From nobody Fri Oct 31 16:06:12 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1748611144; cv=none; d=zohomail.com; s=zohoarc; b=ZzvAFaVdihZubDiUJdMASYPl1yPR67lZR0WKChHGWj0eFxgYnJMXdokJM8vCfM7eFndWsRkQf2WhroupHFgZuSCfp8kMDmWJMC4O+U4Xibl3qR+HU6zDQsBVvYpzbn9gj5wX/JbNIA+q2VBFSMlkFVAzYkvA9shwsDdpqHRA2xs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1748611144; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GvKdVlecLh2PmzTm3hSectebiIzksYZuaxKe05SsphE=; b=DjqBxQqFeRei6ozfiDQ2bH7dMHxF23YAUcJh35M6ADBkQX8kUKUIJFMfFNvFkLHRVH9YR8Rtxu4MHI86j9+HLMGUsxQz+eHM79vgWPWLnefkDMfmr4SjUSJznzuef+ErxoxVcYl0uSWdPqtlobWw17qKpb1REXar2bGJx2GP3/o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1748611144119366.74169832871473; Fri, 30 May 2025 06:19:04 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1000934.1381146 (Exim 4.92) (envelope-from ) id 1uKzdG-0000uI-2Q; Fri, 30 May 2025 13:18:46 +0000 Received: by outflank-mailman (output) from mailman id 1000934.1381146; Fri, 30 May 2025 13:18:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uKzdF-0000u4-Uz; Fri, 30 May 2025 13:18:45 +0000 Received: by outflank-mailman (input) for mailman id 1000934; Fri, 30 May 2025 13:18:44 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uKzdE-0000ql-Fr for xen-devel@lists.xenproject.org; Fri, 30 May 2025 13:18:44 +0000 Received: from 3.mo575.mail-out.ovh.net (3.mo575.mail-out.ovh.net [46.105.58.60]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 9b4d507d-3d58-11f0-b894-0df219b8e170; Fri, 30 May 2025 15:18:42 +0200 (CEST) Received: from director2.ghost.mail-out.ovh.net (unknown [10.108.2.206]) by mo575.mail-out.ovh.net (Postfix) with ESMTP id 4b83hx5zZRz28B8 for ; Fri, 30 May 2025 13:18:41 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-2djnr (unknown [10.111.174.16]) by director2.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 9CD20C3BB2; Fri, 30 May 2025 13:18:40 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.107]) by ghost-submission-5b5ff79f4f-2djnr with ESMTPSA id B0t9EzCwOWhgJgAAIK2ldA (envelope-from ); Fri, 30 May 2025 13:18:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9b4d507d-3d58-11f0-b894-0df219b8e170 Authentication-Results: garm.ovh; auth=pass (GARM-107S001d1b71519-d27e-408c-8523-b9c0e2d47a6d, A4E380CC922F0B59227EC5DCC46884561651840B) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.184.221 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v3 04/22] x86/boot/slaunch-early: implement early initialization Date: Fri, 30 May 2025 16:17:46 +0300 Message-ID: <16a544876163afece619d50f80869aaacc9c797c.1748611041.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 12695928826315977884 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeffedrtddtgddvleduudculddtuddrgeefvddrtddtmdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefuvghrghhiihcuffhmhihtrhhukhcuoehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomheqnecuggftrfgrthhtvghrnhepffejgfduveektedugeeuiefhtdfhjefgieelkeeugfeggedtgeevheefheeffeeunecuffhomhgrihhnpegsrghsvgdrmhgrphdphhgvrggurdhssgenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekgedrvddvuddpfeejrdehledrudegvddruddtjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehjeehmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=GvKdVlecLh2PmzTm3hSectebiIzksYZuaxKe05SsphE=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1748611121; v=1; b=YWF4HxQni853VwJ2/M7u7AJUwzUCW2rBUmmo7Iil0Sb4T6MHZdZcw+7Cdx9bGPsaHT9sRnBf iKX3omW9+HJ4/rCPVZdIcPc6in7tDPmWlRrzwDBjLRMJFGpU74UwIXTt4P5cUciJ+es+am0T0Rd JIDga3+IqfphDU98v6vXoNkMyi7E0pS+ioytkxiVt+gTga1fEcZE9zF+lyCgvBrR7NZy69qv5OD 84hP29LLpnp69wfRFOGetK/fy0vAu0XW7VvDBE8dd3Dfx9Y2jTbHXRt1rJgHvjBKiBMOeitzg48 I/QBz1ndITA+URa6BbRvKpdpDMTUMKZKEvCJACaq/n6rA== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1748611146102116600 Content-Type: text/plain; charset="utf-8" Make head.S invoke a C function to retrieve MBI and SLRT addresses in a platform-specific way. This is also the place to perform sanity checks of DRTM. