luto@amacapital.net, nivedita@alum.mit.edu,
herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net,
ebiederm@xmission.com, dwmw2@infradead.org,
baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com,
trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v14 00/19] x86: Trenchboot secure dynamic launch Linux kernel support
Date: Tue, 22 Apr 2025 12:16:57 -0700 [thread overview]
Message-ID: <f736128a-04d6-4f81-8aba-67b857e99e7d@intel.com> (raw)
In-Reply-To: <c05731ae-bcf1-4747-b64c-0f4b79f3587f@citrix.com>
On 4/22/25 11:17, Andrew Cooper wrote:
> On 21/04/2025 9:52 pm, Dave Hansen wrote:
>> Purely from the amount of interest and review tags and the whole "v14"
>> thing, it doesn't look like this is very important to anyone. Not to be
>> to flippant about it, but if nobody else cares, why should I (or the
>> other x86 maintainers)?
> There are several downstreams already using this as a part of their
> overall system security, one example being
> https://www.qubes-os.org/doc/anti-evil-maid/
OK, but what problems are they solving by using this as opposed to
existing trusted boot?
While I don't doubt that folks _can_ install and use Xen on their
laptop, it's unclear to me how pervasive this is. Is this just folks
tinkering around or is this something that has large deployments where
folks really *CARE* about it?
next prev parent reply other threads:[~2025-04-22 19:17 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-21 16:26 [PATCH v14 00/19] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2025-04-21 16:26 ` [PATCH v14 01/19] Documentation/x86: Secure Launch kernel documentation Ross Philipson
2025-06-18 8:33 ` Mowka, Mateusz
2025-06-18 15:02 ` Dave Hansen
2025-04-21 16:26 ` [PATCH v14 02/19] x86: Secure Launch Kconfig Ross Philipson
2025-04-21 17:41 ` Randy Dunlap
2025-04-22 19:32 ` ross.philipson
2025-06-18 8:32 ` Mowka, Mateusz
2025-04-21 16:26 ` [PATCH v14 03/19] x86: Secure Launch Resource Table header file Ross Philipson
2025-04-21 19:18 ` ALOK TIWARI
2025-04-22 19:33 ` ross.philipson
2025-04-23 18:23 ` ALOK TIWARI
2025-04-23 20:04 ` ross.philipson
2025-04-24 12:36 ` Huang, Kai
2025-04-24 19:19 ` ross.philipson
2025-04-21 16:26 ` [PATCH v14 04/19] x86: Secure Launch main " Ross Philipson
2025-04-24 12:29 ` Huang, Kai
2025-04-24 18:56 ` ross.philipson
2025-06-23 11:44 ` Camacho Romero, Michal
2025-06-23 21:29 ` ross.philipson
2025-06-27 9:15 ` Camacho Romero, Michal
2025-04-21 16:26 ` [PATCH v14 05/19] x86: Add early SHA-1 support for Secure Launch early measurements Ross Philipson
2025-04-21 16:26 ` [PATCH v14 06/19] x86: Add early SHA-256 " Ross Philipson
2025-04-21 16:27 ` [PATCH v14 07/19] x86/msr: Add variable MTRR base/mask and x2apic ID registers Ross Philipson
2025-04-21 16:27 ` [PATCH v14 08/19] x86/boot: Place TXT MLE header in the kernel_info section Ross Philipson
2025-04-23 20:54 ` ALOK TIWARI
2025-04-21 16:27 ` [PATCH v14 09/19] x86: Secure Launch kernel early boot stub Ross Philipson
2025-04-22 1:18 ` Dave Hansen
2025-04-22 19:38 ` ross.philipson
2025-04-23 20:38 ` ALOK TIWARI
2025-04-23 21:07 ` ross.philipson
2025-04-21 16:27 ` [PATCH v14 10/19] x86: Secure Launch kernel late " Ross Philipson
2025-04-21 16:27 ` [PATCH v14 11/19] x86: Secure Launch SMP bringup support Ross Philipson
2025-04-21 16:27 ` [PATCH v14 12/19] kexec: Secure Launch kexec SEXIT support Ross Philipson
2025-04-23 19:58 ` ALOK TIWARI
2025-04-23 20:07 ` ross.philipson
2025-04-21 16:27 ` [PATCH v14 13/19] x86/reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2025-04-21 22:57 ` Dave Hansen
2025-04-22 19:31 ` ross.philipson
2025-04-21 16:27 ` [PATCH v14 14/19] tpm, tpm_tis: Close all localities Ross Philipson
2025-04-21 16:27 ` [PATCH v14 15/19] tpm, tpm_tis: Address positive localities in tpm_tis_request_locality() Ross Philipson
2025-04-21 16:27 ` [PATCH v14 16/19] tpm, tpm_tis: Allow locality to be set to a different value Ross Philipson
2025-04-22 10:20 ` Stefano Garzarella
2025-04-23 19:38 ` Daniel P. Smith
2025-04-21 16:27 ` [PATCH v14 17/19] tpm, sysfs: Show locality used by kernel Ross Philipson
2025-04-21 16:27 ` [PATCH v14 18/19] x86: Secure Launch late initcall platform module Ross Philipson
2025-04-28 17:38 ` Andy Lutomirski
2025-04-30 1:40 ` Daniel P. Smith
2025-04-30 18:51 ` Andy Lutomirski
2025-04-21 16:27 ` [PATCH v14 19/19] x86/efi: EFI stub DRTM launch support for Secure Launch Ross Philipson
2025-04-21 20:52 ` [PATCH v14 00/19] x86: Trenchboot secure dynamic launch Linux kernel support Dave Hansen
2025-04-21 21:00 ` Andrew Cooper
2025-04-22 18:17 ` Andrew Cooper
2025-04-22 19:16 ` Dave Hansen [this message]
2025-04-22 21:26 ` Ard Biesheuvel
2025-04-22 23:21 ` Dave Hansen
2025-04-24 18:45 ` Dave Hansen
-- strict thread matches above, loose matches on Subject: below --
2025-04-25 10:12 Rich Persaud
2025-04-25 14:12 ` Dave Hansen
2025-04-29 0:04 ` Daniel P. Smith
2025-04-29 0:56 ` Dave Hansen
2025-05-18 14:42 ` Mike
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f736128a-04d6-4f81-8aba-67b857e99e7d@intel.com \
--to=dave.hansen@intel.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).