Received: by 2002:a17:90a:1609:0:0:0:0 with SMTP id n9csp2290233pja; Thu, 26 Mar 2020 12:43:58 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvUoiVPEZjnP5jBMro46Wayw3Uklm8tVDe0pl0GM5+SeL9C5DtRRO4i2EClAB4GyG17DK+T X-Received: by 2002:a9d:1921:: with SMTP id j33mr7823048ota.309.1585251838695; Thu, 26 Mar 2020 12:43:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585251838; cv=none; d=google.com; s=arc-20160816; b=nakhpZi6qp7m5JCXmBkjOB69O+jkVWNpMkMsG+WziyokPtGGgZX7xXzCwIvuWwbK9Y UCZxofDRhxbRquhtbfxjdUUf/bX0IDLFGVif6AxiBoowgsy1Ra3/8LJnvAQustKo2Sou OkpuAfeRl9lnv4Bp8cm2FSAXwHdBXQi4D4MLPp2ZfUAO0QoWHoeyQrFCg8TYR9CeHs7j U4Gi/Ou3qChP8ZWNqcZRykyHyZKLIcWL3FRAw2lwwHFQxUlOouGH2xrHbDJJRhkCzPln BvsZw6Ilj5q2w7gCSZ+TF+OeAtcLSRKv67WmgoUu7t8i4QZ2juXGkoexzwz2OMFbXBoh hpCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:from:references:cc:to:subject:dkim-signature; bh=tnkbT1YLd2ScwG9PyOSVvNHGVdZHmT/KO4j4Mdb2JHI=; b=ZSiuuuZV2dd/6CNs2auuQ3qVjmTVAsc2KIaT35vvVmPI6Hom8nIXasEumwpGY79qbT sK9lFT3x5ss2EO/iMz94+eQEwWwS2tP3OlS3YrzJYyBtgdIaopXdH9i0JoWPqjKvlWMN owKzN78taR3NKZ8RJ8A3DyZYWRZ86QeF4QsHRrd0Y/8oCAbcAyovwOxNhiIwjn+ySiHg mhWUIm4d1htU7CBQKvB+hoH3EF3RytxVCupBmcRcXH2xNlJZn4+43gf38FqRFlMyYOu/ mXfV/1HpiIx/Jyi0HzKV9la7QsNkvpMXtOkZ5LLEP4NBGwYiv0CPaeLIB7uUi4bQOPxM NemA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=VHuOPfzI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k10si1446276otr.174.2020.03.26.12.43.45; Thu, 26 Mar 2020 12:43:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=VHuOPfzI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728639AbgCZTmW (ORCPT + 99 others); Thu, 26 Mar 2020 15:42:22 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:37612 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726340AbgCZTmV (ORCPT ); Thu, 26 Mar 2020 15:42:21 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 02QJdMM7121094; Thu, 26 Mar 2020 19:42:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2020-01-29; bh=tnkbT1YLd2ScwG9PyOSVvNHGVdZHmT/KO4j4Mdb2JHI=; b=VHuOPfzIq7scCizhKQYsckYgUew/y0jiEYrZFDsqLsveischfenleY0B30AbaGFbUiH8 Bjy8RFYVkTlo8349JnpLRs8gvN0x+McropoC2r1ajFgvq+yV0YQThoWEm2u56PHguVIB fR1S+4s07dowgcQNlmdSpSDjqQN6wPtVmfcAseOfFMtzEhJiCpz2xn1KlQPZ+UejEOLs l2ZiAMGPlZhlO9U9yh+SlB4SJpXGrMnCD23sPH4pYt9YsvapYwTt0wglJiVpCTGmHigO R1vk5M9X3KRQtDeT8rDZVxsTf3d52YCxni2t5BECIxipwe89oWjSG7qhajyrrz2YKT0P WQ== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by aserp2120.oracle.com with ESMTP id 2ywavmhvb5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2020 19:42:04 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 02QJSHXu074553; Thu, 26 Mar 2020 19:42:04 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserp3030.oracle.com with ESMTP id 3006r910mp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2020 19:42:03 +0000 Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 02QJg3WR025242; Thu, 26 Mar 2020 19:42:03 GMT Received: from [10.39.232.30] (/10.39.232.30) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 26 Mar 2020 12:42:03 -0700 Subject: Re: [RFC PATCH 01/12] x86: Secure Launch Kconfig To: Daniel Kiper Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-doc@vger.kernel.org, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, trenchboot-devel@googlegroups.com References: <20200325194317.526492-1-ross.philipson@oracle.com> <20200325194317.526492-2-ross.philipson@oracle.com> <20200326180653.nyfkbrczl5gxbukl@tomti.i.net-space.pl> From: Ross Philipson Autocrypt: addr=ross.philipson@oracle.com; keydata= mQENBFtHZ04BCADHhtvMImplKfIEOytU7ZH4haZ9eFAqZpGeIpG9D+pzTCuReM2/49bvgNoI