Oracle Sends Out Newest Patches For Trenchboot / Secure Launch For The Linux Kernel
Trenchboot is centered around improving boot security and integrity. Oracle engineers have been involved with working on Trenchboot integration for the GRUB boot-loader and related components, including this Linux kernel support that has yet to land. Trenchboot relies on Intel's TXT/SKINIT and AMD-V support for the hardware support around the integrity measurements.
The v3 Trenchboot patches for the Linux kernel add new documentation around the "Secure Launch" functionality, IOMMU-related changes, the special case KASLR address space layout randomization disabling code has been removed, improved detection of Intel hardware support (these kernel patches do not yet have the AMD-V support), and other low-level code changes.
See this patch series for all the interesting technical details on this Trenchboot / Secure Launch support for the Linux kernel. Those wanting to learn more about the Trenchboot project itself for improving boot security can visit Trenchboot.org.