Oracle Engineers Send Out Linux Patches For Trenchboot Secure Late-Launch Kernel Support
Going back to over a year ago were discussions by Oracle engineers and others about a secure launch boot protocol for the Linux kernel to in turn tie into the Trenchboot open-source project working on various system integrity features. We are now finally seeing new patches out of Oracle for wiring more Trenchboot support into the Linux kernel.
Trenchboot is a cross-platform framework for incorporating boot integrity technologies like Intel Boot Guard, Intel TXT, and AMD SKINIT. Trenchboot is ultimately aiming for multiple use-cases from two-factor authentication for travel laptops to crowd sourcing integrity handling. Those unfamiliar with the project can learn more at Trenchboot.org.
Patches sent out today by Oracle's Ross Philipson and based upon work by Apertus Solutions' Daniel P. Smith allow secure late-launch kernel support.
For now these "request for comments" patches is only wired up for Intel TXT while an AMD version is in progress. Oracle has also been working on Intel TXT / AMD SKINIT and Trenchboot support over on the GRUB boot-loader side as well.
For now no upstream developers have commented on the proposal but we'll see where this leads with this Trenchboot / Secure Launch functionality for the Linux kernel potentially coming together this year.
Trenchboot is a cross-platform framework for incorporating boot integrity technologies like Intel Boot Guard, Intel TXT, and AMD SKINIT. Trenchboot is ultimately aiming for multiple use-cases from two-factor authentication for travel laptops to crowd sourcing integrity handling. Those unfamiliar with the project can learn more at Trenchboot.org.
Patches sent out today by Oracle's Ross Philipson and based upon work by Apertus Solutions' Daniel P. Smith allow secure late-launch kernel support.
The Trenchboot project focus on boot security has led to the enabling of the Linux kernel to be directly invocable by the x86 Dynamic Launch instruction(s) for establishing a Dynamic Root of Trust for Measurement (DRTM). The dynamic launch will be initiated by a boot loader with associated support added to it, for example the first targeted boot loader will be GRUB2. An integral part of establishing the DRTM involves measuring everything that is intended to be run (kernel image, initrd, etc) and everything that will configure that kernel to run (command line, boot params, etc) into specific PCRs, the DRTM PCRs (17-22), in the TPM. Another key aspect is the dynamic launch is rooted in hardware. On Intel this is done using the GETSEC instruction set provided by Intel's TXT and the SKINIT instruction provided by AMD's AMD-V. Information on these technologies can be readily found online.
To enable the kernel to be launched by GETSEC or SKINIT, a stub must be built into the setup section of the compressed kernel to handle the specific state that the late launch process leaves the BSP. This is a lot like the EFI stub that is found in the same area. Also this stub must measure everything that is going to be used as early as possible. This stub code and subsequent code must also deal with the specific state that the late launch leaves the APs in.
For now these "request for comments" patches is only wired up for Intel TXT while an AMD version is in progress. Oracle has also been working on Intel TXT / AMD SKINIT and Trenchboot support over on the GRUB boot-loader side as well.
For now no upstream developers have commented on the proposal but we'll see where this leads with this Trenchboot / Secure Launch functionality for the Linux kernel potentially coming together this year.
6 Comments