From nobody Thu Dec 18 23:23:18 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156004; cv=none; d=zohomail.com; s=zohoarc; b=ZpXPl4BPcLJHcoiSCyEXMv0lZ2wSmK2/Fte7XxNae4Qbh58rCT5wRS/8CbuLsp4+utcvzGTkcrxeHE93svMOVIaku+SqhYWRJFXC65Ijhf4wOF45jEF4ADUmU3C3CWCInDAoTDod1exZcwkwaIJZEyPHvOZ84T3SYqgRMo5vzr4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156004; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=2RbMwstbyyOU4TxQ7vyGzM7EFTqaGpSH29ZxUCa59fk=; b=X5B2AWdvU5h/A1ElvYDTVAwLHVg35fj/dDY9Dw+KI84DBpt3nKMppVTqvuDH3jxPo+QuMUXfc3EnRmA8f+gPyNUsA/6rxWxq0kFZjE5Sk01aOOkBfxTFMICawZP5ktdwKEYmMeQAmOPNb48ElM8h6+0cJE3Bae9+4+rGULSKxYM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 17471560047311001.2646618994291; Tue, 13 May 2025 10:06:44 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983182.1369526 (Exim 4.92) (envelope-from ) id 1uEt5H-0003cr-Co; Tue, 13 May 2025 17:06:27 +0000 Received: by outflank-mailman (output) from mailman id 983182.1369526; Tue, 13 May 2025 17:06:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5H-0003cM-9C; Tue, 13 May 2025 17:06:27 +0000 Received: by outflank-mailman (input) for mailman id 983182; Tue, 13 May 2025 17:06:26 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5F-0003Mm-Ve for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:26 +0000 Received: from 8.mo560.mail-out.ovh.net (8.mo560.mail-out.ovh.net [188.165.52.147]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 99f1d132-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:06:25 +0200 (CEST) Received: from director2.ghost.mail-out.ovh.net (unknown [10.109.139.93]) by mo560.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjYX3pjHz2Cc8 for ; Tue, 13 May 2025 17:06:24 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-rfvwm (unknown [10.111.182.110]) by director2.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 7816F1FD1D; Tue, 13 May 2025 17:06:23 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.109]) by ghost-submission-5b5ff79f4f-rfvwm with ESMTPSA id MrzEDA98I2gRCwAAL8LKOQ (envelope-from ); Tue, 13 May 2025 17:06:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 99f1d132-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-109S003822ad1ed-d2fa-42ec-900b-f5c186a334db, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Ross Philipson , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Lukasz Hawrylko , =?UTF-8?q?Mateusz=20M=C3=B3wka?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap Date: Tue, 13 May 2025 20:05:38 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8939645263790388380 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddtleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehiedtmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=2RbMwstbyyOU4TxQ7vyGzM7EFTqaGpSH29ZxUCa59fk=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747155984; v=1; b=NSA+fs3aROk+AtkBhXfQ4O3gp2O/hdfYc2sqrYiBx6Xh+EVCjArqOSmbMGT2SmM/atXFwOv1 eNY1kfDQrznxJ7wf5gK/ZYXP8d+xUYm9Csi+5f+gcbTXgf8n+DjFqiytdKf4yRJhi0HEXrxe2ds utXV/cl+pAJpNs7iSiaRPEmvZExRMabceQLMkCRbB8L5yDNbM7uCRYbatZpNxUJWvc0fN7741Oh SvpiCNaserWyUShopMa57f8wdQ9GaWvyVSS629Pf6A0l59Zc12wWwOP98WpEueLPaAAI5yeHqwr 9hmopJ1rZcgE/0iii3PbGbQ+VTsGp1rOHSayk/z7OasfQ== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156006738019000 Content-Type: text/plain; charset="utf-8" From: Krystian Hebel The file contains TXT register spaces base address, registers offsets, error codes and inline functions for accessing structures stored on TXT heap. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/intel-txt.h | 277 +++++++++++++++++++++++++++ xen/arch/x86/tboot.c | 20 +- 2 files changed, 279 insertions(+), 18 deletions(-) create mode 100644 xen/arch/x86/include/asm/intel-txt.h diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h new file mode 100644 index 0000000000..07be43f557 --- /dev/null +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -0,0 +1,277 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#ifndef ASM__X86__INTEL_TXT_H +#define ASM__X86__INTEL_TXT_H + +/* + * TXT configuration registers (offsets from TXT_{PUB, PRIV}_CONFIG_REGS_B= ASE) + */ +#define TXT_PUB_CONFIG_REGS_BASE 0xfed30000U +#define TXT_PRIV_CONFIG_REGS_BASE 0xfed20000U + +/* + * The same set of registers is exposed twice (with different permissions)= and + * they are allocated continuously with page alignment. + */ +#define NR_TXT_CONFIG_SIZE \ + (TXT_PUB_CONFIG_REGS_BASE - TXT_PRIV_CONFIG_REGS_BASE) + +/* Offsets from pub/priv config space. */ +#define TXTCR_STS 0x0000 +#define TXTCR_ESTS 0x0008 +#define TXTCR_ERRORCODE 0x0030 +#define TXTCR_CMD_RESET 0x0038 +#define TXTCR_CMD_CLOSE_PRIVATE 0x0048 +#define TXTCR_DIDVID 0x0110 +#define TXTCR_VER_EMIF 0x0200 +#define TXTCR_CMD_UNLOCK_MEM_CONFIG 0x0218 +#define TXTCR_SINIT_BASE 0x0270 +#define TXTCR_SINIT_SIZE 0x0278 +#define TXTCR_MLE_JOIN 0x0290 +#define TXTCR_HEAP_BASE 0x0300 +#define TXTCR_HEAP_SIZE 0x0308 +#define TXTCR_SCRATCHPAD 0x0378 +#define TXTCR_CMD_OPEN_LOCALITY1 0x0380 +#define TXTCR_CMD_CLOSE_LOCALITY1 0x0388 +#define TXTCR_CMD_OPEN_LOCALITY2 0x0390 +#define TXTCR_CMD_CLOSE_LOCALITY2 0x0398 +#define TXTCR_CMD_SECRETS 0x08e0 +#define TXTCR_CMD_NO_SECRETS 0x08e8 +#define TXTCR_E2STS 0x08f0 + +/* + * Secure Launch Defined Error Codes used in MLE-initiated TXT resets. + * + * TXT Specification + * Appendix I ACM Error Codes + */ +#define SLAUNCH_ERROR_GENERIC 0xc0008001U +#define SLAUNCH_ERROR_TPM_INIT 0xc0008002U +#define SLAUNCH_ERROR_TPM_INVALID_LOG20 0xc0008003U +#define SLAUNCH_ERROR_TPM_LOGGING_FAILED 0xc0008004U +#define SLAUNCH_ERROR_REGION_STRADDLE_4GB 0xc0008005U +#define SLAUNCH_ERROR_TPM_EXTEND 0xc0008006U +#define SLAUNCH_ERROR_MTRR_INV_VCNT 0xc0008007U +#define SLAUNCH_ERROR_MTRR_INV_DEF_TYPE 0xc0008008U +#define SLAUNCH_ERROR_MTRR_INV_BASE 0xc0008009U +#define SLAUNCH_ERROR_MTRR_INV_MASK 0xc000800aU +#define SLAUNCH_ERROR_MSR_INV_MISC_EN 0xc000800bU +#define SLAUNCH_ERROR_INV_AP_INTERRUPT 0xc000800cU +#define SLAUNCH_ERROR_INTEGER_OVERFLOW 0xc000800dU +#define SLAUNCH_ERROR_HEAP_WALK 0xc000800eU +#define SLAUNCH_ERROR_HEAP_MAP 0xc000800fU +#define SLAUNCH_ERROR_REGION_ABOVE_4GB 0xc0008010U +#define SLAUNCH_ERROR_HEAP_INVALID_DMAR 0xc0008011U +#define SLAUNCH_ERROR_HEAP_DMAR_SIZE 0xc0008012U +#define SLAUNCH_ERROR_HEAP_DMAR_MAP 0xc0008013U +#define SLAUNCH_ERROR_HI_PMR_BASE 0xc0008014U +#define SLAUNCH_ERROR_HI_PMR_SIZE 0xc0008015U +#define SLAUNCH_ERROR_LO_PMR_BASE 0xc0008016U +#define SLAUNCH_ERROR_LO_PMR_SIZE 0xc0008017U +#define SLAUNCH_ERROR_LO_PMR_MLE 0xc0008018U +#define SLAUNCH_ERROR_INITRD_TOO_BIG 0xc0008019U +#define SLAUNCH_ERROR_HEAP_ZERO_OFFSET 0xc000801aU +#define SLAUNCH_ERROR_WAKE_BLOCK_TOO_SMALL 0xc000801bU +#define SLAUNCH_ERROR_MLE_BUFFER_OVERLAP 0xc000801cU +#define SLAUNCH_ERROR_BUFFER_BEYOND_PMR 0xc000801dU +#define SLAUNCH_ERROR_OS_SINIT_BAD_VERSION 0xc000801eU +#define SLAUNCH_ERROR_EVENTLOG_MAP 0xc000801fU +#define SLAUNCH_ERROR_TPM_NUMBER_ALGS 0xc0008020U +#define SLAUNCH_ERROR_TPM_UNKNOWN_DIGEST 0xc0008021U +#define SLAUNCH_ERROR_TPM_INVALID_EVENT 0xc0008022U + +#define SLAUNCH_BOOTLOADER_MAGIC 0x4c534254 + +#ifndef __ASSEMBLY__ + +/* Need to differentiate between pre- and post paging enabled. */ +#ifdef __EARLY_SLAUNCH__ +#include +#define _txt(x) _p(x) +#else +#include +#include // __va() +#define _txt(x) __va(x) +#endif + +/* + * Always use private space as some of registers are either read-only or n= ot + * present in public space. + */ +static inline uint64_t read_txt_reg(int reg_no) +{ + volatile uint64_t *reg =3D _txt(TXT_PRIV_CONFIG_REGS_BASE + reg_no); + return *reg; +} + +static inline void write_txt_reg(int reg_no, uint64_t val) +{ + volatile uint64_t *reg =3D _txt(TXT_PRIV_CONFIG_REGS_BASE + reg_no); + *reg =3D val; + /* This serves as TXT register barrier */ + (void)read_txt_reg(TXTCR_ESTS); +} + +static inline void txt_reset(uint32_t error) +{ + write_txt_reg(TXTCR_ERRORCODE, error); + write_txt_reg(TXTCR_CMD_NO_SECRETS, 1); + write_txt_reg(TXTCR_CMD_UNLOCK_MEM_CONFIG, 1); + write_txt_reg(TXTCR_CMD_RESET, 1); + while (1); +} + +/* + * Secure Launch defined OS/MLE TXT Heap table + */ +struct txt_os_mle_data { + uint32_t version; + uint32_t reserved; + uint64_t slrt; + uint64_t txt_info; + uint32_t ap_wake_block; + uint32_t ap_wake_block_size; + uint8_t mle_scratch[64]; +} __packed; + +/* + * TXT specification defined BIOS data TXT Heap table + */ +struct txt_bios_data { + uint32_t version; /* Currently 5 for TPM 1.2 and 6 for TPM 2.0 */ + uint32_t bios_sinit_size; + uint64_t reserved1; + uint64_t reserved2; + uint32_t num_logical_procs; + /* Versions >=3D 3 && < 5 */ + uint32_t sinit_flags; + /* Versions >=3D 5 with updates in version 6 */ + uint32_t mle_flags; + /* Versions >=3D 4 */ + /* Ext Data Elements */ +} __packed; + +/* + * TXT specification defined OS/SINIT TXT Heap table + */ +struct txt_os_sinit_data { + uint32_t version; /* Currently 6 for TPM 1.2 and 7 for TPM 2.0 */ + uint32_t flags; /* Reserved in version 6 */ + uint64_t mle_ptab; + uint64_t mle_size; + uint64_t mle_hdr_base; + uint64_t vtd_pmr_lo_base; + uint64_t vtd_pmr_lo_size; + uint64_t vtd_pmr_hi_base; + uint64_t vtd_pmr_hi_size; + uint64_t lcp_po_base; + uint64_t lcp_po_size; + uint32_t capabilities; + /* Version =3D 5 */ + uint64_t efi_rsdt_ptr; /* RSD*P* in versions >=3D 6 */ + /* Versions >=3D 6 */ + /* Ext Data Elements */ +} __packed; + +/* + * TXT specification defined SINIT/MLE TXT Heap table + */ +struct txt_sinit_mle_data { + uint32_t version; /* Current values are 6 through 9 */ + /* Versions <=3D 8, fields until lcp_policy_control must be 0 for >=3D= 9 */ + uint8_t bios_acm_id[20]; + uint32_t edx_senter_flags; + uint64_t mseg_valid; + uint8_t sinit_hash[20]; + uint8_t mle_hash[20]; + uint8_t stm_hash[20]; + uint8_t lcp_policy_hash[20]; + uint32_t lcp_policy_control; + /* Versions >=3D 7 */ + uint32_t rlp_wakeup_addr; + uint32_t reserved; + uint32_t num_of_sinit_mdrs; + uint32_t sinit_mdrs_table_offset; + uint32_t sinit_vtd_dmar_table_size; + uint32_t sinit_vtd_dmar_table_offset; + /* Versions >=3D 8 */ + uint32_t processor_scrtm_status; + /* Versions >=3D 9 */ + /* Ext Data Elements */ +} __packed; + +/* + * Functions to extract data from the Intel TXT Heap Memory. The layout + * of the heap is as follows: + * +------------------------------------+ + * | Size of Bios Data table (uint64_t) | + * +------------------------------------+ + * | Bios Data table | + * +------------------------------------+ + * | Size of OS MLE table (uint64_t) | + * +------------------------------------+ + * | OS MLE table | + * +-------------------------------- + + * | Size of OS SINIT table (uint64_t) | + * +------------------------------------+ + * | OS SINIT table | + * +------------------------------------+ + * | Size of SINIT MLE table (uint64_t) | + * +------------------------------------+ + * | SINIT MLE table | + * +------------------------------------+ + * + * NOTE: the table size fields include the 8 byte size field itself. + */ +static inline uint64_t txt_bios_data_size(void *heap) +{ + return *((uint64_t *)heap) - sizeof(uint64_t); +} + +static inline void *txt_bios_data_start(void *heap) +{ + return heap + sizeof(uint64_t); +} + +static inline uint64_t txt_os_mle_data_size(void *heap) +{ + return *((uint64_t *)(txt_bios_data_start(heap) + + txt_bios_data_size(heap))) - + sizeof(uint64_t); +} + +static inline void *txt_os_mle_data_start(void *heap) +{ + return txt_bios_data_start(heap) + txt_bios_data_size(heap) + + sizeof(uint64_t); +} + +static inline uint64_t txt_os_sinit_data_size(void *heap) +{ + return *((uint64_t *)(txt_os_mle_data_start(heap) + + txt_os_mle_data_size(heap))) - + sizeof(uint64_t); +} + +static inline void *txt_os_sinit_data_start(void *heap) +{ + return txt_os_mle_data_start(heap) + txt_os_mle_data_size(heap) + + sizeof(uint64_t); +} + +static inline uint64_t txt_sinit_mle_data_size(void *heap) +{ + return *((uint64_t *)(txt_os_sinit_data_start(heap) + + txt_os_sinit_data_size(heap))) - + sizeof(uint64_t); +} + +static inline void *txt_sinit_mle_data_start(void *heap) +{ + return txt_os_sinit_data_start(heap) + txt_os_sinit_data_size(heap) + + sizeof(uint64_t); +} + +#endif /* __ASSEMBLY__ */ + +#endif /* ASM__X86__INTEL_TXT_H */ diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index d5db60d335..8a573d8c79 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -15,6 +15,7 @@ #include #include #include +#include =20 #include =20 @@ -35,23 +36,6 @@ static uint64_t __initdata sinit_base, __initdata sinit_= size; =20 static bool __ro_after_init is_vtd; =20 -/* - * TXT configuration registers (offsets from TXT_{PUB, PRIV}_CONFIG_REGS_B= ASE) - */ - -#define TXT_PUB_CONFIG_REGS_BASE 0xfed30000 -#define TXT_PRIV_CONFIG_REGS_BASE 0xfed20000 - -/* # pages for each config regs space - used by fixmap */ -#define NR_TXT_CONFIG_PAGES ((TXT_PUB_CONFIG_REGS_BASE - = \ - TXT_PRIV_CONFIG_REGS_BASE) >> PAGE_SHIFT) - -/* offsets from pub/priv config space */ -#define TXTCR_SINIT_BASE 0x0270 -#define TXTCR_SINIT_SIZE 0x0278 -#define TXTCR_HEAP_BASE 0x0300 -#define TXTCR_HEAP_SIZE 0x0308 - #define SHA1_SIZE 20 typedef uint8_t sha1_hash_t[SHA1_SIZE]; =20 @@ -409,7 +393,7 @@ int __init tboot_protect_mem_regions(void) =20 /* TXT Private Space */ rc =3D e820_change_range_type(&e820, TXT_PRIV_CONFIG_REGS_BASE, - TXT_PRIV_CONFIG_REGS_BASE + NR_TXT_CONFIG_PAGES * PAGE_SI= ZE, + TXT_PRIV_CONFIG_REGS_BASE + NR_TXT_CONFIG_SIZE, E820_RESERVED, E820_UNUSABLE); if ( !rc ) return 0; --=20 2.49.0 From nobody Thu Dec 18 23:23:18 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156013; cv=none; d=zohomail.com; s=zohoarc; b=Z6adN2TfgfNbzMN1zvfJYB+QAKYO+ggpMjiG0nwpi7Ju3nbdqVDdPBi6CewML7Jga9+0PXyynDs8w1zSzEdWepMGJmhA8hNS8RWQ7XYhKS7SGhx2wEbjxJUVkWVt3LL8Jwpd2pKxHJgC+I9pN3CNMCa+8oQl2XD6dtW7fI2BI54= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156013; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=0z3fwA1ZiActkXXZVasH701JMmtlynrh9xlUCyNcoc8=; b=nXJankt6VsigkDsVqfa9JLdoWoMzdZXLMHgKTvl/biF4Vu4YC8e6cXyXDYMqV9GFG0elQAnx+RhrfFaTxj3EDViU1DkoqQ5vqavFla5zNsAsd8M7IpXlNfhI9RvgmlIVJydfNKAmwAB7XS+C+9r11z5PKS7eD+9jq6uBJiWVwpg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156013790839.8713432375414; Tue, 13 May 2025 10:06:53 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983183.1369542 (Exim 4.92) (envelope-from ) id 1uEt5K-000445-Pn; Tue, 13 May 2025 17:06:30 +0000 Received: by outflank-mailman (output) from mailman id 983183.1369542; Tue, 13 May 2025 17:06:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5K-00043v-Mu; Tue, 13 May 2025 17:06:30 +0000 Received: by outflank-mailman (input) for mailman id 983183; Tue, 13 May 2025 17:06:28 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5I-0003Mm-Lt for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:28 +0000 Received: from 13.mo561.mail-out.ovh.net (13.mo561.mail-out.ovh.net [188.165.33.202]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 9b8e4925-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:06:27 +0200 (CEST) Received: from director8.ghost.mail-out.ovh.net (unknown [10.109.148.6]) by mo561.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjYb1mMMz1ZyR for ; Tue, 13 May 2025 17:06:27 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-z24qs (unknown [10.110.96.237]) by director8.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 840131FD17; Tue, 13 May 2025 17:06:26 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.95]) by ghost-submission-5b5ff79f4f-z24qs with ESMTPSA id i0RNERJ8I2hrPQEA8ZxQ9w (envelope-from ); Tue, 13 May 2025 17:06:26 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9b8e4925-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-95G00170b9feb2-8969-4951-a267-a939df1fc2a3, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions Date: Tue, 13 May 2025 20:05:39 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8940489685544711324 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddrleehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheeiudgmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=0z3fwA1ZiActkXXZVasH701JMmtlynrh9xlUCyNcoc8=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747155987; v=1; b=kKUfQ1/1trEM7JDlOS6HueY16NOnBQBwG8rbylvwQk4KPVuXA5AJnOJ+M0J9R0Hve4F2yg+V Y511c3GnN4HkRcL3YgLKzuREMx/dddB4YpaqXBD3zRlm1OfIB7a4sGV0hp99o+5TiEzWoafBTHQ aGax2gWId66WQ1ZlqGBUNjF5VQFdxtuwoFC39OOHun2l3vuOPTsEbela+GL7D0VM0835sK/krVI yDTYAb8e5NiNZd723cCy+5QtIBpUHUQYkm4HtKm8JFfHJd/nMg8E/+EFCmtfL3pKUEO9XdOajls A7c5i7T4XIFX2syUjhUhBnL1WLsCkLX79MABZZpiLet+g== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156015759019000 Content-Type: text/plain; charset="utf-8" The file provides constants, structures and several helper functions for parsing SLRT. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- xen/include/xen/slr-table.h | 268 ++++++++++++++++++++++++++++++++++++ 1 file changed, 268 insertions(+) create mode 100644 xen/include/xen/slr-table.h diff --git a/xen/include/xen/slr-table.h b/xen/include/xen/slr-table.h new file mode 100644 index 0000000000..6f0018bceb --- /dev/null +++ b/xen/include/xen/slr-table.h @@ -0,0 +1,268 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2025 Apertus Solutions, LLC + * Copyright (c) 2025 Oracle and/or its affiliates. + * Copyright (c) 2025 3mdeb Sp. z o.o + * + * Secure Launch Resource Table definitions + */ + +#ifndef XEN__SLR_TABLE_H +#define XEN__SLR_TABLE_H + +#include + +#define UEFI_SLR_TABLE_GUID \ + { 0x877a9b2aU, 0x0385, 0x45d1, { 0xa0, 0x34, 0x9d, 0xac, 0x9c, 0x9e, 0= x56, 0x5f } } + +/* SLR table header values */ +#define SLR_TABLE_MAGIC 0x4452544d +#define SLR_TABLE_REVISION 1 + +/* Current revisions for the policy and UEFI config */ +#define SLR_POLICY_REVISION 1 +#define SLR_UEFI_CONFIG_REVISION 1 + +/* SLR defined architectures */ +#define SLR_INTEL_TXT 1 +#define SLR_AMD_SKINIT 2 + +/* SLR defined bootloaders */ +#define SLR_BOOTLOADER_INVALID 0 +#define SLR_BOOTLOADER_GRUB 1 + +/* Log formats */ +#define SLR_DRTM_TPM12_LOG 1 +#define SLR_DRTM_TPM20_LOG 2 + +/* DRTM Policy Entry Flags */ +#define SLR_POLICY_FLAG_MEASURED 0x1 +#define SLR_POLICY_IMPLICIT_SIZE 0x2 + +/* Array Lengths */ +#define TPM_EVENT_INFO_LENGTH 32 +#define TXT_VARIABLE_MTRRS_LENGTH 32 + +/* Tags */ +#define SLR_ENTRY_INVALID 0x0000 +#define SLR_ENTRY_DL_INFO 0x0001 +#define SLR_ENTRY_LOG_INFO 0x0002 +#define SLR_ENTRY_DRTM_POLICY 0x0003 +#define SLR_ENTRY_INTEL_INFO 0x0004 +#define SLR_ENTRY_AMD_INFO 0x0005 +#define SLR_ENTRY_ARM_INFO 0x0006 +#define SLR_ENTRY_UEFI_INFO 0x0007 +#define SLR_ENTRY_UEFI_CONFIG 0x0008 +#define SLR_ENTRY_END 0xffff + +/* Entity Types */ +#define SLR_ET_UNSPECIFIED 0x0000 +#define SLR_ET_SLRT 0x0001 +#define SLR_ET_BOOT_PARAMS 0x0002 +#define SLR_ET_SETUP_DATA 0x0003 +#define SLR_ET_CMDLINE 0x0004 +#define SLR_ET_UEFI_MEMMAP 0x0005 +#define SLR_ET_RAMDISK 0x0006 +#define SLR_ET_MULTIBOOT2_INFO 0x0007 +#define SLR_ET_MULTIBOOT2_MODULE 0x0008 +#define SLR_ET_TXT_OS2MLE 0x0010 +#define SLR_ET_UNUSED 0xffff + +/* + * Primary SLR Table Header + */ +struct slr_table +{ + uint32_t magic; + uint16_t revision; + uint16_t architecture; + uint32_t size; + uint32_t max_size; + /* entries[] */ +} __packed; + +/* + * Common SLRT Table Header + */ +struct slr_entry_hdr +{ + uint32_t tag; + uint32_t size; +} __packed; + +/* + * Boot loader context + */ +struct slr_bl_context +{ + uint16_t bootloader; + uint16_t reserved[3]; + uint64_t context; +} __packed; + +/* + * Prototype of a function pointed to by slr_entry_dl_info::dl_handler. + */ +typedef void (*dl_handler_func)(struct slr_bl_context *bl_context); + +/* + * DRTM Dynamic Launch Configuration + */ +struct slr_entry_dl_info +{ + struct slr_entry_hdr hdr; + uint64_t dce_size; + uint64_t dce_base; + uint64_t dlme_size; + uint64_t dlme_base; + uint64_t dlme_entry; + struct slr_bl_context bl_context; + uint64_t dl_handler; +} __packed; + +/* + * TPM Log Information + */ +struct slr_entry_log_info +{ + struct slr_entry_hdr hdr; + uint16_t format; + uint16_t reserved; + uint32_t size; + uint64_t addr; +} __packed; + +/* + * DRTM Measurement Entry + */ +struct slr_policy_entry +{ + uint16_t pcr; + uint16_t entity_type; + uint16_t flags; + uint16_t reserved; + uint64_t size; + uint64_t entity; + char evt_info[TPM_EVENT_INFO_LENGTH]; +} __packed; + +/* + * DRTM Measurement Policy + */ +struct slr_entry_policy +{ + struct slr_entry_hdr hdr; + uint16_t reserved[2]; + uint16_t revision; + uint16_t nr_entries; + struct slr_policy_entry policy_entries[]; +} __packed; + +/* + * Secure Launch defined MTRR saving structures + */ +struct slr_txt_mtrr_pair +{ + uint64_t mtrr_physbase; + uint64_t mtrr_physmask; +} __packed; + +struct slr_txt_mtrr_state +{ + uint64_t default_mem_type; + uint64_t mtrr_vcnt; + struct slr_txt_mtrr_pair mtrr_pair[TXT_VARIABLE_MTRRS_LENGTH]; +} __packed; + +/* + * Intel TXT Info table + */ +struct slr_entry_intel_info +{ + struct slr_entry_hdr hdr; + uint64_t boot_params_base; + uint64_t txt_heap; + uint64_t saved_misc_enable_msr; + struct slr_txt_mtrr_state saved_bsp_mtrrs; +} __packed; + +/* + * AMD SKINIT Info table + */ +struct slr_entry_amd_info +{ + struct slr_entry_hdr hdr; + uint64_t next; + uint32_t type; + uint32_t len; + uint64_t slrt_size; + uint64_t slrt_base; + uint64_t boot_params_base; + uint16_t psp_version; + uint16_t reserved[3]; +} __packed; + +/* + * UEFI config measurement entry + */ +struct slr_uefi_cfg_entry +{ + uint16_t pcr; + uint16_t reserved; + uint32_t size; + uint64_t cfg; /* address or value */ + char evt_info[TPM_EVENT_INFO_LENGTH]; +} __packed; + +struct slr_entry_uefi_config +{ + struct slr_entry_hdr hdr; + uint16_t reserved[2]; + uint16_t revision; + uint16_t nr_entries; + struct slr_uefi_cfg_entry uefi_cfg_entries[]; +} __packed; + +static inline void * +slr_end_of_entries(struct slr_table *table) +{ + return (uint8_t *)table + table->size; +} + +static inline struct slr_entry_hdr * +slr_next_entry(struct slr_table *table, struct slr_entry_hdr *curr) +{ + struct slr_entry_hdr *next =3D (struct slr_entry_hdr *) + ((uint8_t *)curr + curr->size); + + if ( (void *)next >=3D slr_end_of_entries(table) ) + return NULL; + if ( next->tag =3D=3D SLR_ENTRY_END ) + return NULL; + + return next; +} + +static inline struct slr_entry_hdr * +slr_next_entry_by_tag (struct slr_table *table, + struct slr_entry_hdr *entry, + uint16_t tag) +{ + if ( !entry ) /* Start from the beginning */ + entry =3D (struct slr_entry_hdr *)((uint8_t *)table + sizeof(*tabl= e)); + + for ( ; ; ) + { + if ( entry->tag =3D=3D tag ) + return entry; + + entry =3D slr_next_entry(table, entry); + if ( !entry ) + return NULL; + } + + return NULL; +} + +#endif /* XEN__SLR_TABLE_H */ --=20 2.49.0 From nobody Thu Dec 18 23:23:18 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156009; cv=none; d=zohomail.com; s=zohoarc; b=ZvkJWJ02AAKAQrxFqq9ibAAdshjXxUgNj6TQKdEu1LCivLHq6xfhAv8aeWJeWKPenzQCxUN/gUYYwOKjEMCkxz4fleTGxoQPEBxrskV1gYgwVg/uws9UyFlrkDDDE+nziZrOW3Ylyb7ugE3ho66Q++pPwc50O0cyUV6VMHkdodk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156009; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=REsQ4rGltjGtDGspVocQv2/Sf60+XBS+U8hI4FuZ0Cs=; b=mvBoeKuZVHNKZf39Kpf0kwq7Rbo1e4vtCXR3H0OBH6xr+OnIgKx70b3mc+bs7alR+IZ8cs35I+AU2P7iNbXu0dw+dEjqa9R/D3gT9PIDUDJ8ktyYif1ljaJYzSy+8xvZNXApaG+3LnhTSRgCJuvnBMtuYL0+pUIAJnK2raY6e80= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156009833816.0391798382441; Tue, 13 May 2025 10:06:49 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983184.1369553 (Exim 4.92) (envelope-from ) id 1uEt5N-0004K5-0q; Tue, 13 May 2025 17:06:33 +0000 Received: by outflank-mailman (output) from mailman id 983184.1369553; Tue, 13 May 2025 17:06:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5M-0004Jt-To; Tue, 13 May 2025 17:06:32 +0000 Received: by outflank-mailman (input) for mailman id 983184; Tue, 13 May 2025 17:06:32 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5M-0003Uz-Hz for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:32 +0000 Received: from 20.mo550.mail-out.ovh.net (20.mo550.mail-out.ovh.net [188.165.45.168]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 9d6aca18-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:06:30 +0200 (CEST) Received: from director9.ghost.mail-out.ovh.net (unknown [10.109.148.146]) by mo550.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjYf2Qvjz1Xq2 for ; Tue, 13 May 2025 17:06:30 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-nlmb7 (unknown [10.110.178.147]) by director9.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 2C12A1FD17; Tue, 13 May 2025 17:06:29 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.99]) by ghost-submission-5b5ff79f4f-nlmb7 with ESMTPSA id AqO1NhR8I2hfugwAUpD23g (envelope-from ); Tue, 13 May 2025 17:06:29 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9d6aca18-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-99G003d4859a46-3139-4826-a82b-8ac732a6f74e, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , trenchboot-devel@googlegroups.com Subject: [PATCH v2 03/22] x86/boot: add MLE header and Secure Launch entry point Date: Tue, 13 May 2025 20:05:40 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8941334113704719516 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeekudegfeduieegudeijeelleekfedvvdfhheehvefhudekjeeifeegtdduveehtdenucffohhmrghinhephhgvrggurdhssgenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddrleelnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheehtdgmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=REsQ4rGltjGtDGspVocQv2/Sf60+XBS+U8hI4FuZ0Cs=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747155990; v=1; b=XO1GITo4bFnbLY0qz9ejkrqZfVNiaHNri3W3XXC8rD0zf99dHg/nOB711w5KITxRNbm6oCKu GE/XOcgo0bK3RbIo3OJaGixZCgL30Rk9UK1L0use5s1jXOQyCAnoKxFAwfxqiceIZzWO4RnGweF bSrfJfijiB+yqtAQp39K1HL/dNZEWQ9iXyGzx6iK9vs0ORC+jxd2L4d5XzbWmFo4N9B3KwNv99e QO8aqhvOGwRkT9O7hZoa3wEykS05ip1mViu6jsfMdLwzwY670EUzYz3xu2CNR29fCq2IZO94xOT damggoTG6cWkiRwPCOYAPN52hedU4WUj5gQDKMk6RVDtQ== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156011908019000 Content-Type: text/plain; charset="utf-8" From: Kacper Stojek Signed-off-by: Kacper Stojek Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- docs/hypervisor-guide/x86/how-xen-boots.rst | 5 ++ xen/arch/x86/boot/head.S | 53 +++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/docs/hypervisor-guide/x86/how-xen-boots.rst b/docs/hypervisor-= guide/x86/how-xen-boots.rst index 8b3229005c..050fe9c61f 100644 --- a/docs/hypervisor-guide/x86/how-xen-boots.rst +++ b/docs/hypervisor-guide/x86/how-xen-boots.rst @@ -55,6 +55,11 @@ If ``CONFIG_PVH_GUEST`` was selected at build time, an E= lf note is included which indicates the ability to use the PVH boot protocol, and registers ``__pvh_start`` as the entrypoint, entered in 32bit mode. =20 +A combination of Multiboot 2 and MLE headers is used to implement DRTM for +legacy (BIOS) boot. The separate entry point is used mainly to differentia= te +from other kinds of boots. It moves a magic number to EAX before jumping i= nto +common startup code. + =20 xen.gz ~~~~~~ diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 77bb7a9e21..a69107bd81 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include @@ -126,6 +127,25 @@ multiboot2_header: .size multiboot2_header, . - multiboot2_header .type multiboot2_header, @object =20 + .balign 16 +mle_header: + .long 0x9082ac5a /* UUID0 */ + .long 0x74a7476f /* UUID1 */ + .long 0xa2555c0f /* UUID2 */ + .long 0x42b651cb /* UUID3 */ + .long 0x00000034 /* MLE header size */ + .long 0x00020002 /* MLE version 2.2 */ + .long (slaunch_stub_entry - start) /* Linear entry point of MLE= (SINIT virt. address) */ + .long 0x00000000 /* First valid page of MLE */ + .long 0x00000000 /* Offset within binary of first byte of MLE */ + .long (_end - start) /* Offset within binary of last byte + 1 o= f MLE */ + .long 0x00000723 /* Bit vector of MLE-supported capabilities */ + .long 0x00000000 /* Starting linear address of command line (un= used) */ + .long 0x00000000 /* Ending linear address of command line (unus= ed) */ + + .size mle_header, .