Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1125354rwr; Fri, 5 May 2023 09:25:25 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6Todzk8qvCtD1OWiifIAiyM3VE03Je86Xizq7ZGQrl9tpSEaSJ1ri8L/ACY7J+9R7AmwJR X-Received: by 2002:a17:903:2451:b0:1a6:9762:6eed with SMTP id l17-20020a170903245100b001a697626eedmr2560619pls.22.1683303925167; Fri, 05 May 2023 09:25:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683303925; cv=none; d=google.com; s=arc-20160816; b=ny1Vu7gmIVTtxGC0urYXnykULHdmzPoeH7Hqf6nE1543TqwZVnZH90T+cC1vpCIKPF zKgMRV9PjYCCrHH5OD3yV2TPmAaF+iN4KrgK59Y9WOQj7Dq520P6VqI9IIayBOk7zY4S keuKdnmXvWocDEuhDFmfABa7E6WychVcZuwWjKBEkox3Y2bYW7Wo3wuQ66ctrC3Yecbh zVmeWqSj0emFRCwvwww9JGo2R1cu7vbdq/LCFYugU0xnCqlFOpyah38wQd/++xF974F3 d+UNg1z7fXHdIVXZhQqKV29eLiH7dBORobK+dv56pQhuQML+oR2DUEV43eUhcxOnW2Md SKFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=tdXmWJtNYNfv1HGFONEltQXME5BpwVBJrmM5cwq8B+s=; b=M/4TIgHdZyZvcQrKtrFZ8gYSC/2ugj3jth+CoRFE2KBVJW1sbw7SkLQd59Euin9CSp oBdOG6Rw6V6/mAVPuXEQo2FjyQxg2AN7H1zWD9zACuQe+c1uAulwdu/npOXl5zqEc3ZQ 9QMVtpUsj6mq7G4L825kbz6Po3z39YnadoHtbql2dSVr1v82ozA/5P+s0c4BTo3avSPP M+EXLeHfHyqqHY0FAY6OZPLwo3DTd/80PnasTglbohcrn5NClGWWe4044hxPbZmZxFRq xA1eA56DaQ1NB5CfP9u/2jQtaXv1z6oMRLRVfVveBg+l4HPfvFu8LkQtzRTa8AZWbxMg NQBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=loLHgZ6l; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y14-20020a1709027c8e00b001a6783cf26dsi1902481pll.255.2023.05.05.09.24.58; Fri, 05 May 2023 09:25:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=loLHgZ6l; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231615AbjEEQTK (ORCPT + 99 others); Fri, 5 May 2023 12:19:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230163AbjEEQTJ (ORCPT ); Fri, 5 May 2023 12:19:09 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC90217FE2; Fri, 5 May 2023 09:19:08 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4845263F15; Fri, 5 May 2023 16:19:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EBDE1C433EF; Fri, 5 May 2023 16:19:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683303547; bh=9eVD8TLEEJTPz7yUDaY/tcM4ySNHmYkUZSsW6auAYhI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=loLHgZ6lqZrIKBgo3yKKid4OzVFYz+8ZiKK82DAcPHoYWv38JEZTzJBc/0Jilf3Ac 13ZT853kkIOz5s92U2aLs8Qsw3/pa5XZXTWrM7RLBw1djPdirH/b7e328JT1KQDfo5 Ia02U9yr3HawpR+b0VyOH8cI2VeNJrHrSxmbVFpT3yoROBJG7kA8FvP3nIX4blUvei 1+YXY4yq6kvmuJAt1kUewv/TelPNq3i/P251E+XOAquYRG4fANOUEKMcFwQTJW2bcf 3FEbGZUddqObaXNkWfTnpVbHzIE26/z88HVTnkB5sY9x/JYwY+Z5S7f7VIT7tH5VvM nkytUGk7g4Aow== Date: Fri, 5 May 2023 18:19:01 +0200 From: Simon Horman To: Ross Philipson Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, luto@amacapital.net, nivedita@alum.mit.edu, kanth.ghatraju@oracle.com, trenchboot-devel@googlegroups.com Subject: Re: [PATCH v6 02/14] Documentation/x86: Secure Launch kernel documentation Message-ID: References: <20230504145023.835096-1-ross.philipson@oracle.com> <20230504145023.835096-3-ross.philipson@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230504145023.835096-3-ross.philipson@oracle.com> X-Spam-Status: No, score=-7.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, May 04, 2023 at 02:50:11PM +0000, Ross Philipson wrote: > Introduce background, overview and configuration/ABI information > for the Secure Launch kernel feature. > > Signed-off-by: Daniel P. Smith > Signed-off-by: Ross Philipson Hi Ross and Daniel, some minor nits from my side. > --- > Documentation/security/index.rst | 1 + > Documentation/security/launch-integrity/index.rst | 10 + > .../security/launch-integrity/principles.rst | 313 ++++++++++++ > .../launch-integrity/secure_launch_details.rst | 564 +++++++++++++++++++++ > .../launch-integrity/secure_launch_overview.rst | 220 ++++++++ > 5 files changed, 1108 insertions(+) > create mode 100644 Documentation/security/launch-integrity/index.rst > create mode 100644 Documentation/security/launch-integrity/principles.rst > create mode 100644 Documentation/security/launch-integrity/secure_launch_details.rst > create mode 100644 Documentation/security/launch-integrity/secure_launch_overview.rst > > diff --git a/Documentation/security/index.rst b/Documentation/security/index.rst > index 6ed8d2f..fade37e 100644 > --- a/Documentation/security/index.rst > +++ b/Documentation/security/index.rst > @@ -18,3 +18,4 @@ Security Documentation > digsig > landlock > secrets/index > + launch-integrity/index > diff --git a/Documentation/security/launch-integrity/index.rst b/Documentation/security/launch-integrity/index.rst > new file mode 100644 > index 0000000..28eed91d > --- /dev/null > +++ b/Documentation/security/launch-integrity/index.rst > @@ -0,0 +1,10 @@ I believe an SPDX tag should go at the top of each .rst file. > +===================================== > +System Launch Integrity documentation > +===================================== > + > +.. toctree:: > + > + principles > + secure_launch_overview > + secure_launch_details > + > diff --git a/Documentation/security/launch-integrity/principles.rst b/Documentation/security/launch-integrity/principles.rst > new file mode 100644 > index 0000000..73cf063 > --- /dev/null > +++ b/Documentation/security/launch-integrity/principles.rst > @@ -0,0 +1,313 @@ > +======================= > +System Launch Integrity > +======================= > + > +This document serves to establish a common understanding of what is system > +launch, the integrity concern for system launch, and why using a Root of Trust > +(RoT) from a Dynamic Launch may be desired. Through out this document > +terminology from the Trusted Computing Group (TCG) and National Institue for s/Institue/Institute/ ... > +Trust Chains > +============ > + > +Bulding upon the understanding of security mechanisms to establish load-time s/Bulding/Building/ ... > diff --git a/Documentation/security/launch-integrity/secure_launch_details.rst b/Documentation/security/launch-integrity/secure_launch_details.rst ... > +Secure Launch Resource Table > +============================ > + > +The Secure Launch Resource Table (SLRT) is a platform-agnostic, standard format > +for providing information for the pre-launch environment and to pass > +information to the post-launch environment. The table is populated by one or > +more bootloaders in the boot chain and used by Secure Launch on how to setup > +the environment during post-launch. The details for the SLRT are documented > +in the TrenchBoot Secure Launch Specifcation [3]_. s/Specifcation/Specification/ ...