Oracle Sends Out Newest Patches For Trenchboot / Secure Launch For The Linux Kernel

Written by Michael Larabel in Oracle on 9 August 2021 at 01:37 PM EDT. 2 Comments
For more than one year now Oracle engineers have been working on Trenchboot support for securely booting the Linux kernel. Sent out today is the third revision of this work for establishing a dynamic root of trust for measurement.

Trenchboot is centered around improving boot security and integrity. Oracle engineers have been involved with working on Trenchboot integration for the GRUB boot-loader and related components, including this Linux kernel support that has yet to land. Trenchboot relies on Intel's TXT/SKINIT and AMD-V support for the hardware support around the integrity measurements.

The v3 Trenchboot patches for the Linux kernel add new documentation around the "Secure Launch" functionality, IOMMU-related changes, the special case KASLR address space layout randomization disabling code has been removed, improved detection of Intel hardware support (these kernel patches do not yet have the AMD-V support), and other low-level code changes.

See this patch series for all the interesting technical details on this Trenchboot / Secure Launch support for the Linux kernel. Those wanting to learn more about the Trenchboot project itself for improving boot security can visit
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week