Oracle Sends Out Newest Patches For Trenchboot / Secure Launch For The Linux Kernel

For more than one year now Oracle engineers have been working on Trenchboot support for securely booting the Linux kernel. Sent out today is the third revision of this work for establishing a dynamic root of trust for measurement.

Trenchboot is centered around improving boot security and integrity. Oracle engineers have been involved with working on Trenchboot integration for the GRUB boot-loader and related components, including this Linux kernel support that has yet to land. Trenchboot relies on Intel's TXT/SKINIT and AMD-V support for the hardware support around the integrity measurements.

The v3 Trenchboot patches for the Linux kernel add new documentation around the "Secure Launch" functionality, IOMMU-related changes, the special case KASLR address space layout randomization disabling code has been removed, improved detection of Intel hardware support (these kernel patches do not yet have the AMD-V support), and other low-level code changes.

See this patch series for all the interesting technical details on this Trenchboot / Secure Launch support for the Linux kernel. Those wanting to learn more about the Trenchboot project itself for improving boot security can visit Trenchboot.org.