From patchwork Fri May 31 01:03:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Philipson X-Patchwork-Id: 13681024 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 302554C8F; Fri, 31 May 2024 01:32:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.165.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717119137; cv=none; b=mJhjGzh+ltt86WmKWxfVuyKOxVSb7I70DHvqMaCupwnW24N9/Dn5v9Q6Mk7yBGAaucYhbt0bwSQmnrFawRLI2i6FsJTpxNbSjIxZsnIf2+ZOXWTQay6VunFWdnYaCEQLc5Au+1L5XtTKyTCoQdidolSkGVsn3cG60SIeXtZyZfI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717119137; c=relaxed/simple; bh=nqgDqt5419QMyMvBEfbugMk0baBsDMSVWA5qg2N/pAs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AiqKxqubz7x+mHMFVHKnkgpDPUxoFqWyTdxzhdbW6hc9zKW5lMe7lDsXN6TDR1AwwU7w0BFgRt7N/UKhU99GG1ZPcu9qxliZVs+9BZSJPG96PJ4FQNTAD1N9hCjOO40vNWvBL0CficMWE2zJHExPBVH3/ls4Hk6QX4UMhdG9Muo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; arc=none smtp.client-ip=205.220.165.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 44UFg1A5006773; Fri, 31 May 2024 01:30:41 GMT DKIM-Signature: =?utf-8?q?v=3D1=3B_a=3Drsa-sha256=3B_c=3Drelaxed/relaxed=3B_?= =?utf-8?q?d=3Doracle=2Ecom=3B_h=3Dcc=3Acontent-transfer-encoding=3Adate=3Af?= =?utf-8?q?rom=3Ain-reply-to=3Amessage-id=3Amime-version=3Areferences=3Asubj?= =?utf-8?q?ect=3Ato=3B_s=3Dcorp-2023-11-20=3B_bh=3DC529cB4SacRW7NrFUDFGM9jfy?= =?utf-8?q?RchRmKOKw8zTRl3EW4=3D=3B_b=3DOtY6AaJ3p+c/PMtLIENTqVdFoMBkgc/h7t2c?= =?utf-8?q?HJh9e06Ad1P19B6SwhvJV6Hn5Exh6QbC_7EpM2nH6qTxVQM0Y0olUkiyFjGcBo+9w?= =?utf-8?q?gJHOVyNFrx/BuHl0YpQKglD6FNGfkwrWq1MQ_QLAA6+KiYU2Lw/EjOfAB2zbTJ1BP?= =?utf-8?q?mzpVj39NEmr0+dwXR0L6mECiWksWZdliBYCB63wW_cIxd3b+IByEMyfH0V37n9McK?= =?utf-8?q?sVTLyQzfZdmL6Lm+rP/VCdQi0Yd6RISxH1rvzwAqIVyu_cc7lDCk4ofUDaWfN/Kgs?= =?utf-8?q?3HZm6gd8jGw1oiJSevh0ze6meXMgnZcNbVoJG6MMre1V6srZ_gw=3D=3D_?= Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3yb8p7t3gt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 31 May 2024 01:30:40 +0000 Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 44V1PHdJ016250; Fri, 31 May 2024 01:30:40 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t97by-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 May 2024 01:30:40 +0000 Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 44V1SKNK027418; Fri, 31 May 2024 01:30:39 GMT Received: from bur-virt-x6-2-100.us.oracle.com (bur-virt-x6-2-100.us.oracle.com [10.153.92.40]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t96yw-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 May 2024 01:30:39 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu, herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com, dwmw2@infradead.org, baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com Subject: [PATCH v9 03/19] x86: Secure Launch Kconfig Date: Thu, 30 May 2024 18:03:15 -0700 Message-Id: <20240531010331.134441-4-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240531010331.134441-1-ross.philipson@oracle.com> References: <20240531010331.134441-1-ross.philipson@oracle.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.12.28.16 definitions=2024-05-30_21,2024-05-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 suspectscore=0 adultscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2405010000 definitions=main-2405310010 X-Proofpoint-ORIG-GUID: Pz8sMCrjKOF9bqhSMLqH-Lz8bz61Jabq X-Proofpoint-GUID: Pz8sMCrjKOF9bqhSMLqH-Lz8bz61Jabq Initial bits to bring in Secure Launch functionality. Add Kconfig options for compiling in/out the Secure Launch code. Signed-off-by: Ross Philipson --- arch/x86/Kconfig | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index bc47bc9841ff..ee8e0cbc9a3e 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2067,6 +2067,17 @@ config EFI_RUNTIME_MAP See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map. +config SECURE_LAUNCH + bool "Secure Launch support" + depends on X86_64 && X86_X2APIC && TCG_TPM && CRYPTO_LIB_SHA1 && CRYPTO_LIB_SHA256 + help + The Secure Launch feature allows a kernel to be loaded + directly through an Intel TXT measured launch. Intel TXT + establishes a Dynamic Root of Trust for Measurement (DRTM) + where the CPU measures the kernel image. This feature then + continues the measurement chain over kernel configuration + information and init images. + source "kernel/Kconfig.hz" config ARCH_SUPPORTS_KEXEC