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile | 1 + xen/arch/x86/boot/Makefile | 5 +++- xen/arch/x86/boot/head.S | 43 ++++++++++++++++++++++++++++ xen/arch/x86/boot/slaunch-early.c | 41 ++++++++++++++++++++++++++ xen/arch/x86/include/asm/intel-txt.h | 16 +++++++++++ xen/arch/x86/include/asm/slaunch.h | 26 +++++++++++++++++ xen/arch/x86/slaunch.c | 27 +++++++++++++++++ 7 files changed, 158 insertions(+), 1 deletion(-) create mode 100644 xen/arch/x86/boot/slaunch-early.c create mode 100644 xen/arch/x86/include/asm/slaunch.h create mode 100644 xen/arch/x86/slaunch.c diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index ce724a9daa..aa20eb42b5 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -58,6 +58,7 @@ obj-$(CONFIG_COMPAT) +=3D x86_64/physdev.o obj-$(CONFIG_X86_PSR) +=3D psr.o obj-y +=3D setup.o obj-y +=3D shutdown.o +obj-y +=3D slaunch.o obj-y +=3D smp.o obj-y +=3D smpboot.o obj-y +=3D spec_ctrl.o diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index ff0d61d7ac..5471b966dd 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -5,6 +5,7 @@ obj-bin-y +=3D $(obj64) obj32 :=3D cmdline.32.o obj32 +=3D reloc.32.o obj32 +=3D reloc-trampoline.32.o +obj32 +=3D slaunch-early.32.o =20 obj64 :=3D reloc-trampoline.o =20 @@ -28,6 +29,8 @@ $(obj32): XEN_CFLAGS :=3D $(CFLAGS_x86_32) -fpic $(obj)/%.32.o: $(src)/%.c FORCE $(call if_changed_rule,cc_o_c) =20 +$(obj)/slaunch-early.32.o: XEN_CFLAGS +=3D -D__EARLY_SLAUNCH__ + orphan-handling-$(call ld-option,--orphan-handling=3Derror) :=3D --orphan-= handling=3Derror LDFLAGS_DIRECT-$(call ld-option,--warn-rwx-segments) :=3D --no-warn-rwx-se= gments LDFLAGS_DIRECT +=3D $(LDFLAGS_DIRECT-y) @@ -81,7 +84,7 @@ cmd_combine =3D \ --bin1 $(obj)/built-in-32.base.bin \ --bin2 $(obj)/built-in-32.offset.bin \ --map $(obj)/built-in-32.base.map \ - --exports cmdline_parse_early,reloc,reloc_trampoline32 \ + --exports cmdline_parse_early,reloc,reloc_trampoline32,sla= unch_early_init \ --output $@ =20 targets +=3D built-in-32.S diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index a69107bd81..b4cf423c80 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -472,6 +472,10 @@ __start: /* Bootloaders may set multiboot{1,2}.mem_lower to a nonzero value= . */ xor %edx,%edx =20 + /* Check for TrenchBoot slaunch bootloader. */ + cmp $SLAUNCH_BOOTLOADER_MAGIC, %eax + je .Lslaunch_proto + /* Check for Multiboot2 bootloader. */ cmp $MULTIBOOT2_BOOTLOADER_MAGIC,%eax je .Lmultiboot2_proto @@ -487,6 +491,45 @@ __start: cmovnz MB_mem_lower(%ebx),%edx jmp trampoline_bios_setup =20 +.Lslaunch_proto: + /* + * Upon reaching here, CPU state mostly matches the one setup by t= he + * bootloader with ESP, ESI and EDX being clobbered above. + */ + + /* Save information that TrenchBoot slaunch was used. */ + movb $1, sym_esi(slaunch_active) + + /* + * Prepare space for output parameter of slaunch_early_init(), whi= ch is + * a structure of two uint32_t fields. + */ + sub $8, %esp + + push %esp /* pointer to output stru= cture */ + lea sym_offs(__2M_rwdata_end), %ecx /* end of target image */ + lea sym_offs(_start), %edx /* target base address */ + mov %esi, %eax /* load base address */ + /* + * slaunch_early_init(load/eax, tgt/edx, tgt_end/ecx, ret/stk) usi= ng + * fastcall calling convention. + */ + call slaunch_early_init + add $4, %esp /* pop the fourth paramet= er */ + + /* Move outputs of slaunch_early_init() from stack into registers.