Oracle Sends Out Latest Linux Patches So Trenchboot Can Securely Launch The Kernel
Written by Michael Larabel in Oracle on 19 June 2021 at 12:00 AM EDT. 4 Comments
ORACLE --
Trenchboot continues to be worked on for providing boot integrity technologies that allow for multiple roots of trust around boot security and integrity. Oracle engineers on Friday sent out their latest Linux kernel patches so it can enjoy a "Secure Launch" by the project's x86 dynamic launch measurements code.

The latest kernel patches are a second revision to patches sent out last year around the Trenchboot launch support for enhancing the integrity and security of the boot process. This kernel work goes along with Trenchboot support happening for GRUB.

The kernel patches involve dealing with boot time measurements of everything to be run and everything that configures the kernel to run while storing those measurements within the trusted platform module (TPM). Trenchboot also relies upon Intel's TXT/GETSEC and AMD SKINIT instructions for establishing the initial hardware-based measurements.

The changes with this latest series of kernel patches vary quite a bit and include preventing kernel address space layout randomization (KASLR) from being used during a Secure Launch, forcing IOMMU not to use pass-through mode during the Secure Launch, security audit changes, and a wide range of other changes.

Those interested in Trenchboot can find the latest patches via the mailing list. Those wanting to learn more about this boot integrity/security effort can see the documentation at Trenchboot.org.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week