-mle_header + .type mle_header, @object + .section .init.rodata, "a", @progbits =20 .Lbad_cpu_msg: .asciz "ERR: Not a 64-bit CPU!" @@ -332,6 +352,38 @@ cs32_switch: /* Jump to earlier loaded address. */ jmp *%edi =20 + /* + * Entry point for TrenchBoot Secure Launch on Intel TXT platforms. + * + * CPU is in 32b protected mode with paging disabled. On entry: + * - %ebx =3D %eip =3D MLE entry point, + * - stack pointer is undefined, + * - CS is flat 4GB code segment, + * - DS, ES, SS, FS and GS are undefined according to TXT SDG, but= this + * would make it impossible to initialize GDTR, because GDT base= must + * be relocated in the descriptor, which requires write access t= hat + * CS doesn't provide. Instead we have to assume that DS is set = by + * SINIT ACM as flat 4GB data segment. + * + * Additional restrictions: + * - some MSRs are partially cleared, among them IA32_MISC_ENABLE,= so + * some capabilities might be reported as disabled even if they = are + * supported by CPU + * - interrupts (including NMIs and SMIs) are disabled and must be + * enabled later + * - trying to enter real mode results in reset + * - APs must be brought up by MONITOR or GETSEC[WAKEUP], dependin= g on + * which is supported by a given SINIT ACM + */ +slaunch_stub_entry: + /* Calculate the load base address. */ + mov %ebx, %esi + sub $sym_offs(slaunch_stub_entry), %esi + + /* Mark Secure Launch boot protocol and jump to common entry. */ + mov $SLAUNCH_BOOTLOADER_MAGIC, %eax + jmp .Lset_stack + #ifdef CONFIG_PVH_GUEST ELFNOTE(Xen, XEN_ELFNOTE_PHYS32_ENTRY, .long sym_offs(__pvh_start)) =20 @@ -371,6 +423,7 @@ __start: /* Restore the clobbered field. */ mov %edx, (%ebx) =20 +.Lset_stack: /* Set up stack. */ lea STACK_SIZE - CPUINFO_sizeof + sym_esi(cpu0_stack), %esp =20 --=20 2.49.0 From nobody Thu Dec 18 23:23:18 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156015; cv=none; d=zohomail.com; s=zohoarc; b=ATzh9Ud2Ymg9+UgtdvDbAmsxFXJ3LRom7hrk3cDutmEQGKUQRRuMxiC3N+2rYRwAA/CtY9XDFFCmTptzA6Y24Qk6TWORAp3BooHR5ndprhZELR+QoF60BCNgLPSLvCitWPiV3wY1KHJXD+gPstMitsaT8cd7/NO0SKRLVNJt7Po= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156015; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=1WE6obMWuo+KNg7UZQNZPIN6Phqk/WygHa2bFXNKWVc=; b=eJ6wkyGb0JfHmu0VGPkVSTqPTCiScVgnLRyG5WMGlj0LEIG+i61kuZYT2knU5grLkqcPkTVQ5gONk+jt9tZBrFUqh7ZqAOabLPl7AQMKCgRgHTxdu2ckRJE1cI8h1nSqghYtu8lRahQuF+T9S+VwGb4mR0siwNJC2J4RLKjldN0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156015897435.76016529229446; Tue, 13 May 2025 10:06:55 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983187.1369563 (Exim 4.92) (envelope-from ) id 1uEt5S-0004gt-Eb; Tue, 13 May 2025 17:06:38 +0000 Received: by outflank-mailman (output) from mailman id 983187.1369563; Tue, 13 May 2025 17:06:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5S-0004gi-BF; Tue, 13 May 2025 17:06:38 +0000 Received: by outflank-mailman (input) for mailman id 983187; Tue, 13 May 2025 17:06:37 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5Q-0003Uz-Up for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:36 +0000 Received: from 5.mo576.mail-out.ovh.net (5.mo576.mail-out.ovh.net [46.105.43.105]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 9f880fff-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:06:34 +0200 (CEST) Received: from director7.ghost.mail-out.ovh.net (unknown [10.108.25.209]) by mo576.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjYj6W4pz27TK for ; Tue, 13 May 2025 17:06:33 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-q2zpp (unknown [10.111.182.135]) by director7.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 60E7C1FE55; Tue, 13 May 2025 17:06:32 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.113]) by ghost-submission-5b5ff79f4f-q2zpp with ESMTPSA id P1daARh8I2hSAAAAOMNtBw (envelope-from ); Tue, 13 May 2025 17:06:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9f880fff-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-113S0075f9b7bdb-4fc0-4d16-a0e3-1c660f845f6a, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 04/22] x86/boot/slaunch-early: implement early initialization Date: Tue, 13 May 2025 20:05:41 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8942178535177106588 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeffjefgudevkeetudegueeihfdthfejgfeileekuefggeegtdegveehfeehfeefueenucffohhmrghinhepsggrshgvrdhmrghppdhhvggrugdrshgsnecukfhppeduvdejrddtrddtrddupddujeeirdduuddurddukedurddujeekpdefjedrheelrddugedvrdduudefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheejiegmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=1WE6obMWuo+KNg7UZQNZPIN6Phqk/WygHa2bFXNKWVc=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747155993; v=1; b=N6Rl8NbzfyJPvSMlKRuqEMHO2g8ebYlqYv78YFsBuxZwNDav4/8ngZTWaX2kmP/IPx9QBvGl 4p1Ad+2UjqglgeDsyo8e9GWShfOwE/dWL4jbjid6f8m4+nDuaZgryfvonrpvTHasKloLYYKWQcu fBYmlL6LnNWn5UkRL/sqscDX7ztfwyU4DIGEGZVUxDLJ71EncWlcxlp+VQvTzGh5Pza07j8FL1a ew23EXbIKI2g6gzwUjRRpVrFsC9F6/FwQkppHGMU6mVOuLL3OFEKszK4UAfdoLoGF0Qco19r3tw +W26YWW6xkg0w6wBk3Kml3sw+q7KViKEDoFYSFglplZug== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156017172116600 Content-Type: text/plain; charset="utf-8" Make head.S invoke a C function to retrieve MBI and SLRT addresses in a platform-specific way. This is also the place to perform sanity checks of DRTM. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile | 1 + xen/arch/x86/boot/Makefile | 5 +++- xen/arch/x86/boot/head.S | 43 ++++++++++++++++++++++++++++ xen/arch/x86/boot/slaunch-early.c | 41 ++++++++++++++++++++++++++ xen/arch/x86/include/asm/intel-txt.h | 16 +++++++++++ xen/arch/x86/include/asm/slaunch.h | 26 +++++++++++++++++ xen/arch/x86/slaunch.c | 27 +++++++++++++++++ 7 files changed, 158 insertions(+), 1 deletion(-) create mode 100644 xen/arch/x86/boot/slaunch-early.c create mode 100644 xen/arch/x86/include/asm/slaunch.h create mode 100644 xen/arch/x86/slaunch.c diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index bedb97cbee..43a80be458 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -58,6 +58,7 @@ obj-$(CONFIG_COMPAT) +=3D x86_64/physdev.o obj-$(CONFIG_X86_PSR) +=3D psr.o obj-y +=3D setup.o obj-y +=3D shutdown.o +obj-y +=3D slaunch.o obj-y +=3D smp.o obj-y +=3D smpboot.o obj-y +=3D spec_ctrl.o diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index ff0d61d7ac..5471b966dd 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -5,6 +5,7 @@ obj-bin-y +=3D $(obj64) obj32 :=3D cmdline.32.o obj32 +=3D reloc.32.o obj32 +=3D reloc-trampoline.32.o +obj32 +=3D slaunch-early.32.o =20 obj64 :=3D reloc-trampoline.o =20 @@ -28,6 +29,8 @@ $(obj32): XEN_CFLAGS :=3D $(CFLAGS_x86_32) -fpic $(obj)/%.32.o: $(src)/%.c FORCE $(call if_changed_rule,cc_o_c) =20 +$(obj)/slaunch-early.32.o: XEN_CFLAGS +=3D -D__EARLY_SLAUNCH__ + orphan-handling-$(call ld-option,--orphan-handling=3Derror) :=3D --orphan-= handling=3Derror LDFLAGS_DIRECT-$(call ld-option,--warn-rwx-segments) :=3D --no-warn-rwx-se= gments LDFLAGS_DIRECT +=3D $(LDFLAGS_DIRECT-y) @@ -81,7 +84,7 @@ cmd_combine =3D \ --bin1 $(obj)/built-in-32.base.bin \ --bin2 $(obj)/built-in-32.offset.bin \ --map $(obj)/built-in-32.base.map \ - --exports cmdline_parse_early,reloc,reloc_trampoline32 \ + --exports cmdline_parse_early,reloc,reloc_trampoline32,sla= unch_early_init \ --output $@ =20 targets +=3D built-in-32.S diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index a69107bd81..b4cf423c80 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -472,6 +472,10 @@ __start: /* Bootloaders may set multiboot{1,2}.mem_lower to a nonzero value= . */ xor %edx,%edx =20 + /* Check for TrenchBoot slaunch bootloader. */ + cmp $SLAUNCH_BOOTLOADER_MAGIC, %eax + je .Lslaunch_proto + /* Check for Multiboot2 bootloader. */ cmp $MULTIBOOT2_BOOTLOADER_MAGIC,%eax je .Lmultiboot2_proto @@ -487,6 +491,45 @@ __start: cmovnz MB_mem_lower(%ebx),%edx jmp trampoline_bios_setup =20 +.Lslaunch_proto: + /* + * Upon reaching here, CPU state mostly matches the one setup by t= he + * bootloader with ESP, ESI and EDX being clobbered above. + */ + + /* Save information that TrenchBoot slaunch was used. */ + movb $1, sym_esi(slaunch_active) + + /* + * Prepare space for output parameter of slaunch_early_init(), whi= ch is + * a structure of two uint32_t fields. + */ + sub $8, %esp + + push %esp /* pointer to output stru= cture */ + lea sym_offs(__2M_rwdata_end), %ecx /* end of target image */ + lea sym_offs(_start), %edx /* target base address */ + mov %esi, %eax /* load base address */ + /* + * slaunch_early_init(load/eax, tgt/edx, tgt_end/ecx, ret/stk) usi= ng + * fastcall calling convention. + */ + call slaunch_early_init + add $4, %esp /* pop the fourth paramet= er */ + + /* Move outputs of slaunch_early_init() from stack into registers.= */ + pop %eax /* physical MBI address */ + pop %edx /* physical SLRT address */ + + /* Save physical address of SLRT for C code. */ + mov %edx, sym_esi(slaunch_slrt) + + /* Store MBI address in EBX where MB2 code expects it. */ + mov %eax, %ebx + + /* Move magic number expected by Multiboot 2 to EAX and fall throu= gh. */ + movl $MULTIBOOT2_BOOTLOADER_MAGIC, %eax + .Lmultiboot2_proto: /* Skip Multiboot2 information fixed part. */ lea (MB2_fixed_sizeof+MULTIBOOT2_TAG_ALIGN-1)(%ebx),%ecx diff --git a/xen/arch/x86/boot/slaunch-early.c b/xen/arch/x86/boot/slaunch-= early.c new file mode 100644 index 0000000000..48776ef559 --- /dev/null +++ b/xen/arch/x86/boot/slaunch-early.c @@ -0,0 +1,41 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#include +#include +#include + +struct early_init_results +{ + uint32_t mbi_pa; + uint32_t slrt_pa; +} __packed; + +void asmlinkage slaunch_early_init(uint32_t load_base_addr, + uint32_t tgt_base_addr, + uint32_t tgt_end_addr, + struct early_init_results *result) +{ + void *txt_heap; + struct txt_os_mle_data *os_mle; + struct slr_table *slrt; + struct slr_entry_intel_info *intel_info; + + txt_heap =3D txt_init(); + os_mle =3D txt_os_mle_data_start(txt_heap); + + result->slrt_pa =3D os_mle->slrt; + result->mbi_pa =3D 0; + + slrt =3D (struct slr_table *)(uintptr_t)os_mle->slrt; + + intel_info =3D (struct slr_entry_intel_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_INTEL_INFO); + if ( intel_info =3D=3D NULL || intel_info->hdr.size !=3D sizeof(*intel= _info) ) + return; + + result->mbi_pa =3D intel_info->boot_params_base; +} diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h index 07be43f557..7a665b7cc3 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -272,6 +272,22 @@ static inline void *txt_sinit_mle_data_start(void *hea= p) sizeof(uint64_t); } =20 +static inline void *txt_init(void) +{ + void *txt_heap; + + /* Clear the TXT error register for a clean start of the day. */ + write_txt_reg(TXTCR_ERRORCODE, 0); + + txt_heap =3D _p(read_txt_reg(TXTCR_HEAP_BASE)); + + if ( txt_os_mle_data_size(txt_heap) < sizeof(struct txt_os_mle_data) || + txt_os_sinit_data_size(txt_heap) < sizeof(struct txt_os_sinit_dat= a) ) + txt_reset(SLAUNCH_ERROR_GENERIC); + + return txt_heap; +} + #endif /* __ASSEMBLY__ */ =20 #endif /* ASM__X86__INTEL_TXT_H */ diff --git a/xen/arch/x86/include/asm/slaunch.h b/xen/arch/x86/include/asm/= slaunch.h new file mode 100644 index 0000000000..3fc5f00073 --- /dev/null +++ b/xen/arch/x86/include/asm/slaunch.h @@ -0,0 +1,26 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#ifndef ASM__X86__SLAUNCH_H +#define ASM__X86__SLAUNCH_H + +#include + +/* Indicates an active Secure Launch boot. */ +extern bool slaunch_active; + +/* + * Holds physical address of SLRT. Use slaunch_get_slrt() to access SLRT + * instead of mapping where this points to. + */ +extern uint32_t slaunch_slrt; + +/* + * Retrieves pointer to SLRT. Checks table's validity and maps it as nece= ssary. + */ +struct slr_table *slaunch_get_slrt(void); + +#endif /* ASM__X86__SLAUNCH_H */ diff --git a/xen/arch/x86/slaunch.c b/xen/arch/x86/slaunch.c new file mode 100644 index 0000000000..a3e6ab8d71 --- /dev/null +++ b/xen/arch/x86/slaunch.c @@ -0,0 +1,27 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#include +#include +#include +#include +#include + +/* + * These variables are assigned to by the code near Xen's entry point. + * + * slaunch_active is not __initdata to allow checking for an active Secure + * Launch boot. + */ +bool slaunch_active; +uint32_t __initdata slaunch_slrt; /* physical address */ + +/* Using slaunch_active in head.S assumes it's a single byte in size, so e= nforce + * this assumption. */ +static void __maybe_unused compile_time_checks(void) +{ + BUILD_BUG_ON(sizeof(slaunch_active) !=3D 1); +} --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156017; cv=none; d=zohomail.com; s=zohoarc; b=CXP4Gn9KRjwKASsepqv0yr4A8TUO/M0V0UoIdWGvKYd8GKz24htAiihUi/ogvpIXCeXDtYjdwPd4ZZDaZDlSR6bxUrqBs9d3Eh83moiqk6MNsuFAOmRD1uv2A4S6ODv7QtCPhYx7U7UVXvoDy1B5obh+VMs9WLU5MKDEKbsjTdU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156017; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=tFKfUzszVh/xwE4DF75x7y3iV3k/7BaG2IaI1fkSePQ=; b=cLOBeVzsIA+xDdkR1RIX7tJ7j93sDGADUMU3iuARdZ0h2RWXAG8p18w/cnJnO6pb3A8gU3yhaqc7cwJL2EKp31DPnlgpgwP5FcR/kAtx9sOpemFL6OqZp18wJilmrwmDRDFEFtu6m2ldOlRbwphtnzD1p2YPx633S4RNYBxpfR4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156017841673.454736815618; Tue, 13 May 2025 10:06:57 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983188.1369573 (Exim 4.92) (envelope-from ) id 1uEt5U-000504-M7; Tue, 13 May 2025 17:06:40 +0000 Received: by outflank-mailman (output) from mailman id 983188.1369573; Tue, 13 May 2025 17:06:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5U-0004zt-Hd; Tue, 13 May 2025 17:06:40 +0000 Received: by outflank-mailman (input) for mailman id 983188; Tue, 13 May 2025 17:06:39 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5T-0003Uz-1w for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:39 +0000 Received: from 7.mo581.mail-out.ovh.net (7.mo581.mail-out.ovh.net [46.105.43.131]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id a1530611-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:06:37 +0200 (CEST) Received: from director1.ghost.mail-out.ovh.net (unknown [10.108.25.156]) by mo581.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjYm6MKXz1Fhd for ; Tue, 13 May 2025 17:06:36 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-v29lk (unknown [10.110.188.76]) by director1.ghost.mail-out.ovh.net (Postfix) with ESMTPS id C1C081FE80; Tue, 13 May 2025 17:06:35 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.105]) by ghost-submission-5b5ff79f4f-v29lk with ESMTPSA id eryDIBt8I2hUshgACLuduA (envelope-from ); Tue, 13 May 2025 17:06:35 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a1530611-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-105G0062e7951fd-12e2-49b8-a10e-061233634830, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Ross Philipson , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 05/22] x86/boot/slaunch-early: early TXT checks and boot data retrieval Date: Tue, 13 May 2025 20:05:42 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8943022961074877596 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddtheenucevlhhushhtvghrufhiiigvpedunecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehkedumgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=tFKfUzszVh/xwE4DF75x7y3iV3k/7BaG2IaI1fkSePQ=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747155996; v=1; b=kA2RD/zQxREyvarndY+ACW5/XynAiaUxCEKShSot9JONW+eum6rTMfs5X1Z9PfaXnNZi2cKy amSc/q7Sf7bHxU3yHNAxWWQzNUnh4/MFhIN0RxNh1X8rbou8nkIlBwWPh+P91gSpRIP1Ci37olM gu0D1rRPkZesm7OOSAefom1czrSnsQ28BMvxXXjd36D+eb58SJX7lzBkyUX5sUYcHSD2FcMjDSN ZBKuVG2j3fWS6AYasmCNMJwNZp2uTG2doTDOPZPWOpAl9B3Mh3Ij3HYHTSXQZThh0tEllnnVFtB hXgo1P11mDZqEqbRaat9OUi5JljPgAxsz50tV/1tG2rYw== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156019797019000 Content-Type: text/plain; charset="utf-8" From: Krystian Hebel The tests validate that important parts of memory are protected against DMA attacks, including Xen and MBI. Modules can be tested later, when it is possible to report issues to a user before invoking TXT reset. TPM event log validation is temporarily disabled due to an issue with its allocation by bootloader (GRUB) which will need to be modified to address this. Ultimately event log will also have to be validated early as it is used immediately after these tests to hold MBI measurements. See larger comment in txt_verify_pmr_ranges(). Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/slaunch-early.c | 6 ++ xen/arch/x86/include/asm/intel-txt.h | 111 +++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) diff --git a/xen/arch/x86/boot/slaunch-early.c b/xen/arch/x86/boot/slaunch-= early.c index 48776ef559..b6f6deedc9 100644 --- a/xen/arch/x86/boot/slaunch-early.c +++ b/xen/arch/x86/boot/slaunch-early.c @@ -22,10 +22,13 @@ void asmlinkage slaunch_early_init(uint32_t load_base_a= ddr, void *txt_heap; struct txt_os_mle_data *os_mle; struct slr_table *slrt; + struct txt_os_sinit_data *os_sinit; struct slr_entry_intel_info *intel_info; + uint32_t size =3D tgt_end_addr - tgt_base_addr; =20 txt_heap =3D txt_init(); os_mle =3D txt_os_mle_data_start(txt_heap); + os_sinit =3D txt_os_sinit_data_start(txt_heap); =20 result->slrt_pa =3D os_mle->slrt; result->mbi_pa =3D 0; @@ -38,4 +41,7 @@ void asmlinkage slaunch_early_init(uint32_t load_base_add= r, return; =20 result->mbi_pa =3D intel_info->boot_params_base; + + txt_verify_pmr_ranges(os_mle, os_sinit, intel_info, + load_base_addr, tgt_base_addr, size); } diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h index 7a665b7cc3..339c29ebef 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -84,6 +84,8 @@ =20 #ifndef __ASSEMBLY__ =20 +#include + /* Need to differentiate between pre- and post paging enabled. */ #ifdef __EARLY_SLAUNCH__ #include @@ -288,6 +290,115 @@ static inline void *txt_init(void) return txt_heap; } =20 +static inline int is_in_pmr(struct txt_os_sinit_data *os_sinit, uint64_t b= ase, + uint32_t size, int check_high) +{ + /* Check for size overflow. */ + if ( base + size < base ) + txt_reset(SLAUNCH_ERROR_INTEGER_OVERFLOW); + + /* Low range always starts at 0, so its size is also end address. */ + if ( base >=3D os_sinit->vtd_pmr_lo_base && + base + size <=3D os_sinit->vtd_pmr_lo_size ) + return 1; + + if ( check_high && os_sinit->vtd_pmr_hi_size !=3D 0 ) + { + if ( os_sinit->vtd_pmr_hi_base + os_sinit->vtd_pmr_hi_size < + os_sinit->vtd_pmr_hi_size ) + txt_reset(SLAUNCH_ERROR_INTEGER_OVERFLOW); + if ( base >=3D os_sinit->vtd_pmr_hi_base && + base + size <=3D os_sinit->vtd_pmr_hi_base + + os_sinit->vtd_pmr_hi_size ) + return 1; + } + + return 0; +} + +static inline void txt_verify_pmr_ranges(struct txt_os_mle_data *os_mle, + struct txt_os_sinit_data *os_sini= t, + struct slr_entry_intel_info *info, + uint32_t load_base_addr, + uint32_t tgt_base_addr, + uint32_t xen_size) +{ + int check_high_pmr =3D 0; + + /* Verify the value of the low PMR base. It should always be 0. */ + if ( os_sinit->vtd_pmr_lo_base !=3D 0 ) + txt_reset(SLAUNCH_ERROR_LO_PMR_BASE); + + /* + * Low PMR size should not be 0 on current platforms. There is an ongo= ing + * transition to TPR-based DMA protection instead of PMR-based; this i= s not + * yet supported by the code. + */ + if ( os_sinit->vtd_pmr_lo_size =3D=3D 0 ) + txt_reset(SLAUNCH_ERROR_LO_PMR_SIZE); + + /* Check if regions overlap. Treat regions with no hole between as err= or. */ + if ( os_sinit->vtd_pmr_hi_size !=3D 0 && + os_sinit->vtd_pmr_hi_base <=3D os_sinit->vtd_pmr_lo_size ) + txt_reset(SLAUNCH_ERROR_HI_PMR_BASE); + + /* All regions accessed by 32b code must be below 4G. */ + if ( os_sinit->vtd_pmr_hi_base + os_sinit->vtd_pmr_hi_size <=3D + 0x100000000ULL ) + check_high_pmr =3D 1; + + /* + * ACM checks that TXT heap and MLE memory is protected against DMA. W= e have + * to check if MBI and whole Xen memory is protected. The latter is do= ne in + * case bootloader failed to set whole image as MLE and to make sure t= hat + * both pre- and post-relocation code is protected. + */ + + /* Check if all of Xen before relocation is covered by PMR. */ + if ( !is_in_pmr(os_sinit, load_base_addr, xen_size, check_high_pmr) ) + txt_reset(SLAUNCH_ERROR_LO_PMR_MLE); + + /* Check if all of Xen after relocation is covered by PMR. */ + if ( load_base_addr !=3D tgt_base_addr && + !is_in_pmr(os_sinit, tgt_base_addr, xen_size, check_high_pmr) ) + txt_reset(SLAUNCH_ERROR_LO_PMR_MLE); + + /* + * If present, check that MBI is covered by PMR. MBI starts with 'uint= 32_t + * total_size'. + */ + if ( info->boot_params_base !=3D 0 && + !is_in_pmr(os_sinit, info->boot_params_base, + *(uint32_t *)(uintptr_t)info->boot_params_base, + check_high_pmr) ) + txt_reset(SLAUNCH_ERROR_BUFFER_BEYOND_PMR); + + /* Check if TPM event log (if present) is covered by PMR. */ + /* + * FIXME: currently commented out as GRUB allocates it in a hole betwe= en + * PMR and reserved RAM, due to 2MB resolution of PMR. There are no ot= her + * easy-to-use DMA protection mechanisms that would allow to protect t= hat + * part of memory. TPR (TXT DMA Protection Range) gives 1MB resolution= , but + * it still wouldn't be enough. + * + * One possible solution would be for GRUB to allocate log at lower ad= dress, + * but this would further increase memory space fragmentation. Another + * option is to align PMR up instead of down, making PMR cover part of + * reserved region, but it is unclear what the consequences may be. + * + * In tboot this issue was resolved by reserving leftover chunks of me= mory + * in e820 and/or UEFI memory map. This is also a valid solution, but = would + * require more changes to GRUB than the ones listed above, as event l= og is + * allocated much earlier than PMRs. + */ + /* + if ( os_mle->evtlog_addr !=3D 0 && os_mle->evtlog_size !=3D 0 && + !is_in_pmr(os_sinit, os_mle->evtlog_addr, os_mle->evtlog_size, + check_high_pmr) ) + txt_reset(SLAUNCH_ERROR_BUFFER_BEYOND_PMR); + */ +} + #endif /* __ASSEMBLY__ */ =20 #endif /* ASM__X86__INTEL_TXT_H */ --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156023; cv=none; d=zohomail.com; s=zohoarc; b=kFyVIP4KZh19kBiSRfUo3UHxHofBv8Ze5DOd8UbCNZmhx2l/UQE6M9pBUgA6XIAwq5V78K6bU73yedBelxyjAqY/6JOKGSeRpbmbJ5A15rHR6gmFQrNzMhWsTRem7rbAOLauRRG2QgbynmFZlhEOu8fCDwa/VDE8nMMTxGrzXKg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156023; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=NikVSRACtV+SZZqcNOgRXTNCO+PpplVigM2Tfg0XHoo=; b=QIZk6uvxm/ctsOFNLg6q+90K2OXrGVrci65t4SEzqdYn/zx/ji0zV0j6Sq8v1Ey8Xn1WyJA9sb15xj0V84YDH99jg2F4qliwQjdBUVdLluL82ZA4l5lPIuyDlf5B/YRUEYLyIqyPICh6bmSHybNOLrGSm908FVQxFkDucvYuzWE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156023935992.7106074716485; Tue, 13 May 2025 10:07:03 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983189.1369583 (Exim 4.92) (envelope-from ) id 1uEt5Y-0005Ll-2s; Tue, 13 May 2025 17:06:44 +0000 Received: by outflank-mailman (output) from mailman id 983189.1369583; Tue, 13 May 2025 17:06:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5X-0005LY-UN; Tue, 13 May 2025 17:06:43 +0000 Received: by outflank-mailman (input) for mailman id 983189; Tue, 13 May 2025 17:06:42 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5W-0003Uz-52 for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:42 +0000 Received: from 3.mo560.mail-out.ovh.net (3.mo560.mail-out.ovh.net [46.105.58.226]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id a32417f8-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:06:40 +0200 (CEST) Received: from director11.ghost.mail-out.ovh.net (unknown [10.108.9.41]) by mo560.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjYr0fnXz2608 for ; Tue, 13 May 2025 17:06:40 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-zc9lv (unknown [10.111.182.11]) by director11.ghost.mail-out.ovh.net (Postfix) with ESMTPS id E92D51FE93; Tue, 13 May 2025 17:06:38 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.97]) by ghost-submission-5b5ff79f4f-zc9lv with ESMTPSA id v4giIh58I2hOCwAAwZMn8g (envelope-from ); Tue, 13 May 2025 17:06:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a32417f8-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-97G0027c0ea9b5-02f7-4c0b-a2ce-a4b0217a26c7, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 06/22] xen/arch/x86: reserve TXT memory during Slaunch Date: Tue, 13 May 2025 20:05:43 +0300 Message-ID: <1de7add75db7b15f157adc89922470bed67bef09.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8944148862897534108 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhggtgfgsehtkeertdertdejnecuhfhrohhmpefuvghrghhiihcuffhmhihtrhhukhcuoehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomheqnecuggftrfgrthhtvghrnhepgeekffeiiedtveekhfdugeffveeigefgleegvdeghefftdetheefueeliedukedvnecukfhppeduvdejrddtrddtrddupddujeeirdduuddurddukedurddujeekpdefjedrheelrddugedvrdeljeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehiedtmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=NikVSRACtV+SZZqcNOgRXTNCO+PpplVigM2Tfg0XHoo=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156000; v=1; b=fZtKCBjbDDeZMd8KNSZTJYb/vINI0F8DKvSdgoBZUILNd4RKah16AszQefIyF12e8dIuMd0n yYvjQbpQOnuFQccFMO0sY94Me/3HiSSHNRUIPCRqOw7Ech47Ta6ZvzwA1/+3VeddU6InO02d2zf CMVb1UK1ZBNMtUcSMAeFt6fqpRRh/pJsolZjXKvrUx/swM8ReHcfhwYioDH4tp8v2pT1TBJmF63 COz86IOfgQUiXi3Mgb2GHsHOu34gvAtNb4wZwuk+jaCC9CZJ5aZGbVPTfk1rSaqrFnmWQDQVdE3 62WOWeTv1fe2VgogoXWvRlhYVko0BgYFj+Q72Zxe7Ruzg== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156025287116600 From: Kacper Stojek TXT heap, SINIT and TXT private space are marked as reserved or unused in e820 to protect from unintended uses. Signed-off-by: Kacper Stojek Signed-off-by: Krystian Hebel Signed-off-by: Micha=C5=82 =C5=BBygowski Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile | 1 + xen/arch/x86/include/asm/intel-txt.h | 6 ++ xen/arch/x86/include/asm/mm.h | 3 + xen/arch/x86/include/asm/slaunch.h | 44 +++++++++++ xen/arch/x86/intel-txt.c | 113 +++++++++++++++++++++++++++ xen/arch/x86/setup.c | 10 ++- xen/arch/x86/slaunch.c | 98 ++++++++++++++++++++++- 7 files changed, 271 insertions(+), 4 deletions(-) create mode 100644 xen/arch/x86/intel-txt.c diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 43a80be458..6f15c5a87a 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -38,6 +38,7 @@ obj-$(CONFIG_GDBSX) +=3D gdbsx.o obj-y +=3D hypercall.o obj-y +=3D i387.o obj-y +=3D i8259.o +obj-y +=3D intel-txt.o obj-y +=3D io_apic.o obj-$(CONFIG_LIVEPATCH) +=3D livepatch.o obj-y +=3D msi.o diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h index 339c29ebef..0126f56a6c 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -399,6 +399,12 @@ static inline void txt_verify_pmr_ranges(struct txt_os= _mle_data *os_mle, */ } =20 +/* Prepares for accesses to TXT-specific memory. */ +void txt_map_mem_regions(void); + +/* Marks TXT-specific memory as used to avoid its corruption. */ +void txt_reserve_mem_regions(void); + #endif /* __ASSEMBLY__ */ =20 #endif /* ASM__X86__INTEL_TXT_H */ diff --git a/xen/arch/x86/include/asm/mm.h b/xen/arch/x86/include/asm/mm.h index d6e80db71c..91fa95cd90 100644 --- a/xen/arch/x86/include/asm/mm.h +++ b/xen/arch/x86/include/asm/mm.h @@ -106,6 +106,9 @@ #define _PGC_need_scrub _PGC_allocated #define PGC_need_scrub PGC_allocated =20 +/* How much of the directmap is prebuilt at compile time. */ +#define PREBUILT_MAP_LIMIT (1 << L2_PAGETABLE_SHIFT) + #ifndef CONFIG_BIGMEM /* * This definition is solely for the use in struct page_info (and diff --git a/xen/arch/x86/include/asm/slaunch.h b/xen/arch/x86/include/asm/= slaunch.h index 3fc5f00073..ddc1bd2361 100644 --- a/xen/arch/x86/include/asm/slaunch.h +++ b/xen/arch/x86/include/asm/slaunch.h @@ -7,6 +7,7 @@ #ifndef ASM__X86__SLAUNCH_H #define ASM__X86__SLAUNCH_H =20 +#include #include =20 /* Indicates an active Secure Launch boot. */ @@ -18,9 +19,52 @@ extern bool slaunch_active; */ extern uint32_t slaunch_slrt; =20 +/* + * evt_log is assigned a physical address and the caller must map it to + * virtual, if needed. + */ +static inline void find_evt_log(struct slr_table *slrt, void **evt_log, + uint32_t *evt_log_size) +{ + struct slr_entry_log_info *log_info; + + log_info =3D (struct slr_entry_log_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_LOG_INFO); + if ( log_info !=3D NULL ) + { + *evt_log =3D _p(log_info->addr); + *evt_log_size =3D log_info->size; + } + else + { + *evt_log =3D NULL; + *evt_log_size =3D 0; + } +} + /* * Retrieves pointer to SLRT. Checks table's validity and maps it as nece= ssary. */ struct slr_table *slaunch_get_slrt(void); =20 +/* + * Prepares for accesses to essential data structures setup by boot enviro= nment. + */ +void slaunch_map_mem_regions(void); + +/* Marks regions of memory as used to avoid their corruption. */ +void slaunch_reserve_mem_regions(void); + +/* + * This helper function is used to map memory using L2 page tables by alig= ning + * mapped regions to 2MB. This way page allocator (which at this point isn= 't + * yet initialized) isn't needed for creating new L1 mappings. The function + * also checks and skips memory already mapped by the prebuilt tables. + * + * There is no unmap_l2() because the function is meant to be used by the = code + * that accesses DRTM-related memory soon after which Xen rebuilds memory = maps, + * effectively dropping all existing mappings. + */ +int slaunch_map_l2(unsigned long paddr, unsigned long size); + #endif /* ASM__X86__SLAUNCH_H */ diff --git a/xen/arch/x86/intel-txt.c b/xen/arch/x86/intel-txt.c new file mode 100644 index 0000000000..67051b0917 --- /dev/null +++ b/xen/arch/x86/intel-txt.c @@ -0,0 +1,113 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#include +#include +#include +#include +#include +#include +#include + +static uint64_t __initdata txt_heap_base, txt_heap_size; + +void __init txt_map_mem_regions(void) +{ + int rc; + + rc =3D slaunch_map_l2(TXT_PRIV_CONFIG_REGS_BASE, NR_TXT_CONFIG_SIZE); + BUG_ON(rc !=3D 0); + + txt_heap_base =3D read_txt_reg(TXTCR_HEAP_BASE); + BUG_ON(txt_heap_base =3D=3D 0); + + txt_heap_size =3D read_txt_reg(TXTCR_HEAP_SIZE); + BUG_ON(txt_heap_size =3D=3D 0); + + rc =3D slaunch_map_l2(txt_heap_base, txt_heap_size); + BUG_ON(rc !