Upstream OE support for measured launch integrity

Description

Trenchboot is enabling measured launch features for upstream projects such as Linux, Xen, grub and u-root. This epic will track the introduction of upstream OE recipes for components used in measured launch, upon which OpenXT's measured launch implementation can be rebased.

Where possible for a software component, reproducible builds should be enabled, so that measured launch can rely on a “known-good” binary hash instead of trust-on-first-use. Source code hashes should be recorded for each build and optionally packaged during installation.

To maximize upstream adoption of measured launch across a wide range of use cases, the recipes must support, but not require, the presence of virtualization or specific hypervisors. Collectively, these recipes will provide an upstream context for collaborative open-source development/testing of silicon and firmware features for platform launch integrity. Depending on the level of upstream interest, these may include:

Shipped and validated in production:

  • Intel TXT

  • Intel BootGuard

  • TPM 2.0

Shipped but not widely enabled or validated with production BIOS:

  • AMD SKINIT

  • Xen support for Arm OP-TEE (Open Portable Trusted Execution Environment)

  • Coreboot-compatible STM (System Transfer Monitor) for Intel TXT

  • Dynamic launch (re-measurement and launch without hardware reboot)

Emerging/roadmap (2020-2022):

  • x86 OEM firmware for Microsoft "secured core", including SMM attestation

  • Google OpenTitan hardware root of trust, possibly with TPM-emulating firmware

  • ARM PSA (Platform Security Architecture)

  • IOMMU and SR-IOV improvements

  • Intel Platform Certificates for hardware supply chain validation

  • Intel ME and AMD PSP improvements

  • AMD SEV-ES

Related OE layers and projects:

OE-related software update frameworks:

Measured Launch, SRTM and DRTM references:

Validation Steps

None

Assignee

Daniel Smith

Reporter

Rich Persaud

Labels

None

QA Assignee

None

QA Image URL

None

Components

Priority

Major

Epic Name

Upstream OE support for measured launch integrity
Configure