= */ + pop %eax /* physical MBI address */ + pop %edx /* physical SLRT address */ + + /* Save physical address of SLRT for C code. */ + mov %edx, sym_esi(slaunch_slrt) + + /* Store MBI address in EBX where MB2 code expects it. */ + mov %eax, %ebx + + /* Move magic number expected by Multiboot 2 to EAX and fall throu= gh. */ + movl $MULTIBOOT2_BOOTLOADER_MAGIC, %eax + .Lmultiboot2_proto: /* Skip Multiboot2 information fixed part. */ lea (MB2_fixed_sizeof+MULTIBOOT2_TAG_ALIGN-1)(%ebx),%ecx diff --git a/xen/arch/x86/boot/slaunch-early.c b/xen/arch/x86/boot/slaunch-= early.c new file mode 100644 index 0000000000..c9d364bcd5 --- /dev/null +++ b/xen/arch/x86/boot/slaunch-early.c @@ -0,0 +1,41 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#include +#include +#include + +struct early_init_results +{ + uint32_t mbi_pa; + uint32_t slrt_pa; +} __packed; + +void asmlinkage slaunch_early_init(uint32_t load_base_addr, + uint32_t tgt_base_addr, + uint32_t tgt_end_addr, + struct early_init_results *result) +{ + void *txt_heap; + const struct txt_os_mle_data *os_mle; + const struct slr_table *slrt; + const struct slr_entry_intel_info *intel_info; + + txt_heap =3D txt_init(); + os_mle =3D txt_os_mle_data_start(txt_heap); + + result->slrt_pa =3D os_mle->slrt; + result->mbi_pa =3D 0; + + slrt =3D (const struct slr_table *)(uintptr_t)os_mle->slrt; + + intel_info =3D (const struct slr_entry_intel_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_INTEL_INFO); + if ( intel_info =3D=3D NULL || intel_info->hdr.size !=3D sizeof(*intel= _info) ) + return; + + result->mbi_pa =3D intel_info->boot_params_base; +} diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h index cc2d312f4d..7658457e9d 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -292,6 +292,22 @@ static inline void *txt_sinit_mle_data_start(const voi= d *heap) sizeof(uint64_t); } =20 +static inline void *txt_init(void) +{ + void *txt_heap; + + /* Clear the TXT error register for a clean start of the day. */ + txt_write(TXTCR_ERRORCODE, 0); + + txt_heap =3D _p(txt_read(TXTCR_HEAP_BASE)); + + if ( txt_os_mle_data_size(txt_heap) < sizeof(struct txt_os_mle_data) || + txt_os_sinit_data_size(txt_heap) < sizeof(struct txt_os_sinit_dat= a) ) + txt_reset(SLAUNCH_ERROR_GENERIC); + + return txt_heap; +} + #endif /* __ASSEMBLY__ */ =20 #endif /* X86_INTEL_TXT_H */ diff --git a/xen/arch/x86/include/asm/slaunch.h b/xen/arch/x86/include/asm/= slaunch.h new file mode 100644 index 0000000000..df42defd92 --- /dev/null +++ b/xen/arch/x86/include/asm/slaunch.h @@ -0,0 +1,26 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#ifndef X86_SLAUNCH_H +#define X86_SLAUNCH_H + +#include + +/* Indicates an active Secure Launch boot. */ +extern bool slaunch_active; + +/* + * Holds physical address of SLRT. Use slaunch_get_slrt() to access SLRT + * instead of mapping where this points to. + */ +extern uint32_t slaunch_slrt; + +/* + * Retrieves pointer to SLRT. Checks table's validity and maps it as nece= ssary. + */ +struct slr_table *slaunch_get_slrt(void); + +#endif /* X86_SLAUNCH_H */ diff --git a/xen/arch/x86/slaunch.c b/xen/arch/x86/slaunch.c new file mode 100644 index 0000000000..a3e6ab8d71 --- /dev/null +++ b/xen/arch/x86/slaunch.c @@ -0,0 +1,27 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#include +#include +#include +#include +#include + +/* + * These variables are assigned to by the code near Xen's entry point. + * + * slaunch_active is not __initdata to allow checking for an active Secure + * Launch boot. + */ +bool slaunch_active; +uint32_t __initdata slaunch_slrt; /* physical address */ + +/* Using slaunch_active in head.S assumes it's a single byte in size, so e= nforce + * this assumption. */ +static void __maybe_unused compile_time_checks(void) +{ + BUILD_BUG_ON(sizeof(slaunch_active) !=3D 1); +} --=20 2.49.0