Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   Ross Philipson <ross.philipson@oracle.com>
To:     linux-kernel@vger.kernel.org, x86@kernel.org,
        linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
        linux-crypto@vger.kernel.org, kexec@lists.infradead.org
Cc:     iommu@lists.linux-foundation.org, ross.philipson@oracle.com,
        dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com,
        bp@alien8.de, hpa@zytor.com, luto@amacapital.net,
        nivedita@alum.mit.edu, kanth.ghatraju@oracle.com,
        trenchboot-devel@googlegroups.com
Subject: [PATCH v5 03/12] x86: Secure Launch Kconfig
Date:   Wed, 16 Feb 2022 22:54:36 -0500
Message-Id: <1645070085-14255-4-git-send-email-ross.philipson@oracle.com>
In-Reply-To: <1645070085-14255-1-git-send-email-ross.philipson@oracle.com>
References: <1645070085-14255-1-git-send-email-ross.philipson@oracle.com>
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?D9KU3biqQN/zYw8Q+j/rFpiZegiclc8LTzmsn65FaiNcrOiDbGPZj+QV2b/i?=
 =?us-ascii?Q?Z1PmTS0pBWBNjph23yJcZzcAXF9mpcuTcuegnPA0Z9Honk7l1V1hDR22z6Z5?=
 =?us-ascii?Q?+2dASen2+MjzwezQWGCobY8l0/IZWq6OOJPeKjFUjGUjobBUb/AK3nbPq0P4?=
 =?us-ascii?Q?iju3FuLufo70t1itXbGV+xMsGwq2ozzyrZM3VyPPcrnFGUEhBu49HSGbKHc2?=
 =?us-ascii?Q?qMCW4jXo5ykK/Yh8OTI86M4UQtlAC7DqxjFPKMYffAiNgwiH55IV/VeLKOlO?=
 =?us-ascii?Q?0lwu3qLA5IsQ3SO74OmUmgUNvxzNSGfz1dfkqZb7RlyI4ue/qKl+9D9hO+xs?=
 =?us-ascii?Q?t2Z94guevEr5PX1xLg3lzJ5fZsCFd5Q1rxJXxoOsHwUYSdPEDDsBoHrpeg9j?=
 =?us-ascii?Q?9jbicBsWbc8+Yg5VQWTI0BO7la9kn0EGSnXr3IM6lABdfU33/v1DU2K1lWRs?=
 =?us-ascii?Q?CSgaKxYoF63lcC7uZbyc/GuHgGA0zijWe8G7tL0bDIDf9kEk6lKGDOq8h/ME?=
 =?us-ascii?Q?wsAEbXOuMX/odRNujicTxfIuZtopLc7B7fNziTRM2DURYWV6aGnURKpl9N6Y?=
 =?us-ascii?Q?oSEBsAxncHdbUeUFSuSsrp8RSaQFNaWCXz09FqIT3EwSZbPe/hnNXkWZcAtD?=
 =?us-ascii?Q?Hjylv6kg65Vj4FLq7DMTfdelKsHiX8/IVhkEHViJgrK+zzOsfR1zR3WDQl0p?=
 =?us-ascii?Q?fQDnYoWP00KB3tBLxOOlUtiCbrwHipHHk1ulFSAQnmfaBCi0XeONukjiTFI5?=
 =?us-ascii?Q?CSdZgKqtAyB3nhXT9K8gIBZ3HoMAflL8ifc7N7r0HebsOAK93VfvsXtSi8W3?=
 =?us-ascii?Q?BzM0XaFyFcVV955vX4L6CJGAHIiM87ClzuQ0GXrvmWNPPYsKN01EZ6nvCkqt?=
 =?us-ascii?Q?ue8BXo3yR8kzjXi13N/Gca7dWDTmLgvreP4PwXdrNu8R0axXJIgicqAxzsxx?=
 =?us-ascii?Q?HYENnBK8Q9DUOaWphHO7PORGjJ4IYky27Hr7FybyiSZKrIX/xM9QaEEB4c+S?=
 =?us-ascii?Q?gbHumG+Es8Ttq4rC/x2zLK0O1WYSmzhx0fY5H5zE4tTOmYLfiV9TZ6s53R2C?=
 =?us-ascii?Q?G+xHji9f1/fjK6Mvrkq2Nc+fIANhOuiXNVxx4+MosrQd++pWhMmLKfze2+2T?=
 =?us-ascii?Q?qL4RGnkV9VyqxmTFMuZHzBlOkdu9/e/JD59z5XtXjQjzUYDIzy9I4JklP6sp?=
 =?us-ascii?Q?NjqN/Oum+hCnJgU+chnqZNiyRlsBGzACE2zy1DVmFE14Emhq2ewns1bVnt+L?=
 =?us-ascii?Q?UXmbD5DOA35OENOG1bd4DGA2NHyozN6JYDcUFClRWcww0DXQLr9JNTv7zrzl?=
 =?us-ascii?Q?Rq3L7lQjBCl8CO/AF5rN5nj/tBUQX+NhTSOxIC8ij6pyAjVmPny39KkR17tf?=
 =?us-ascii?Q?HPa622k6FpqF8oyHd8BLkF8emGtvg+ck074gXKKlTys+KBO5KgPsSiBU4gf4?=
 =?us-ascii?Q?NshILdM+KaAOn5cilslFxJzJ4C/H6tN8XGlaXDdVrpTrGOvJUAkiOnZpnavt?=
 =?us-ascii?Q?zzK/zvxT4h55yB/0VHJA92hLBBxkiMLl1wiHQ8SmbKHcM7qSJb1m6DeQleHH?=
 =?us-ascii?Q?vUmhhf4rmqiHJgTvMWI1xCL1jaIUhwNWqOfvyYk2jg5Sr9KZGn4fBncMVsx0?=
 =?us-ascii?Q?roNW5aHDGo6pei9TC91Sfwg+KiSEr2siK9AdkDku4atfgPQ6hQHT3erVLscD?=
 =?us-ascii?Q?HB2Zg7zUJCGMwgmXX7os7qwbA+U=3D?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 09e26aa3-f06b-4d7b-c2e4-08d9f2f775fa
X-MS-Exchange-CrossTenant-AuthSource: BY5PR10MB3793.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2022 15:58:10.1410
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: ASRzh8z1WTAuy3yyhKJ58whhLmktEB0WGB1+XbQ3wDfRl/7FAGyFhQbJNuYLA+Mib00hx/ujrPzbFwmqB6R/eOwQAHlDo+HjQADhzewt3HU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR10MB5312
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10261 signatures=677564
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 phishscore=0 adultscore=0
 mlxlogscore=999 mlxscore=0 suspectscore=0 spamscore=0 malwarescore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000
 definitions=main-2202180103
X-Proofpoint-ORIG-GUID: AWs28MAe5RJ-Nqphnv1umh1VVXCsKKcx
X-Proofpoint-GUID: AWs28MAe5RJ-Nqphnv1umh1VVXCsKKcx
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DATE_IN_PAST_24_48,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.

Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
 arch/x86/Kconfig | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 9f5bd41..3f69aeb 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1983,6 +1983,40 @@ config EFI_MIXED
 
 	   If unsure, say N.
 
+config SECURE_LAUNCH
+	bool "Secure Launch support"
+	default n
+	depends on X86_64 && X86_X2APIC
+	help
+	   The Secure Launch feature allows a kernel to be loaded
+	   directly through an Intel TXT measured launch. Intel TXT
+	   establishes a Dynamic Root of Trust for Measurement (DRTM)
+	   where the CPU measures the kernel image. This feature then
+	   continues the measurement chain over kernel configuration
+	   information and init images.
+
+config SECURE_LAUNCH_ALT_DLME_AUTHORITY
+	bool "Secure Launch Alternate DLME Authority PCR"
+	default n
+	depends on SECURE_LAUNCH
+	help
+	   As the DLME environment, Secure Launch by default measures
+	   the configuration information as the DLME Authority into
+	   PCR18. This feature allows separating these measurements
+	   into the TCG DRTM specification PCR (PCR.DLME_AUTHORITY),
+	   PCR19.
+
+config SECURE_LAUNCH_ALT_DLME_DETAIL
+	bool "Secure Launch Alternate DLME Detail PCR"
+	default n
+	depends on SECURE_LAUNCH
+	help
+	   As the DLME environment, Secure Launch by default measures
+	   the image data like any external initrd as a DRTM Detail
+	   into PCR17. This feature allows separating these
+	   measurements into the Secure Launch's Detail PCR
+	   (PCR.DLME_DETAIL), PCR20.
+
 source "kernel/Kconfig.hz"
 
 config KEXEC
-- 
1.8.3.1