=3D 0); +} + +/* Mark RAM region as RESERVED if it isn't marked that way already. */ +static int __init mark_ram_as(struct e820map *map, uint64_t start, + uint64_t end, uint32_t type) +{ + unsigned int i; + uint32_t from_type =3D E820_RAM; + + for ( i =3D 0; i < map->nr_map; i++ ) + { + uint64_t rs =3D map->map[i].addr; + uint64_t re =3D rs + map->map[i].size; + + /* The entry includes the range. */ + if ( start >=3D rs && end <=3D re ) + break; + + /* The entry intersects the range. */ + if ( end > rs && start < re ) + { + /* Fatal failure. */ + return 0; + } + } + + /* + * If the range is not included by any entry and no entry intersects i= t, + * then it's not listed in the memory map. Consider this case as a su= ccess + * since we're only preventing RAM from being used and unlisted range = should + * not be used. + */ + if ( i =3D=3D map->nr_map ) + return 1; + + /* + * e820_change_range_type() fails if the range is already marked with = the + * desired type. Don't consider it an error if firmware has done it f= or us. + */ + if ( map->map[i].type =3D=3D type ) + return 1; + + /* E820_ACPI or E820_NVS are really unexpected, but others are fine. */ + if ( map->map[i].type =3D=3D E820_RESERVED || + map->map[i].type =3D=3D E820_UNUSABLE ) + from_type =3D map->map[i].type; + + return e820_change_range_type(map, start, end, from_type, type); +} + +void __init txt_reserve_mem_regions(void) +{ + int rc; + uint64_t sinit_base, sinit_size; + + /* TXT Heap */ + BUG_ON(txt_heap_base =3D=3D 0); + printk("SLAUNCH: reserving TXT heap (%#lx - %#lx)\n", txt_heap_base, + txt_heap_base + txt_heap_size); + rc =3D mark_ram_as(&e820_raw, txt_heap_base, txt_heap_base + txt_heap_= size, + E820_RESERVED); + BUG_ON(rc =3D=3D 0); + + sinit_base =3D read_txt_reg(TXTCR_SINIT_BASE); + BUG_ON(sinit_base =3D=3D 0); + + sinit_size =3D read_txt_reg(TXTCR_SINIT_SIZE); + BUG_ON(sinit_size =3D=3D 0); + + /* SINIT */ + printk("SLAUNCH: reserving SINIT memory (%#lx - %#lx)\n", sinit_base, + sinit_base + sinit_size); + rc =3D mark_ram_as(&e820_raw, sinit_base, sinit_base + sinit_size, + E820_RESERVED); + BUG_ON(rc =3D=3D 0); + + /* TXT Private Space */ + rc =3D mark_ram_as(&e820_raw, TXT_PRIV_CONFIG_REGS_BASE, + TXT_PRIV_CONFIG_REGS_BASE + NR_TXT_CONFIG_SIZE, + E820_UNUSABLE); + BUG_ON(rc =3D=3D 0); +} diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 2518954124..479d2d744e 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include @@ -1086,9 +1087,6 @@ static struct domain *__init create_dom0(struct boot_= info *bi) return d; } =20 -/* How much of the directmap is prebuilt at compile time. */ -#define PREBUILT_MAP_LIMIT (1 << L2_PAGETABLE_SHIFT) - void asmlinkage __init noreturn __start_xen(void) { const char *memmap_type =3D NULL; @@ -1424,6 +1422,12 @@ void asmlinkage __init noreturn __start_xen(void) #endif } =20 + if ( slaunch_active ) + { + slaunch_map_mem_regions(); + slaunch_reserve_mem_regions(); + } + /* Sanitise the raw E820 map to produce a final clean version. */ max_page =3D raw_max_page =3D init_e820(memmap_type, &e820_raw); =20 diff --git a/xen/arch/x86/slaunch.c b/xen/arch/x86/slaunch.c index a3e6ab8d71..ac3b43942b 100644 --- a/xen/arch/x86/slaunch.c +++ b/xen/arch/x86/slaunch.c @@ -7,14 +7,18 @@ #include #include #include +#include #include +#include +#include +#include #include =20 /* * These variables are assigned to by the code near Xen's entry point. * * slaunch_active is not __initdata to allow checking for an active Secure - * Launch boot. + * Launch boot at any point. */ bool slaunch_active; uint32_t __initdata slaunch_slrt; /* physical address */ @@ -25,3 +29,95 @@ static void __maybe_unused compile_time_checks(void) { BUILD_BUG_ON(sizeof(slaunch_active) !=3D 1); } + +struct slr_table *__init slaunch_get_slrt(void) +{ + static struct slr_table *slrt; + + if (slrt =3D=3D NULL) { + int rc; + + slrt =3D __va(slaunch_slrt); + + rc =3D slaunch_map_l2(slaunch_slrt, PAGE_SIZE); + BUG_ON(rc !=3D 0); + + if ( slrt->magic !=3D SLR_TABLE_MAGIC ) + panic("SLRT has invalid magic value: %#08x!\n", slrt->magic); + /* XXX: are newer revisions allowed? */ + if ( slrt->revision !=3D SLR_TABLE_REVISION ) + panic("SLRT is of unsupported revision: %#04x!\n", slrt->revis= ion); + if ( slrt->architecture !=3D SLR_INTEL_TXT ) + panic("SLRT is for unexpected architecture: %#04x!\n", + slrt->architecture); + if ( slrt->size > slrt->max_size ) + panic("SLRT is larger than its max size: %#08x > %#08x!\n", + slrt->size, slrt->max_size); + + if ( slrt->size > PAGE_SIZE ) + { + rc =3D slaunch_map_l2(slaunch_slrt, slrt->size); + BUG_ON(rc !=3D 0); + } + } + + return slrt; +} + +void __init slaunch_map_mem_regions(void) +{ + void *evt_log_addr; + uint32_t evt_log_size; + + /* Vendor-specific part. */ + txt_map_mem_regions(); + + find_evt_log(slaunch_get_slrt(), &evt_log_addr, &evt_log_size); + if ( evt_log_addr !=3D NULL ) + { + int rc =3D slaunch_map_l2((uintptr_t)evt_log_addr, evt_log_size); + BUG_ON(rc !=3D 0); + } +} + +void __init slaunch_reserve_mem_regions(void) +{ + int rc; + + void *evt_log_addr; + uint32_t evt_log_size; + + /* Vendor-specific part. */ + txt_reserve_mem_regions(); + + find_evt_log(slaunch_get_slrt(), &evt_log_addr, &evt_log_size); + if ( evt_log_addr !=3D NULL ) + { + printk("SLAUNCH: reserving event log (%#lx - %#lx)\n", + (uint64_t)evt_log_addr, + (uint64_t)evt_log_addr + evt_log_size); + rc =3D reserve_e820_ram(&e820_raw, (uint64_t)evt_log_addr, + (uint64_t)evt_log_addr + evt_log_size); + BUG_ON(rc =3D=3D 0); + } +} + +int __init slaunch_map_l2(unsigned long paddr, unsigned long size) +{ + unsigned long aligned_paddr =3D paddr & ~((1ULL << L2_PAGETABLE_SHIFT)= - 1); + unsigned long pages =3D ((paddr + size) - aligned_paddr); + pages =3D ROUNDUP(pages, 1ULL << L2_PAGETABLE_SHIFT) >> PAGE_SHIFT; + + if ( aligned_paddr + pages * PAGE_SIZE <=3D PREBUILT_MAP_LIMIT ) + return 0; + + if ( aligned_paddr < PREBUILT_MAP_LIMIT ) + { + pages -=3D (PREBUILT_MAP_LIMIT - aligned_paddr) >> PAGE_SHIFT; + aligned_paddr =3D PREBUILT_MAP_LIMIT; + } + + return map_pages_to_xen((uintptr_t)__va(aligned_paddr), + maddr_to_mfn(aligned_paddr), + pages, PAGE_HYPERVISOR); +} --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156358; cv=none; d=zohomail.com; s=zohoarc; b=eMjDwrilCzQubHvQJruetCt4avMLZVTL9PWY5Sz5ITHWoQPoKt0j7g0AOvzugD9hqKCUyGcDzEnclpeNwZiDIFn0jp4W0WxCDl9daDcQ8kjg8uvk/v2Nk1Z5ilTiPR3WOumvldL8O2KlpRhxqOUob6yLYi56DzcU/QDeSALxlps= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156358; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=p5/X8odYi3YN7N37QJCMftuc5hqSiV9vDM1ybqq3iiI=; b=DzjCJeWo//AvOJS4rDC2gOMKDlGNOP1JlyU7yLTEX83odQKKKn2V2lUTGD2Ch4ApbHcR3ohhMVxxna5xjfhln/f9c5D03WPnOZw/CsWNI9vIrHSUUz3E32xFfQ/O7pFGPTOotKYlmQ7/0QuxihjeCXTGSKsqOh+D91S+kFNMws4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156358598470.22473228256956; Tue, 13 May 2025 10:12:38 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983343.1369723 (Exim 4.92) (envelope-from ) id 1uEtAt-0007Ja-2L; Tue, 13 May 2025 17:12:15 +0000 Received: by outflank-mailman (output) from mailman id 983343.1369723; Tue, 13 May 2025 17:12:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtAs-0007JP-Ui; Tue, 13 May 2025 17:12:14 +0000 Received: by outflank-mailman (input) for mailman id 983343; Tue, 13 May 2025 17:12:13 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5X-0003Mm-LE for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:43 +0000 Received: from 9.mo581.mail-out.ovh.net (9.mo581.mail-out.ovh.net [46.105.60.248]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a490bcf8-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:06:42 +0200 (CEST) Received: from director7.ghost.mail-out.ovh.net (unknown [10.109.140.207]) by mo581.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjYt3ypbz1F88 for ; Tue, 13 May 2025 17:06:42 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-mdgms (unknown [10.110.164.115]) by director7.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 07C2E1FD39; Tue, 13 May 2025 17:06:41 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.114]) by ghost-submission-5b5ff79f4f-mdgms with ESMTPSA id JVrPMyF8I2ikSwEARrC/kw (envelope-from ); Tue, 13 May 2025 17:06:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a490bcf8-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-114S0082d89efb0-7dca-433b-9db6-efa760fdab17, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 07/22] x86/mtrr: expose functions for pausing caching Date: Tue, 13 May 2025 20:05:44 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8944711813313967260 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddugeenucevlhhushhtvghrufhiiigvpeegnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehkedumgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=p5/X8odYi3YN7N37QJCMftuc5hqSiV9vDM1ybqq3iiI=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156002; v=1; b=hGHensDJA5nIUwOWVrg1VRKg9jr4cvOCYo5VjuKrGN6AbVFlRNHhkNOCFVPK/XTOonZ1uPZw 1Gy9IgTSIK9REdsVXBm+mwzxcZHM1QG+pkrgWozYCrVueAcCT/WST6u7gyWyqZY3Ge5e4wUv4ts Tc1wmPYeKYNbG2/D8w2rmISFfW1Hj/FM41MrPp6wwkULLg3sxzTj/0yhcWLrEOKi/pFCTbAMGTY tJnxdMnr50bxsY+/J2AGNSfr/ZaxQy/YGixIBZ233hy58iaG+lvXIMRbMsUhr+1O1KyL659V+po 0CQL3/X7p60mEcu223kHJvL/vOgrzHIsmEW2Wk9S01uPg== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156361923116600 Content-Type: text/plain; charset="utf-8" This allows the functionality to be reused by other units that need to update MTRRs. This also gets rid of a static variable. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/cpu/mtrr/generic.c | 51 ++++++++++++++++----------------- xen/arch/x86/include/asm/mtrr.h | 8 ++++++ 2 files changed, 33 insertions(+), 26 deletions(-) diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generi= c.c index c587e9140e..2a8dd1d8ff 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -396,9 +396,7 @@ static bool set_mtrr_var_ranges(unsigned int index, str= uct mtrr_var_range *vr) return changed; } =20 -static uint64_t deftype; - -static unsigned long set_mtrr_state(void) +static unsigned long set_mtrr_state(uint64_t *deftype) /* [SUMMARY] Set the MTRR state for this CPU. The MTRR state information to read. Some relevant CPU context. @@ -416,14 +414,12 @@ static unsigned long set_mtrr_state(void) if (mtrr_state.have_fixed && set_fixed_ranges(mtrr_state.fixed_ranges)) change_mask |=3D MTRR_CHANGE_MASK_FIXED; =20 - /* Set_mtrr_restore restores the old value of MTRRdefType, - so to set it we fiddle with the saved value */ - if ((deftype & 0xff) !=3D mtrr_state.def_type - || MASK_EXTR(deftype, MTRRdefType_E) !=3D mtrr_state.enabled - || MASK_EXTR(deftype, MTRRdefType_FE) !=3D mtrr_state.fixed_enabled) { - deftype =3D (deftype & ~0xcff) | mtrr_state.def_type | - MASK_INSR(mtrr_state.enabled, MTRRdefType_E) | - MASK_INSR(mtrr_state.fixed_enabled, MTRRdefType_FE); + if ((*deftype & 0xff) !=3D mtrr_state.def_type + || MASK_EXTR(*deftype, MTRRdefType_E) !=3D mtrr_state.enabled + || MASK_EXTR(*deftype, MTRRdefType_FE) !=3D mtrr_state.fixed_enabled)= { + *deftype =3D (*deftype & ~0xcff) | mtrr_state.def_type | + MASK_INSR(mtrr_state.enabled, MTRRdefType_E) | + MASK_INSR(mtrr_state.fixed_enabled, MTRRdefType_FE); change_mask |=3D MTRR_CHANGE_MASK_DEFTYPE; } =20 @@ -440,9 +436,10 @@ static DEFINE_SPINLOCK(set_atomicity_lock); * has been called. */ =20 -static bool prepare_set(void) +struct mtrr_pausing_state mtrr_pause_caching(void) { unsigned long cr4; + struct mtrr_pausing_state state; =20 /* Note that this is not ideal, since the cache is only flushed/disabled for this CPU while the MTRRs are changed, but changing this requires @@ -462,7 +459,9 @@ static bool prepare_set(void) alternative("wbinvd", "", X86_FEATURE_XEN_SELFSNOOP); =20 cr4 =3D read_cr4(); - if (cr4 & X86_CR4_PGE) + state.pge =3D cr4 & X86_CR4_PGE; + + if (state.pge) write_cr4(cr4 & ~X86_CR4_PGE); else if (use_invpcid) invpcid_flush_all(); @@ -470,27 +469,27 @@ static bool prepare_set(void) write_cr3(read_cr3()); =20 /* Save MTRR state */ - rdmsrl(MSR_MTRRdefType, deftype); + rdmsrl(MSR_MTRRdefType, state.def_type); =20 /* Disable MTRRs, and set the default type to uncached */ - mtrr_wrmsr(MSR_MTRRdefType, deftype & ~0xcff); + mtrr_wrmsr(MSR_MTRRdefType, state.def_type & ~0xcff); =20 /* Again, only flush caches if we have to. */ alternative("wbinvd", "", X86_FEATURE_XEN_SELFSNOOP); =20 - return cr4 & X86_CR4_PGE; + return state; } =20 -static void post_set(bool pge) +void mtrr_resume_caching(struct mtrr_pausing_state state) { /* Intel (P6) standard MTRRs */ - mtrr_wrmsr(MSR_MTRRdefType, deftype); + mtrr_wrmsr(MSR_MTRRdefType, state.def_type); =20 /* Enable caches */ write_cr0(read_cr0() & ~X86_CR0_CD); =20 /* Reenable CR4.PGE (also flushes the TLB) */ - if (pge) + if (state.pge) write_cr4(read_cr4() | X86_CR4_PGE); else if (use_invpcid) invpcid_flush_all(); @@ -504,15 +503,15 @@ void mtrr_set_all(void) { unsigned long mask, count; unsigned long flags; - bool pge; + struct mtrr_pausing_state pausing_state; =20 local_irq_save(flags); - pge =3D prepare_set(); + pausing_state =3D mtrr_pause_caching(); =20 /* Actually set the state */ - mask =3D set_mtrr_state(); + mask =3D set_mtrr_state(&pausing_state.def_type); =20 - post_set(pge); + mtrr_resume_caching(pausing_state); local_irq_restore(flags); =20 /* Use the atomic bitops to update the global mask */ @@ -537,12 +536,12 @@ void mtrr_set( { unsigned long flags; struct mtrr_var_range *vr; - bool pge; + struct mtrr_pausing_state pausing_state; =20 vr =3D &mtrr_state.var_ranges[reg]; =20 local_irq_save(flags); - pge =3D prepare_set(); + pausing_state =3D mtrr_pause_caching(); =20 if (size =3D=3D 0) { /* The invalid bit is kept in the mask, so we simply clear the @@ -563,7 +562,7 @@ void mtrr_set( mtrr_wrmsr(MSR_IA32_MTRR_PHYSMASK(reg), vr->mask); } =20 - post_set(pge); + mtrr_resume_caching(pausing_state); local_irq_restore(flags); } =20 diff --git a/xen/arch/x86/include/asm/mtrr.h b/xen/arch/x86/include/asm/mtr= r.h index 25d442659d..82ea427ba0 100644 --- a/xen/arch/x86/include/asm/mtrr.h +++ b/xen/arch/x86/include/asm/mtrr.h @@ -66,6 +66,14 @@ extern uint8_t pat_type_2_pte_flags(uint8_t pat_type); extern void mtrr_aps_sync_begin(void); extern void mtrr_aps_sync_end(void); =20 +struct mtrr_pausing_state { + bool pge; + uint64_t def_type; +}; + +extern struct mtrr_pausing_state mtrr_pause_caching(void); +extern void mtrr_resume_caching(struct mtrr_pausing_state state); + extern bool mtrr_var_range_msr_set(struct domain *d, struct mtrr_state *m, uint32_t msr, uint64_t msr_content); extern bool mtrr_fix_range_msr_set(struct domain *d, struct mtrr_state *m, --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156294; cv=none; d=zohomail.com; s=zohoarc; b=DRI3v19P0T2oSivlkHhG3F6z3Dsq/XQDkQbMQBbyB8xMiZJFO76aoOLtitToEGrXLCj/0x5c35vGB+tBlyHPxUHHDehTWHAYjsSOdAdqriu8x012umqNLcgJaLJ+hCCscFCoplo0xe9BwtMVypwtYH25z9Kl7EOp5V51ceaKiJ4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156294; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=nB7H7bO1BJ1ApmWbD/4F5x9yGu79QzObrwHjfTYg4+c=; b=BWZUq0OUlmGtd6IkROfbFqkx8zUFJP74UL+WAudCQe1i/a4QCgwrCQYG094MyjRG7FeWlEZA4olxQeZfq47nqzGN6coyhS/9sBEkSyL4wGQScXAOGsNm5X6wXhwrw+C7OyVaVh4oq3lBvImTV69ep4v0ZmVhycwHpNAi2uG3M2I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156293990850.9323071856887; Tue, 13 May 2025 10:11:33 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983299.1369664 (Exim 4.92) (envelope-from ) id 1uEtA2-00042m-Bz; Tue, 13 May 2025 17:11:22 +0000 Received: by outflank-mailman (output) from mailman id 983299.1369664; Tue, 13 May 2025 17:11:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtA2-00042f-5X; Tue, 13 May 2025 17:11:22 +0000 Received: by outflank-mailman (input) for mailman id 983299; Tue, 13 May 2025 17:11:21 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5a-0003Mm-Bj for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:46 +0000 Received: from 6.mo576.mail-out.ovh.net (6.mo576.mail-out.ovh.net [46.105.50.107]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a642e806-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:06:45 +0200 (CEST) Received: from director2.ghost.mail-out.ovh.net (unknown [10.108.9.136]) by mo576.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjYx2fwnz1vvL for ; Tue, 13 May 2025 17:06:45 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-q2zpp (unknown [10.108.54.144]) by director2.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 97F541FE68; Tue, 13 May 2025 17:06:44 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.109]) by ghost-submission-5b5ff79f4f-q2zpp with ESMTPSA id d2EBFSR8I2hnAAAAOMNtBw (envelope-from ); Tue, 13 May 2025 17:06:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a642e806-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-109S003cd6ad599-b8b8-4bf1-b0db-ca82d73d54a9, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 08/22] x86/slaunch: restore boot MTRRs after Intel TXT DRTM Date: Tue, 13 May 2025 20:05:45 +0300 Message-ID: <6448e4a7535d4f74f7559e14e13c8d531cac71a0.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8945556237201618076 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhggtgfgsehtkeertdertdejnecuhfhrohhmpefuvghrghhiihcuffhmhihtrhhukhcuoehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomheqnecuggftrfgrthhtvghrnhepgeekffeiiedtveekhfdugeffveeigefgleegvdeghefftdetheefueeliedukedvnecukfhppeduvdejrddtrddtrddupddujeeirdduuddurddukedurddujeekpdefjedrheelrddugedvrddutdelnecuvehluhhsthgvrhfuihiivgepudenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheejiegmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=nB7H7bO1BJ1ApmWbD/4F5x9yGu79QzObrwHjfTYg4+c=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156005; v=1; b=Yom0lwoxH0pn1G+ymjpkZJQZOSZ3mtc9IlAvv8W2QSarlH4ihT2SiRvkRbuMH4yC1rT1q9R9 Kl4oMrM1izbpV9vv5bnk+M8QfSzsNRDetCpya3wo2ht/OXFhV7zyAJZUYXiVd6N6fU0KgTTYeXG ZoXbgTsMrtf+e0B2127NPm6WRu02ekitchp62Tp3EJHmHJnezpOOut02WbbDseVJisqD15nnI2d mQOEmT5mbWV0nBpWPRmol01UlAA9oEF8Zs0FgyB1aAo8x/4CniiJEyIR0HH+X2vCGFLVWOdk9ND r8LZ+1pnTZKv0zIiops1Fa/I0JblPLz2QmorAvZMyg7FA== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156295218019000 From: Krystian Hebel In preparation for TXT SENTER call, GRUB had to modify MTRR settings to be UC for everything except SINIT ACM. Old values are restored from SLRT where they were saved by the bootloader. Signed-off-by: Krystian Hebel Signed-off-by: Micha=C5=82 =C5=BBygowski Signed-off-by: Sergii Dmytruk --- xen/arch/x86/e820.c | 5 ++ xen/arch/x86/include/asm/intel-txt.h | 3 ++ xen/arch/x86/intel-txt.c | 75 ++++++++++++++++++++++++++++ 3 files changed, 83 insertions(+) diff --git a/xen/arch/x86/e820.c b/xen/arch/x86/e820.c index ca577c0bde..60f00e5259 100644 --- a/xen/arch/x86/e820.c +++ b/xen/arch/x86/e820.c @@ -11,6 +11,8 @@ #include #include #include +#include +#include =20 /* * opt_mem: Limit maximum address of physical RAM. @@ -442,6 +444,9 @@ static uint64_t __init mtrr_top_of_ram(void) ASSERT(paddr_bits); addr_mask =3D ((1ULL << paddr_bits) - 1) & PAGE_MASK; =20 + if ( slaunch_active ) + txt_restore_mtrrs(e820_verbose); + rdmsrl(MSR_MTRRcap, mtrr_cap); rdmsrl(MSR_MTRRdefType, mtrr_def); =20 diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h index 0126f56a6c..f0ec580558 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -405,6 +405,9 @@ void txt_map_mem_regions(void); /* Marks TXT-specific memory as used to avoid its corruption. */ void txt_reserve_mem_regions(void); =20 +/* Restores original MTRR values saved by a bootloader before starting DRT= M. */ +void txt_restore_mtrrs(bool e820_verbose); + #endif /* __ASSEMBLY__ */ =20 #endif /* ASM__X86__INTEL_TXT_H */ diff --git a/xen/arch/x86/intel-txt.c b/xen/arch/x86/intel-txt.c index 67051b0917..92f3e48b49 100644 --- a/xen/arch/x86/intel-txt.c +++ b/xen/arch/x86/intel-txt.c @@ -10,6 +10,8 @@ #include #include #include +#include +#include #include =20 static uint64_t __initdata txt_heap_base, txt_heap_size; @@ -111,3 +113,76 @@ void __init txt_reserve_mem_regions(void) E820_UNUSABLE); BUG_ON(rc =3D=3D 0); } + +void __init txt_restore_mtrrs(bool e820_verbose) +{ + struct slr_entry_intel_info *intel_info; + uint64_t mtrr_cap, mtrr_def, base, mask; + unsigned int i; + uint64_t def_type; + struct mtrr_pausing_state pausing_state; + + rdmsrl(MSR_MTRRcap, mtrr_cap); + rdmsrl(MSR_MTRRdefType, mtrr_def); + + if ( e820_verbose ) + { + printk("MTRRs set previously for SINIT ACM:\n"); + printk(" MTRR cap: %"PRIx64" type: %"PRIx64"\n", mtrr_cap, mtrr_de= f); + + for ( i =3D 0; i < (uint8_t)mtrr_cap; i++ ) + { + rdmsrl(MSR_IA32_MTRR_PHYSBASE(i), base); + rdmsrl(MSR_IA32_MTRR_PHYSMASK(i), mask); + + printk(" MTRR[%d]: base %"PRIx64" mask %"PRIx64"\n", + i, base, mask); + } + } + + intel_info =3D (struct slr_entry_intel_info *) + slr_next_entry_by_tag(slaunch_get_slrt(), NULL, SLR_ENTRY_INTEL_IN= FO); + + if ( (mtrr_cap & 0xFF) !=3D intel_info->saved_bsp_mtrrs.mtrr_vcnt ) + { + printk("Bootloader saved %ld MTRR values, but there should be %ld\= n", + intel_info->saved_bsp_mtrrs.mtrr_vcnt, mtrr_cap & 0xFF); + /* Choose the smaller one to be on the safe side. */ + mtrr_cap =3D (mtrr_cap & 0xFF) > intel_info->saved_bsp_mtrrs.mtrr_= vcnt ? + intel_info->saved_bsp_mtrrs.mtrr_vcnt : mtrr_cap; + } + + def_type =3D intel_info->saved_bsp_mtrrs.default_mem_type; + pausing_state =3D mtrr_pause_caching(); + + for ( i =3D 0; i < (uint8_t)mtrr_cap; i++ ) + { + base =3D intel_info->saved_bsp_mtrrs.mtrr_pair[i].mtrr_physbase; + mask =3D intel_info->saved_bsp_mtrrs.mtrr_pair[i].mtrr_physmask; + wrmsrl(MSR_IA32_MTRR_PHYSBASE(i), base); + wrmsrl(MSR_IA32_MTRR_PHYSMASK(i), mask); + } + + pausing_state.def_type =3D def_type; + mtrr_resume_caching(pausing_state); + + if ( e820_verbose ) + { + printk("Restored MTRRs:\n"); /* Printed by caller, mtrr_top_of_ram= (). */ + + /* If MTRRs are not enabled or WB is not a default type, MTRRs won= 't be printed */ + if ( !test_bit(11, &def_type) || ((uint8_t)def_type =3D=3D X86_MT_= WB) ) + { + for ( i =3D 0; i < (uint8_t)mtrr_cap; i++ ) + { + rdmsrl(MSR_IA32_MTRR_PHYSBASE(i), base); + rdmsrl(MSR_IA32_MTRR_PHYSMASK(i), mask); + printk(" MTRR[%d]: base %"PRIx64" mask %"PRIx64"\n", + i, base, mask); + } + } + } + + /* Restore IA32_MISC_ENABLES */ + wrmsrl(MSR_IA32_MISC_ENABLE, intel_info->saved_misc_enable_msr); +} --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156300; cv=none; d=zohomail.com; s=zohoarc; b=mBr+w3y+pPp52WVgIWpTG/xqw+UbhSEAOzlCb0UsmsI2vcQoQsqQtzadxDJvOTjDiJRwwmC+ExRVj+QdA2PpmhBSNsuWG4dftQRenmeCXvD3zW6bTyPP5ru+8EkE5uNrUaWZWY+Hxf4e1SAttc6cpWZcXZIBYnzFyT201Kn4R9w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156300; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ZTbfrxWs6ho/dNB851C3HFgLhh1CDi/0mFBdC72nYUQ=; b=a39ufT6l8ec3+CJmsKEFchhhAAqc6b+l0vBZP22fSzXzp4a2lZFpEjCBeY2w+iwiSvQRvhpJVEfuz+AK5CSmoGN/cGQg6A/OH/QafPdT8sbl5RFw1ZN1ZvilpCo0byqY0OybfoKhoPGQKE251toCOMFiRf5TRRJIFXSlzAjI+sc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 17471563008781022.102279423267; Tue, 13 May 2025 10:11:40 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983308.1369683 (Exim 4.92) (envelope-from ) id 1uEtA8-0004eF-Rn; Tue, 13 May 2025 17:11:28 +0000 Received: by outflank-mailman (output) from mailman id 983308.1369683; Tue, 13 May 2025 17:11:28 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtA8-0004e4-Ot; Tue, 13 May 2025 17:11:28 +0000 Received: by outflank-mailman (input) for mailman id 983308; Tue, 13 May 2025 17:11:27 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5d-0003Mm-VH for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:49 +0000 Received: from 6.mo560.mail-out.ovh.net (6.mo560.mail-out.ovh.net [87.98.165.38]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id a8270440-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:06:48 +0200 (CEST) Received: from director4.ghost.mail-out.ovh.net (unknown [10.108.17.234]) by mo560.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZ03VpVz2Cc3 for ; Tue, 13 May 2025 17:06:48 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-mdgms (unknown [10.110.164.75]) by director4.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 854AD1FE7E; Tue, 13 May 2025 17:06:47 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.112]) by ghost-submission-5b5ff79f4f-mdgms with ESMTPSA id rx7EDCd8I2iuSwEARrC/kw (envelope-from ); Tue, 13 May 2025 17:06:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a8270440-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-112S006a94099e6-0d7e-4faf-ac48-888d34d6b9b3, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , trenchboot-devel@googlegroups.com Subject: [PATCH v2 09/22] xen/lib: add implementation of SHA-1 Date: Tue, 13 May 2025 20:05:46 +0300 Message-ID: <7fcab16c3efbc0eb28e0f8ec0d9c9d3188881ad4.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8946400661588718748 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeeiteejtdffveekuddtgfegteffkefhgedujeehfeefveekvdevveevteeufeevteenucffohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeduvdejrddtrddtrddupddujeeirdduuddurddukedurddujeekpdefjedrheelrddugedvrdduuddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheeitdgmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=ZTbfrxWs6ho/dNB851C3HFgLhh1CDi/0mFBdC72nYUQ=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156008; v=1; b=MbJZuSPhvmeNTxtSVsjL9waWcfb+Z7hwFZ7ytCSwJhD8aSTY5NNh9MLQ8jDS0/U8wq5wJPp/ UnHZEMED35xFKs7dFe6hboWE6zQOIJy3RffPEMZzbeptmheshKfyS56LyNnAOWVgVs8sz1Rc9pr vmkyb21nMgrIWuhaH+EP8VokpiGi3e34rzEeAZbQvlDr3q5FwFbAPrmOJcs84Xx0Y1k0ZBXMmCn sXTYywj6l7Tk8FVED/njUXpC37h60lqrAUXQU1uvw9kR0D5/vNN38ZB+uQ+iyrPaVyXmgvo/p+7 E7LgEygjtzyR17Pg0IZiMqnSBjuMvP9k4rwHVFGGoDT5A== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156301958116600 Content-Type: text/plain; charset="utf-8" From: Krystian Hebel The code comes from [1] and is licensed under GPL-2.0 license. The initial version was a combination of: - include/crypto/sha1.h - include/crypto/sha1_base.h - lib/crypto/sha1.c - crypto/sha1_generic.c Changes: - includes, formatting, naming - renames and splicing of some trivial functions that are called once - dropping of `int` return values (only zero was ever returned) - getting rid of references to `struct shash_desc` - getting rid of macros - getting rid of unnecessary function pointers [1]: https://github.com/torvalds/linux/tree/afdab700f65e14070d8ab92175544b1= c62b8bf03 Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/include/xen/sha1.h | 12 +++ xen/lib/Makefile | 1 + xen/lib/sha1.c | 218 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 231 insertions(+) create mode 100644 xen/include/xen/sha1.h create mode 100644 xen/lib/sha1.c diff --git a/xen/include/xen/sha1.h b/xen/include/xen/sha1.h new file mode 100644 index 0000000000..085f750a6a --- /dev/null +++ b/xen/include/xen/sha1.h @@ -0,0 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef XEN__SHA1_H +#define XEN__SHA1_H + +#include + +#define SHA1_DIGEST_SIZE 20 + +void sha1_hash(uint8_t digest[SHA1_DIGEST_SIZE], const void *msg, size_t l= en); + +#endif /* XEN__SHA1_H */ diff --git a/xen/lib/Makefile b/xen/lib/Makefile index 5ccb1e5241..fd4b9ece63 100644 --- a/xen/lib/Makefile +++ b/xen/lib/Makefile @@ -17,6 +17,7 @@ lib-y +=3D memset.o lib-y +=3D muldiv64.o lib-y +=3D parse-size.o lib-y +=3D rbtree.o +lib-$(CONFIG_X86) +=3D sha1.o lib-$(CONFIG_X86) +=3D sha2-256.o lib-y +=3D sort.o lib-y +=3D strcasecmp.o diff --git a/xen/lib/sha1.c b/xen/lib/sha1.c new file mode 100644 index 0000000000..c7a464e2cf --- /dev/null +++ b/xen/lib/sha1.c @@ -0,0 +1,218 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * SHA1 routine optimized to do word accesses rather than byte accesses, + * and to avoid unnecessary copies into the context array. + * + * This was based on the git SHA1 implementation. + */ + +#include +#include +#include +#include +#include + +/* + * If you have 32 registers or more, the compiler can (and should) + * try to change the array[] accesses into registers. However, on + * machines with less than ~25 registers, that won't really work, + * and at least GCC will make an unholy mess of it. + * + * So to avoid that mess which just slows things down, we force + * the stores to memory to actually happen (we might be better off + * with a 'W(t)=3D(val);asm("":"+m" (W(t))' there instead, as + * suggested by Artur Skawina - that will also make GCC unable to + * try to do the silly "optimize away loads" part because it won't + * see what the value will be). + * + * Ben Herrenschmidt reports that on PPC, the C version comes close + * to the optimized asm with this (ie on PPC you don't want that + * 'volatile', since there are lots of registers). + * + * On ARM we get the best code generation by forcing a full memory barrier + * between each SHA round, otherwise GCC happily gets wild with spilling a= nd + * the stack frame size simply explode and performance goes down the drain. + */ + +#define SHA1_BLOCK_SIZE 64 +#define SHA1_WORKSPACE_WORDS 16 +#define SHA1_WORKSPACE_MASK (SHA1_WORKSPACE_WORDS - 1) + +struct sha1_state { + uint32_t state[SHA1_DIGEST_SIZE / 4]; + uint64_t count; + uint8_t buffer[SHA1_BLOCK_SIZE]; +}; + +/* This "rolls" over the 512-bit array */ +static void set_w(uint32_t w[SHA1_WORKSPACE_WORDS], size_t i, uint32_t val) +{ +#ifdef CONFIG_X86 + *(volatile uint32_t *)&w[i & SHA1_WORKSPACE_MASK] =3D val; +#else + w[i & SHA1_WORKSPACE_MASK] =3D val; +# ifdef CONFIG_ARM + barrier(); +# endif +#endif +} + +static uint32_t blend(const uint32_t w[SHA1_WORKSPACE_WORDS], size_t i) +{ +/* This "rolls" over the 512-bit array */ +#define w(i) w[(i) & SHA1_WORKSPACE_MASK] + + return rol32(w(i + 13) ^ w(i + 8) ^ w(i + 2) ^ w(i), 1); + +#undef w +} + +/** + * sha1_transform - single block SHA1 transform + * + * @digest: 160 bit digest to update + * @data: 512 bits of data to hash + * + * This function executes SHA-1's internal compression function. It updat= es the + * 160-bit internal state (@digest) with a single 512-bit data block (@dat= a). + */ +static void sha1_transform(uint32_t *digest, const uint8_t *data) +{ + uint32_t a, b, c, d, e, t; + uint32_t workspace[SHA1_WORKSPACE_WORDS]; + unsigned int i =3D 0; + + a =3D digest[0]; + b =3D digest[1]; + c =3D digest[2]; + d =3D digest[3]; + e =3D digest[4]; + + /* Round 1 - iterations 0-16 take their input from 'data' */ + for ( ; i < 16; ++i ) { + t =3D get_unaligned_be32((uint32_t *)data + i); + set_w(workspace, i, t); + e +=3D t + rol32(a, 5) + (((c ^ d) & b) ^ d) + 0x5a827999U; + b =3D ror32(b, 2); + t =3D e; e =3D d; d =3D c; c =3D b; b =3D a; a =3D t; + } + + /* Round 1 - tail. Input from 512-bit mixing array */ + for ( ; i < 20; ++i ) { + t =3D blend(workspace, i); + set_w(workspace, i, t); + e +=3D t + rol32(a, 5) + (((c ^ d) & b) ^ d) + 0x5a827999U; + b =3D ror32(b, 2); + t =3D e; e =3D d; d =3D c; c =3D b; b =3D a; a =3D t; + } + + /* Round 2 */ + for ( ; i < 40; ++i ) { + t =3D blend(workspace, i); + set_w(workspace, i, t); + e +=3D t + rol32(a, 5) + (b ^ c ^ d) + 0x6ed9eba1U; + b =3D ror32(b, 2); + t =3D e; e =3D d; d =3D c; c =3D b; b =3D a; a =3D t; + } + + /* Round 3 */ + for ( ; i < 60; ++i ) { + t =3D blend(workspace, i); + set_w(workspace, i, t); + e +=3D t + rol32(a, 5) + ((b & c) + (d & (b ^ c))) + 0x8f1bbcdcU; + b =3D ror32(b, 2); + t =3D e; e =3D d; d =3D c; c =3D b; b =3D a; a =3D t; + } + + /* Round 4 */ + for ( ; i < 80; ++i ) { + t =3D blend(workspace, i); + set_w(workspace, i, t); + e +=3D t + rol32(a, 5) + (b ^ c ^ d) + 0xca62c1d6U; + b =3D ror32(b, 2); + t =3D e; e =3D d; d =3D c; c =3D b; b =3D a; a =3D t; + } + + digest[0] +=3D a; + digest[1] +=3D b; + digest[2] +=3D c; + digest[3] +=3D d; + digest[4] +=3D e; +} + +static void sha1_init(struct sha1_state *sctx) +{ + sctx->state[0] =3D 0x67452301UL; + sctx->state[1] =3D 0xefcdab89UL; + sctx->state[2] =3D 0x98badcfeUL; + sctx->state[3] =3D 0x10325476UL; + sctx->state[4] =3D 0xc3d2e1f0UL; + sctx->count =3D 0; +} + +static void sha1_update(struct sha1_state *sctx, const uint8_t *msg, size_= t len) +{ + unsigned int partial =3D sctx->count % SHA1_BLOCK_SIZE; + + sctx->count +=3D len; + + if ( (partial + len) >=3D SHA1_BLOCK_SIZE ) + { + if ( partial ) + { + int rem =3D SHA1_BLOCK_SIZE - partial; + + memcpy(sctx->buffer + partial, msg, rem); + msg +=3D rem; + len -=3D rem; + + sha1_transform(sctx->state, sctx->buffer); + } + + for ( ; len >=3D SHA1_BLOCK_SIZE; len -=3D SHA1_BLOCK_SIZE ) + { + sha1_transform(sctx->state, msg); + msg +=3D SHA1_BLOCK_SIZE; + } + partial =3D 0; + } + + /* Remaining data becomes partial. */ + memcpy(sctx->buffer + partial, msg, len); +} + +static void sha1_final(struct sha1_state *sctx, void *out) +{ + const int bit_offset =3D SHA1_BLOCK_SIZE - sizeof(__be64); + __be64 *bits =3D (__be64 *)(sctx->buffer + bit_offset); + unsigned int partial =3D sctx->count % SHA1_BLOCK_SIZE; + + __be32 *digest =3D out; + unsigned int i; + + sctx->buffer[partial++] =3D 0x80; + if ( partial > bit_offset ) + { + memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial); + partial =3D 0; + + sha1_transform(sctx->state, sctx->buffer); + } + + memset(sctx->buffer + partial, 0x0, bit_offset - partial); + *bits =3D cpu_to_be64(sctx->count << 3); + sha1_transform(sctx->state, sctx->buffer); + + /* Store state in digest */ + for ( i =3D 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++ ) + put_unaligned_be32(sctx->state[i], &digest[i]); +} + +void sha1_hash(uint8_t digest[SHA1_DIGEST_SIZE], const void *msg, size_t l= en) +{ + struct sha1_state sctx; + + sha1_init(&sctx); + sha1_update(&sctx, msg, len); + sha1_final(&sctx, digest); +} --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156326; cv=none; d=zohomail.com; s=zohoarc; b=KQnDjqLRmnX+rwbXzoXMVdrMVqKrgjv5QakxPZPLMW3/dgvKYKbYsg7pQUMPe9TRt77rVUkJuRGDJ2Os5DKUzQcUobuTxE2vQNjohzwRX5y9s/TAwx9qtCqk8PC0pjngTg1zb6vcbl5cDNe040g5lxwmyjYImIWhWdKOmGrVgyE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156326; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=tAF8MJmpMWjqKcWifvElHKEthlFJuOL3Tg/f8utxyvY=; b=gDGhB5H2Pi++sndHlM730GxwWNgkgyq0/Klg2fH1+Sfie1/z0lyElT6aM78M8UvJmw6w+bLLj/5mRoVBO9Bu9kkwVs6x1EPEy+qvQY55TmPQ830cElq0ylQls4YuM3Jv4nR4iZWWeB6SBtcE/DlGkiewNJHqnjs34LGUojkoAeM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156326590116.83457783577171; Tue, 13 May 2025 10:12:06 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983328.1369713 (Exim 4.92) (envelope-from ) id 1uEtAZ-0006Mf-PQ; Tue, 13 May 2025 17:11:55 +0000 Received: by outflank-mailman (output) from mailman id 983328.1369713; Tue, 13 May 2025 17:11:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtAZ-0006MV-LP; Tue, 13 May 2025 17:11:55 +0000 Received: by outflank-mailman (input) for mailman id 983328; Tue, 13 May 2025 17:11:54 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5h-0003Uz-FN for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:53 +0000 Received: from 3.mo560.mail-out.ovh.net (3.mo560.mail-out.ovh.net [46.105.58.226]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id a9a4ef0a-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:06:51 +0200 (CEST) Received: from director1.ghost.mail-out.ovh.net (unknown [10.108.25.134]) by mo560.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZ30Ry5z2Cc3 for ; Tue, 13 May 2025 17:06:51 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-rfbhs (unknown [10.111.174.252]) by director1.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 5E67C1FE80; Tue, 13 May 2025 17:06:50 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.114]) by ghost-submission-5b5ff79f4f-rfbhs with ESMTPSA id y5GpByp8I2gnCwAAJFuK+A (envelope-from ); Tue, 13 May 2025 17:06:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a9a4ef0a-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-114S00839dca217-85b7-48ce-9f56-8c503f8e75ef, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 10/22] x86/tpm.c: code for early hashing and extending PCRs (for TPM1.2) Date: Tue, 13 May 2025 20:05:47 +0300 Message-ID: <71a2b0627989af93c95dc9e3ba87a9f2d5df3941.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8947245087207961756 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeffjefgudevkeetudegueeihfdthfejgfeileekuefggeegtdegveehfeehfeefueenucffohhmrghinhepsggrshgvrdhmrghppdhhvggrugdrshgsnecukfhppeduvdejrddtrddtrddupddujeeirdduuddurddukedurddujeekpdefjedrheelrddugedvrdduudegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheeitdgmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=tAF8MJmpMWjqKcWifvElHKEthlFJuOL3Tg/f8utxyvY=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156011; v=1; b=LN6L2DF9O8BUbj8fNRP041yzNsQHKGWO1vbxx86CzQjmlxdu9V75zjWvwJ1rQnIiL8H1d1Ks xT17EE/a8V8zpeK+7nE3rG5d36mUYKJZo7OPQPEZSHfmOIcYzLm9WM5nOBB4L/ltu1kZg58W7bp XDdgmxFDtSxOJo2/uqtYC3wfyPhc19oF41bYty+AsgmzOCSor14JUj4qZI7be1IO7lglqT0RyB1 vDVLnCNH9cBk54ie4TSAgczxSSI5yZGKaX1owUjbsIeo6gTonSeARngzRIAJtsE8/bupLA+nk1d lP+sGCiNNMqehXZMVc5hgR/r88KRmI+ugTW/muoKJXEjQ== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156327593116600 Content-Type: text/plain; charset="utf-8" From: Krystian Hebel This file is built twice: for early 32b mode without paging to measure MBI and for 64b code to measure dom0 kernel and initramfs. Since MBI is small, the first case uses TPM to do the hashing. Kernel and initramfs on the other hand are too big, sending them to the TPM would take multiple minutes. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile | 1 + xen/arch/x86/boot/Makefile | 7 +- xen/arch/x86/boot/head.S | 3 + xen/arch/x86/include/asm/slaunch.h | 14 + xen/arch/x86/include/asm/tpm.h | 19 ++ xen/arch/x86/slaunch.c | 7 +- xen/arch/x86/tpm.c | 437 +++++++++++++++++++++++++++++ 7 files changed, 486 insertions(+), 2 deletions(-) create mode 100644 xen/arch/x86/include/asm/tpm.h create mode 100644 xen/arch/x86/tpm.c diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 6f15c5a87a..2527a1909c 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -66,6 +66,7 @@ obj-y +=3D spec_ctrl.o obj-y +=3D srat.o obj-y +=3D string.o obj-y +=3D time.o +obj-y +=3D tpm.o obj-y +=3D traps-setup.o obj-y +=3D traps.o obj-$(CONFIG_INTEL) +=3D tsx.o diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index 5471b966dd..55fbe155b6 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -6,6 +6,7 @@ obj32 :=3D cmdline.32.o obj32 +=3D reloc.32.o obj32 +=3D reloc-trampoline.32.o obj32 +=3D slaunch-early.32.o +obj32 +=3D tpm-early.32.o =20 obj64 :=3D reloc-trampoline.o =20 @@ -31,6 +32,10 @@ $(obj)/%.32.o: $(src)/%.c FORCE =20 $(obj)/slaunch-early.32.o: XEN_CFLAGS +=3D -D__EARLY_SLAUNCH__ =20 +$(obj)/tpm-early.32.o: XEN_CFLAGS +=3D -D__EARLY_SLAUNCH__ +$(obj)/tpm-early.32.o: $(src)/../tpm.c FORCE + $(call if_changed_rule,cc_o_c) + orphan-handling-$(call ld-option,--orphan-handling=3Derror) :=3D --orphan-= handling=3Derror LDFLAGS_DIRECT-$(call ld-option,--warn-rwx-segments) :=3D --no-warn-rwx-se= gments LDFLAGS_DIRECT +=3D $(LDFLAGS_DIRECT-y) @@ -84,7 +89,7 @@ cmd_combine =3D \ --bin1 $(obj)/built-in-32.base.bin \ --bin2 $(obj)/built-in-32.offset.bin \ --map $(obj)/built-in-32.base.map \ - --exports cmdline_parse_early,reloc,reloc_trampoline32,sla= unch_early_init \ + --exports cmdline_parse_early,reloc,reloc_trampoline32,sla= unch_early_init,tpm_extend_mbi \ --output $@ =20 targets +=3D built-in-32.S diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index b4cf423c80..9a272155e9 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -527,6 +527,9 @@ __start: /* Store MBI address in EBX where MB2 code expects it. */ mov %eax, %ebx =20 + /* tpm_extend_mbi(mbi/eax, slrt/edx) using fastcall. */ + call tpm_extend_mbi + /* Move magic number expected by Multiboot 2 to EAX and fall throu= gh. */ movl $MULTIBOOT2_BOOTLOADER_MAGIC, %eax =20 diff --git a/xen/arch/x86/include/asm/slaunch.h b/xen/arch/x86/include/asm/= slaunch.h index ddc1bd2361..4ff1f9c7d5 100644 --- a/xen/arch/x86/include/asm/slaunch.h +++ b/xen/arch/x86/include/asm/slaunch.h @@ -10,6 +10,20 @@ #include #include =20 +#define DRTM_LOC 2 +#define DRTM_CODE_PCR 17 +#define DRTM_DATA_PCR 18 + +/* + * Secure Launch event log entry types. The TXT specification defines the = base + * event value as 0x400 for DRTM values, use it regardless of the DRTM for + * consistency. + */ +#define DLE_EVTYPE_BASE 0x400 +#define DLE_EVTYPE_SLAUNCH (DLE_EVTYPE_BASE + 0x102) +#define DLE_EVTYPE_SLAUNCH_START (DLE_EVTYPE_BASE + 0x103) +#define DLE_EVTYPE_SLAUNCH_END (DLE_EVTYPE_BASE + 0x104) + /* Indicates an active Secure Launch boot. */ extern bool slaunch_active; =20 diff --git a/xen/arch/x86/include/asm/tpm.h b/xen/arch/x86/include/asm/tpm.h new file mode 100644 index 0000000000..a3c9e24b8f --- /dev/null +++ b/xen/arch/x86/include/asm/tpm.h @@ -0,0 +1,19 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#ifndef ASM__X86__TPM_H +#define ASM__X86__TPM_H + +#include + +#define TPM_TIS_BASE 0xfed40000U +#define TPM_TIS_SIZE 0x00010000U + +void tpm_hash_extend(unsigned loc, unsigned pcr, const uint8_t *buf, + unsigned size, uint32_t type, const uint8_t *log_data, + unsigned log_data_size); + +#endif /* ASM__X86__TPM_H */ diff --git a/xen/arch/x86/slaunch.c b/xen/arch/x86/slaunch.c index ac3b43942b..5f91fe5ad0 100644 --- a/xen/arch/x86/slaunch.c +++ b/xen/arch/x86/slaunch.c @@ -13,6 +13,7 @@ #include #include #include +#include =20 /* * These variables are assigned to by the code near Xen's entry point. @@ -66,16 +67,20 @@ struct slr_table *__init slaunch_get_slrt(void) =20 void __init slaunch_map_mem_regions(void) { + int rc; void *evt_log_addr; uint32_t evt_log_size; =20 + rc =3D slaunch_map_l2(TPM_TIS_BASE, TPM_TIS_SIZE); + BUG_ON(rc !=3D 0); + /* Vendor-specific part. */ txt_map_mem_regions(); =20 find_evt_log(slaunch_get_slrt(), &evt_log_addr, &evt_log_size); if ( evt_log_addr !=3D NULL ) { - int rc =3D slaunch_map_l2((uintptr_t)evt_log_addr, evt_log_size); + rc =3D slaunch_map_l2((uintptr_t)evt_log_addr, evt_log_size); BUG_ON(rc !=3D 0); } } diff --git a/xen/arch/x86/tpm.c b/xen/arch/x86/tpm.c new file mode 100644 index 0000000000..7fb19ce4fa --- /dev/null +++ b/xen/arch/x86/tpm.c @@ -0,0 +1,437 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright (c) 2022-2025 3mdeb Sp. z o.o. All rights reserved. + */ + +#include +#include +#include +#include +#include +#include + +#ifdef __EARLY_SLAUNCH__ + +#ifdef __va +#error "__va defined in non-paged mode!" +#endif + +#define __va(x) _p(x) + +/* Implementation of slaunch_get_slrt() for early TPM code. */ +static uint32_t slrt_location; +struct slr_table *slaunch_get_slrt(void) +{ + return __va(slrt_location); +} + +/* + * The code is being compiled as a standalone binary without linking to any + * other part of Xen. Providing implementation of builtin functions in th= is + * case is necessary if compiler chooses to not use an inline builtin. + */ +void *(memcpy)(void *dest, const void *src, size_t n) +{ + const uint8_t *s =3D src; + uint8_t *d =3D dest; + + while ( n-- ) + *d++ =3D *s++; + + return dest; +} + +#else /* __EARLY_SLAUNCH__ */ + +#include +#include + +#endif /* __EARLY_SLAUNCH__ */ + +#define TPM_LOC_REG(loc, reg) (0x1000 * (loc) + (reg)) + +#define TPM_ACCESS_(x) TPM_LOC_REG(x, 0x00) +#define ACCESS_REQUEST_USE (1 << 1) +#define ACCESS_ACTIVE_LOCALITY (1 << 5) +#define TPM_INTF_CAPABILITY_(x) TPM_LOC_REG(x, 0x14) +#define INTF_VERSION_MASK 0x70000000 +#define TPM_STS_(x) TPM_LOC_REG(x, 0x18) +#define TPM_FAMILY_MASK 0x0C000000 +#define STS_DATA_AVAIL (1 << 4) +#define STS_TPM_GO (1 << 5) +#define STS_COMMAND_READY (1 << 6) +#define STS_VALID (1 << 7) +#define TPM_DATA_FIFO_(x) TPM_LOC_REG(x, 0x24) + +#define swap16(x) __builtin_bswap16(x) +#define swap32(x) __builtin_bswap32(x) + +static inline volatile uint32_t tis_read32(unsigned reg) +{ + return *(volatile uint32_t *)__va(TPM_TIS_BASE + reg); +} + +static inline volatile uint8_t tis_read8(unsigned reg) +{ + return *(volatile uint8_t *)__va(TPM_TIS_BASE + reg); +} + +static inline void tis_write8(unsigned reg, uint8_t val) +{ + *(volatile uint8_t *)__va(TPM_TIS_BASE + reg) =3D val; +} + +static inline void request_locality(unsigned loc) +{ + tis_write8(TPM_ACCESS_(loc), ACCESS_REQUEST_USE); + /* Check that locality was actually activated. */ + while ( (tis_read8(TPM_ACCESS_(loc)) & ACCESS_ACTIVE_LOCALITY) =3D=3D = 0 ); +} + +static inline void relinquish_locality(unsigned loc) +{ + tis_write8(TPM_ACCESS_(loc), ACCESS_ACTIVE_LOCALITY); +} + +static void send_cmd(unsigned loc, uint8_t *buf, unsigned i_size, + unsigned *o_size) +{ + /* + * Value of "data available" bit counts only when "valid" field is set= as + * well. + */ + const unsigned data_avail =3D STS_VALID | STS_DATA_AVAIL; + + unsigned i; + + /* Make sure TPM can accept a command. */ + if ( (tis_read8(TPM_STS_(loc)) & STS_COMMAND_READY) =3D=3D 0 ) + { + /* Abort current command. */ + tis_write8(TPM_STS_(loc), STS_COMMAND_READY); + /* Wait until TPM is ready for a new one. */ + while ( (tis_read8(TPM_STS_(loc)) & STS_COMMAND_READY) =3D=3D 0 ); + } + + for ( i =3D 0; i < i_size; i++ ) + tis_write8(TPM_DATA_FIFO_(loc), buf[i]); + + tis_write8(TPM_STS_(loc), STS_TPM_GO); + + /* Wait for the first byte of response. */ + while ( (tis_read8(TPM_STS_(loc)) & data_avail) !=3D data_avail); + + for ( i =3D 0; i < *o_size && tis_read8(TPM_STS_(loc)) & data_avail; i= ++ ) + buf[i] =3D tis_read8(TPM_DATA_FIFO_(loc)); + + if ( i < *o_size ) + *o_size =3D i; + + tis_write8(TPM_STS_(loc), STS_COMMAND_READY); +} + +static inline bool is_tpm12(void) +{ + /* + * If one of these conditions is true: + * - INTF_CAPABILITY_x.interfaceVersion is 0 (TIS <=3D 1.21) + * - INTF_CAPABILITY_x.interfaceVersion is 2 (TIS =3D=3D 1.3) + * - STS_x.tpmFamily is 0 + * we're dealing with TPM1.2. + */ + uint32_t intf_version =3D tis_read32(TPM_INTF_CAPABILITY_(0)) + & INTF_VERSION_MASK; + return (intf_version =3D=3D 0x00000000 || intf_version =3D=3D 0x200000= 00 || + (tis_read32(TPM_STS_(0)) & TPM_FAMILY_MASK) =3D=3D 0); +} + +/****************************** TPM1.2 specific **************************= *****/ +#define TPM_ORD_Extend 0x00000014 +#define TPM_ORD_SHA1Start 0x000000A0 +#define TPM_ORD_SHA1Update 0x000000A1 +#define TPM_ORD_SHA1CompleteExtend 0x000000A3 + +#define TPM_TAG_RQU_COMMAND 0x00C1 +#define TPM_TAG_RSP_COMMAND 0x00C4 + +/* All fields of following structs are big endian. */ +struct tpm_cmd_hdr { + uint16_t tag; + uint32_t paramSize; + uint32_t ordinal; +} __packed; + +struct tpm_rsp_hdr { + uint16_t tag; + uint32_t paramSize; + uint32_t returnCode; +} __packed; + +struct extend_cmd { + struct tpm_cmd_hdr h; + uint32_t pcrNum; + uint8_t inDigest[SHA1_DIGEST_SIZE]; +} __packed; + +struct extend_rsp { + struct tpm_rsp_hdr h; + uint8_t outDigest[SHA1_DIGEST_SIZE]; +} __packed; + +struct sha1_start_cmd { + struct tpm_cmd_hdr h; +} __packed; + +struct sha1_start_rsp { + struct tpm_rsp_hdr h; + uint32_t maxNumBytes; +} __packed; + +struct sha1_update_cmd { + struct tpm_cmd_hdr h; + uint32_t numBytes; /* Must be a multiple of 64 */ + uint8_t hashData[]; +} __packed; + +struct sha1_update_rsp { + struct tpm_rsp_hdr h; +} __packed; + +struct sha1_complete_extend_cmd { + struct tpm_cmd_hdr h; + uint32_t pcrNum; + uint32_t hashDataSize; /* 0-64, inclusive */ + uint8_t hashData[]; +} __packed; + +struct sha1_complete_extend_rsp { + struct tpm_rsp_hdr h; + uint8_t hashValue[SHA1_DIGEST_SIZE]; + uint8_t outDigest[SHA1_DIGEST_SIZE]; +} __packed; + +struct TPM12_PCREvent { + uint32_t PCRIndex; + uint32_t Type; + uint8_t Digest[SHA1_DIGEST_SIZE]; + uint32_t Size; + uint8_t Data[]; +}; + +struct txt_ev_log_container_12 { + char Signature[20]; /* "TXT Event Container", null-termina= ted */ + uint8_t Reserved[12]; + uint8_t ContainerVerMajor; + uint8_t ContainerVerMinor; + uint8_t PCREventVerMajor; + uint8_t PCREventVerMinor; + uint32_t ContainerSize; /* Allocated size */ + uint32_t PCREventsOffset; + uint32_t NextEventOffset; + struct TPM12_PCREvent PCREvents[]; +}; + +#ifdef __EARLY_SLAUNCH__ +/* + * TPM1.2 is required to support commands of up to 1101 bytes, vendors rar= ely + * go above that. Limit maximum size of block of data to be hashed to 1024. + */ +#define MAX_HASH_BLOCK 1024 +#define CMD_RSP_BUF_SIZE (sizeof(struct sha1_update_cmd) + MAX_HASH_BLO= CK) + +union cmd_rsp { + struct sha1_start_cmd start_c; + struct sha1_start_rsp start_r; + struct sha1_update_cmd update_c; + struct sha1_update_rsp update_r; + struct sha1_complete_extend_cmd finish_c; + struct sha1_complete_extend_rsp finish_r; + uint8_t buf[CMD_RSP_BUF_SIZE]; +}; + +/* Returns true on success. */ +static bool tpm12_hash_extend(unsigned loc, const uint8_t *buf, unsigned s= ize, + unsigned pcr, uint8_t *out_digest) +{ + union cmd_rsp cmd_rsp; + unsigned max_bytes =3D MAX_HASH_BLOCK; + unsigned o_size =3D sizeof(cmd_rsp); + bool success =3D false; + + request_locality(loc); + + cmd_rsp.start_c =3D (struct sha1_start_cmd) { + .h.tag =3D swap16(TPM_TAG_RQU_COMMAND), + .h.paramSize =3D swap32(sizeof(struct sha1_start_cmd)), + .h.ordinal =3D swap32(TPM_ORD_SHA1Start), + }; + + send_cmd(loc, cmd_rsp.buf, sizeof(struct sha1_start_cmd), &o_size); + if ( o_size < sizeof(struct sha1_start_rsp) ) + goto error; + + if ( max_bytes > swap32(cmd_rsp.start_r.maxNumBytes) ) + max_bytes =3D swap32(cmd_rsp.start_r.maxNumBytes); + + while ( size > 64 ) + { + if ( size < max_bytes ) + max_bytes =3D size & ~(64 - 1); + + o_size =3D sizeof(cmd_rsp); + + cmd_rsp.update_c =3D (struct sha1_update_cmd){ + .h.tag =3D swap16(TPM_TAG_RQU_COMMAND), + .h.paramSize =3D swap32(sizeof(struct sha1_update_cmd) + max_b= ytes), + .h.ordinal =3D swap32(TPM_ORD_SHA1Update), + .numBytes =3D swap32(max_bytes), + }; + memcpy(cmd_rsp.update_c.hashData, buf, max_bytes); + + send_cmd(loc, cmd_rsp.buf, sizeof(struct sha1_update_cmd) + max_by= tes, + &o_size); + if ( o_size < sizeof(struct sha1_update_rsp) ) + goto error; + + size -=3D max_bytes; + buf +=3D max_bytes; + } + + o_size =3D sizeof(cmd_rsp); + + cmd_rsp.finish_c =3D (struct sha1_complete_extend_cmd) { + .h.tag =3D swap16(TPM_TAG_RQU_COMMAND), + .h.paramSize =3D swap32(sizeof(struct sha1_complete_extend_cmd) + = size), + .h.ordinal =3D swap32(TPM_ORD_SHA1CompleteExtend), + .pcrNum =3D swap32(pcr), + .hashDataSize =3D swap32(size), + }; + memcpy(cmd_rsp.finish_c.hashData, buf, size); + + send_cmd(loc, cmd_rsp.buf, sizeof(struct sha1_complete_extend_cmd) + s= ize, + &o_size); + if ( o_size < sizeof(struct sha1_complete_extend_rsp) ) + goto error; + + if ( out_digest !=3D NULL ) + memcpy(out_digest, cmd_rsp.finish_r.hashValue, SHA1_DIGEST_SIZE); + + success =3D true; + +error: + relinquish_locality(loc); + return success; +} + +#else + +union cmd_rsp { + struct extend_cmd extend_c; + struct extend_rsp extend_r; +}; + +/* Returns true on success. */ +static bool tpm12_hash_extend(unsigned loc, const uint8_t *buf, unsigned s= ize, + unsigned pcr, uint8_t *out_digest) +{ + union cmd_rsp cmd_rsp; + unsigned o_size =3D sizeof(cmd_rsp); + + sha1_hash(out_digest, buf, size); + + request_locality(loc); + + cmd_rsp.extend_c =3D (struct extend_cmd) { + .h.tag =3D swap16(TPM_TAG_RQU_COMMAND), + .h.paramSize =3D swap32(sizeof(struct extend_cmd)), + .h.ordinal =3D swap32(TPM_ORD_Extend), + .pcrNum =3D swap32(pcr), + }; + + memcpy(cmd_rsp.extend_c.inDigest, out_digest, SHA1_DIGEST_SIZE); + + send_cmd(loc, (uint8_t *)&cmd_rsp, sizeof(struct extend_cmd), &o_size); + + relinquish_locality(loc); + + return (o_size >=3D sizeof(struct extend_rsp)); +} + +#endif /* __EARLY_SLAUNCH__ */ + +static void *create_log_event12(struct txt_ev_log_container_12 *evt_log, + uint32_t evt_log_size, uint32_t pcr, + uint32_t type, const uint8_t *data, + unsigned data_size) +{ + struct TPM12_PCREvent *new_entry; + + new_entry =3D (void *)(((uint8_t *)evt_log) + evt_log->NextEventOffset= ); + + /* + * Check if there is enough space left for new entry. + * Note: it is possible to introduce a gap in event log if entry with = big + * data_size is followed by another entry with smaller data. Maybe we = should + * cap the event log size in such case? + */ + if ( evt_log->NextEventOffset + sizeof(struct TPM12_PCREvent) + data_s= ize + > evt_log_size ) + return NULL; + + evt_log->NextEventOffset +=3D sizeof(struct TPM12_PCREvent) + data_siz= e; + + new_entry->PCRIndex =3D pcr; + new_entry->Type =3D type; + new_entry->Size =3D data_size; + + if ( data && data_size > 0 ) + memcpy(new_entry->Data, data, data_size); + + return new_entry->Digest; +} + +/************************** end of TPM1.2 specific ***********************= *****/ + +void tpm_hash_extend(unsigned loc, unsigned pcr, const uint8_t *buf, + unsigned size, uint32_t type, const uint8_t *log_data, + unsigned log_data_size) +{ + void *evt_log_addr; + uint32_t evt_log_size; + + find_evt_log(slaunch_get_slrt(), &evt_log_addr, &evt_log_size); + evt_log_addr =3D __va((uintptr_t)evt_log_addr); + + if ( is_tpm12() ) + { + uint8_t sha1_digest[SHA1_DIGEST_SIZE]; + + struct txt_ev_log_container_12 *evt_log =3D evt_log_addr; + void *entry_digest =3D create_log_event12(evt_log, evt_log_size, p= cr, + type, log_data, log_data_s= ize); + + /* We still need to write computed hash somewhere. */ + if ( entry_digest =3D=3D NULL ) + entry_digest =3D sha1_digest; + + if ( !tpm12_hash_extend(loc, buf, size, pcr, entry_digest) ) + { +#ifndef __EARLY_SLAUNCH__ + printk(XENLOG_ERR "Extending PCR%u failed\n", pcr); +#endif + } + } +} + +#ifdef __EARLY_SLAUNCH__ +void asmlinkage tpm_extend_mbi(uint32_t *mbi, uint32_t slrt_pa) +{ + /* Need this to implement slaunch_get_slrt() for early TPM code. */ + slrt_location =3D slrt_pa; + + /* MBI starts with uint32_t total_size. */ + tpm_hash_extend(DRTM_LOC, DRTM_DATA_PCR, (uint8_t *)mbi, *mbi, + DLE_EVTYPE_SLAUNCH, NULL, 0); +} +#endif --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156374; cv=none; d=zohomail.com; s=zohoarc; b=SzJKv/udLoU43dIHXIBk6hNZGyj4xomrzSCik1lot+u72ywqegq/3bjZ5FpKsnbHo7BW2BrgxcCHD5FaMPHjW8zUnae5zf9gNdazJAiIvJEXMVxUW7LttCpiLOSNiGUct95izKITJPah+jUVHwKiAtshblduKpUXdpuWnAX3fl8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156374; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=vbZBG6/p+HYIHnA6JUFYr41EnuLF4cyFkDoUUxgDG/o=; b=AA4KOlCmH1983IhA7excPTTm/KrayDPasP8NX/NsHgQrK30RmHUIetDisHXyFFiC9UQ6BIjyoxgQKiMqDrwlobqWc0dCJbE+N/BwdFqcBVBgpCGyjP0p32kDLvGaW0jYSpOLphRVH46FtNQzwTae/ECLDmhC0E6Y+s1K8Ksworw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156374179556.1755290194079; Tue, 13 May 2025 10:12:54 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983350.1369742 (Exim 4.92) (envelope-from ) id 1uEtAy-0007ze-P9; Tue, 13 May 2025 17:12:20 +0000 Received: by outflank-mailman (output) from mailman id 983350.1369742; Tue, 13 May 2025 17:12:20 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtAy-0007zV-MJ; Tue, 13 May 2025 17:12:20 +0000 Received: by outflank-mailman (input) for mailman id 983350; Tue, 13 May 2025 17:12:18 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5k-0003Mm-KV for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:56 +0000 Received: from 11.mo582.mail-out.ovh.net (11.mo582.mail-out.ovh.net [188.165.38.119]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id ab8a2f5d-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:06:54 +0200 (CEST) Received: from director3.ghost.mail-out.ovh.net (unknown [10.108.2.12]) by mo582.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZ61R8Kz1brL for ; Tue, 13 May 2025 17:06:54 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-2gpcv (unknown [10.111.182.17]) by director3.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 2BD2C1FE87; Tue, 13 May 2025 17:06:52 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.113]) by ghost-submission-5b5ff79f4f-2gpcv with ESMTPSA id 1iptLix8I2ieNAEA044U2Q (envelope-from ); Tue, 13 May 2025 17:06:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ab8a2f5d-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-113S0078bba96bf-254c-4876-8416-b850069c454a, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Ross Philipson , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 11/22] x86/tpm.c: support extending PCRs of TPM2.0 Date: Tue, 13 May 2025 20:05:48 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8948089511957214364 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpedvhfehudekhfevieefffefvdefjeeggeekuefhgeehjeehgfeiieekjeeliefhffenucffohhmrghinhepuhhpuggrthgvpggtrdgurghtrgdpfhhinhhishhhpggtrdgurghtrgenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddufeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehkedvmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=vbZBG6/p+HYIHnA6JUFYr41EnuLF4cyFkDoUUxgDG/o=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156014; v=1; b=FIu7dLI4W1LZbILNxEVqcCVxsmFY/GCmIg0aHWR2m8CPULbgmLSkrqG5XJZ2RVL6yaWl1rC4 AjCkW9MwM7asUflH9DwARbb0iuELe1xrg/gDSFMPNoVENmTbzgITiTfTwzqFJeskf09MWCLQslk useGRLkmX0qf3xlFFHTHyhUBhR4UwKReKTFUB1Lbd7Tf8RHqrbYpViiiofskTDi2C/5jjTA6Riz IgkTDZEebkBgV6zvMQDlxN32Wsl9TUVGdWkb2i3Y3iqoEf68fKDhtQdSL8JCKU4bTMb633lPIPC VjUg8B75j26b1dt1ir+4CZAWs5cEU1dW3NxDbqmhSJgZQ== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156375218019000 Content-Type: text/plain; charset="utf-8" SHA1 and SHA256 are hard-coded here, but their support by the TPM is checked. Addition of event log for TPM2.0 will generalize the code further. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/tpm.c | 464 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 452 insertions(+), 12 deletions(-) diff --git a/xen/arch/x86/tpm.c b/xen/arch/x86/tpm.c index 7fb19ce4fa..ed49fe3ccf 100644 --- a/xen/arch/x86/tpm.c +++ b/xen/arch/x86/tpm.c @@ -5,6 +5,7 @@ */ =20 #include +#include #include #include #include @@ -31,6 +32,15 @@ struct slr_table *slaunch_get_slrt(void) * other part of Xen. Providing implementation of builtin functions in th= is * case is necessary if compiler chooses to not use an inline builtin. */ +void *(memset)(void *s, int c, size_t n) +{ + uint8_t *d =3D s; + + while ( n-- ) + *d++ =3D c; + + return s; +} void *(memcpy)(void *dest, const void *src, size_t n) { const uint8_t *s =3D src; @@ -146,14 +156,15 @@ static inline bool is_tpm12(void) (tis_read32(TPM_STS_(0)) & TPM_FAMILY_MASK) =3D=3D 0); } =20 -/****************************** TPM1.2 specific **************************= *****/ -#define TPM_ORD_Extend 0x00000014 -#define TPM_ORD_SHA1Start 0x000000A0 -#define TPM_ORD_SHA1Update 0x000000A1 -#define TPM_ORD_SHA1CompleteExtend 0x000000A3 +/****************************** TPM1.2 & TPM2.0 **************************= *****/ =20 -#define TPM_TAG_RQU_COMMAND 0x00C1 -#define TPM_TAG_RSP_COMMAND 0x00C4 +/* + * TPM1.2 is required to support commands of up to 1101 bytes, vendors rar= ely + * go above that. Limit maximum size of block of data to be hashed to 1024. + * + * TPM2.0 should support hashing of at least 1024 bytes. + */ +#define MAX_HASH_BLOCK 1024 =20 /* All fields of following structs are big endian. */ struct tpm_cmd_hdr { @@ -168,6 +179,17 @@ struct tpm_rsp_hdr { uint32_t returnCode; } __packed; =20 +/****************************** TPM1.2 specific **************************= *****/ + +#define TPM_ORD_Extend 0x00000014 +#define TPM_ORD_SHA1Start 0x000000A0 +#define TPM_ORD_SHA1Update 0x000000A1 +#define TPM_ORD_SHA1CompleteExtend 0x000000A3 + +#define TPM_TAG_RQU_COMMAND 0x00C1 +#define TPM_TAG_RSP_COMMAND 0x00C4 + +/* All fields of following structs are big endian. */ struct extend_cmd { struct tpm_cmd_hdr h; uint32_t pcrNum; @@ -233,11 +255,6 @@ struct txt_ev_log_container_12 { }; =20 #ifdef __EARLY_SLAUNCH__ -/* - * TPM1.2 is required to support commands of up to 1101 bytes, vendors rar= ely - * go above that. Limit maximum size of block of data to be hashed to 1024. - */ -#define MAX_HASH_BLOCK 1024 #define CMD_RSP_BUF_SIZE (sizeof(struct sha1_update_cmd) + MAX_HASH_BLO= CK) =20 union cmd_rsp { @@ -393,6 +410,400 @@ static void *create_log_event12(struct txt_ev_log_con= tainer_12 *evt_log, =20 /************************** end of TPM1.2 specific ***********************= *****/ =20 +/****************************** TPM2.0 specific **************************= *****/ + +/* + * These constants are for TPM2.0 but don't have a distinct prefix to match + * names in the specification. + */ + +#define TPM_HT_PCR 0x00 + +#define TPM_RH_NULL 0x40000007 +#define TPM_RS_PW 0x40000009 + +#define HR_SHIFT 24 +#define HR_PCR (TPM_HT_PCR << HR_SHIFT) + +#define TPM_ST_NO_SESSIONS 0x8001 +#define TPM_ST_SESSIONS 0x8002 + +#define TPM_ALG_SHA1 0x0004 +#define TPM_ALG_SHA256 0x000b +#define TPM_ALG_NULL 0x0010 + +#define TPM2_PCR_Extend 0x00000182 +#define TPM2_PCR_HashSequenceStart 0x00000186 +#define TPM2_PCR_SequenceUpdate 0x0000015C +#define TPM2_PCR_EventSequenceComplete 0x00000185 + +#define PUT_BYTES(p, bytes, size) do { \ + memcpy((p), (bytes), (size)); \ + (p) +=3D (size); \ + } while ( 0 ) + +#define PUT_16BIT(p, data) do { \ + *(uint16_t *)(p) =3D swap16(data); \ + (p) +=3D 2; \ + } while ( 0 ) + +/* All fields of following structs are big endian. */ +struct tpm2_session_header { + uint32_t handle; + uint16_t nonceSize; + uint8_t nonce[0]; + uint8_t attrs; + uint16_t hmacSize; + uint8_t hmac[0]; +} __packed; + +struct tpm2_extend_cmd { + struct tpm_cmd_hdr h; + uint32_t pcrHandle; + uint32_t sessionHdrSize; + struct tpm2_session_header pcrSession; + uint32_t hashCount; + uint8_t hashes[0]; +} __packed; + +struct tpm2_extend_rsp { + struct tpm_rsp_hdr h; +} __packed; + +struct tpm2_sequence_start_cmd { + struct tpm_cmd_hdr h; + uint16_t hmacSize; + uint8_t hmac[0]; + uint16_t hashAlg; +} __packed; + +struct tpm2_sequence_start_rsp { + struct tpm_rsp_hdr h; + uint32_t sequenceHandle; +} __packed; + +struct tpm2_sequence_update_cmd { + struct tpm_cmd_hdr h; + uint32_t sequenceHandle; + uint32_t sessionHdrSize; + struct tpm2_session_header session; + uint16_t dataSize; + uint8_t data[0]; +} __packed; + +struct tpm2_sequence_update_rsp { + struct tpm_rsp_hdr h; +} __packed; + +struct tpm2_sequence_complete_cmd { + struct tpm_cmd_hdr h; + uint32_t pcrHandle; + uint32_t sequenceHandle; + uint32_t sessionHdrSize; + struct tpm2_session_header pcrSession; + struct tpm2_session_header sequenceSession; + uint16_t dataSize; + uint8_t data[0]; +} __packed; + +struct tpm2_sequence_complete_rsp { + struct tpm_rsp_hdr h; + uint32_t paramSize; + uint32_t hashCount; + uint8_t hashes[0]; + /* + * Each hash is represented as: + * struct { + * uint16_t hashAlg; + * uint8_t hash[size of hashAlg]; + * }; + */ +} __packed; + +/* + * These two structure are for convenience, they don't correspond to anyth= ing in + * any spec. + */ +struct tpm2_log_hash { + uint16_t alg; /* TPM_ALG_* */ + uint16_t size; + uint8_t *data; /* Non-owning reference to a buffer inside log entry. */ +}; +/* Should be more than enough for now and awhile in the future. */ +#define MAX_HASH_COUNT 8 +struct tpm2_log_hashes { + uint32_t count; + struct tpm2_log_hash hashes[MAX_HASH_COUNT]; +}; + +#ifdef __EARLY_SLAUNCH__ + +union tpm2_cmd_rsp { + uint8_t b[sizeof(struct tpm2_sequence_update_cmd) + MAX_HASH_BLOCK]; + struct tpm_cmd_hdr c; + struct tpm_rsp_hdr r; + struct tpm2_sequence_start_cmd start_c; + struct tpm2_sequence_start_rsp start_r; + struct tpm2_sequence_update_cmd update_c; + struct tpm2_sequence_update_rsp update_r; + struct tpm2_sequence_complete_cmd finish_c; + struct tpm2_sequence_complete_rsp finish_r; +}; + +static uint32_t tpm2_hash_extend(unsigned loc, const uint8_t *buf, + unsigned size, unsigned pcr, + struct tpm2_log_hashes *log_hashes) +{ + uint32_t seq_handle; + unsigned max_bytes =3D MAX_HASH_BLOCK; + + union tpm2_cmd_rsp cmd_rsp; + unsigned o_size; + unsigned i; + uint8_t *p; + uint32_t rc; + + cmd_rsp.start_c =3D (struct tpm2_sequence_start_cmd) { + .h.tag =3D swap16(TPM_ST_NO_SESSIONS), + .h.paramSize =3D swap32(sizeof(cmd_rsp.start_c)), + .h.ordinal =3D swap32(TPM2_PCR_HashSequenceStart), + .hashAlg =3D swap16(TPM_ALG_NULL), /* Compute all supported hashes= . */ + }; + + request_locality(loc); + + o_size =3D sizeof(cmd_rsp); + send_cmd(loc, cmd_rsp.b, swap32(cmd_rsp.c.paramSize), &o_size); + + if ( cmd_rsp.r.tag =3D=3D swap16(TPM_ST_NO_SESSIONS) && + cmd_rsp.r.paramSize =3D=3D swap32(10) ) + { + rc =3D swap32(cmd_rsp.r.returnCode); + if ( rc !=3D 0 ) + goto error; + } + + seq_handle =3D swap32(cmd_rsp.start_r.sequenceHandle); + + while ( size > 64 ) + { + if ( size < max_bytes ) + max_bytes =3D size & ~(64 - 1); + + cmd_rsp.update_c =3D (struct tpm2_sequence_update_cmd) { + .h.tag =3D swap16(TPM_ST_SESSIONS), + .h.paramSize =3D swap32(sizeof(cmd_rsp.update_c) + max_bytes), + .h.ordinal =3D swap32(TPM2_PCR_SequenceUpdate), + .sequenceHandle =3D swap32(seq_handle), + .sessionHdrSize =3D swap32(sizeof(struct tpm2_session_header)), + .session.handle =3D swap32(TPM_RS_PW), + .dataSize =3D swap16(max_bytes), + }; + + memcpy(cmd_rsp.update_c.data, buf, max_bytes); + + o_size =3D sizeof(cmd_rsp); + send_cmd(loc, cmd_rsp.b, swap32(cmd_rsp.c.paramSize), &o_size); + + if ( cmd_rsp.r.tag =3D=3D swap16(TPM_ST_NO_SESSIONS) && + cmd_rsp.r.paramSize =3D=3D swap32(10) ) + { + rc =3D swap32(cmd_rsp.r.returnCode); + if ( rc !=3D 0 ) + goto error; + } + + size -=3D max_bytes; + buf +=3D max_bytes; + } + + cmd_rsp.finish_c =3D (struct tpm2_sequence_complete_cmd) { + .h.tag =3D swap16(TPM_ST_SESSIONS), + .h.paramSize =3D swap32(sizeof(cmd_rsp.finish_c) + size), + .h.ordinal =3D swap32(TPM2_PCR_EventSequenceComplete), + .pcrHandle =3D swap32(HR_PCR + pcr), + .sequenceHandle =3D swap32(seq_handle), + .sessionHdrSize =3D swap32(sizeof(struct tpm2_session_header)*2), + .pcrSession.handle =3D swap32(TPM_RS_PW), + .sequenceSession.handle =3D swap32(TPM_RS_PW), + .dataSize =3D swap16(size), + }; + + memcpy(cmd_rsp.finish_c.data, buf, size); + + o_size =3D sizeof(cmd_rsp); + send_cmd(loc, cmd_rsp.b, swap32(cmd_rsp.c.paramSize), &o_size); + + if ( cmd_rsp.r.tag =3D=3D swap16(TPM_ST_NO_SESSIONS) && + cmd_rsp.r.paramSize =3D=3D swap32(10) ) + { + rc =3D swap32(cmd_rsp.r.returnCode); + if ( rc !=3D 0 ) + goto error; + } + + p =3D cmd_rsp.finish_r.hashes; + for ( i =3D 0; i < swap32(cmd_rsp.finish_r.hashCount); ++i ) + { + unsigned j; + uint16_t hash_type; + + hash_type =3D swap16(*(uint16_t *)p); + p +=3D sizeof(uint16_t); + + for ( j =3D 0; j < log_hashes->count; ++j ) + { + struct tpm2_log_hash *hash =3D &log_hashes->hashes[j]; + if ( hash->alg =3D=3D hash_type ) + { + memcpy(hash->data, p, hash->size); + p +=3D hash->size; + break; + } + } + + if ( j =3D=3D log_hashes->count ) + /* Can't continue parsing without knowing hash size. */ + break; + } + + rc =3D 0; + +error: + relinquish_locality(loc); + return rc; +} + +#else + +union tpm2_cmd_rsp { + /* Enough space for multiple hashes. */ + uint8_t b[sizeof(struct tpm2_extend_cmd) + 1024]; + struct tpm_cmd_hdr c; + struct tpm_rsp_hdr r; + struct tpm2_extend_cmd extend_c; + struct tpm2_extend_rsp extend_r; +}; + +static uint32_t tpm20_pcr_extend(unsigned loc, uint32_t pcr_handle, + const struct tpm2_log_hashes *log_hashes) +{ + union tpm2_cmd_rsp cmd_rsp; + unsigned o_size; + unsigned i; + uint8_t *p; + + cmd_rsp.extend_c =3D (struct tpm2_extend_cmd) { + .h.tag =3D swap16(TPM_ST_SESSIONS), + .h.ordinal =3D swap32(TPM2_PCR_Extend), + .pcrHandle =3D swap32(pcr_handle), + .sessionHdrSize =3D swap32(sizeof(struct tpm2_session_header)), + .pcrSession.handle =3D swap32(TPM_RS_PW), + .hashCount =3D swap32(log_hashes->count), + }; + + p =3D cmd_rsp.extend_c.hashes; + for ( i =3D 0; i < log_hashes->count; ++i ) + { + const struct tpm2_log_hash *hash =3D &log_hashes->hashes[i]; + + if ( p + sizeof(uint16_t) + hash->size > &cmd_rsp.b[sizeof(cmd_rsp= )] ) + { + printk(XENLOG_ERR "Hit TPM message size implementation limit: = %ld\n", + sizeof(cmd_rsp)); + return -1; + } + + *(uint16_t *)p =3D swap16(hash->alg); + p +=3D sizeof(uint16_t); + + memcpy(p, hash->data, hash->size); + p +=3D hash->size; + } + + /* Fill in command size (size of the whole buffer). */ + cmd_rsp.extend_c.h.paramSize =3D swap32(sizeof(cmd_rsp.extend_c) + + (p - cmd_rsp.extend_c.hashes)), + + o_size =3D sizeof(cmd_rsp); + send_cmd(loc, cmd_rsp.b, swap32(cmd_rsp.c.paramSize), &o_size); + + return swap32(cmd_rsp.r.returnCode); +} + +static bool tpm_supports_hash(unsigned loc, const struct tpm2_log_hash *ha= sh) +{ + uint32_t rc; + struct tpm2_log_hashes hashes =3D { + .count =3D 1, + .hashes[0] =3D *hash, + }; + + /* + * This is a valid way of checking hash support, using it to not imple= ment + * TPM2_GetCapability(). + */ + rc =3D tpm20_pcr_extend(loc, /*pcr_handle=3D*/TPM_RH_NULL, &hashes); + + return rc =3D=3D 0; +} + +static uint32_t tpm2_hash_extend(unsigned loc, const uint8_t *buf, + unsigned size, unsigned pcr, + const struct tpm2_log_hashes *log_hashes) +{ + uint32_t rc; + unsigned i; + struct tpm2_log_hashes supported_hashes =3D {0}; + + request_locality(loc); + + for ( i =3D 0; i < log_hashes->count; ++i ) + { + const struct tpm2_log_hash *hash =3D &log_hashes->hashes[i]; + if ( !tpm_supports_hash(loc, hash) ) + { + printk(XENLOG_WARNING "Skipped hash unsupported by TPM: %d\n", + hash->alg); + continue; + } + + if ( hash->alg =3D=3D TPM_ALG_SHA1 ) + { + sha1_hash(hash->data, buf, size); + } + else if ( hash->alg =3D=3D TPM_ALG_SHA256 ) + { + sha2_256_digest(hash->data, buf, size); + } + else + { + /* This is called "OneDigest" in TXT Software Development Guid= e. */ + memset(hash->data, 0, size); + hash->data[0] =3D 1; + } + + if ( supported_hashes.count =3D=3D MAX_HASH_COUNT ) + { + printk(XENLOG_ERR "Hit hash count implementation limit: %d\n", + MAX_HASH_COUNT); + return -1; + } + + supported_hashes.hashes[supported_hashes.count] =3D *hash; + ++supported_hashes.count; + } + + rc =3D tpm20_pcr_extend(loc, HR_PCR + pcr, &supported_hashes); + relinquish_locality(loc); + + return rc; +} + +#endif /* __EARLY_SLAUNCH__ */ + +/************************** end of TPM2.0 specific ***********************= *****/ + void tpm_hash_extend(unsigned loc, unsigned pcr, const uint8_t *buf, unsigned size, uint32_t type, const uint8_t *log_data, unsigned log_data_size) @@ -419,6 +830,35 @@ void tpm_hash_extend(unsigned loc, unsigned pcr, const= uint8_t *buf, { #ifndef __EARLY_SLAUNCH__ printk(XENLOG_ERR "Extending PCR%u failed\n", pcr); +#endif + } + } else { + uint8_t sha1_digest[SHA1_DIGEST_SIZE]; + uint8_t sha256_digest[SHA2_256_DIGEST_SIZE]; + uint32_t rc; + + struct tpm2_log_hashes log_hashes =3D { + .count =3D 2, + .hashes =3D { + { + .alg =3D TPM_ALG_SHA1, + .size =3D SHA1_DIGEST_SIZE, + .data =3D sha1_digest, + }, + { + .alg =3D TPM_ALG_SHA256, + .size =3D SHA2_256_DIGEST_SIZE, + .data =3D sha256_digest, + }, + }, + }; + + rc =3D tpm2_hash_extend(loc, buf, size, pcr, &log_hashes); + if ( rc !=3D 0 ) + { +#ifndef __EARLY_SLAUNCH__ + printk(XENLOG_ERR "Extending PCR%u failed with TPM error: 0x%0= 8x\n", + pcr, rc); #endif } } --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156250; cv=none; d=zohomail.com; s=zohoarc; b=CDhxipJchsrkTbcNaXmUf8tDsuvfrazLLDMlppfvRAF97orbYjK+3HMvmergPFp007Sc1ySACn4M910IgE8bqN19YKu3pw8KSHCEXpxwriyLom4pPVQ5GcxE4B5N4rRNRxG9Wv3zGcs2XpgixOlE4IzJy3CMIJx9oxA0akb0mfU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156250; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=QnIKAND7PaaYiBZpdm/P7GTarwHPzvaPJ5XCEeh+pOQ=; b=aIWqJ7w8JZpNSAi6O4Y5X111v2xtRGX+3cmSc7wF+imOzJFP7fHtwjgXi5/GAtpE+229YM/RgW4dbpVBQ2qtfvYd89F7l8UWDqBqWAOtWdKH0DtpvjTivvaTqpVEzHeTMd6zqni97ZceI41iRPHIKXitu2S5ZZjLGtlvVuuw1yY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156250372497.27858030246637; Tue, 13 May 2025 10:10:50 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983245.1369606 (Exim 4.92) (envelope-from ) id 1uEt9M-0000XT-A0; Tue, 13 May 2025 17:10:40 +0000 Received: by outflank-mailman (output) from mailman id 983245.1369606; Tue, 13 May 2025 17:10:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt9M-0000W0-66; Tue, 13 May 2025 17:10:40 +0000 Received: by outflank-mailman (input) for mailman id 983245; Tue, 13 May 2025 17:10:38 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5n-0003Uz-2u for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:06:59 +0000 Received: from 1.mo575.mail-out.ovh.net (1.mo575.mail-out.ovh.net [46.105.41.146]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ad499f14-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:06:57 +0200 (CEST) Received: from director10.ghost.mail-out.ovh.net (unknown [10.108.17.234]) by mo575.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZ903vYz1sPK for ; Tue, 13 May 2025 17:06:56 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-frdbc (unknown [10.110.118.120]) by director10.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 53D9C1FE02; Tue, 13 May 2025 17:06:56 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.114]) by ghost-submission-5b5ff79f4f-frdbc with ESMTPSA id zV6+ADB8I2jomQcAYR2MaQ (envelope-from ); Tue, 13 May 2025 17:06:56 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ad499f14-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-114S00879e9d5e9-aa55-4b5a-911e-f42410b055f4, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 12/22] x86/hvm: check for VMX in SMX if Slaunch is active Date: Tue, 13 May 2025 20:05:49 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8948652463133537436 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhggtgfgsehtkeertdertdejnecuhfhrohhmpefuvghrghhiihcuffhmhihtrhhukhcuoehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomheqnecuggftrfgrthhtvghrnhepgeekffeiiedtveekhfdugeffveeigefgleegvdeghefftdetheefueeliedukedvnecukfhppeduvdejrddtrddtrddupddujeeirdduuddurddukedurddujeekpdefjedrheelrddugedvrdduudegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheejhegmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=QnIKAND7PaaYiBZpdm/P7GTarwHPzvaPJ5XCEeh+pOQ=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156017; v=1; b=VzxWWIYxhIyfqWtPHgEDUu+GFg49EFzsOGB3xjFxv8UTm08ad5Ir1uP3XX78Kfm7N/jGXYZC QWqrlcWUyU37SGZxEuJ72cF4Qq5sV169PW7JihtnDDOa2TZpwNdPSVo0f0JMU+ONlpP5EEwfYRt 2fKUVM4uM5DKQUEy4CkUdHJoq6NnBpEJVzOZiAdCQv5L4+OJ4InKO1+UA2wk+MaQSHEAXIFDleN 7N/bbyBR3nin47UZjjY53EVqHwpVd0RHkJOzZZ1xTAIf8TVl2l/u5SFAdRX9ZkB1eaOdN11XQli FN63Wo8gZetsyBPrmzNrZbERO/eersj7ia+9BYB2kWPpg== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156251038116600 From: Micha=C5=82 =C5=BBygowski Check whther IA32_FEATURE_CONTROL has the proper bits enabled to run VMX in SMX when slaunch is active. Signed-off-by: Micha=C5=82 =C5=BBygowski --- xen/arch/x86/hvm/vmx/vmcs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index a44475ae15..ef38903775 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -724,7 +725,7 @@ static int _vmx_cpu_up(bool bsp) bios_locked =3D !!(eax & IA32_FEATURE_CONTROL_LOCK); if ( bios_locked ) { - if ( !(eax & (tboot_in_measured_env() + if ( !(eax & (tboot_in_measured_env() || slaunch_active ? IA32_FEATURE_CONTROL_ENABLE_VMXON_INSIDE_SMX : IA32_FEATURE_CONTROL_ENABLE_VMXON_OUTSIDE_SMX)) ) { --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156261; cv=none; d=zohomail.com; s=zohoarc; b=CM8k43JqF0RBEdRCLxjVXqv8cGswEQ0pj7j1TlOx3Kesy28hCYgVlcfD+LP4vSRbVrFIwQb2sqSXzU1vYwpqSQ17kjgQPos5HK934rWluHMZ/7ViMPSi3r4fg+ATb9gMpnRWaffIGxvQDMyu1JfNjr5Vx1CuMTxqPqaiUAqzhpw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156261; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=zv064gKVpCT4u14nztfo5gjyl4d57jChW3ReE92Rvms=; b=MKGxioUrzWh5QEZmO5sEL75Ezt9B6YpAtZXSGHxevrzpmVUE4S9fhRnhtqWud07Gu7saV2Gaegokg3m/XKuKpOOiM1nLquuM/eTp4747GIdQN3qXHXN0gFnohVql5B9nsINn9tD06uHk/SH4gzERYTsI+3cWmpAUxWFRPDHasiQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156261313141.89014377212072; Tue, 13 May 2025 10:11:01 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983248.1369611 (Exim 4.92) (envelope-from ) id 1uEt9M-0000c2-L2; Tue, 13 May 2025 17:10:40 +0000 Received: by outflank-mailman (output) from mailman id 983248.1369611; Tue, 13 May 2025 17:10:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt9M-0000Zt-GT; Tue, 13 May 2025 17:10:40 +0000 Received: by outflank-mailman (input) for mailman id 983248; Tue, 13 May 2025 17:10:39 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5q-0003Uz-2M for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:02 +0000 Received: from 10.mo576.mail-out.ovh.net (10.mo576.mail-out.ovh.net [46.105.73.241]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id aedadc13-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:07:00 +0200 (CEST) Received: from director2.ghost.mail-out.ovh.net (unknown [10.109.176.96]) by mo576.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZC5nZ5z25NM for ; Tue, 13 May 2025 17:06:59 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-r9289 (unknown [10.111.174.38]) by director2.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 0EAB51FD9F; Tue, 13 May 2025 17:06:58 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.102]) by ghost-submission-5b5ff79f4f-r9289 with ESMTPSA id BqUzLzJ8I2geNAEAW9b/4w (envelope-from ); Tue, 13 May 2025 17:06:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: aedadc13-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-102R004bc407770-aa6c-47a9-8912-a5c517905175, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Ross Philipson , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 13/22] x86/tpm.c: implement event log for TPM2.0 Date: Tue, 13 May 2025 20:05:50 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8949496886597956764 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddtvdenucevlhhushhtvghrufhiiigvpeefnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehjeeimgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=zv064gKVpCT4u14nztfo5gjyl4d57jChW3ReE92Rvms=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156019; v=1; b=iS/E/9lBHuzdM+oyi/1VGkODzt2JG3MuXkqC3F9EYdPGvr0SfhGkHgeGSephf57lzpdjk2xQ j+SKHJO2leZo2RFJ26hM5MGrLRsKakDTCBgHY42jnE5BblLD+hjq9QwdurfZ+cPgl54joHL1+te FPxVc3MuPNYrd43XGiIt/aCFt698MGL94R5a5uRCTNMkjb1TFwuZg8+bkciqT6wtm8GSYmLTtGx I5ITMipDOMGSH7ZP75hJ7oCf5YEcx6tLymT1qfCO3Otpqmusrs+rM/CQDnFQdSvuCBi5p3qYyau kcoGjyBxB3h2LQBnulUeDcJI0fti7ob/MIZOfBLq2bSrA== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156263212116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/intel-txt.h | 33 ++++++ xen/arch/x86/tpm.c | 169 ++++++++++++++++++++++----- 2 files changed, 175 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h index f0ec580558..bc51d2d287 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -202,6 +202,39 @@ struct txt_sinit_mle_data { /* Ext Data Elements */ } __packed; =20 +/* Types of extended data. */ +#define TXT_HEAP_EXTDATA_TYPE_END 0 +#define TXT_HEAP_EXTDATA_TYPE_BIOS_SPEC_VER 1 +#define TXT_HEAP_EXTDATA_TYPE_ACM 2 +#define TXT_HEAP_EXTDATA_TYPE_STM 3 +#define TXT_HEAP_EXTDATA_TYPE_CUSTOM 4 +#define TXT_HEAP_EXTDATA_TYPE_MADT 6 +#define TXT_HEAP_EXTDATA_TYPE_EVENT_LOG_POINTER2_1 8 +#define TXT_HEAP_EXTDATA_TYPE_MCFG 9 +#define TXT_HEAP_EXTDATA_TYPE_TPR_REQ 13 +#define TXT_HEAP_EXTDATA_TYPE_DTPR 14 +#define TXT_HEAP_EXTDATA_TYPE_CEDT 15 + +/* + * Self-describing data structure that is used for extensions to TXT heap + * tables. + */ +struct txt_ext_data_element { + uint32_t type; /* One of TXT_HEAP_EXTDATA_TYPE_*. */ + uint32_t size; + uint8_t data[0]; /* size bytes. */ +} __packed; + +/* + * Extended data describing TPM 2.0 log. + */ +struct heap_event_log_pointer_element2_1 { + uint64_t physical_address; + uint32_t allocated_event_container_size; + uint32_t first_record_offset; + uint32_t next_record_offset; +} __packed; + /* * Functions to extract data from the Intel TXT Heap Memory. The layout * of the heap is as follows: diff --git a/xen/arch/x86/tpm.c b/xen/arch/x86/tpm.c index ed49fe3ccf..47a9edef50 100644 --- a/xen/arch/x86/tpm.c +++ b/xen/arch/x86/tpm.c @@ -536,6 +536,44 @@ struct tpm2_log_hashes { struct tpm2_log_hash hashes[MAX_HASH_COUNT]; }; =20 +struct tpm2_pcr_event_header { + uint32_t pcrIndex; + uint32_t eventType; + uint32_t digestCount; + uint8_t digests[0]; + /* + * Each hash is represented as: + * struct { + * uint16_t hashAlg; + * uint8_t hash[size of hashAlg]; + * }; + */ + /* uint32_t eventSize; */ + /* uint8_t event[0]; */ +} __packed; + +struct tpm2_digest_sizes { + uint16_t algId; + uint16_t digestSize; +} __packed; + +struct tpm2_spec_id_event { + uint32_t pcrIndex; + uint32_t eventType; + uint8_t digest[20]; + uint32_t eventSize; + uint8_t signature[16]; + uint32_t platformClass; + uint8_t specVersionMinor; + uint8_t specVersionMajor; + uint8_t specErrata; + uint8_t uintnSize; + uint32_t digestCount; + struct tpm2_digest_sizes digestSizes[0]; /* variable number of members= */ + /* uint8_t vendorInfoSize; */ + /* uint8_t vendorInfo[vendorInfoSize]; */ +} __packed; + #ifdef __EARLY_SLAUNCH__ =20 union tpm2_cmd_rsp { @@ -769,19 +807,11 @@ static uint32_t tpm2_hash_extend(unsigned loc, const = uint8_t *buf, } =20 if ( hash->alg =3D=3D TPM_ALG_SHA1 ) - { sha1_hash(hash->data, buf, size); - } else if ( hash->alg =3D=3D TPM_ALG_SHA256 ) - { sha2_256_digest(hash->data, buf, size); - } else - { - /* This is called "OneDigest" in TXT Software Development Guid= e. */ - memset(hash->data, 0, size); - hash->data[0] =3D 1; - } + /* create_log_event20() took care of initializing the digest. = */; =20 if ( supported_hashes.count =3D=3D MAX_HASH_COUNT ) { @@ -802,6 +832,102 @@ static uint32_t tpm2_hash_extend(unsigned loc, const = uint8_t *buf, =20 #endif /* __EARLY_SLAUNCH__ */ =20 +static struct heap_event_log_pointer_element2_1 *find_evt_log_ext_data(voi= d) +{ + struct txt_os_sinit_data *os_sinit; + struct txt_ext_data_element *ext_data; + + os_sinit =3D txt_os_sinit_data_start(__va(read_txt_reg(TXTCR_HEAP_BASE= ))); + ext_data =3D (void *)((uint8_t *)os_sinit + sizeof(*os_sinit)); + + /* + * Find TXT_HEAP_EXTDATA_TYPE_EVENT_LOG_POINTER2_1 which is necessary = to + * know where to put the next entry. + */ + while ( ext_data->type !=3D TXT_HEAP_EXTDATA_TYPE_END ) + { + if ( ext_data->type =3D=3D TXT_HEAP_EXTDATA_TYPE_EVENT_LOG_POINTER= 2_1 ) + break; + ext_data =3D (void *)&ext_data->data[ext_data->size]; + } + + if ( ext_data->type =3D=3D TXT_HEAP_EXTDATA_TYPE_END ) + return NULL; + + return (void *)&ext_data->data[0]; +} + +static struct tpm2_log_hashes +create_log_event20(struct tpm2_spec_id_event *evt_log, uint32_t evt_log_si= ze, + uint32_t pcr, uint32_t type, const uint8_t *data, + unsigned data_size) +{ + struct tpm2_log_hashes log_hashes =3D {0}; + + struct heap_event_log_pointer_element2_1 *log_ext_data; + struct tpm2_pcr_event_header *new_entry; + uint32_t entry_size; + unsigned i; + uint8_t *p; + + log_ext_data =3D find_evt_log_ext_data(); + if ( log_ext_data =3D=3D NULL ) + return log_hashes; + + entry_size =3D sizeof(*new_entry); + for ( i =3D 0; i < evt_log->digestCount; ++i ) + { + entry_size +=3D sizeof(uint16_t); /* hash type */ + entry_size +=3D evt_log->digestSizes[i].digestSize; + } + entry_size +=3D sizeof(uint32_t); /* data size field */ + entry_size +=3D data_size; + + /* + * Check if there is enough space left for new entry. + * Note: it is possible to introduce a gap in event log if entry with = big + * data_size is followed by another entry with smaller data. Maybe we = should + * cap the event log size in such case? + */ + if ( log_ext_data->next_record_offset + entry_size > evt_log_size ) + return log_hashes; + + new_entry =3D (void *)((uint8_t *)evt_log + log_ext_data->next_record_= offset); + log_ext_data->next_record_offset +=3D entry_size; + + new_entry->pcrIndex =3D pcr; + new_entry->eventType =3D type; + new_entry->digestCount =3D evt_log->digestCount; + + p =3D &new_entry->digests[0]; + for ( i =3D 0; i < evt_log->digestCount; ++i ) + { + uint16_t alg =3D evt_log->digestSizes[i].algId; + uint16_t size =3D evt_log->digestSizes[i].digestSize; + + *(uint16_t *)p =3D alg; + p +=3D sizeof(uint16_t); + + log_hashes.hashes[i].alg =3D alg; + log_hashes.hashes[i].size =3D size; + log_hashes.hashes[i].data =3D p; + p +=3D size; + + /* This is called "OneDigest" in TXT Software Development Guide. */ + memset(log_hashes.hashes[i].data, 0, size); + log_hashes.hashes[i].data[0] =3D 1; + } + log_hashes.count =3D evt_log->digestCount; + + *(uint32_t *)p =3D data_size; + p +=3D sizeof(uint32_t); + + if ( data && data_size > 0 ) + memcpy(p, data, data_size); + + return log_hashes; +} + /************************** end of TPM2.0 specific ***********************= *****/ =20 void tpm_hash_extend(unsigned loc, unsigned pcr, const uint8_t *buf, @@ -832,26 +958,15 @@ void tpm_hash_extend(unsigned loc, unsigned pcr, cons= t uint8_t *buf, printk(XENLOG_ERR "Extending PCR%u failed\n", pcr); #endif } - } else { - uint8_t sha1_digest[SHA1_DIGEST_SIZE]; - uint8_t sha256_digest[SHA2_256_DIGEST_SIZE]; + } + else + { uint32_t rc; =20 - struct tpm2_log_hashes log_hashes =3D { - .count =3D 2, - .hashes =3D { - { - .alg =3D TPM_ALG_SHA1, - .size =3D SHA1_DIGEST_SIZE, - .data =3D sha1_digest, - }, - { - .alg =3D TPM_ALG_SHA256, - .size =3D SHA2_256_DIGEST_SIZE, - .data =3D sha256_digest, - }, - }, - }; + struct tpm2_spec_id_event *evt_log =3D evt_log_addr; + struct tpm2_log_hashes log_hashes =3D + create_log_event20(evt_log, evt_log_size, pcr, type, log_data, + log_data_size); =20 rc =3D tpm2_hash_extend(loc, buf, size, pcr, &log_hashes); if ( rc !=3D 0 ) --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156324; cv=none; d=zohomail.com; s=zohoarc; b=jt7h4pr5etzWMuoTdMCzBurLn9kpZ522KWG2fI8AtKWk9TlgMzaLxj9fKD79luw4Mx/21NOazgY4Kls+dQqxr3ztBkFhiL/sCxoQTKj2nq6sGr/C4V6lq3mzLX9I3zlAYVg4kdgowO+cr+b0Axa5irvqDiycgQXkVwF2fooGg+Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156324; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=LFjLGOzbWGs49PySjNsQW0fv0Cb3jzfBKePmEV573e8=; b=jMRmxyT/u5YQscXAyhf9YPSSDVCWj61lKE/YhcI/Zc7LLQlRxkc/lB8Z660DWT5/zb8hzCwIfcUTcMyk0p3Ktl7lcEqYRm5L5CHWzNPjMZ3AF4ndKmyyQq0BDer+P1UQzVK1xZe7iMrVbZcoPix/81PW8E1zYGEu2HVGL2TKjVg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156324315240.0700357480839; Tue, 13 May 2025 10:12:04 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983322.1369703 (Exim 4.92) (envelope-from ) id 1uEtAU-0005t2-BQ; Tue, 13 May 2025 17:11:50 +0000 Received: by outflank-mailman (output) from mailman id 983322.1369703; Tue, 13 May 2025 17:11:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtAU-0005su-88; Tue, 13 May 2025 17:11:50 +0000 Received: by outflank-mailman (input) for mailman id 983322; Tue, 13 May 2025 17:11:48 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5t-0003Mm-Ls for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:05 +0000 Received: from 13.mo582.mail-out.ovh.net (13.mo582.mail-out.ovh.net [188.165.56.124]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id b0798e6e-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:07:02 +0200 (CEST) Received: from director7.ghost.mail-out.ovh.net (unknown [10.109.139.225]) by mo582.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZG3qKJz1f6K for ; Tue, 13 May 2025 17:07:02 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-tzcrg (unknown [10.110.118.108]) by director7.ghost.mail-out.ovh.net (Postfix) with ESMTPS id D9C691FD39; Tue, 13 May 2025 17:07:01 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.99]) by ghost-submission-5b5ff79f4f-tzcrg with ESMTPSA id /APTKjV8I2g1KAEAShSnmA (envelope-from ); Tue, 13 May 2025 17:07:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b0798e6e-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-99G00304773c23-a1d9-40a9-a6f8-85607a0d1f7b, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 14/22] x86/boot: choose AP stack based on APIC ID Date: Tue, 13 May 2025 20:05:51 +0300 Message-ID: <391ebc0e786cc94e2e558bfb91383705e8998b35.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8950341310297519260 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeevleeiheduleelgfelgeeiveetgeduhfehffefgffhledtvefhledvgfekfefhueenucffohhmrghinhephhgvrggurdhssgdpthhrrghmphholhhinhgvrdhssgdpgiekiegpieegrdhssgenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddrleelnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheekvdgmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=LFjLGOzbWGs49PySjNsQW0fv0Cb3jzfBKePmEV573e8=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156022; v=1; b=S4CmfvIlPVHOUxOBRXERak2n0KoEmq/QTHvFLaDEZGwxGkxEA6jb29CJ6y4iVxrpNtVWYJg0 vDQVc9nY8fUbCoyOyUBDoKAdVobWaDRsRbVBlYQxbdMFudZd3ijCPjpDVNwcD8zBR/UgFA08EEW lJXa2+YqinoEcRQ5YBXb0SmfMUgUufosT9AIdNOsZyFDBWtvZ7BE5/JItvg8ONh9iyU808kvuL+ kRtax6AzJCRRfVpmdfZ/psAnxAZSh85dhIGwZKjDCcSZFNec564dFhjbUXJS6KESgBzge2MvECe w+yZWgj5bPhdtP6CFF3q6/hGSx7++p0fQ9zK6erWt7s7Q== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156325047019000 Content-Type: text/plain; charset="utf-8" From: Krystian Hebel This is made as the first step of making parallel AP bring-up possible. It should be enough for pre-C code. Parallel AP bring-up is necessary because TXT by design releases all APs at once. In addition to that it reduces number of IPIs (and more importantly, delays between them) required to start all logical processors. This results in significant reduction of boot time, even when DRTM is not used, with performance gain growing with the number of logical CPUs. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/head.S | 1 + xen/arch/x86/boot/trampoline.S | 21 +++++++++++++++++++++ xen/arch/x86/boot/x86_64.S | 28 +++++++++++++++++++++++++++- xen/arch/x86/include/asm/apicdef.h | 4 ++++ xen/arch/x86/include/asm/msr-index.h | 3 +++ xen/arch/x86/setup.c | 7 +++++++ 6 files changed, 63 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 9a272155e9..7376fa85d5 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -8,6 +8,7 @@ #include #include #include +#include #include #include =20 diff --git a/xen/arch/x86/boot/trampoline.S b/xen/arch/x86/boot/trampoline.S index a92e399fbe..ed593acc46 100644 --- a/xen/arch/x86/boot/trampoline.S +++ b/xen/arch/x86/boot/trampoline.S @@ -71,6 +71,27 @@ trampoline_protmode_entry: mov $X86_CR4_PAE,%ecx mov %ecx,%cr4 =20 + /* + * Get APIC ID while we're in non-paged mode. Start by checking if + * x2APIC is enabled. + */ + mov $MSR_APIC_BASE, %ecx + rdmsr + test $APIC_BASE_EXTD, %eax + jnz .Lx2apic + + /* Not x2APIC, read from MMIO */ + and $APIC_BASE_ADDR_MASK, %eax + mov APIC_ID(%eax), %esp + shr $24, %esp + jmp 1f + +.Lx2apic: + mov $(MSR_X2APIC_FIRST + (APIC_ID >> MSR_X2APIC_SHIFT)), %ecx + rdmsr + mov %eax, %esp +1: + /* Load pagetable base register. */ mov $sym_offs(idle_pg_table),%eax add bootsym_rel(trampoline_xen_phys_start,4,%eax) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index 08ae97e261..ac33576d8f 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -15,7 +15,33 @@ ENTRY(__high_start) mov $XEN_MINIMAL_CR4,%rcx mov %rcx,%cr4 =20 - mov stack_start(%rip),%rsp + test %ebx,%ebx + cmovz stack_start(%rip), %rsp + jz .L_stack_set + + /* APs only: get stack base from APIC ID saved in %esp. */ + mov $-1, %rax + lea x86_cpu_to_apicid(%rip), %rcx +1: + add $1, %rax + cmp $NR_CPUS, %eax + jb 2f + hlt +2: + cmp %esp, (%rcx, %rax, 4) + jne 1b + + /* %eax is now Xen CPU index. */ + lea stack_base(%rip), %rcx + mov (%rcx, %rax, 8), %rsp + + test %rsp,%rsp + jnz 1f + hlt +1: + add $(STACK_SIZE - CPUINFO_sizeof), %rsp + +.L_stack_set: =20 /* Reset EFLAGS (subsumes CLI and CLD). */ pushq $0 diff --git a/xen/arch/x86/include/asm/apicdef.h b/xen/arch/x86/include/asm/= apicdef.h index 63dab01dde..e093a2aa3c 100644 --- a/xen/arch/x86/include/asm/apicdef.h +++ b/xen/arch/x86/include/asm/apicdef.h @@ -121,6 +121,10 @@ =20 #define MAX_IO_APICS 128 =20 +#ifndef __ASSEMBLY__ + extern bool x2apic_enabled; =20 +#endif /* !__ASSEMBLY__ */ + #endif diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/as= m/msr-index.h index 22d9e76e55..794cf44abe 100644 --- a/xen/arch/x86/include/asm/msr-index.h +++ b/xen/arch/x86/include/asm/msr-index.h @@ -169,6 +169,9 @@ #define MSR_X2APIC_FIRST 0x00000800 #define MSR_X2APIC_LAST 0x000008ff =20 +/* MSR offset can be obtained by shifting MMIO offset this number of bits = to the right. */ +#define MSR_X2APIC_SHIFT 4 + #define MSR_X2APIC_TPR 0x00000808 #define MSR_X2APIC_PPR 0x0000080a #define MSR_X2APIC_EOI 0x0000080b diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 479d2d744e..8e79d4be23 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -2096,6 +2096,7 @@ void asmlinkage __init noreturn __start_xen(void) */ if ( !pv_shim ) { + /* Separate loop to make parallel AP bringup possible. */ for_each_present_cpu ( i ) { /* Set up cpu_to_node[]. */ @@ -2103,6 +2104,12 @@ void asmlinkage __init noreturn __start_xen(void) /* Set up node_to_cpumask based on cpu_to_node[]. */ numa_add_cpu(i); =20 + if ( stack_base[i] =3D=3D NULL ) + stack_base[i] =3D cpu_alloc_stack(i); + } + + for_each_present_cpu ( i ) + { if ( (park_offline_cpus || num_online_cpus() < max_cpus) && !cpu_online(i) ) { --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156268; cv=none; d=zohomail.com; s=zohoarc; b=ePXT0G3gtp2BBvqUT998lqiVOqm/uKc9jLGRKTlg0k1zohPDpt6kCyFufA3O2Wvx7HW0+gEBS97jJG7BFzJr7O34EcBGlzk/dGR6tfIB+lg3znEDdOti5PFzS6DpBh1jMhHy7xpw19pBNa2SasaG2LCYX5jzeMU/XiUV/61OMR4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156268; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=v6gFLoGxI5ES25EOdUe8CFrJ+DdQzcda3zZtZ52Zkfg=; b=IERhfLn4At0ENcpqxaKv3peYhI9ReDsYk5oT2xxiCxL8D+jEdEbkrNWNEW7+RPwXPLgzrHjNLuhaOpPV4KgtreagmrHb0hv2G7DvxQq7t7/Bu+NnyZnmhcIrYO3DuWXTfsVVBRS/QdZ7rlPC62i9w2lnHaJarh1U2EUQIzLdMRo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156268459484.2549876452123; Tue, 13 May 2025 10:11:08 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983265.1369653 (Exim 4.92) (envelope-from ) id 1uEt9b-0002Ol-Q3; Tue, 13 May 2025 17:10:55 +0000 Received: by outflank-mailman (output) from mailman id 983265.1369653; Tue, 13 May 2025 17:10:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt9b-0002OR-Lp; Tue, 13 May 2025 17:10:55 +0000 Received: by outflank-mailman (input) for mailman id 983265; Tue, 13 May 2025 17:10:54 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5v-0003Mm-MA for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:07 +0000 Received: from 5.mo550.mail-out.ovh.net (5.mo550.mail-out.ovh.net [178.33.45.107]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id b2577972-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:07:06 +0200 (CEST) Received: from director1.ghost.mail-out.ovh.net (unknown [10.108.25.157]) by mo550.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZK4lbhz1ZM1 for ; Tue, 13 May 2025 17:07:05 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-tcckm (unknown [10.111.174.188]) by director1.ghost.mail-out.ovh.net (Postfix) with ESMTPS id A2E411FE80; Tue, 13 May 2025 17:07:04 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.101]) by ghost-submission-5b5ff79f4f-tcckm with ESMTPSA id y6nVFzh8I2iTAAAAAykbXw (envelope-from ); Tue, 13 May 2025 17:07:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b2577972-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-101G004fda5cd54-5ed0-4765-9b19-9543bb7b2daa, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 15/22] x86/smpboot.c: TXT AP bringup Date: Tue, 13 May 2025 20:05:52 +0300 Message-ID: <8319423a25ace730472a219593d6ddbf2cc05a3f.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8951185736398910620 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeeggeeuvddvtedtteevudejjeeitdefhfetkeeggeffffelfeeivdffudeltdeihfenucffohhmrghinhepthhrrghmphholhhinhgvrdhssgenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddtudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehhedtmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=v6gFLoGxI5ES25EOdUe8CFrJ+DdQzcda3zZtZ52Zkfg=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156025; v=1; b=C55d77izIIDdPTrW0zVla+Mu3KKFxdn76g52SXabSBEyNCJHRJK0neit0+90adLaZ5nQ10/5 Dz8tKevumWtyTJnd8p3OFxaQTbCSw585ctPfUKWlSMwP0mHPZXoQNMjOTJUgQcBsUgt7IsgAYKn tPRCWttbrkUH3LpjjorAqzQ6ehR+0iC3OVVW5JLLsxE2XNL+zrWFrTHlJI9nFEuAVbyoNz+8VqC AdjFKlEH0ZSFjgZrKnAST+FnWry86vyo7sSbvkVsR9F19yr/yqZKsOs5Nf+sEalSMvxK7Djbys7 rOtyqFexdS/7kPOcckzr1OiFmAGg1XYfeXyiayaN8mOiw== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156269045019000 Content-Type: text/plain; charset="utf-8" From: Krystian Hebel On Intel TXT, APs are started in one of two ways, depending on ACM which reports it in its information table. In both cases, all APs are started simultaneously after BSP requests them to do so. Two possible ways are: - GETSEC[WAKEUP] instruction, - MONITOR address. GETSEC[WAKEUP] requires versions >=3D 7 of SINIT to MLE Data, but there is no clear mapping of that version with regard to processor family and it's not known which CPUs actually use it. It could have been designed for TXT support on CPUs that lack MONITOR/MWAIT, because GETSEC[WAKEUP] seems to be more complicated, in software and hardware alike. This patch implements only MONITOR approach, GETSEC[WAKEUP] support will be added later once more details and means of testing are available and if there is a practical need for it. With this patch, every AP goes through assembly part, and only when in start_secondary() in C they re-enter MONITOR/MWAIT iff they are not the AP that was asked to boot. The same address is reused for simplicity, and on next wakeup call APs don't have to go through assembly part again (GDT, paging, stack setting). Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/trampoline.S | 19 ++++++++- xen/arch/x86/include/asm/intel-txt.h | 6 +++ xen/arch/x86/include/asm/processor.h | 1 + xen/arch/x86/smpboot.c | 63 ++++++++++++++++++++++++++++ 4 files changed, 88 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/boot/trampoline.S b/xen/arch/x86/boot/trampoline.S index ed593acc46..8cd9881828 100644 --- a/xen/arch/x86/boot/trampoline.S +++ b/xen/arch/x86/boot/trampoline.S @@ -58,6 +58,16 @@ GLOBAL(entry_SIPI16) ljmpl $BOOT_CS32,$bootsym_rel(trampoline_protmode_entry,6) =20 .code32 +GLOBAL(txt_ap_entry) + /* + * APs enter here in protected mode without paging. GDT is set in = JOIN + * structure, it points to trampoline_gdt. Interrupts are disabled= by + * TXT (including NMI and SMI), so IDT doesn't matter at this poin= t. + * The only missing point is telling that we are AP by saving non-= zero + * value in EBX. + */ + mov $1, %ebx + trampoline_protmode_entry: /* Set up a few descriptors: on entry only CS is guaranteed good. = */ mov $BOOT_DS,%eax @@ -143,7 +153,7 @@ start64: .word 0 idt_48: .word 0, 0, 0 # base =3D limit =3D 0 =20 -trampoline_gdt: +GLOBAL(trampoline_gdt) .word 0 /* 0x0000: unused (reused for GDTR) */ gdt_48: .word .Ltrampoline_gdt_end - trampoline_gdt - 1 @@ -154,6 +164,13 @@ gdt_48: .quad 0x00cf93000000ffff /* 0x0018: ring 0 data */ .quad 0x00009b000000ffff /* 0x0020: real-mode code @ BOOT_TRAMPO= LINE */ .quad 0x000093000000ffff /* 0x0028: real-mode data @ BOOT_TRAMPO= LINE */ + /* + * Intel TXT requires these two in exact order. This isn't compati= ble + * with order required by syscall, so we have duplicated entries... + * If order ever changes, update selector numbers in asm/intel-txt= .h. + */ + .quad 0x00cf9b000000ffff /* 0x0030: ring 0 code, 32-bit mode */ + .quad 0x00cf93000000ffff /* 0x0038: ring 0 data */ .Ltrampoline_gdt_end: =20 /* Relocations for trampoline Real Mode segments. */ diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h index bc51d2d287..5d76443d35 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -82,6 +82,9 @@ =20 #define SLAUNCH_BOOTLOADER_MAGIC 0x4c534254 =20 +#define TXT_AP_BOOT_CS 0x0030 +#define TXT_AP_BOOT_DS 0x0038 + #ifndef __ASSEMBLY__ =20 #include @@ -96,6 +99,9 @@ #define _txt(x) __va(x) #endif =20 +extern char txt_ap_entry[]; +extern uint32_t trampoline_gdt[]; + /* * Always use private space as some of registers are either read-only or n= ot * present in public space. diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/as= m/processor.h index 75af7ea3c4..9957e3cb9e 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -473,6 +473,7 @@ void set_in_mcu_opt_ctrl(uint32_t mask, uint32_t val); enum ap_boot_method { AP_BOOT_NORMAL, AP_BOOT_SKINIT, + AP_BOOT_TXT, }; extern enum ap_boot_method ap_boot_method; =20 diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c index 54207e6d88..5e53cce20b 100644 --- a/xen/arch/x86/smpboot.c +++ b/xen/arch/x86/smpboot.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -37,6 +38,7 @@ #include #include #include +#include #include #include #include @@ -325,6 +327,29 @@ void asmlinkage start_secondary(void *unused) */ unsigned int cpu =3D booting_cpu; =20 + if ( ap_boot_method =3D=3D AP_BOOT_TXT ) { + uint64_t misc_enable; + uint32_t my_apicid; + struct txt_sinit_mle_data *sinit_mle =3D + txt_sinit_mle_data_start(__va(read_txt_reg(TXTCR_HEAP_BASE))= ); + + /* TXT released us with MONITOR disabled in IA32_MISC_ENABLE. */ + rdmsrl(MSR_IA32_MISC_ENABLE, misc_enable); + wrmsrl(MSR_IA32_MISC_ENABLE, + misc_enable | MSR_IA32_MISC_ENABLE_MONITOR_ENABLE); + + /* get_apic_id() reads from x2APIC if it thinks it is enabled. */ + x2apic_ap_setup(); + my_apicid =3D get_apic_id(); + + while ( my_apicid !=3D x86_cpu_to_apicid[cpu] ) { + asm volatile ("monitor; xor %0,%0; mwait" + :: "a"(__va(sinit_mle->rlp_wakeup_addr)), "c"(0), + "d"(0) : "memory"); + cpu =3D booting_cpu; + } + } + /* Critical region without IDT or TSS. Any fault is deadly! */ =20 set_current(idle_vcpu[cpu]); @@ -421,6 +446,28 @@ void asmlinkage start_secondary(void *unused) startup_cpu_idle_loop(); } =20 +static int wake_aps_in_txt(void) +{ + struct txt_sinit_mle_data *sinit_mle =3D + txt_sinit_mle_data_start(__va(read_txt_reg(TXTCR_HEAP_BASE))= ); + uint32_t *wakeup_addr =3D __va(sinit_mle->rlp_wakeup_addr); + + uint32_t join[4] =3D { + trampoline_gdt[1], /* GDT limit */ + bootsym_phys(trampoline_gdt), /* GDT base */ + TXT_AP_BOOT_CS, /* CS selector, DS =3D CS+8 */ + bootsym_phys(txt_ap_entry) /* EIP */ + }; + + write_txt_reg(TXTCR_MLE_JOIN, __pa(join)); + + smp_mb(); + + *wakeup_addr =3D 1; + + return 0; +} + static int wakeup_secondary_cpu(int phys_apicid, unsigned long start_eip) { unsigned long send_status =3D 0, accept_status =3D 0; @@ -443,6 +490,9 @@ static int wakeup_secondary_cpu(int phys_apicid, unsign= ed long start_eip) if ( tboot_in_measured_env() && !tboot_wake_ap(phys_apicid, start_eip)= ) return 0; =20 + if ( ap_boot_method =3D=3D AP_BOOT_TXT ) + return wake_aps_in_txt(); + /* * Be paranoid about clearing APIC errors. */ @@ -1150,6 +1200,13 @@ static struct notifier_block cpu_smpboot_nfb =3D { =20 void __init smp_prepare_cpus(void) { + /* + * If the platform is performing a Secure Launch via TXT, secondary + * CPUs (APs) will need to be woken up in a TXT-specific way. + */ + if ( slaunch_active && boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTE= L ) + ap_boot_method =3D AP_BOOT_TXT; + register_cpu_notifier(&cpu_smpboot_nfb); =20 mtrr_aps_sync_begin(); @@ -1418,6 +1475,12 @@ void __init smp_cpus_done(void) =20 mtrr_save_state(); mtrr_aps_sync_end(); + + /* + * After the initial startup the DRTM-specific method for booting APs + * should not longer be used unless DRTM sequence is started again. + */ + ap_boot_method =3D AP_BOOT_NORMAL; } =20 void __init smp_intr_init(void) --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156248; cv=none; d=zohomail.com; s=zohoarc; b=AivhyJUp48esYYm1U2ayVqnA4mydAuDRVjvq+8aPBqccfncqnwkcs4nTAsPALBbI0glDmLpyiDQirF8NnuwOqNsMmxrGEV8u/NQYEKzXycQ7aMY05iYNcBhERNvlRlBEkImmZBJn+cWaGZXJVTZivmu0qq0fMJAa/P2JX+t8wwQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156248; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+X9Z9n8XXZ8AM34FtzeX1HW7feM15Wvjl9iFe+M3iTU=; b=SiczH7+zmh9AOrAjWGQZzHG0PsYdRt86j+HFPyddIl85oLGTm/u30TWOmaZWZ6SLeBjY6ebHy08nKLd1gYb6wX1jbxZS+HCkbwTjVpjRtrCKioJd6GuluwJs1YDwz8ZugSpu2W5CbtsJRaLl2S/L7MroNhnLgoC3+bUcYv0oA7o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156248487746.9610139647841; Tue, 13 May 2025 10:10:48 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983241.1369592 (Exim 4.92) (envelope-from ) id 1uEt9I-00008n-R8; Tue, 13 May 2025 17:10:36 +0000 Received: by outflank-mailman (output) from mailman id 983241.1369592; Tue, 13 May 2025 17:10:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt9I-00008g-Nk; Tue, 13 May 2025 17:10:36 +0000 Received: by outflank-mailman (input) for mailman id 983241; Tue, 13 May 2025 17:10:35 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt5z-0003Uz-Dp for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:11 +0000 Received: from 8.mo560.mail-out.ovh.net (8.mo560.mail-out.ovh.net [188.165.52.147]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id b492ec12-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:07:09 +0200 (CEST) Received: from director5.ghost.mail-out.ovh.net (unknown [10.109.140.28]) by mo560.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZP2y6Jz2CdG for ; Tue, 13 May 2025 17:07:09 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-5c66f (unknown [10.111.182.37]) by director5.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 4BD881FEB4; Tue, 13 May 2025 17:07:08 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.112]) by ghost-submission-5b5ff79f4f-5c66f with ESMTPSA id p/jHNjt8I2jCEgEA7ssCzg (envelope-from ); Tue, 13 May 2025 17:07:08 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b492ec12-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-112S006ec180afd-be19-4646-b988-8bc4965c371d, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: "Daniel P. Smith" , Ross Philipson , Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 16/22] x86/slaunch: process DRTM policy Date: Tue, 13 May 2025 20:05:53 +0300 Message-ID: <26b47bcf5103017dc997de49904066bedf079b00.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8952311634533528732 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddrudduvdenucevlhhushhtvghrufhiiigvpeegnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehiedtmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=+X9Z9n8XXZ8AM34FtzeX1HW7feM15Wvjl9iFe+M3iTU=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156029; v=1; b=MmlD4mpqZ0r3Esi9148NHEB4KN9xanhtz+1g8xQ2FCBSyJNtu1N9BMSpZVZCqelHnE7m6xvG JwVVDE7IzD8aiiInSzf03UzInwS1qie+1KLn/0CYZ33qz+h7gcQAueEmQaVYMFDHxq8Mt9pAiqf hWjGgxJ58fFmmaC1nySIGX9Yvd6DCE0yMA9VshgI5H9pOmhlF/t0ST19rr6jlkyYGueu3pXLBTQ BRS8rEb3zmb+LCRqyHHjVXPEaoSZYQWxhWC+DCYAdA93/Tndu2zRystIXqj80CnVsbyAyApycta DGPUDdUTJwPWYwEPsrqMZRFRiOo/V7Q5p4pw9I5TOs0xg== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156250856019000 Content-Type: text/plain; charset="utf-8" Go through entires in the DRTM policy of SLRT to hash and extend data that they describe into corresponding PCRs. Addresses are being zeroed on measuring platform-specific data to prevent measurements from changing when the only thing that has changed is an address. Addresses can vary due to bootloader, firmware or user doing something differently or just if GRUB gets bigger in size due to inclusion of more modules and ends up offsetting newly allocated memory. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/slaunch.h | 14 ++ xen/arch/x86/setup.c | 15 ++ xen/arch/x86/slaunch.c | 213 +++++++++++++++++++++++++++++ 3 files changed, 242 insertions(+) diff --git a/xen/arch/x86/include/asm/slaunch.h b/xen/arch/x86/include/asm/= slaunch.h index 4ff1f9c7d5..1f98ec8de1 100644 --- a/xen/arch/x86/include/asm/slaunch.h +++ b/xen/arch/x86/include/asm/slaunch.h @@ -24,6 +24,8 @@ #define DLE_EVTYPE_SLAUNCH_START (DLE_EVTYPE_BASE + 0x103) #define DLE_EVTYPE_SLAUNCH_END (DLE_EVTYPE_BASE + 0x104) =20 +struct boot_info; + /* Indicates an active Secure Launch boot. */ extern bool slaunch_active; =20 @@ -69,6 +71,18 @@ void slaunch_map_mem_regions(void); /* Marks regions of memory as used to avoid their corruption. */ void slaunch_reserve_mem_regions(void); =20 +/* Measures essential parts of SLR table before making use of them. */ +void slaunch_measure_slrt(void); + +/* + * Takes measurements of DRTM policy entries except for MBI and SLRT which + * should have been measured by the time this is called. Also performs san= ity + * checks of the policy and panics on failure. In particular, the function + * verifies that DRTM is consistent with modules obtained from MultibootIn= fo + * (MBI) and written to struct boot_info in setup.c. + */ +void slaunch_process_drtm_policy(const struct boot_info *bi); + /* * This helper function is used to map memory using L2 page tables by alig= ning * mapped regions to 2MB. This way page allocator (which at this point isn= 't diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c index 8e79d4be23..5d88cec6fc 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c @@ -1425,6 +1425,13 @@ void asmlinkage __init noreturn __start_xen(void) if ( slaunch_active ) { slaunch_map_mem_regions(); + + /* + * SLRT needs to be measured here because it is used by init_e820(= ), the + * rest is measured slightly below by slaunch_process_drtm_policy(= ). + */ + slaunch_measure_slrt(); + slaunch_reserve_mem_regions(); } =20 @@ -1446,6 +1453,14 @@ void asmlinkage __init noreturn __start_xen(void) /* Create a temporary copy of the E820 map. */ memcpy(&boot_e820, &e820, sizeof(e820)); =20 + /* + * Process all yet unmeasured DRTM entries after E820 initialization t= o not + * do this while memory is uncached (too slow). This must also happen = before + * modules are relocated or used. + */ + if ( slaunch_active ) + slaunch_process_drtm_policy(bi); + /* Early kexec reservation (explicit static start address). */ nr_pages =3D 0; for ( i =3D 0; i < e820.nr_map; i++ ) diff --git a/xen/arch/x86/slaunch.c b/xen/arch/x86/slaunch.c index 5f91fe5ad0..7cc1831f15 100644 --- a/xen/arch/x86/slaunch.c +++ b/xen/arch/x86/slaunch.c @@ -9,9 +9,11 @@ #include #include #include +#include #include #include #include +#include #include #include =20 @@ -107,6 +109,217 @@ void __init slaunch_reserve_mem_regions(void) } } =20 +void __init slaunch_measure_slrt(void) +{ + struct slr_table *slrt =3D slaunch_get_slrt(); + + if ( slrt->revision =3D=3D 1 ) + { + /* + * In revision one of the SLRT, only platform-specific info table = is + * measured. + */ + struct slr_entry_intel_info tmp; + struct slr_entry_intel_info *entry; + + entry =3D (struct slr_entry_intel_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_INTEL_INFO); + if ( entry =3D=3D NULL ) + panic("SLRT is missing Intel-specific information!\n"); + + tmp =3D *entry; + tmp.boot_params_base =3D 0; + tmp.txt_heap =3D 0; + + tpm_hash_extend(DRTM_LOC, DRTM_DATA_PCR, (uint8_t *)&tmp, + sizeof(tmp), DLE_EVTYPE_SLAUNCH, NULL, 0); + } + else + { + /* + * slaunch_get_slrt() checks that the revision is valid, so we mus= t not get + * here unless the code is wrong. + */ + panic("Unhandled SLRT revision: %d!\n", slrt->revision); + } +} + +static struct slr_entry_policy *__init slr_get_policy(struct slr_table *sl= rt) +{ + struct slr_entry_policy *policy; + + policy =3D (struct slr_entry_policy *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_DRTM_POLICY); + if (policy =3D=3D NULL) + panic("SLRT is missing DRTM policy!\n"); + + /* XXX: are newer revisions allowed? */ + if ( policy->revision !=3D SLR_POLICY_REVISION ) + panic("DRTM policy in SLRT is of unsupported revision: %#04x!\n", + slrt->revision); + + return policy; +} + +static void __init +check_slrt_policy_entry(struct slr_policy_entry *policy_entry, + int idx, + struct slr_table *slrt) +{ + if ( policy_entry->entity_type !=3D SLR_ET_SLRT ) + panic("Expected DRTM policy entry #%d to describe SLRT, got %#04x!= \n", + idx, policy_entry->entity_type); + if ( policy_entry->pcr !=3D DRTM_DATA_PCR ) + panic("SLRT was measured to PCR-%d instead of PCR-%d!\n", DRTM_DAT= A_PCR, + policy_entry->pcr); + if ( policy_entry->entity !=3D (uint64_t)__pa(slrt) ) + panic("SLRT address (%#08lx) differs from its DRTM entry (%#08lx)\= n", + __pa(slrt), policy_entry->entity); +} + +/* Returns number of policy entries that were already measured. */ +static unsigned int __init +check_drtm_policy(struct slr_table *slrt, + struct slr_entry_policy *policy, + struct slr_policy_entry *policy_entry, + const struct boot_info *bi) +{ + uint32_t i; + uint32_t num_mod_entries; + + if ( policy->nr_entries < 2 ) + panic("DRTM policy in SLRT contains less than 2 entries (%d)!\n", + policy->nr_entries); + + /* + * MBI policy entry must be the first one, so that measuring order mat= ches + * policy order. + */ + if ( policy_entry[0].entity_type !=3D SLR_ET_MULTIBOOT2_INFO ) + panic("First entry of DRTM policy in SLRT is not MBI: %#04x!\n", + policy_entry[0].entity_type); + if ( policy_entry[0].pcr !=3D DRTM_DATA_PCR ) + panic("MBI was measured to %d instead of %d PCR!\n", DRTM_DATA_PCR, + policy_entry[0].pcr); + + /* SLRT policy entry must be the second one. */ + check_slrt_policy_entry(&policy_entry[1], 1, slrt); + + for ( i =3D 0; i < bi->nr_modules; i++ ) + { + uint16_t j; + const struct boot_module *mod =3D &bi->mods[i]; + + if (mod->relocated || mod->released) + { + panic("Multiboot module \"%s\" (at %d) was consumed before mea= surement\n", + (const char *)__va(mod->cmdline_pa), i); + } + + for ( j =3D 2; j < policy->nr_entries; j++ ) + { + if ( policy_entry[j].entity_type !=3D SLR_ET_MULTIBOOT2_MODULE= ) + continue; + + if ( policy_entry[j].entity =3D=3D mod->start && + policy_entry[j].size =3D=3D mod->size ) + break; + } + + if ( j >=3D policy->nr_entries ) + { + panic("Couldn't find Multiboot module \"%s\" (at %d) in DRTM o= f Secure Launch\n", + (const char *)__va(mod->cmdline_pa), i); + } + } + + num_mod_entries =3D 0; + for ( i =3D 0; i < policy->nr_entries; i++ ) + { + if ( policy_entry[i].entity_type =3D=3D SLR_ET_MULTIBOOT2_MODULE ) + num_mod_entries++; + } + + if ( bi->nr_modules !=3D num_mod_entries ) + { + panic("Unexpected number of Multiboot modules: %d instead of %d\n", + (int)bi->nr_modules, (int)num_mod_entries); + } + + /* + * MBI was measured in tpm_extend_mbi(). + * SLRT was measured in tpm_measure_slrt(). + */ + return 2; +} + +void __init slaunch_process_drtm_policy(const struct boot_info *bi) +{ + struct slr_table *slrt; + struct slr_entry_policy *policy; + struct slr_policy_entry *policy_entry; + uint16_t i; + unsigned int measured; + + slrt =3D slaunch_get_slrt(); + + policy =3D slr_get_policy(slrt); + policy_entry =3D (struct slr_policy_entry *) + ((uint8_t *)policy + sizeof(*policy)); + + measured =3D check_drtm_policy(slrt, policy, policy_entry, bi); + for ( i =3D 0; i < measured; i++ ) + policy_entry[i].flags |=3D SLR_POLICY_FLAG_MEASURED; + + for ( i =3D measured; i < policy->nr_entries; i++ ) + { + int rc; + uint64_t start =3D policy_entry[i].entity; + uint64_t size =3D policy_entry[i].size; + + /* No already measured entries are expected here. */ + if ( policy_entry[i].flags & SLR_POLICY_FLAG_MEASURED ) + panic("DRTM entry at %d was measured out of order!\n", i); + + switch ( policy_entry[i].entity_type ) + { + case SLR_ET_MULTIBOOT2_INFO: + panic("Duplicated MBI entry in DRTM of Secure Launch at %d\n",= i); + case SLR_ET_SLRT: + panic("Duplicated SLRT entry in DRTM of Secure Launch at %d\n"= , i); + + case SLR_ET_UNSPECIFIED: + case SLR_ET_BOOT_PARAMS: + case SLR_ET_SETUP_DATA: + case SLR_ET_CMDLINE: + case SLR_ET_UEFI_MEMMAP: + case SLR_ET_RAMDISK: + case SLR_ET_MULTIBOOT2_MODULE: + case SLR_ET_TXT_OS2MLE: + /* Measure this entry below. */ + break; + + case SLR_ET_UNUSED: + /* Skip this entry. */ + continue; + } + + if ( policy_entry[i].flags & SLR_POLICY_IMPLICIT_SIZE ) + panic("Unexpected implicitly-sized DRTM entry of Secure Launch= at %d (type %d, info: %s)\n", + i, policy_entry[i].entity_type, policy_entry[i].evt_info= ); + + rc =3D slaunch_map_l2(start, size); + BUG_ON(rc !=3D 0); + + tpm_hash_extend(DRTM_LOC, policy_entry[i].pcr, __va(start), size, + DLE_EVTYPE_SLAUNCH, (uint8_t *)policy_entry[i].evt= _info, + strnlen(policy_entry[i].evt_info, + TPM_EVENT_INFO_LENGTH)); + + policy_entry[i].flags |=3D SLR_POLICY_FLAG_MEASURED; + } +} + int __init slaunch_map_l2(unsigned long paddr, unsigned long size) { unsigned long aligned_paddr =3D paddr & ~((1ULL << L2_PAGETABLE_SHIFT)= - 1); --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156359; cv=none; d=zohomail.com; s=zohoarc; b=KqPHgvG9LypqgRXPTkD15AMjjnnw1zVMcBFQasw0aXZT9yi2cugg0WV9zIlHfk9T3salNLidGDDLOe5smVPl+jeRhdF2Wq6aWQLaNZc4+g2rbEb0nQH91LCuCJBXl+N3NjiZZGunv1sDnDeu2Vd2FUa9JrpQ7mrjHnlrz8CEctY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156359; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=EAvtKdu2xXjGkeSU2J30LIKYMel3gMLXJ7rp7XGeIao=; b=HlhRrQUwUXCh3hPoUgSDV+JLqxz8o0uOmXVEf2qj2CHHE0jm8DXkVvBO+Hqai9OMppmMoSnwY8VQA+hseY68mysKu21H9fLHMDwKNaVNgF7L6FLxZbCEPN0NVNixybP9OJBPuPCNU3t2RgEh8PITPvAYVb6LA1q3SXg81u+xLO8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156359489820.576291144469; Tue, 13 May 2025 10:12:39 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983344.1369726 (Exim 4.92) (envelope-from ) id 1uEtAt-0007MQ-9F; Tue, 13 May 2025 17:12:15 +0000 Received: by outflank-mailman (output) from mailman id 983344.1369726; Tue, 13 May 2025 17:12:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtAt-0007LN-5u; Tue, 13 May 2025 17:12:15 +0000 Received: by outflank-mailman (input) for mailman id 983344; Tue, 13 May 2025 17:12:14 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt61-0003Mm-BQ for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:13 +0000 Received: from 12.mo581.mail-out.ovh.net (12.mo581.mail-out.ovh.net [178.33.107.167]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id b64bdc9d-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:07:12 +0200 (CEST) Received: from director2.ghost.mail-out.ovh.net (unknown [10.108.9.185]) by mo581.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZS26L1z1JCW for ; Tue, 13 May 2025 17:07:12 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-rmfj9 (unknown [10.110.101.129]) by director2.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 9C3241FE6E; Tue, 13 May 2025 17:07:11 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.106]) by ghost-submission-5b5ff79f4f-rmfj9 with ESMTPSA id CmLADj98I2joPwEAsHcBfw (envelope-from ); Tue, 13 May 2025 17:07:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b64bdc9d-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-106R006702d9b2a-3705-4bfd-8582-94ee596064ad, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , trenchboot-devel@googlegroups.com Subject: [PATCH v2 17/22] x86/acpi: disallow S3 on Secure Launch boot Date: Tue, 13 May 2025 20:05:54 +0300 Message-ID: <557fece168d8c9688338c2e69f96a8c5177ba9de.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8953156063255704732 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddtieenucevlhhushhtvghrufhiiigvpeejnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehkedumgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=EAvtKdu2xXjGkeSU2J30LIKYMel3gMLXJ7rp7XGeIao=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156032; v=1; b=ZJvibAp/RP9cf3TbjTIQQpOXSD9rb/ppPXWSRc3YtELtSZMY6AjO6AkscSSNgPlqguJw6Bp4 Xmc0sDhAPzS8Nsjy7sw+rrfjAajIWSp2bvxQ8UwZXsLnnjIBawDNGOeJNrqAWvGTzQgRPI31sH1 K6APWlpripYgo3KztHzq/9ySVKUUN1NKoUOG1UxwW3RBAJTkmAc+mmT/hsH+51Gs6TXpw7av/IF 1ODm5Gafsb1DXcuNKcEv58ate3KnNfnW+9PvB7r9SyGhJ8F3dvDrAbX3oHnuJkph2JZsGiaiOov AFK0vS+0NKA6cEvDVGf5Co1GlWVyAzSX38nsqDDySBAPQ== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156361244019000 Content-Type: text/plain; charset="utf-8" Secure Launch won't initiate DRTM on S3 resume (the code for starting DRTM is not part of Xen), so abort a request to perform S3 suspend to not lose the state of DRTM PCRs. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/acpi/power.