e1xuiQFO+UEJ8FjedFjDdqY7fSw3xVdX9gLwD1Rmw0Dadc1w6sGbcoOQLHcglesu+BmcKBtU tWQZkzCpEShN4etgZThk8469YnAvO08vNZsrizgrpD90T7mEYiNXxIkX87sPGbnBrL1X7RvZ TaRXfE8174W+XVwGEpSiO/GjRgLW8+DFZB5MgXpCR993+U1YT9Lz97/MRzr4hqcOYry6LBYi s8dOly4oP7gK15oW8Xap9+ur0Jd8Vy8o99Axq+7yunF+2KE2SwP3/w8H3VDpx7EeDhWDABEB AAG0KlJvc3MgUGhpbGlwc29uIDxyb3NzLnBoaWxpcHNvbkBvcmFjbGUuY29tPokBVAQTAQgA PgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBFsN7r6v0OZTCaJ1wdpHdTZHiMYcBQJb R2eBBQkJZgGzAAoJENpHdTZHiMYcPYcH/Rlp3/F3P4/2i/W0F4yQDVD6rAkejCws4KlbgC5D Slkdvk6j8jOW/HNeIY3n+a3mW0iyyhZlipgYAqkK1loDiDxJjc2eUaHxiYWNLQ4CwIj2EC27 AWCp6hgwHNWmZrdeNbM/Z6LTFQILx5xzgX+86KNqzFV7gOcAaS2qBVz1D83dgrFZaGaao918 nvfe+SnImo0GaEf8nVDKgsD2zfzMBkk4q/E0mrEADFXwBHSvNCnVyrCN6Ve0dHWgI7SszUDt 7v01zbGPR5mRfGuyC9gykd2SDCw5/Q27RMWfaPFL/dtiZBljUzb2yW5jicZAz7zNdDcBSUGR r//wxtG4k/dBrMW5AQ0EW0dnTwEIAPelEnLDnfJnHdFR+1Thrvv3Udt/1cjqQfHqH4F8zef/ MsIcPV1skL7qPUYD+CrbasvmqhlPxtJAtN68inPa70fA2g0PtNmLUH1NBb2e6EjOoVZg9ais BWfdYUITZouOXs2zCTFsoNWjTJANnXxexbTf1ZEqfzlVtQK+xAnXl3kiL4Y47VMbgDkGedhw 3ZMWQ2zMMZqYJkPYhtlTXtedhV91DL1347ULwHsvkUJDZ0gL+WU6tYhsCOOiD61x58PfUiFb /WkZEPxb96dSSSWrTlLlBWSSD24RnhfbJjfsXeSu9s4XldmGTDkj7jclMVU1xV0BUfqEwhVn xR8FlC+dZvkAEQEAAYkBPAQYAQgAJgIbDBYhBFsN7r6v0OZTCaJ1wdpHdTZHiMYcBQJbR2eB BQkJZgGyAAoJENpHdTZHiMYcDIAIAIRJrKjIStRvLsOOCX92s9XJPUjrC/xmtVsqVviyFWIC QRPQzDE+bDSvRazudBHmcPW+BOOB5B+p7zKZzOGoZV2peG8oA/Y8oCxOYBtpbBaZ5KJexm/g BbnJUwb3uhmKtDShHGUCmtq8MZBJBr6Q6xHprOU8Qnzs9Jea8NVwaz9O226Rrg4XVv/sK1Lh ++xZfhi7YqKWdx5vdfdnX1xWe8ma0eXLeCDh3V6Ys+Habw1jEbMuafrcVzAbp1rMt2Lju1ls BNAoxeViK7QXWfwGTmGJP++jHmo99gMqEtiohf+37N0oS6uYu6kaE7PxsEcOjWKJxW/DdgwO eFq+D6xuiKk= Message-ID: Date: Thu, 26 Mar 2020 15:42:01 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <20200326180653.nyfkbrczl5gxbukl@tomti.i.net-space.pl> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9572 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 adultscore=0 suspectscore=0 phishscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003260144 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9572 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 bulkscore=0 clxscore=1015 impostorscore=0 phishscore=0 suspectscore=0 mlxlogscore=999 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003260144 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/26/20 2:06 PM, Daniel Kiper wrote: > On Wed, Mar 25, 2020 at 03:43:06PM -0400, Ross Philipson wrote: >> Initial bits to bring in Secure Launch functionality. Add Kconfig >> options for compiling in/out the Secure Launch code. >> >> Signed-off-by: Ross Philipson >> --- >> arch/x86/Kconfig | 11 +++++++++++ >> 1 file changed, 11 insertions(+) >> >> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >> index 5e8949953660..7f3406a9948b 100644 >> --- a/arch/x86/Kconfig >> +++ b/arch/x86/Kconfig >> @@ -2014,6 +2014,17 @@ config EFI_MIXED >> >> If unsure, say N. >> >> +config SECURE_LAUNCH >> + bool "Secure Launch support" >> + default n >> + depends on X86_64 >> + help >> + This Secure Launch kernel feature allows a bzImage to be loaded >> + directly through Intel TXT or AMD SKINIT measured launch. This > > I think that you should drop AMD SKINIT from here. This should be added > when AMD secure launch implementation is added. Yea will do. > > ...and why we need this as separate patch? Could not we add this in > a patch which uses CONFIG_SECURE_LAUNCH for first time? So it used to be part of a bigger patch but it ended up shrinking down to this when kernel_info was introduced. The first patch to use it is the SHA patch but that seems a weird place to introduce it. Will have to think about it... > > Daniel >