x86/tboot: Add Intel TXT Protection Regions (TPR) support

[PATCH v1 0/2] x86/tboot: Add Intel TXT Protection Regions (TPR) support

Posted by Michal Camacho Romero 4 days, 19 hours ago

Intel TXT Protection Regions (TPRs) are a new hardware mechanism for
DMA protection that replaces Protected Memory Regions
(PMRs). TPRs are configured by the SINIT ACM and managed through the
DTPR table in the TXT heap's extended data elements.

This series adds kernel support for detecting and disabling TPRs during
early boot, allowing the kernel to take over DMA protection management
via the IOMMU.

Patch No.1 adds the TXT heap parsing logic to locate the DTPR table and
disable each TPR instance by setting the enable bit (BIT14 in TPRn_BASE
register).

Patch No.2 integrates TPR detection into the IOMMU initialization path:
skipping force-IOMMU, when TPRs provide DMA protection and tearing down
redundant PMRs.

Tested on Intel platforms with SINIT ACM supporting ACPI DTPR tables.

Documentation:
- Intel TXT DMA Protection Ranges, rev 0.73
https://uefi.org/sites/default/files/resources/633933_Intel_TXT_DMA_Protection_Ranges_rev_0p73.pdf
- Intel TXT MLE Developer's Guide, rev 017
https://cdrdv2-public.intel.com/315168/315168_TXT_MLE_DG_rev_017_7.pdf

Michal Camacho Romero (2):
x86/tboot: Add support for parsing DTPR table and disabling TPRs
iommu/vt-d: Disable PMRs and skip force-IOMMU when TXT TPRs are active

arch/x86/kernel/tboot.c | 146 ++++++++++++++++++++++++++++++++----
drivers/iommu/intel/dmar.c | 12 +++
drivers/iommu/intel/iommu.c | 8 +-
include/linux/tboot.h | 10 +++
4 files changed, 160 insertions(+), 16 deletions(-)

--
2.53.0

---------------------------------------------------------------------
Intel Technology Poland sp. z o.o.
ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital zakladowy 200.000 PLN.
Spolka oswiadcza, ze posiada status duzego przedsiebiorcy w rozumieniu ustawy z dnia 8 marca 2013 r. o przeciwdzialaniu nadmiernym opoznieniom w transakcjach handlowych.

Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek przegladanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.