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 3196a33b19..81eb8f705a 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -357,6 +358,13 @@ int acpi_enter_sleep(const struct xenpf_enter_acpi_sle= ep *sleep) PAGE_SIZE - acpi_sinfo.vector_width / 8)) ) return -EOPNOTSUPP; =20 + /* Secure Launch won't initiate DRTM on S3 resume, so abort S3 suspend= . */ + if ( sleep->sleep_state =3D=3D ACPI_STATE_S3 && slaunch_active ) + { + printk(XENLOG_INFO "SLAUNCH: refusing switching into ACPI S3 state= .\n"); + return -EPERM; + } + if ( sleep->flags & XENPF_ACPI_SLEEP_EXTENDED ) { if ( !acpi_sinfo.sleep_control.address || --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156256; cv=none; d=zohomail.com; s=zohoarc; b=axcIovsEv1evsrPvf/+dwUyEY5lGFyHr+5hoRSNRaHznkA6cQpRWHWlIHDRV9SNM+aCb3Gp+7GdZrGS4j6xDs24+Sng5RJZy7zjwz4a3sitw4JA1gPqu0BHxnzUSJQmYyCAal3rFUD7D2FUbhULLnrT0ElFXTOszoy7EIveWlwc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156256; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=yySsErvLYNnWYhNOhBBhYnFBoZFsMFllBN/X8yrHl2s=; b=j3LPF/sr3Ed6m49wtxXBecscXXVPYECZ3VVoDP+tXhjFsT4jFnL/gFPDX2sKfNf8KomIWHSGo9fwA8KpV9wh6HPOW/bTc96p/3Ysa+TeODWYf9UQofJHLQ2/YZI9hmtqXJi7WktkhcNk1ICK+YlIynaSxK+Np43VQTBf/d6XDqU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156256441277.52293813968004; Tue, 13 May 2025 10:10:56 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983249.1369622 (Exim 4.92) (envelope-from ) id 1uEt9N-0000iE-6H; Tue, 13 May 2025 17:10:41 +0000 Received: by outflank-mailman (output) from mailman id 983249.1369622; Tue, 13 May 2025 17:10:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt9M-0000gJ-QA; Tue, 13 May 2025 17:10:40 +0000 Received: by outflank-mailman (input) for mailman id 983249; Tue, 13 May 2025 17:10:39 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt65-0003Uz-3n for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:17 +0000 Received: from 10.mo575.mail-out.ovh.net (10.mo575.mail-out.ovh.net [46.105.79.203]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id b808cb69-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:07:15 +0200 (CEST) Received: from director2.ghost.mail-out.ovh.net (unknown [10.109.140.131]) by mo575.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZW1VdFz1wl3 for ; Tue, 13 May 2025 17:07:15 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-dvfkr (unknown [10.110.164.235]) by director2.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 8C40F1FE68; Tue, 13 May 2025 17:07:14 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.109]) by ghost-submission-5b5ff79f4f-dvfkr with ESMTPSA id HnomBUJ8I2jxxBEAOV1++g (envelope-from ); Tue, 13 May 2025 17:07:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b808cb69-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-109S0033a991904-3eb6-4068-85c9-331bc12d345b, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 18/22] x86/boot/slaunch-early: find MBI and SLRT on AMD Date: Tue, 13 May 2025 20:05:55 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8954000486706885788 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeekudegfeduieegudeijeelleekfedvvdfhheehvefhudekjeeifeegtdduveehtdenucffohhmrghinhephhgvrggurdhssgenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddtleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehjeehmgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=yySsErvLYNnWYhNOhBBhYnFBoZFsMFllBN/X8yrHl2s=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156035; v=1; b=IAUgrFh7F5GxgfDt72R0UBqjTlZF2yuEKotAKvq+W1jT0UbN/T3redg7LWwTuoQnj4elT/oP ivhU2XZ5Ht9Plw6CkbNCaAbKUyM3XuT3eh8Kki/Xkqdx8b4wDJdwlr+LAjvWP47h71w+2VhxcFi gZ8UBBcGDXO4laWhk6+NUHx+hNnEvxuCZB2QYeDSRKPT61Gdc3/bXGsmGFh3/oQGKnl9jVUueCz dDj5YpKUMFUc2lWqJmuv/cRr3q0zCpRJ4wL/wUBEi18EbrBDoHJLJBHErycwVc0C5HGh7lpwJ6j AImZZhq5C1ZEGnTwv72agIuOTW/0tbr4cYFjMBGDrKUdw== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156258939019000 Content-Type: text/plain; charset="utf-8" Use slr_entry_amd_info::boot_params_base on AMD with SKINIT to get MBI location. Another thing of interest is the location of SLRT which is bootloader's data after SKL. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/head.S | 38 ++++++++++++++++---- xen/arch/x86/boot/slaunch-early.c | 58 +++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 7376fa85d5..66e1a21033 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -354,10 +354,12 @@ cs32_switch: jmp *%edi =20 /* - * Entry point for TrenchBoot Secure Launch on Intel TXT platforms. + * Entry point for TrenchBoot Secure Launch, common for Intel TXT = and + * AMD Secure Startup, but state is slightly different. * + * On Intel: * CPU is in 32b protected mode with paging disabled. On entry: - * - %ebx =3D %eip =3D MLE entry point, + * - %ebx =3D %eip =3D this entry point, * - stack pointer is undefined, * - CS is flat 4GB code segment, * - DS, ES, SS, FS and GS are undefined according to TXT SDG, but= this @@ -375,13 +377,34 @@ cs32_switch: * - trying to enter real mode results in reset * - APs must be brought up by MONITOR or GETSEC[WAKEUP], dependin= g on * which is supported by a given SINIT ACM + * + * On AMD (as implemented by TrenchBoot's SKL): + * CPU is in 32b protected mode with paging disabled. On entry: + * - %ebx =3D %eip =3D this entry point, + * - %ebp holds base address of SKL + * - stack pointer is treated as undefined for parity with TXT, + * - CS is flat 4GB code segment, + * - DS, ES, SS are flat 4GB data segments, but treated as undefin= ed for + * parity with TXT. + * + * Additional restrictions: + * - interrupts (including NMIs and SMIs) are disabled and must be + * enabled later + * - APs must be brought up by SIPI without an INIT */ slaunch_stub_entry: /* Calculate the load base address. */ mov %ebx, %esi sub $sym_offs(slaunch_stub_entry), %esi =20 - /* Mark Secure Launch boot protocol and jump to common entry. */ + /* On AMD, %ebp holds the base address of SLB, save it for later. = */ + mov %ebp, %ebx + + /* + * Mark Secure Launch boot protocol and jump to common entry. Note= that + * all general purpose registers except %ebx and %esi are clobbered + * between here and .Lslaunch_proto. + */ mov $SLAUNCH_BOOTLOADER_MAGIC, %eax jmp .Lset_stack =20 @@ -508,15 +531,18 @@ __start: sub $8, %esp =20 push %esp /* pointer to output stru= cture */ + push %ebx /* Slaunch parameter on A= MD */ lea sym_offs(__2M_rwdata_end), %ecx /* end of target image */ lea sym_offs(_start), %edx /* target base address */ mov %esi, %eax /* load base address */ /* - * slaunch_early_init(load/eax, tgt/edx, tgt_end/ecx, ret/stk) usi= ng - * fastcall calling convention. + * slaunch_early_init(load/eax, tgt/edx, tgt_end/ecx, + * slaunch/stk, ret/stk) + * + * Uses fastcall calling convention. */ call slaunch_early_init - add $4, %esp /* pop the fourth paramet= er */ + add $8, %esp /* pop last two parameter= s */ =20 /* Move outputs of slaunch_early_init() from stack into registers.= */ pop %eax /* physical MBI address */ diff --git a/xen/arch/x86/boot/slaunch-early.c b/xen/arch/x86/boot/slaunch-= early.c index b6f6deedc9..e886d1bba7 100644 --- a/xen/arch/x86/boot/slaunch-early.c +++ b/xen/arch/x86/boot/slaunch-early.c @@ -7,6 +7,20 @@ #include #include #include +#include + +/* + * The AMD-defined structure layout for the SLB. The last two fields are + * SL-specific. + */ +struct skinit_sl_header +{ + uint16_t skl_entry_point; + uint16_t length; + uint8_t reserved[62]; + uint16_t skl_info_offset; + uint16_t bootloader_data_offset; +} __packed; =20 struct early_init_results { @@ -14,9 +28,25 @@ struct early_init_results uint32_t slrt_pa; } __packed; =20 +static bool is_intel_cpu(void) +{ + /* + * asm/processor.h can't be included in early code, which means neither + * cpuid() function nor boot_cpu_data can be used here. + */ + uint32_t eax, ebx, ecx, edx; + asm volatile ( "cpuid" + : "=3Da" (eax), "=3Db" (ebx), "=3Dc" (ecx), "=3Dd" (edx) + : "0" (0), "c" (0) ); + return ebx =3D=3D X86_VENDOR_INTEL_EBX + && ecx =3D=3D X86_VENDOR_INTEL_ECX + && edx =3D=3D X86_VENDOR_INTEL_EDX; +} + void asmlinkage slaunch_early_init(uint32_t load_base_addr, uint32_t tgt_base_addr, uint32_t tgt_end_addr, + uint32_t slaunch_param, struct early_init_results *result) { void *txt_heap; @@ -26,6 +56,34 @@ void asmlinkage slaunch_early_init(uint32_t load_base_ad= dr, struct slr_entry_intel_info *intel_info; uint32_t size =3D tgt_end_addr - tgt_base_addr; =20 + if ( !is_intel_cpu() ) + { + /* + * Not an Intel CPU. Currently the only other option is AMD with S= KINIT + * and secure-kernel-loader (SKL). + */ + struct slr_entry_amd_info *amd_info; + const struct skinit_sl_header *sl_header =3D (void *)slaunch_param; + + /* + * slaunch_param holds a physical address of SLB. + * Bootloader's data is SLRT. + */ + result->slrt_pa =3D slaunch_param + sl_header->bootloader_data_off= set; + result->mbi_pa =3D 0; + + slrt =3D (struct slr_table *)(uintptr_t)result->slrt_pa; + + amd_info =3D (struct slr_entry_amd_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_AMD_INFO); + /* Basic checks only, SKL checked and consumed the rest. */ + if ( amd_info =3D=3D NULL || amd_info->hdr.size !=3D sizeof(*amd_i= nfo) ) + return; + + result->mbi_pa =3D amd_info->boot_params_base; + return; + } + txt_heap =3D txt_init(); os_mle =3D txt_os_mle_data_start(txt_heap); os_sinit =3D txt_os_sinit_data_start(txt_heap); --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156260; cv=none; d=zohomail.com; s=zohoarc; b=kkMgvl1dpqsah1dWbG5/dbrfel0BfXysylsEzDggvJkKlfvB/bM2PoBIF5Ku18i5o1C6pK6f2OY8WFnjOBJ/ZBbgGZQKXyobbf2p+G3BVv8b0CMaPl6Oxff8er8eoBE5hxNLAMSKbg04D606V6TeX7WRNk5BIWOxpFj9HJ8cCWo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156260; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=I4A1LgkNpCIY8hzEp8h2TJ6VL6QVw7kE9g1WIgyMW2Q=; b=JwOyrVWg08L0Ygui0Bx3n97ufPB1vQNxqFr/mkuMHNh8Dyhy1BH7bCFQX/IqF6FYnrfNvC38irxReI3OEO/JK2s+b1nk9fiPLDbcac90f5Pp8Gi+hJRMLRcykZc02FbDxNKi5RBJyLE13fsGS6R61jqLs5dg2j4LNZ1yY/MJR7Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156260056457.12671321298774; Tue, 13 May 2025 10:11:00 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983250.1369626 (Exim 4.92) (envelope-from ) id 1uEt9N-0000rx-Hi; Tue, 13 May 2025 17:10:41 +0000 Received: by outflank-mailman (output) from mailman id 983250.1369626; Tue, 13 May 2025 17:10:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt9N-0000pg-8u; Tue, 13 May 2025 17:10:41 +0000 Received: by outflank-mailman (input) for mailman id 983250; Tue, 13 May 2025 17:10:39 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt67-0003Mm-8n for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:19 +0000 Received: from 5.mo576.mail-out.ovh.net (5.mo576.mail-out.ovh.net [46.105.43.105]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id b9c2dcc8-301c-11f0-9eb6-5ba50f476ded; Tue, 13 May 2025 19:07:18 +0200 (CEST) Received: from director9.ghost.mail-out.ovh.net (unknown [10.109.148.7]) by mo576.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZZ0sZDz27tZ for ; Tue, 13 May 2025 17:07:18 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-ss9cm (unknown [10.108.54.212]) by director9.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 460481FE9A; Tue, 13 May 2025 17:07:17 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.114]) by ghost-submission-5b5ff79f4f-ss9cm with ESMTPSA id 2DmeAEV8I2gIEQEAgzAcRQ (envelope-from ); Tue, 13 May 2025 17:07:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b9c2dcc8-301c-11f0-9eb6-5ba50f476ded Authentication-Results: garm.ovh; auth=pass (GARM-114S008001f1f46-d194-4037-818a-410a4b9d68a0, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 19/22] x86/slaunch: support AMD SKINIT Date: Tue, 13 May 2025 20:05:56 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8954844911462364316 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddugeenucevlhhushhtvghrufhiiigvpeehnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehjeeimgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=I4A1LgkNpCIY8hzEp8h2TJ6VL6QVw7kE9g1WIgyMW2Q=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156038; v=1; b=OGQxphxCyM44df28KvwcxsN4P4Ryh5QW7XoLVUAv+Ed5Q4dT7TyS0s6qjZj3zCsAOUo2spoa 1npnk5utsMfiHhDutLoM8kUWCHE47d651KU4eAq80UYrAW6eMJr+PqmtpZtZYm6+E2SZ5h7Qv61 NYuwvnvDGIuPVYUqOU9qc8fullaxAffJ7bN80vGFygiQplKKC0TdcBk7mCqdyCP3QnJPpTTOGUL GPA9O8pb+OsccKJmC0rAwgctc8L78Kik1LRix5NM8byfykk8UqiRnsEGKmUiUj/KRobQrlUHf7D qyil0sWm9TSSD0Neumg+4AL+wQamthMH44PwnRFHLSnQQ== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156260995019000 Content-Type: text/plain; charset="utf-8" This mostly involves not running Intel-specific code when on AMD. There are only a few new AMD-specific implementation details: - finding SLB start and size and then mapping and reserving it in e820 - managing offset for adding the next TPM log entry (TXT-compatible data prepared by SKL is stored inside of vendor data field within TCG header) Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/e820.c | 2 +- xen/arch/x86/slaunch.c | 90 ++++++++++++++++++++++++++++++++++-------- xen/arch/x86/tpm.c | 68 ++++++++++++++++++++++++++++++- 3 files changed, 141 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/e820.c b/xen/arch/x86/e820.c index 60f00e5259..cf13ab269a 100644 --- a/xen/arch/x86/e820.c +++ b/xen/arch/x86/e820.c @@ -444,7 +444,7 @@ static uint64_t __init mtrr_top_of_ram(void) ASSERT(paddr_bits); addr_mask =3D ((1ULL << paddr_bits) - 1) & PAGE_MASK; =20 - if ( slaunch_active ) + if ( slaunch_active && boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTE= L ) txt_restore_mtrrs(e820_verbose); =20 rdmsrl(MSR_MTRRcap, mtrr_cap); diff --git a/xen/arch/x86/slaunch.c b/xen/arch/x86/slaunch.c index 7cc1831f15..f0447f91d2 100644 --- a/xen/arch/x86/slaunch.c +++ b/xen/arch/x86/slaunch.c @@ -17,6 +17,10 @@ #include #include =20 +/* SLB is 64k, 64k-aligned */ +#define SKINIT_SLB_SIZE 0x10000 +#define SKINIT_SLB_ALIGN 0x10000 + /* * These variables are assigned to by the code near Xen's entry point. * @@ -39,6 +43,8 @@ struct slr_table *__init slaunch_get_slrt(void) =20 if (slrt =3D=3D NULL) { int rc; + bool intel_cpu =3D (boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INT= EL); + uint16_t slrt_architecture =3D intel_cpu ? SLR_INTEL_TXT : SLR_AMD= _SKINIT; =20 slrt =3D __va(slaunch_slrt); =20 @@ -50,9 +56,9 @@ struct slr_table *__init slaunch_get_slrt(void) /* XXX: are newer revisions allowed? */ if ( slrt->revision !=3D SLR_TABLE_REVISION ) panic("SLRT is of unsupported revision: %#04x!\n", slrt->revis= ion); - if ( slrt->architecture !=3D SLR_INTEL_TXT ) - panic("SLRT is for unexpected architecture: %#04x!\n", - slrt->architecture); + if ( slrt->architecture !=3D slrt_architecture ) + panic("SLRT is for unexpected architecture: %#04x !=3D %#04x!\= n", + slrt->architecture, slrt_architecture); if ( slrt->size > slrt->max_size ) panic("SLRT is larger than its max size: %#08x > %#08x!\n", slrt->size, slrt->max_size); @@ -67,6 +73,23 @@ struct slr_table *__init slaunch_get_slrt(void) return slrt; } =20 +static uint32_t __init get_slb_start(void) +{ + /* + * The runtime computation relies on size being a power of 2 and equal= to + * alignment. Make sure these assumptions hold. + */ + BUILD_BUG_ON(SKINIT_SLB_SIZE !=3D SKINIT_SLB_ALIGN); + BUILD_BUG_ON(SKINIT_SLB_SIZE =3D=3D 0); + BUILD_BUG_ON((SKINIT_SLB_SIZE & (SKINIT_SLB_SIZE - 1)) !=3D 0); + + /* + * Rounding any address within SLB down to alignment gives SLB base and + * SLRT is inside SLB on AMD. + */ + return slaunch_slrt & ~(SKINIT_SLB_SIZE - 1); +} + void __init slaunch_map_mem_regions(void) { int rc; @@ -77,7 +100,10 @@ void __init slaunch_map_mem_regions(void) BUG_ON(rc !=3D 0); =20 /* Vendor-specific part. */ - txt_map_mem_regions(); + if ( boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL ) + txt_map_mem_regions(); + else if ( boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD ) + slaunch_map_l2(get_slb_start(), SKINIT_SLB_SIZE); =20 find_evt_log(slaunch_get_slrt(), &evt_log_addr, &evt_log_size); if ( evt_log_addr !=3D NULL ) @@ -95,7 +121,18 @@ void __init slaunch_reserve_mem_regions(void) uint32_t evt_log_size; =20 /* Vendor-specific part. */ - txt_reserve_mem_regions(); + if ( boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL ) + { + txt_reserve_mem_regions(); + } + else if ( boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD ) + { + uint64_t slb_start =3D get_slb_start(); + uint64_t slb_end =3D slb_start + SKINIT_SLB_SIZE; + printk("SLAUNCH: reserving SLB (%#lx - %#lx)\n", slb_start, slb_en= d); + rc =3D reserve_e820_ram(&e820_raw, slb_start, slb_end); + BUG_ON(rc =3D=3D 0); + } =20 find_evt_log(slaunch_get_slrt(), &evt_log_addr, &evt_log_size); if ( evt_log_addr !=3D NULL ) @@ -119,20 +156,41 @@ void __init slaunch_measure_slrt(void) * In revision one of the SLRT, only platform-specific info table = is * measured. */ - struct slr_entry_intel_info tmp; - struct slr_entry_intel_info *entry; + if ( boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_INTEL ) + { + struct slr_entry_intel_info tmp; + struct slr_entry_intel_info *entry; + + entry =3D (struct slr_entry_intel_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_INTEL_INFO); + if ( entry =3D=3D NULL ) + panic("SLRT is missing Intel-specific information!\n"); =20 - entry =3D (struct slr_entry_intel_info *) - slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_INTEL_INFO); - if ( entry =3D=3D NULL ) - panic("SLRT is missing Intel-specific information!\n"); + tmp =3D *entry; + tmp.boot_params_base =3D 0; + tmp.txt_heap =3D 0; =20 - tmp =3D *entry; - tmp.boot_params_base =3D 0; - tmp.txt_heap =3D 0; + tpm_hash_extend(DRTM_LOC, DRTM_DATA_PCR, (uint8_t *)&tmp, + sizeof(tmp), DLE_EVTYPE_SLAUNCH, NULL, 0); + } + else if ( boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD ) + { + struct slr_entry_amd_info tmp; + struct slr_entry_amd_info *entry; + + entry =3D (struct slr_entry_amd_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_AMD_INFO); + if ( entry =3D=3D NULL ) + panic("SLRT is missing AMD-specific information!\n"); =20 - tpm_hash_extend(DRTM_LOC, DRTM_DATA_PCR, (uint8_t *)&tmp, - sizeof(tmp), DLE_EVTYPE_SLAUNCH, NULL, 0); + tmp =3D *entry; + tmp.next =3D 0; + tmp.slrt_base =3D 0; + tmp.boot_params_base =3D 0; + + tpm_hash_extend(DRTM_LOC, DRTM_DATA_PCR, (uint8_t *)&tmp, + sizeof(tmp), DLE_EVTYPE_SLAUNCH, NULL, 0); + } } else { diff --git a/xen/arch/x86/tpm.c b/xen/arch/x86/tpm.c index 47a9edef50..e9ba073d55 100644 --- a/xen/arch/x86/tpm.c +++ b/xen/arch/x86/tpm.c @@ -11,6 +11,7 @@ #include #include #include +#include =20 #ifdef __EARLY_SLAUNCH__ =20 @@ -52,11 +53,31 @@ void *(memcpy)(void *dest, const void *src, size_t n) return dest; } =20 +static bool is_amd_cpu(void) +{ + /* + * asm/processor.h can't be included in early code, which means neither + * cpuid() function nor boot_cpu_data can be used here. + */ + uint32_t eax, ebx, ecx, edx; + asm volatile ( "cpuid" + : "=3Da" (eax), "=3Db" (ebx), "=3Dc" (ecx), "=3Dd" (edx) + : "0" (0), "c" (0) ); + return ebx =3D=3D X86_VENDOR_AMD_EBX + && ecx =3D=3D X86_VENDOR_AMD_ECX + && edx =3D=3D X86_VENDOR_AMD_EDX; +} + #else /* __EARLY_SLAUNCH__ */ =20 #include #include =20 +static bool is_amd_cpu(void) +{ + return boot_cpu_data.x86_vendor =3D=3D X86_VENDOR_AMD; +} + #endif /* __EARLY_SLAUNCH__ */ =20 #define TPM_LOC_REG(loc, reg) (0x1000 * (loc) + (reg)) @@ -241,6 +262,21 @@ struct TPM12_PCREvent { uint8_t Data[]; }; =20 +struct tpm1_spec_id_event { + uint32_t pcrIndex; + uint32_t eventType; + uint8_t digest[20]; + uint32_t eventSize; + uint8_t signature[16]; + uint32_t platformClass; + uint8_t specVersionMinor; + uint8_t specVersionMajor; + uint8_t specErrata; + uint8_t uintnSize; + uint8_t vendorInfoSize; + uint8_t vendorInfo[0]; /* variable number of members */ +} __packed; + struct txt_ev_log_container_12 { char Signature[20]; /* "TXT Event Container", null-termina= ted */ uint8_t Reserved[12]; @@ -384,6 +420,16 @@ static void *create_log_event12(struct txt_ev_log_cont= ainer_12 *evt_log, { struct TPM12_PCREvent *new_entry; =20 + if ( is_amd_cpu() ) + { + /* + * On AMD, TXT-compatible structure is stored as vendor data of + * TCG-defined event log header. + */ + struct tpm1_spec_id_event *spec_id =3D (void *)evt_log; + evt_log =3D (struct txt_ev_log_container_12 *)&spec_id->vendorInfo= [0]; + } + new_entry =3D (void *)(((uint8_t *)evt_log) + evt_log->NextEventOffset= ); =20 /* @@ -832,11 +878,29 @@ static uint32_t tpm2_hash_extend(unsigned loc, const = uint8_t *buf, =20 #endif /* __EARLY_SLAUNCH__ */ =20 -static struct heap_event_log_pointer_element2_1 *find_evt_log_ext_data(voi= d) +static struct heap_event_log_pointer_element2_1 * +find_evt_log_ext_data(struct tpm2_spec_id_event *evt_log) { struct txt_os_sinit_data *os_sinit; struct txt_ext_data_element *ext_data; =20 + if ( is_amd_cpu() ) + { + /* + * Event log pointer is defined by TXT specification, but + * secure-kernel-loader provides a compatible structure in vendor = data + * of the log. + */ + const uint8_t *data_size =3D + (void *)&evt_log->digestSizes[evt_log->digestCount]; + + if ( *data_size !=3D sizeof(struct heap_event_log_pointer_element2= _1) ) + return NULL; + + /* Vendor data directly follows one-byte size. */ + return (void *)(data_size + 1); + } + os_sinit =3D txt_os_sinit_data_start(__va(read_txt_reg(TXTCR_HEAP_BASE= ))); ext_data =3D (void *)((uint8_t *)os_sinit + sizeof(*os_sinit)); =20 @@ -870,7 +934,7 @@ create_log_event20(struct tpm2_spec_id_event *evt_log, = uint32_t evt_log_size, unsigned i; uint8_t *p; =20 - log_ext_data =3D find_evt_log_ext_data(); + log_ext_data =3D find_evt_log_ext_data(evt_log); if ( log_ext_data =3D=3D NULL ) return log_hashes; =20 --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156296; cv=none; d=zohomail.com; s=zohoarc; b=jnXQQHjkEq/NT5PanL4PSwL7KE3WH/VmTdcod6fSzjUnb+jpMNAqbDLKtlCQKOUhh/BEOStnhroGro6tGOi1HcdQnU0bX8y6anNuh/LPuQFGVNsco7pYJZ4jK9XJn7IB6N8hsC/0+jBGOoTu9S4S/VzsC25KbdDyWyDYL4ApjMY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156296; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Cu1xkQ6GuDdEObhFAI3AikBnobBTD4vWIFp+Q1jG7HI=; b=W/S4Wo0I1HBxNZILBVu19J/FIwcHEiBqrh/5Sd3xhFYdP8oRlfqieyZY8f+deFr+iMMnE/R891fSiV6NsvNm+JkdH7AL1JLneehyjnaYLsu1BoPNZzWa6pl/+58JfWXE1Np9zLJrpBx+t02bKc4TXcde3cOoGipETYDdj/pSJRQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156296542594.3542747818508; Tue, 13 May 2025 10:11:36 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983304.1369673 (Exim 4.92) (envelope-from ) id 1uEtA5-0004LL-HQ; Tue, 13 May 2025 17:11:25 +0000 Received: by outflank-mailman (output) from mailman id 983304.1369673; Tue, 13 May 2025 17:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtA5-0004LE-E3; Tue, 13 May 2025 17:11:25 +0000 Received: by outflank-mailman (input) for mailman id 983304; Tue, 13 May 2025 17:11:23 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt6C-0003Uz-HR for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:24 +0000 Received: from 12.mo581.mail-out.ovh.net (12.mo581.mail-out.ovh.net [178.33.107.167]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id bc38064f-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:07:22 +0200 (CEST) Received: from director6.ghost.mail-out.ovh.net (unknown [10.109.176.215]) by mo581.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZf1Yq3z1L93 for ; Tue, 13 May 2025 17:07:22 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-2q4jk (unknown [10.108.42.75]) by director6.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 440FB1FDC5; Tue, 13 May 2025 17:07:20 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.97]) by ghost-submission-5b5ff79f4f-2q4jk with ESMTPSA id 9HLkNUd8I2ikAAAAzEFtag (envelope-from ); Tue, 13 May 2025 17:07:20 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: bc38064f-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-97G002691fa020-5b77-4e47-953a-62ec58cd6b8e, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , Nicola Vetrini , Doug Goldstein , "Daniel P. Smith" , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 20/22] x86/slaunch: support EFI boot Date: Tue, 13 May 2025 20:05:57 +0300 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8955970812598596764 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpeelleekkefhieekieefkefgtefhvdehkeefvdffteefgfevleelkeekvdegkeduvdenucffohhmrghinhephhgvrggurdhssgdpgiekiegpieegrdhssgenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddrleejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheekudgmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=Cu1xkQ6GuDdEObhFAI3AikBnobBTD4vWIFp+Q1jG7HI=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156042; v=1; b=EGGcy8DJmEndR66YmDIGBC6hLk1rJ6/qF/VtYajbuUedd0CDY/5Uv7bdrkReytR/gLfdVHod 23VqD5Epj9ZqAgsnV3Lk4RvxUNxVAQZ6YwmTL064i3j3JoDvhrDr18e0+YsKp6DuJzj+2WakWpB S1Fu+PW35AGCPUH6sOA8h9uWAo/ix8Af3EbvzmrVu+JZjhl5AyTXbqLklSZmTZ/pKocTJ6xqBnX Co6ZR8w3w/R+5fTDawCs2PlZB2l1Rg6eAnyLtvKhIxeW2g+Yzn/xPXz6yrwynENJIkP+mwBCBlD dnjewcveW/HTOpn0R1AcCogUbtAo5S0LjZsd10NlRdAdA== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156297661116600 Content-Type: text/plain; charset="utf-8" When running on an EFI-enabled system, Xen needs to have access to Boot Services in order to initialize itself properly and reach a state in which a dom0 kernel can operate without issues. This means that DRTM must be started in the middle of Xen's initialization process. This effect is achieved via a callback into bootloader (GRUB) which is responsible for initiating DRTM and continuing Xen's initialization process. The latter is done by branching in Slaunch entry point on a flag to switch back into long mode before calling the same function which Xen would execute as the next step without DRTM. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- .gitignore | 1 + .../eclair_analysis/ECLAIR/out_of_scope.ecl | 1 + docs/hypervisor-guide/x86/how-xen-boots.rst | 10 +- xen/arch/x86/Makefile | 9 +- xen/arch/x86/boot/head.S | 124 +++++++++++++++++ xen/arch/x86/boot/x86_64.S | 14 +- xen/arch/x86/efi/efi-boot.h | 88 +++++++++++- xen/arch/x86/efi/fixmlehdr.c | 127 ++++++++++++++++++ xen/arch/x86/slaunch.c | 74 +++++++++- xen/common/efi/boot.c | 4 + xen/common/efi/runtime.c | 1 + xen/include/xen/efi.h | 1 + 12 files changed, 441 insertions(+), 13 deletions(-) create mode 100644 xen/arch/x86/efi/fixmlehdr.c diff --git a/.gitignore b/.gitignore index 53f5df0003..dab829d7e1 100644 --- a/.gitignore +++ b/.gitignore @@ -201,6 +201,7 @@ xen/.xen.elf32 xen/System.map xen/arch/x86/efi.lds xen/arch/x86/efi/check.efi +xen/arch/x86/efi/fixmlehdr xen/arch/x86/efi/mkreloc xen/arch/x86/include/asm/asm-macros.h xen/arch/*/xen.lds diff --git a/automation/eclair_analysis/ECLAIR/out_of_scope.ecl b/automatio= n/eclair_analysis/ECLAIR/out_of_scope.ecl index 9bcec4c69d..a09cf5442c 100644 --- a/automation/eclair_analysis/ECLAIR/out_of_scope.ecl +++ b/automation/eclair_analysis/ECLAIR/out_of_scope.ecl @@ -19,6 +19,7 @@ =20 -doc_begin=3D"Build tools are out of scope." -file_tag+=3D{out_of_scope_tools,"^xen/tools/.*$"} +-file_tag+=3D{out_of_scope_tools,"^xen/arch/x86/efi/fixmlehdr\\.c$"} -file_tag+=3D{out_of_scope_tools,"^xen/arch/x86/efi/mkreloc\\.c$"} -file_tag+=3D{out_of_scope_tools,"^xen/arch/x86/boot/mkelf32\\.c$"} -doc_end diff --git a/docs/hypervisor-guide/x86/how-xen-boots.rst b/docs/hypervisor-= guide/x86/how-xen-boots.rst index 050fe9c61f..63f81a8198 100644 --- a/docs/hypervisor-guide/x86/how-xen-boots.rst +++ b/docs/hypervisor-guide/x86/how-xen-boots.rst @@ -55,10 +55,12 @@ If ``CONFIG_PVH_GUEST`` was selected at build time, an = Elf note is included which indicates the ability to use the PVH boot protocol, and registers ``__pvh_start`` as the entrypoint, entered in 32bit mode. =20 -A combination of Multiboot 2 and MLE headers is used to implement DRTM for -legacy (BIOS) boot. The separate entry point is used mainly to differentia= te -from other kinds of boots. It moves a magic number to EAX before jumping i= nto -common startup code. +A combination of Multiboot 2 and MLE headers is used to implement DRTM. The +separate entry point is used mainly to differentiate from other kinds of b= oots. +For a legacy (BIOS) boot, it moves a magic number to EAX before jumping in= to +common startup code. For a EFI boot, it resumes execution of Xen.efi whic= h was +paused by handing control to a part of a bootloader responsible for initia= ting +DRTM sequence. =20 =20 xen.gz diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 2527a1909c..7c2c0b5e4c 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -89,6 +89,7 @@ extra-y +=3D xen.lds =20 hostprogs-y +=3D boot/mkelf32 hostprogs-y +=3D efi/mkreloc +hostprogs-y +=3D efi/fixmlehdr =20 $(obj)/efi/mkreloc: HOSTCFLAGS +=3D -I$(srctree)/include =20 @@ -140,6 +141,10 @@ $(TARGET): $(TARGET)-syms $(efi-y) $(obj)/boot/mkelf32 =20 CFLAGS-$(XEN_BUILD_EFI) +=3D -DXEN_BUILD_EFI =20 +ifeq ($(XEN_BUILD_EFI),y) +XEN_AFLAGS +=3D -DXEN_BUILD_EFI +endif + $(TARGET)-syms: $(objtree)/prelink.o $(obj)/xen.lds $(LD) $(XEN_LDFLAGS) -T $(obj)/xen.lds $< $(build_id_linker) \ $(objtree)/common/symbols-dummy.o -o $(dot-target).0 @@ -209,7 +214,7 @@ note_file_option ?