[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 18/19] multiboot2: Support AMD SKINIT
From: |
Sergii Dmytruk |
Subject: |
[PATCH v2 18/19] multiboot2: Support AMD SKINIT |
Date: |
Sat, 2 Nov 2024 00:52:28 +0200 |
From: Krystian Hebel <krystian.hebel@3mdeb.com>
Hook up this platform in all the places which previously were specific
to Intel TXT.
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
grub-core/loader/multiboot.c | 11 +++++--
grub-core/loader/multiboot_elfxx.c | 22 ++++++-------
grub-core/loader/multiboot_mbi2.c | 52 +++++++++++++++++++-----------
include/grub/multiboot2.h | 4 +--
4 files changed, 55 insertions(+), 34 deletions(-)
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index 561523a2b..1d1d6a2e9 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -51,6 +51,7 @@
#include <grub/memory.h>
#include <grub/i18n.h>
#if defined (__i386__) || defined (__x86_64__)
+#include <grub/i386/skinit.h>
#include <grub/i386/slaunch.h>
#include <grub/i386/txt.h>
#endif
@@ -176,6 +177,10 @@ normal_boot (struct grub_relocator *rel, struct
grub_relocator32_state state)
state.ecx = slparams->dce_size;
state.edx = 0;
}
+ else if (state.edi == SLP_AMD_SKINIT)
+ {
+ state.eax = slparams->dce_base;
+ }
grub_relocator32_boot (rel, state, 0);
}
@@ -206,10 +211,10 @@ grub_multiboot_boot (void)
return err;
#ifdef GRUB_USE_MULTIBOOT2
- if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+ if (grub_slaunch_platform_type () != SLP_NONE)
{
- err = grub_multiboot2_prepare_slaunch_txt (state.MULTIBOOT_MBI_REGISTER,
- mbi_size);
+ err = grub_multiboot2_prepare_slaunch (state.MULTIBOOT_MBI_REGISTER,
+ mbi_size);
if (err)
return err;
}
diff --git a/grub-core/loader/multiboot_elfxx.c
b/grub-core/loader/multiboot_elfxx.c
index f29fbb411..374b87c52 100644
--- a/grub-core/loader/multiboot_elfxx.c
+++ b/grub-core/loader/multiboot_elfxx.c
@@ -130,13 +130,15 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
if (mld->relocatable)
{
+#ifndef GRUB_USE_MULTIBOOT2
+ if (grub_slaunch_platform_type () != SLP_NONE)
+ return grub_error (GRUB_ERR_BAD_OS, "Only multiboot2 supported for
slaunch");
+#endif
+
load_size = highest_load - mld->link_base_addr;
if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
{
-#ifndef GRUB_USE_MULTIBOOT2
- return grub_error (GRUB_ERR_BAD_OS, "Only multiboot2 supported for
slaunch");
-#else
/*
* We allocate the binary together with the page tables to make one
* contiguous block for MLE.
@@ -147,7 +149,6 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
/* Do not go below GRUB_TXT_PMR_ALIGN. */
if (mld->align < GRUB_TXT_PMR_ALIGN)
mld->align = GRUB_TXT_PMR_ALIGN;
-#endif
}
else
{
@@ -179,14 +180,14 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
grub_dprintf ("multiboot_loader", "load_base_addr=0x%lx, source=0x%lx\n",
(long) mld->load_base_addr, (long) source);
- if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+ if (grub_slaunch_platform_type () != SLP_NONE)
{
-#ifndef GRUB_USE_MULTIBOOT2
- return grub_error (GRUB_ERR_BAD_OS, "Only multiboot2 supported for
slaunch");
-#else
slparams->mle_start = mld->load_base_addr;
slparams->mle_mem = source;
+ }
+ if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+ {
err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT
(relocator), &ch,
GRUB_MEMORY_MACHINE_UPPER_START,
mld->load_base_addr -
slparams->mle_ptab_size,
@@ -203,14 +204,13 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
grub_dprintf ("multiboot_loader", "mle_ptab_mem = %p,
mle_ptab_target = %lx, mle_ptab_size = %x\n",
slparams->mle_ptab_mem, (unsigned long)
slparams->mle_ptab_target,
(unsigned) slparams->mle_ptab_size);
-#endif
}
}
else
{
mld->load_base_addr = mld->link_base_addr;
/* TODO: support non-relocatable */
- if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+ if (grub_slaunch_platform_type () != SLP_NONE)
