{"id":482,"date":"2022-07-31T09:38:56","date_gmt":"2022-07-31T07:38:56","guid":{"rendered":"https:\/\/threedots.ovh\/blog\/?p=482"},"modified":"2022-07-31T09:38:57","modified_gmt":"2022-07-31T07:38:57","slug":"tweet-collection-on-secure-launch","status":"publish","type":"post","link":"https:\/\/threedots.ovh\/blog\/2022\/07\/tweet-collection-on-secure-launch\/","title":{"rendered":"Tweet collection on Secure Launch"},"content":{"rendered":"\n<p>This blog post is a collection of tweets on the information known about Secure Launch today. This will be hopefully helpful to some of the community.<\/p>\n\n\n\n<p>I should maybe have spent more time reverse-engineering and publishing my efforts on that front before joining Qualcomm&#8230;<\/p>\n\n\n\n<p><em>Disclaimer: no guarantees of accuracy provided in the tweets below, was just a quick search with keywords to find prior tweets on the matter.<\/em><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">It seems Hyper-V launch on 850\/8cx is done via a mechanism called &quot;Secure Launch&quot;, hmm<\/p>&mdash; Sunshine Biscuit at scale \ud83c\udf6a (@imbushuo) <a href=\"https:\/\/twitter.com\/imbushuo\/status\/1314054241397301248?ref_src=twsrc%5Etfw\">October 8, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">They already gave up EL2 in Windows ARM\u2019s case &#8211; a Hyper-V secure launch  protocol for elevating to EL2 with verification and measurement is added in QCOM HYP since 850 and 855, also present in Android phones\u2019 firmware<\/p>&mdash; Sunshine Biscuit at scale \ud83c\udf6a (@imbushuo) <a href=\"https:\/\/twitter.com\/imbushuo\/status\/1330973854177619969?ref_src=twsrc%5Etfw\">November 23, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Oh and also:<br><br>Forget about virtualisation on linux. Qualcomm uses a custom Secure Launch interface with a TCB loader to escalate from EL1 to EL2. Of course, Linux knows nothing about that. (UEFI runs @ el1)<\/p>&mdash; Longhorn (@never_released) <a href=\"https:\/\/twitter.com\/never_released\/status\/1498362211873566721?ref_src=twsrc%5Etfw\">February 28, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">On SD850\/8cx, there\u2019s a custom Secure Launch interface to escalate to EL2. That means that your UEFI FW is at EL1, and that other OSes stay at EL1 too.<\/p>&mdash; Longhorn (@never_released) <a href=\"https:\/\/twitter.com\/never_released\/status\/1367714560963182592?ref_src=twsrc%5Etfw\">March 5, 2021<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">I wouldn\u2019t assume that Linux is a non-starter for somebody with too much time on their hands.<br><br>About KVM, going to bet that this is a Secure Launch device with no EL2 in UEFI until proven otherwise.<\/p>&mdash; Longhorn (@never_released) <a href=\"https:\/\/twitter.com\/never_released\/status\/1459563960143855618?ref_src=twsrc%5Etfw\">November 13, 2021<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Secure launch is an abomination that no one wants.<\/p>&mdash; It&#39;s an Arm world (virtualized) (@WhatAintInside) <a href=\"https:\/\/twitter.com\/WhatAintInside\/status\/1424328975292248068?ref_src=twsrc%5Etfw\">August 8, 2021<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Secure Launch requirements said firmware must keep existing EL1 code in place and make sure they are functional after elevation, so hmmm<\/p>&mdash; Sunshine Biscuit at scale \ud83c\udf6a (@imbushuo) <a href=\"https:\/\/twitter.com\/imbushuo\/status\/1314132586059362305?ref_src=twsrc%5Etfw\">October 8, 2020<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Will some details be published about the implementation of Secure Launch on Qualcomm processors?<br><br>Because that part is really missing in public docs.<\/p>&mdash; Longhorn (@never_released) <a href=\"https:\/\/twitter.com\/never_released\/status\/1532036740441165825?ref_src=twsrc%5Etfw\">June 1, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Secure launch devices are capable of running Hyper-V, consequently capable of letting other OSVs navigate whatever chip limitations exist&#8230;<\/p>&mdash; It&#39;s an Arm world (virtualized) (@WhatAintInside) <a href=\"https:\/\/twitter.com\/WhatAintInside\/status\/1424333576162709509?ref_src=twsrc%5Etfw\">August 8, 2021<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog post is a collection of tweets on the information known about Secure Launch today. This will be hopefully helpful to some of the community. I should maybe have spent more time reverse-engineering and publishing my efforts on that front before joining Qualcomm&#8230; Disclaimer: no guarantees of accuracy provided in the tweets below, was&hellip;&nbsp;<a href=\"https:\/\/threedots.ovh\/blog\/2022\/07\/tweet-collection-on-secure-launch\/\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">Tweet collection on Secure Launch<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-482","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/posts\/482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/comments?post=482"}],"version-history":[{"count":1,"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/posts\/482\/revisions"}],"predecessor-version":[{"id":483,"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/posts\/482\/revisions\/483"}],"wp:attachment":[{"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/media?parent=482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/categories?post=482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threedots.ovh\/blog\/wp-json\/wp\/v2\/tags?post=482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}