=3D $(note_file) =20 extra-$(XEN_BUILD_PE) +=3D efi.lds ifeq ($(XEN_BUILD_PE),y) -$(TARGET).efi: $(objtree)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi= /relocs-dummy.o $(obj)/efi/mkreloc +$(TARGET).efi: $(objtree)/prelink.o $(note_file) $(obj)/efi.lds $(obj)/efi= /relocs-dummy.o $(obj)/efi/mkreloc $(obj)/efi/fixmlehdr ifeq ($(CONFIG_DEBUG_INFO),y) $(if $(filter --strip-debug,$(EFI_LDFLAGS)),echo,:) "Will strip debug inf= o from $(@F)" endif @@ -236,6 +241,8 @@ endif $(LD) $(call EFI_LDFLAGS,$(VIRT_BASE)) -T $(obj)/efi.lds $< \ $(dot-target).1r.o $(dot-target).1s.o $(orphan-handling-y) \ $(note_file_option) -o $@ + # take image offset into account + $(obj)/efi/fixmlehdr $@ $(XEN_IMG_OFFSET) $(NM) -pa --format=3Dsysv $@ \ | $(objtree)/tools/symbols --all-symbols --xensyms --sysv --sort \ > $@.map diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S index 66e1a21033..5ec2a272a9 100644 --- a/xen/arch/x86/boot/head.S +++ b/xen/arch/x86/boot/head.S @@ -397,6 +397,12 @@ slaunch_stub_entry: mov %ebx, %esi sub $sym_offs(slaunch_stub_entry), %esi =20 +#ifdef XEN_BUILD_EFI + /* If the flag is already set, then Xen should continue execution.= */ + cmpb $0, sym_esi(slaunch_active) + jne slaunch_efi_jumpback +#endif + /* On AMD, %ebp holds the base address of SLB, save it for later. = */ mov %ebp, %ebx =20 @@ -836,6 +842,124 @@ trampoline_setup: /* Jump into the relocated trampoline. */ lret =20 +#ifdef XEN_BUILD_EFI + + /* + * The state matches that of slaunch_stub_entry above, but with %e= si + * already initialized. + */ +slaunch_efi_jumpback: + lea STACK_SIZE - CPUINFO_sizeof + sym_esi(cpu0_stack), %esp + + /* Prepare gdt and segments. */ + add %esi, sym_esi(gdt_boot_base) + lgdt sym_esi(gdt_boot_descr) + + mov $BOOT_DS, %ecx + mov %ecx, %ds + mov %ecx, %es + mov %ecx, %ss + + push $BOOT_CS32 + lea sym_esi(.Lgdt_is_set),%edx + push %edx + lret +.Lgdt_is_set: + + /* + * Stash TSC as above because it was zeroed on jumping into bootlo= ader + * to not interfere with measurements. + */ + rdtsc + mov %eax, sym_esi(boot_tsc_stamp) + mov %edx, 4 + sym_esi(boot_tsc_stamp) + + /* + * Clear the pagetables before the use. We are loaded below 4GiB a= nd + * this avoids the need for writing to higher dword of each entry. + * Additionally, this ensures those dwords are actually zero and t= he + * mappings aren't manipulated from outside. + */ + lea sym_esi(bootmap_start), %edi + lea sym_esi(bootmap_end), %ecx + sub %edi, %ecx + xor %eax, %eax + shr $2, %ecx + rep stosl + + /* 1x L1 page, 512 entries mapping total of 2M. */ + lea sym_esi(l1_bootmap), %edi + mov $512, %ecx + mov $(__PAGE_HYPERVISOR + 512 * PAGE_SIZE), %edx +.Lfill_l1_identmap: + sub $PAGE_SIZE, %edx + /* Loop runs for ecx=3D[512..1] for entries [511..0], hence -8. */ + mov %edx, -8(%edi,%ecx,8) + loop .Lfill_l1_identmap + + /* 4x L2 pages, each page mapping 1G of RAM. */ + lea sym_esi(l2_bootmap), %edi + /* 1st entry points to L1. */ + lea (sym_offs(l1_bootmap) + __PAGE_HYPERVISOR)(%esi), %edx + mov %edx, (%edi) + /* Other entries are 2MB pages. */ + mov $(4 * 512 - 1), %ecx + /* + * Value below should be 4GB + flags, which wouldn't fit in 32b + * register. To avoid warning from the assembler, 4GB is skipped h= ere. + * Substitution in first iteration makes the value roll over and p= oint + * to 4GB - 2MB + flags. + */ + mov $(_PAGE_PSE + __PAGE_HYPERVISOR), %edx +.Lfill_l2_identmap: + sub $(1 << L2_PAGETABLE_SHIFT), %edx + /* Loop runs for ecx=3D[2047..1] for entries [2047..1]. */ + mov %edx, (%edi,%ecx,8) + loop .Lfill_l2_identmap + + /* 1x L3 page, mapping the 4x L2 pages. */ + lea sym_esi(l3_bootmap), %edi + mov $4, %ecx + lea (sym_offs(l2_bootmap) + 4 * PAGE_SIZE + __PAGE_HYPERVISOR)= (%esi), %edx +.Lfill_l3_identmap: + sub $PAGE_SIZE, %edx + /* Loop runs for ecx=3D[4..1] for entries [3..0], hence -8. */ + mov %edx, -8(%edi,%ecx,8) + loop .Lfill_l3_identmap + + /* 1x L4 page, mapping the L3 page. */ + lea (sym_offs(l3_bootmap) + __PAGE_HYPERVISOR)(%esi), %edx + mov %edx, sym_esi(l4_bootmap) + + /* Restore CR4, PAE must be enabled before IA-32e mode */ + mov %cr4, %ecx + or $X86_CR4_PAE, %ecx + mov %ecx, %cr4 + + /* Load PML4 table location into PT base register */ + lea sym_esi(l4_bootmap), %eax + mov %eax, %cr3 + + /* Enable IA-32e mode and paging */ + mov $MSR_EFER, %ecx + rdmsr + or $EFER_LME >> 8, %ah + wrmsr + + mov %cr0, %eax + or $X86_CR0_PG | X86_CR0_NE | X86_CR0_TS | X86_CR0_MP, %eax + mov %eax, %cr0 + + /* Now in IA-32e compatibility mode, use lret to jump to 64b mode = */ + lea sym_esi(start_xen_from_efi), %ecx + push $BOOT_CS64 + push %ecx + lret + +.global start_xen_from_efi + +#endif /* XEN_BUILD_EFI */ + ENTRY(trampoline_start) #include "trampoline.S" ENTRY(trampoline_end) diff --git a/xen/arch/x86/boot/x86_64.S b/xen/arch/x86/boot/x86_64.S index ac33576d8f..67896f5fe5 100644 --- a/xen/arch/x86/boot/x86_64.S +++ b/xen/arch/x86/boot/x86_64.S @@ -221,14 +221,22 @@ GLOBAL(__page_tables_end) /* Init pagetables. Enough page directories to map into 4GB. */ .section .init.data, "aw", @progbits =20 -DATA_LOCAL(l1_bootmap, PAGE_SIZE) +bootmap_start: + +DATA_LOCAL(l1_bootmap, PAGE_SIZE) /* 1x L1 page, mapping 2M of RAM. */ .fill L1_PAGETABLE_ENTRIES, 8, 0 END(l1_bootmap) =20 -DATA(l2_bootmap, PAGE_SIZE) +DATA(l2_bootmap, PAGE_SIZE) /* 4x L2 pages, each mapping 1G of RAM. */ .fill 4 * L2_PAGETABLE_ENTRIES, 8, 0 END(l2_bootmap) =20 -DATA(l3_bootmap, PAGE_SIZE) +DATA(l3_bootmap, PAGE_SIZE) /* 1x L3 page, mapping the 4x L2 pages. */ .fill L3_PAGETABLE_ENTRIES, 8, 0 END(l3_bootmap) + +DATA_LOCAL(l4_bootmap, PAGE_SIZE) /* 1x L4 page, mapping the L3 page. */ + .fill L4_PAGETABLE_ENTRIES, 8, 0 +END(l4_bootmap) + +bootmap_end: diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 1d8902a9a7..6aaba4a966 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -5,6 +5,12 @@ */ #include =20 +/* + * Tell to access TXT registers without address translat= ion + * which has not yet been set up. + */ +#define __EARLY_SLAUNCH__ + #include #include #include @@ -13,8 +19,11 @@ #include #include #include +#include +#include =20 static struct file __initdata ucode; +static uint64_t __initdata xen_image_size; static multiboot_info_t __initdata mbi =3D { .flags =3D MBI_MODULES | MBI_LOADERNAME }; @@ -230,10 +239,29 @@ static void __init efi_arch_pre_exit_boot(void) } } =20 -static void __init noreturn efi_arch_post_exit_boot(void) +void __init asmlinkage noreturn start_xen_from_efi(void) { u64 cr4 =3D XEN_MINIMAL_CR4 & ~X86_CR4_PGE, efer; =20 + if ( slaunch_active ) + { + struct slr_table *slrt =3D (struct slr_table *)efi.slr; + struct slr_entry_intel_info *intel_info; + + intel_info =3D (struct slr_entry_intel_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_INTEL_INFO); + if ( intel_info !=3D NULL ) + { + void *txt_heap =3D txt_init(); + struct txt_os_mle_data *os_mle =3D txt_os_mle_data_start(txt_h= eap); + struct txt_os_sinit_data *os_sinit =3D + txt_os_sinit_data_start(txt_heap); + + txt_verify_pmr_ranges(os_mle, os_sinit, intel_info, xen_phys_s= tart, + xen_phys_start, xen_image_size); + } + } + efi_arch_relocate_image(__XEN_VIRT_START - xen_phys_start); memcpy(_p(trampoline_phys), trampoline_start, cfg.size); =20 @@ -279,6 +307,63 @@ static void __init noreturn efi_arch_post_exit_boot(vo= id) unreachable(); } =20 +static void __init attempt_secure_launch(void) +{ + struct slr_table *slrt; + struct slr_entry_dl_info *dlinfo; + dl_handler_func handler_callback; + + /* The presence of this table indicates a Secure Launch boot. */ + slrt =3D (struct slr_table *)efi.slr; + if ( efi.slr =3D=3D EFI_INVALID_TABLE_ADDR || slrt->magic !=3D SLR_TAB= LE_MAGIC || + slrt->revision !=3D SLR_TABLE_REVISION ) + return; + + /* Avoid calls into firmware after DRTM. */ + __clear_bit(EFI_RS, &efi_flags); + + /* + * Make measurements less sensitive to hardware-specific details. + * + * Intentionally leaving efi_ct and efi_num_ct intact. + */ + efi_ih =3D NULL; + efi_bs =3D NULL; + efi_bs_revision =3D 0; + efi_rs =3D NULL; + efi_version =3D 0; + efi_fw_vendor =3D NULL; + efi_fw_revision =3D 0; + StdOut =3D NULL; + StdErr =3D NULL; + boot_tsc_stamp =3D 0; + + slaunch_active =3D true; + slaunch_slrt =3D efi.slr; + + /* Jump through DL stub to initiate Secure Launch. */ + dlinfo =3D (struct slr_entry_dl_info *) + slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_DL_INFO); + + handler_callback =3D (dl_handler_func)dlinfo->dl_handler; + handler_callback(&dlinfo->bl_context); + + unreachable(); +} + +static void __init noreturn efi_arch_post_exit_boot(void) +{ + /* + * If Secure Launch happens, attempt_secure_launch() doesn't return and + * start_xen_from_efi() is invoked after DRTM has been initiated. + * Otherwise, attempt_secure_launch() returns and execution continues = as + * usual. + */ + attempt_secure_launch(); + + start_xen_from_efi(); +} + static void __init efi_arch_cfg_file_early(const EFI_LOADED_IMAGE *image, EFI_FILE_HANDLE dir_handle, const char *section) @@ -775,6 +860,7 @@ static void __init efi_arch_halt(void) static void __init efi_arch_load_addr_check(const EFI_LOADED_IMAGE *loaded= _image) { xen_phys_start =3D (UINTN)loaded_image->ImageBase; + xen_image_size =3D loaded_image->ImageSize; if ( (xen_phys_start + loaded_image->ImageSize - 1) >> 32 ) blexit(L"Xen must be loaded below 4Gb."); if ( xen_phys_start & ((1 << L2_PAGETABLE_SHIFT) - 1) ) diff --git a/xen/arch/x86/efi/fixmlehdr.c b/xen/arch/x86/efi/fixmlehdr.c new file mode 100644 index 0000000000..60a91c6b73 --- /dev/null +++ b/xen/arch/x86/efi/fixmlehdr.c @@ -0,0 +1,127 @@ +#include +#include +#include +#include + +/* + * Depending on the toolchain and its configuration the header can end up = quite + * far from the start of the file. + */ +#define PREFIX_SIZE (8*1024) + +struct mle_header +{ + uint8_t uuid[16]; + uint32_t header_len; + uint32_t version; + uint32_t entry_point; + uint32_t first_valid_page; + uint32_t mle_start; + uint32_t mle_end; + uint32_t capabilities; + uint32_t cmdline_start; + uint32_t cmdline_end; +} __attribute__ ((packed)); + +static const uint8_t MLE_HEADER_UUID[] =3D { + 0x5a, 0xac, 0x82, 0x90, 0x6f, 0x47, 0xa7, 0x74, + 0x0f, 0x5c, 0x55, 0xa2, 0xcb, 0x51, 0xb6, 0x42 +}; + +int main(int argc, char *argv[]) +{ + FILE *fp; + struct mle_header header; + int i; + char *end_ptr; + long long correction; + const char *file_path; + + if ( argc !=3D 3 ) + { + fprintf(stderr, "Usage: %s \n", argv[0= ]); + return 1; + } + + correction =3D strtoll(argv[2], &end_ptr, 0); + if ( *end_ptr !=3D '\0' ) + { + fprintf(stderr, "Failed to parse '%s' as a number\n", argv[2]); + return 1; + } + if ( correction < INT32_MIN ) + { + fprintf(stderr, "Correction '%s' is too small\n", argv[2]); + return 1; + } + if ( correction > INT32_MAX ) + { + fprintf(stderr, "Correction '%s' is too large\n", argv[2]); + return 1; + } + + file_path =3D argv[1]; + + fp =3D fopen(file_path, "r+"); + if ( fp =3D=3D NULL ) + { + fprintf(stderr, "Failed to open %s\n", file_path); + return 1; + } + + for ( i =3D 0; i < PREFIX_SIZE; i +=3D 16 ) + { + uint8_t bytes[16]; + + if ( fread(bytes, sizeof(bytes), 1, fp) !=3D 1 ) + { + fprintf(stderr, "Failed to find MLE header in %s\n", file_path= ); + goto fail; + } + + if ( memcmp(bytes, MLE_HEADER_UUID, 16) =3D=3D 0 ) + { + break; + } + } + + if ( i >=3D PREFIX_SIZE ) + { + fprintf(stderr, "Failed to find MLE header in %s\n", file_path); + goto fail; + } + + if ( fseek(fp, -16, SEEK_CUR) ) + { + fprintf(stderr, "Failed to seek back to MLE header in %s\n", file_= path); + goto fail; + } + + if ( fread(&header, sizeof(header), 1, fp) !=3D 1 ) + { + fprintf(stderr, "Failed to read MLE header from %s\n", file_path); + goto fail; + } + + if ( fseek(fp, -(int)sizeof(header), SEEK_CUR) ) + { + fprintf(stderr, "Failed to seek back again to MLE header in %s\n", + file_path); + goto fail; + } + + header.entry_point +=3D correction; + + if ( fwrite(&header, sizeof(header), 1, fp) !=3D 1 ) + { + fprintf(stderr, "Failed to write MLE header in %s\n", file_path); + goto fail; + } + + fclose(fp); + return 0; + +fail: + fclose(fp); + return 1; +} diff --git a/xen/arch/x86/slaunch.c b/xen/arch/x86/slaunch.c index f0447f91d2..15cfe944a7 100644 --- a/xen/arch/x86/slaunch.c +++ b/xen/arch/x86/slaunch.c @@ -5,6 +5,7 @@ */ =20 #include +#include #include #include #include @@ -244,10 +245,23 @@ check_drtm_policy(struct slr_table *slrt, { uint32_t i; uint32_t num_mod_entries; + int min_entries; =20 - if ( policy->nr_entries < 2 ) - panic("DRTM policy in SLRT contains less than 2 entries (%d)!\n", - policy->nr_entries); + min_entries =3D efi_enabled(EFI_BOOT) ? 1 : 2; + if ( policy->nr_entries < min_entries ) + { + panic("DRTM policy in SLRT contains less than %d entries (%d)!\n", + min_entries, policy->nr_entries); + } + + if ( efi_enabled(EFI_BOOT) ) + { + check_slrt_policy_entry(&policy_entry[0], 0, slrt); + /* SLRT was measured in tpm_measure_slrt(). */ + return 1; + } + + /* This must be legacy MultiBoot2 boot. */ =20 /* * MBI policy entry must be the first one, so that measuring order mat= ches @@ -316,6 +330,7 @@ void __init slaunch_process_drtm_policy(const struct bo= ot_info *bi) struct slr_table *slrt; struct slr_entry_policy *policy; struct slr_policy_entry *policy_entry; + int rc; uint16_t i; unsigned int measured; =20 @@ -331,7 +346,6 @@ void __init slaunch_process_drtm_policy(const struct bo= ot_info *bi) =20 for ( i =3D measured; i < policy->nr_entries; i++ ) { - int rc; uint64_t start =3D policy_entry[i].entity; uint64_t size =3D policy_entry[i].size; =20 @@ -376,6 +390,58 @@ void __init slaunch_process_drtm_policy(const struct b= oot_info *bi) =20 policy_entry[i].flags |=3D SLR_POLICY_FLAG_MEASURED; } + + /* + * On x86 EFI platforms Xen reads its command-line options and kernel/= initrd + * from configuration files (several can be chained). Bootloader can't= know + * contents of the configuration beforehand without parsing it, so the= re + * will be no corresponding policy entries. Instead, measure command-l= ine + * and all modules here. + */ + if ( efi_enabled(EFI_BOOT) ) + { +#define LOG_DATA(str) (uint8_t *)(str), (sizeof(str) - 1) + + tpm_hash_extend(DRTM_LOC, DRTM_DATA_PCR, + (const uint8_t *)bi->cmdline, strlen(bi->cmdline), + DLE_EVTYPE_SLAUNCH, LOG_DATA("Xen's command line")= ); + + for ( i =3D 0; i < bi->nr_modules; i++ ) + { + const struct boot_module *mod =3D &bi->mods[i]; + + paddr_t string =3D mod->cmdline_pa; + paddr_t start =3D mod->start; + size_t size =3D mod->size; + + if ( mod->relocated || mod->released ) + { + panic("A module \"%s\" (#%d) was consumed before measureme= nt\n", + (const char *)__va(string), i); + } + + /* + * Measuring module's name separately because module's command= -line + * parameters are appended to its name when present. + * + * 2 MiB is minimally mapped size and it should more than suff= ice. + */ + rc =3D slaunch_map_l2(string, 2 * 1024 * 1024); + BUG_ON(rc !=3D 0); + + tpm_hash_extend(DRTM_LOC, DRTM_DATA_PCR, + __va(string), strlen(__va(string)), + DLE_EVTYPE_SLAUNCH, LOG_DATA("MB module string= ")); + + rc =3D slaunch_map_l2(start, size); + BUG_ON(rc !=3D 0); + + tpm_hash_extend(DRTM_LOC, DRTM_CODE_PCR, __va(start), size, + DLE_EVTYPE_SLAUNCH, LOG_DATA("MB module")); + } + +#undef LOG_DATA + } } =20 int __init slaunch_map_l2(unsigned long paddr, unsigned long size) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index e39fbc3529..35501ee4de 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -19,6 +19,7 @@ #if EFI_PAGE_SIZE !=3D PAGE_SIZE # error Cannot use xen/pfn.h here! #endif +#include #include #include #ifdef CONFIG_X86 @@ -1004,6 +1005,7 @@ static void __init efi_tables(void) static EFI_GUID __initdata mps_guid =3D MPS_TABLE_GUID; static EFI_GUID __initdata smbios_guid =3D SMBIOS_TABLE_GUID; static EFI_GUID __initdata smbios3_guid =3D SMBIOS3_TABLE_GUID; + static EFI_GUID __initdata slr_guid =3D UEFI_SLR_TABLE_GUID; =20 if ( match_guid(&acpi2_guid, &efi_ct[i].VendorGuid) ) efi.acpi20 =3D (unsigned long)efi_ct[i].VendorTable; @@ -1015,6 +1017,8 @@ static void __init efi_tables(void) efi.smbios =3D (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&smbios3_guid, &efi_ct[i].VendorGuid) ) efi.smbios3 =3D (unsigned long)efi_ct[i].VendorTable; + if ( match_guid(&slr_guid, &efi_ct[i].VendorGuid) ) + efi.slr =3D (unsigned long)efi_ct[i].VendorTable; if ( match_guid(&esrt_guid, &efi_ct[i].VendorGuid) ) esrt =3D (UINTN)efi_ct[i].VendorTable; } diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index 7e1fce291d..e1b339f162 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -70,6 +70,7 @@ struct efi __read_mostly efi =3D { .mps =3D EFI_INVALID_TABLE_ADDR, .smbios =3D EFI_INVALID_TABLE_ADDR, .smbios3 =3D EFI_INVALID_TABLE_ADDR, + .slr =3D EFI_INVALID_TABLE_ADDR, }; =20 const struct efi_pci_rom *__read_mostly efi_pci_roms; diff --git a/xen/include/xen/efi.h b/xen/include/xen/efi.h index 160804e294..614dfce66a 100644 --- a/xen/include/xen/efi.h +++ b/xen/include/xen/efi.h @@ -19,6 +19,7 @@ struct efi { unsigned long acpi20; /* ACPI table (ACPI 2.0) */ unsigned long smbios; /* SM BIOS table */ unsigned long smbios3; /* SMBIOS v3 table */ + unsigned long slr; /* SLR table */ }; =20 extern struct efi efi; --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156313; cv=none; d=zohomail.com; s=zohoarc; b=LdKTXLgwHLe1XW4ozfYbpO/4uCp2kukuea3vP2DiF4LzpIMT4rX2XfXJaujg+/qY21jSgTEj6bM5G0bIM0Qqv1oYFZgvlhUP70Jh5wE7md26HPEGXTh74OO/4muAd4ye8jHDKH3u0QWR1ab72Lw2a5zxEfiq/BEXRMfUeeTQubQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156313; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xpixWV2mjLfPJBjterQJqwu+52ca0ZiJyxVq/AkKkxM=; b=Mcu5BDGe7Auxuok0Hldgl4SwrhUFRf1LfLSYCYcyquKM8fTYSPCkD3D743kY7j0NWppRA83ZGamRKYkUC2S51RzA+giPkjLIH8ZMpzfuB7+PGCnIkaSCPRq1dBL/Sa751bfYX6L3HkwH+A/4ATEEUWjgiXaf8jdnOv/d007trh4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1747156313428914.4674672512949; Tue, 13 May 2025 10:11:53 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983317.1369693 (Exim 4.92) (envelope-from ) id 1uEtAM-0005H7-4B; Tue, 13 May 2025 17:11:42 +0000 Received: by outflank-mailman (output) from mailman id 983317.1369693; Tue, 13 May 2025 17:11:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEtAL-0005Gt-WF; Tue, 13 May 2025 17:11:42 +0000 Received: by outflank-mailman (input) for mailman id 983317; Tue, 13 May 2025 17:11:41 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt6E-0003Uz-UH for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:26 +0000 Received: from 1.mo575.mail-out.ovh.net (1.mo575.mail-out.ovh.net [46.105.41.146]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id bdf0c63c-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:07:25 +0200 (CEST) Received: from director5.ghost.mail-out.ovh.net (unknown [10.108.2.253]) by mo575.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZj0tsHz1wl4 for ; Tue, 13 May 2025 17:07:25 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-2qtvb (unknown [10.111.174.145]) by director5.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 4F1CA1FE42; Tue, 13 May 2025 17:07:24 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.106]) by ghost-submission-5b5ff79f4f-2qtvb with ESMTPSA id RlK5Akx8I2jSxwEAFJ2vGA (envelope-from ); Tue, 13 May 2025 17:07:24 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: bdf0c63c-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-106R006b9d271f3-da02-4016-b3b2-a9ec1fd8f92a, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Jan Beulich , Andrew Cooper , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , "Daniel P. Smith" , Ross Philipson , trenchboot-devel@googlegroups.com Subject: [PATCH v2 21/22] x86/cpu: report SMX, TXT and SKINIT capabilities Date: Tue, 13 May 2025 20:05:58 +0300 Message-ID: <7df06438d497830c646db4d32a4715e9fad729ec.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8956815236962366620 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhggtgfgsehtkeertdertdejnecuhfhrohhmpefuvghrghhiihcuffhmhihtrhhukhcuoehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomheqnecuggftrfgrthhtvghrnhepgeekffeiiedtveekhfdugeffveeigefgleegvdeghefftdetheefueeliedukedvnecukfhppeduvdejrddtrddtrddupddujeeirdduuddurddukedurddujeekpdefjedrheelrddugedvrddutdeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehsvghrghhiihdrughmhihtrhhukhesfehmuggvsgdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeigvghnqdguvghvvghlsehlihhsthhsrdigvghnphhrohhjvggtthdrohhrghdpoffvtefjohhsthepmhhoheejhegmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=xpixWV2mjLfPJBjterQJqwu+52ca0ZiJyxVq/AkKkxM=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156045; v=1; b=KXpwKzJca4J3oxVvPsBkDdeqPcWzz5qGHw4Ew0kWg0h7AXN2Vnz2amGTJTNY/uzFGaQw+s8h AvwBUWKWMn0yjMXE9VzqCX+kxafgy67m8k2ZlWgaiCRH/7Y9Aymc98G0ryJ4Q2R7CzUQeN1EL8/ UGabTrzvs8oTLFXK8nWZDgPqei7qqBLrNKCRcGP9UuZbFhvSBjOgyTS3xMnONGge3Yh8ESaH9Fi KMdqHur+hVpQCy6gD2hf9SGNSrU78VeNkbjr+3XgapGIgMSeObMOP62a1SYnbhrYLMPWLcQi/7p zXPyeSM4a907OjKBKzFiqkRNHMizKE4wekwaqP5Ia7DOQ== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156315042019000 From: Micha=C5=82 =C5=BBygowski Report TXT capabilities so that dom0 can query the Intel TXT or AMD SKINIT support information using xl dmesg. Signed-off-by: Micha=C5=82 =C5=BBygowski Signed-off-by: Sergii Dmytruk --- xen/arch/x86/cpu/amd.c | 16 ++++++++++ xen/arch/x86/cpu/cpu.h | 1 + xen/arch/x86/cpu/hygon.c | 1 + xen/arch/x86/cpu/intel.c | 46 ++++++++++++++++++++++++++++ xen/arch/x86/include/asm/intel-txt.h | 5 +++ 5 files changed, 69 insertions(+) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 37d67dd15c..18b6cbb50b 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -684,6 +684,21 @@ void amd_log_freq(const struct cpuinfo_x86 *c) #undef FREQ } =20 +void amd_log_skinit(const struct cpuinfo_x86 *c) +{ + /* + * Run only on BSP and not during resume to report the capability only= once. + */ + if ( system_state !=3D SYS_STATE_resume && smp_processor_id() ) + return; + + printk("CPU: SKINIT capability "); + if ( !test_bit(X86_FEATURE_SKINIT, &boot_cpu_data.x86_capability) ) + printk("not supported\n"); + else + printk("supported\n"); +} + void cf_check early_init_amd(struct cpuinfo_x86 *c) { if (c =3D=3D &boot_cpu_data) @@ -1333,6 +1348,7 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) check_syscfg_dram_mod_en(); =20 amd_log_freq(c); + amd_log_skinit(c); } =20 const struct cpu_dev __initconst_cf_clobber amd_cpu_dev =3D { diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index 8be65e975a..5bcf118a93 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -20,6 +20,7 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *= c); =20 void cf_check early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); +void amd_log_skinit(const struct cpuinfo_x86 *c); void amd_init_lfence(struct cpuinfo_x86 *c); void amd_init_ssbd(const struct cpuinfo_x86 *c); void amd_init_spectral_chicken(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index f7508cc8fc..6ebb8b5fab 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -85,6 +85,7 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) } =20 amd_log_freq(c); + amd_log_skinit(c); } =20 const struct cpu_dev __initconst_cf_clobber hygon_cpu_dev =3D { diff --git a/xen/arch/x86/cpu/intel.c b/xen/arch/x86/cpu/intel.c index 12c3ff65e0..a99aec80ad 100644 --- a/xen/arch/x86/cpu/intel.c +++ b/xen/arch/x86/cpu/intel.c @@ -14,6 +14,7 @@ #include #include #include +#include =20 #include "cpu.h" =20 @@ -605,6 +606,49 @@ static void init_intel_perf(struct cpuinfo_x86 *c) } } =20 +/* + * Print out the SMX and TXT capabilties, so that dom0 can determine if the + * system is DRTM-capable. + */ +static void intel_log_smx_txt(struct cpuinfo_x86 *c) +{ + unsigned long cr4_val, getsec_caps; + + /* + * Run only on BSP and not during resume to report the capability only= once. + */ + if ( system_state !=3D SYS_STATE_resume && smp_processor_id() ) + return; + + printk("CPU: SMX capability "); + if ( !test_bit(X86_FEATURE_SMX, &boot_cpu_data.x86_capability) ) + { + printk("not supported\n"); + return; + } + printk("supported\n"); + + /* Can't run GETSEC without VMX and SMX */ + if ( !test_bit(X86_FEATURE_VMX, &boot_cpu_data.x86_capability) ) + return; + + cr4_val =3D read_cr4(); + if ( !(cr4_val & X86_CR4_SMXE) ) + write_cr4(cr4_val | X86_CR4_SMXE); + + asm volatile ("getsec\n" + : "=3Da" (getsec_caps) + : "a" (GETSEC_CAPABILITIES), "b" (0) :); + + if ( getsec_caps & GETSEC_CAP_TXT_CHIPSET ) + printk("Chipset supports TXT\n"); + else + printk("Chipset does not support TXT\n"); + + if ( !(cr4_val & X86_CR4_SMXE) ) + write_cr4(cr4_val & ~X86_CR4_SMXE); +} + static void cf_check init_intel(struct cpuinfo_x86 *c) { /* Detect the extended topology information if available */ @@ -619,6 +663,8 @@ static void cf_check init_intel(struct cpuinfo_x86 *c) detect_ht(c); } =20 + intel_log_smx_txt(c); + /* Work around errata */ Intel_errata_workarounds(c); =20 diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/as= m/intel-txt.h index 5d76443d35..c834e08903 100644 --- a/xen/arch/x86/include/asm/intel-txt.h +++ b/xen/arch/x86/include/asm/intel-txt.h @@ -85,6 +85,11 @@ #define TXT_AP_BOOT_CS 0x0030 #define TXT_AP_BOOT_DS 0x0038 =20 +/* EAX value for GETSEC leaf functions. Intel SDM: GETSEC[CAPABILITIES] */ +#define GETSEC_CAPABILITIES 0 +/* Intel SDM: GETSEC Capability Result Encoding */ +#define GETSEC_CAP_TXT_CHIPSET 1 + #ifndef __ASSEMBLY__ =20 #include --=20 2.49.0 From nobody Thu Dec 18 23:23:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1747156253; cv=none; d=zohomail.com; s=zohoarc; b=jhcvIoMJkANd3aK2Zo1OfHuNKzk6+bKae6Vl0KMqFfA44KPW7wc+R6YK6AhFuK0JR7q8rEzgjk7QpDN8jo7+yX1D6x1vHWwwN6jM9FuZjPVHxLANpD7nOQ5DBGAAV3B+yWodYx3oIYjcfefrgRy1R4GHxLm/hPT1i1R7+e4qrTo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747156253; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=8CU5n8sNAhVdjlvMK18YMG3nlKQ58o1NvkLmgNfIo+o=; b=TTotlQw/9PG454G8z23YgqL6iK1UectItU1Jxwe8xH20vpaNgdXJyTRpqjpl3XXxBHf6EuiHBC6pdPTgj+Gh4j1O3q5Qx2Nb9BoL1TXMpJAzaD3OK28dV1QJrKBTb8TRxEHSiNXKp121MyQe3Vrukm8kUByIt0KuFtgnC5+TRhs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 174715625386352.43990005556532; Tue, 13 May 2025 10:10:53 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.983244.1369603 (Exim 4.92) (envelope-from ) id 1uEt9M-0000Tx-2z; Tue, 13 May 2025 17:10:40 +0000 Received: by outflank-mailman (output) from mailman id 983244.1369603; Tue, 13 May 2025 17:10:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt9L-0000Tq-Uv; Tue, 13 May 2025 17:10:39 +0000 Received: by outflank-mailman (input) for mailman id 983244; Tue, 13 May 2025 17:10:38 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uEt6I-0003Uz-CQ for xen-devel@lists.xenproject.org; Tue, 13 May 2025 17:07:30 +0000 Received: from 8.mo576.mail-out.ovh.net (8.mo576.mail-out.ovh.net [46.105.56.233]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id bffd3587-301c-11f0-9ffb-bf95429c2676; Tue, 13 May 2025 19:07:28 +0200 (CEST) Received: from director8.ghost.mail-out.ovh.net (unknown [10.108.9.153]) by mo576.mail-out.ovh.net (Postfix) with ESMTP id 4ZxjZm441yz28h8 for ; Tue, 13 May 2025 17:07:28 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-j6nvw (unknown [10.111.182.238]) by director8.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 5376C1FDC4; Tue, 13 May 2025 17:07:27 +0000 (UTC) Received: from 3mdeb.com ([37.59.142.104]) by ghost-submission-5b5ff79f4f-j6nvw with ESMTPSA id R+r4A098I2hQCwAAwhyZVA (envelope-from ); Tue, 13 May 2025 17:07:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: bffd3587-301c-11f0-9ffb-bf95429c2676 Authentication-Results: garm.ovh; auth=pass (GARM-104R005288e3f3d-49dd-4252-a12b-c31cd32c9c22, 0F27B6D195039ACFBDF5EC7F2AC12BEA7E98F15C) smtp.auth=sergii.dmytruk@3mdeb.com X-OVh-ClientIp: 176.111.181.178 From: Sergii Dmytruk To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Stefano Stabellini , trenchboot-devel@googlegroups.com Subject: [PATCH v2 22/22] MAINTAINERS: add a section for TrenchBoot Slaunch Date: Tue, 13 May 2025 20:05:59 +0300 Message-ID: <98bb81298fc94f38ea79975937e7a5aa81157493.1747155790.git.sergii.dmytruk@3mdeb.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Ovh-Tracer-Id: 8957659660426982556 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdeftdegieeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepufgvrhhgihhiucffmhihthhruhhkuceoshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhheefheduieelieekfffgfffgfedutdevleevvdfhfffgledvgfdtuddtheefieenucfkphepuddvjedrtddrtddruddpudejiedrudduuddrudekuddrudejkedpfeejrdehledrudegvddruddtgeenucevlhhushhtvghrufhiiigvpeeinecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepshgvrhhgihhirdgumhihthhruhhkseefmhguvggsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhgpdfovfetjfhoshhtpehmohehjeeimgdpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=8CU5n8sNAhVdjlvMK18YMG3nlKQ58o1NvkLmgNfIo+o=; c=relaxed/relaxed; d=3mdeb.com; h=From; s=ovhmo3617313-selector1; t=1747156048; v=1; b=diSlDXfug1mbE2GRfMKugBPijf/YO7XvYtMYpvi+0BRi4FGdonNdHAhyoZ/aIf+mkoHxbNlO hXr8umbnvlw477RvgZAMb0uXDh1RM70BdI/NRyUpw5Vv3NeXa7D8NNRM+Y4WDm2B6w3xZ+1sYFa DeoWI9bzLk4R3UMUPZ6rbN/oKMS5TpnV7iXgm+4QqShjvCpYSkbPZqx+F85XH6ztGj0bRcEXfae JABLnVlg4zIw0mIeikSZIWwiVjAvPpHrV/9FiHjxy5G7/NJTU23caCPOJfE2+YQmAFVvNuPb2za Ebr6zRQYHtvNzX46zTnDHUR8H/NrbrliX7uWqAFfMTgLw== X-ZohoMail-DKIM: pass (identity @3mdeb.com) X-ZM-MESSAGEID: 1747156255384116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Sergii Dmytruk --- MAINTAINERS | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index c11b82eca9..347b3bcbb0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -542,6 +542,21 @@ F: */configure F: */*.ac F: tools/ =20 +TRENCHBOOT SECURE LAUNCH +M: Daniel P. Smith +R: Ross Philipson +R: Sergii Dmytruk +S: Supported +F: xen/include/xen/slr-table.h +F: xen/arch/x86/boot/slaunch-early.c +F: xen/arch/x86/efi/fixmlehdr.c +F: xen/arch/x86/include/asm/intel-txt.h +F: xen/arch/x86/include/asm/slaunch.h +F: xen/arch/x86/include/asm/tpm.h +F: xen/arch/x86/intel-txt.c +F: xen/arch/x86/slaunch.c +F: xen/arch/x86/tpm.c + VM EVENT, MEM ACCESS and MONITOR M: Tamas K Lengyel R: Alexandru Isaila --=20 2.49.0