On 5/15/26 2:13 PM, Ross Philipson wrote:
> From: "Daniel P. Smith" <[email protected]>
>
> Introduce documentation for the Linux Secure Launch feature.
>
> Co-developed-by: Ross Philipson <[email protected]>
> Signed-off-by: Daniel P. Smith <[email protected]>
> Signed-off-by: Ross Philipson <[email protected]>
> ---
> Documentation/arch/x86/boot.rst | 8 +
> Documentation/security/index.rst | 1 +
> .../security/launch-integrity/index.rst | 9 +
> .../launch-integrity/secure_launch.rst | 681 ++++++++++++++++++
> 4 files changed, 699 insertions(+)
> create mode 100644 Documentation/security/launch-integrity/index.rst
> create mode 100644 Documentation/security/launch-integrity/secure_launch.rst
>
> diff --git a/Documentation/security/launch-integrity/secure_launch.rst
> b/Documentation/security/launch-integrity/secure_launch.rst
> new file mode 100644
> index 000000000000..b4c61fdceaf0
> --- /dev/null
> +++ b/Documentation/security/launch-integrity/secure_launch.rst
> @@ -0,0 +1,681 @@
> +.. SPDX-License-Identifier: GPL-2.0
> +.. Copyright (c) 2019-2026 Daniel P. Smith <[email protected]>
> +
> +======================
> +Secure Launch Overview
> +======================
> +
> +:Author: Daniel P. Smith
> +:Date: February 2026
maybe update?
> +
> +Overview
> +========
[snip]
> +Error Codes
> +===========
> +
> +The TXT specification defines the layout for TXT 32 bit error code values.
32-bit
> +The bit encodings indicate where the error originated (e.g. with the CPU,
> +in the SINIT ACM, in software). The error is written to a sticky TXT
> +register that persists across resets called TXT.ERRORCODE (see the TXT
> +MLE Development Guide). The errors defined by the Secure Launch feature are
> +those generated in the MLE software. They have the format::
> +
> + 0xc0008XXX
> +
> +The low 12 bits are free for defining the following Secure Launch specific
> +error codes.
[snip]
> +Resources
> +=========
> +
> +The TrenchBoot project:
> +
> +https://trenchboot.org
> +
> +Secure Launch Specification:
> +
> +https://trenchboot.org/specifications/Secure_Launch/
> +
> +Trusted Computing Group's D-RTM Architecture:
> +
> +https://trustedcomputinggroup.org/wp-content/uploads/TCG_D-RTM_Architecture_v1-0_Published_06172013.pdf
> +
> +TXT documentation in the Intel TXT MLE Development Guide:
> +
> +https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf
> +
> +TXT instructions documentation in the Intel SDM Instruction Set volume:
> +
> +https://software.intel.com/en-us/articles/intel-sdm
> +
> +AMD SKINIT documentation in the System Programming manual:
> +
> +https://www.amd.com/system/files/TechDocs/24593.pdf
> +
> +GRUB Secure Launch support:
> +
> +https://github.com/TrenchBoot/grub/tree/grub-sl-fc-38-dlstub
> +
> +FOSDEM 2021: Secure Upgrades with DRTM
> +
> +https://archive.fosdem.org/2021/schedule/event/firmware_suwd/
> +
> +.. [1]
> + MLE: Measured Launch Environment is the binary runtime that is measured
> and
> + then run by the TXT SINIT ACM. The TXT MLE Development Guide describes
> the
> + requirements for the MLE in detail.
> +
> +.. [2]
> + PMR: Intel VTd has a feature in the IOMMU called Protected Memory
> Registers.
> + There are two of these registers and they allow all DMA to be blocked
> + to large areas of memory. The low PMR can cover all memory below 4Gb on
> 2Mb
> + boundaries. The high PMR can cover all RAM on the system, again on 2Mb
> + boundaries. This feature is used during a Secure Launch by TXT.
> +
> +.. [3]
> + Secure Launch Specification:
> https://trenchboot.org/specifications/Secure_Launch/
> +
> +.. [4]
> + ACM: Intel's Authenticated Code Module. This is the 32b bit binary blob
> that
Does "32b" mean something or should that be 32-bit?
> + is run securely by the GETSEC[SENTER] during a measured launch. It is
> described
> + in the Intel documentation on TXT and versions for various chipsets are
> + signed and distributed by Intel.
--
~Randy