return grub_error (GRUB_ERR_BAD_OS, "Non-relocatable ELF not supported
with slaunch");
}
@@ -275,7 +275,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
}
}
- if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+ if (grub_slaunch_platform_type () != SLP_NONE)
{
slparams->mle_header_offset = 0xffffffff;
diff --git a/grub-core/loader/multiboot_mbi2.c
b/grub-core/loader/multiboot_mbi2.c
index a611b5d43..b7e1575bc 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -37,6 +37,7 @@
#include <grub/net.h>
#include <grub/lib/cmdline.h>
#include <grub/i386/memory.h>
+#include <grub/i386/skinit.h>
#include <grub/i386/slaunch.h>
#include <grub/i386/txt.h>
#include <grub/slr_table.h>
@@ -281,7 +282,7 @@ grub_multiboot2_load (grub_file_t file, const char
*filename)
if (addr_tag)
{
- if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+ if (grub_slaunch_platform_type () != SLP_NONE)
return grub_error (GRUB_ERR_BAD_OS, "Slaunch not supported with
multiboot addr tag");
grub_uint64_t load_addr = (addr_tag->load_addr + 1)
@@ -398,7 +399,7 @@ grub_multiboot2_load (grub_file_t file, const char
*filename)
accepted_consoles,
0, 0, 0, console_required);
- if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+ if (grub_slaunch_platform_type () != SLP_NONE)
{
grub_relocator_chunk_t ch;
struct grub_slaunch_params *slparams = grub_slaunch_params();
@@ -415,6 +416,7 @@ grub_multiboot2_load (grub_file_t file, const char
*filename)
slparams->tpm_evt_log_base = get_physical_target_address (ch);
slparams->tpm_evt_log_size = GRUB_SLAUNCH_TPM_EVT_LOG_SIZE;
+ /* It's OK to call this for AMD SKINIT because SKL erases the log before
use. */
grub_txt_init_tpm_event_log(get_virtual_current_address (ch),
slparams->tpm_evt_log_size);
@@ -422,7 +424,8 @@ grub_multiboot2_load (grub_file_t file, const char
*filename)
(unsigned long) slparams->tpm_evt_log_base,
(unsigned) slparams->tpm_evt_log_size);
- grub_txt_setup_mle_ptab (slparams);
+ if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+ grub_txt_setup_mle_ptab (slparams);
}
return err;
@@ -1182,27 +1185,37 @@ add_multiboot2_slrt_policy_entries (void)
}
grub_err_t
-grub_multiboot2_prepare_slaunch_txt (grub_uint32_t mbi_target,
- grub_uint32_t mbi_size)
+grub_multiboot2_prepare_slaunch (grub_uint32_t mbi_target,
+ grub_uint32_t mbi_size)
{
grub_err_t err;
struct grub_slaunch_params *slparams = grub_slaunch_params ();
+ grub_uint32_t slp = grub_slaunch_platform_type ();
slparams->boot_params_addr = mbi_target;
- slparams->slr_table_base = GRUB_SLAUNCH_STORE_IN_OS2MLE;
- slparams->slr_table_size = GRUB_PAGE_SIZE;
+ if (slp == SLP_INTEL_TXT)
+ {
+ slparams->slr_table_base = GRUB_SLAUNCH_STORE_IN_OS2MLE;
+ slparams->slr_table_size = GRUB_PAGE_SIZE;
- slparams->slr_table_mem = grub_zalloc (slparams->slr_table_size);
- if (slparams->slr_table_mem == NULL)
- return GRUB_ERR_OUT_OF_MEMORY;
+ slparams->slr_table_mem = grub_zalloc (slparams->slr_table_size);
+ if (slparams->slr_table_mem == NULL)
+ return GRUB_ERR_OUT_OF_MEMORY;
- err = grub_txt_boot_prepare (slparams);
- if (err != GRUB_ERR_NONE)
+ err = grub_txt_boot_prepare (slparams);
+ if (err != GRUB_ERR_NONE)
+ return grub_error (err, "TXT boot preparation failed");
+ }
+ else if (slp == SLP_AMD_SKINIT)
{
- grub_printf ("TXT boot preparation failed");
- return err;
+ err = grub_skinit_boot_prepare (grub_multiboot2_relocator, slparams);
+ if (err != GRUB_ERR_NONE)
+ return grub_error (err, "SKINIT preparations have failed");
}
+ else
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("Unknown secure launcher platform type: %d\n"), slp);
grub_slaunch_add_slrt_policy_entry (GRUB_SLAUNCH_DATA_PCR,
GRUB_SLR_ET_MULTIBOOT2_INFO,
@@ -1211,16 +1224,19 @@ grub_multiboot2_prepare_slaunch_txt (grub_uint32_t
mbi_target,
mbi_size,
"Measured MB2 information");
grub_slaunch_add_slrt_policy_entries ();
- grub_txt_add_slrt_policy_entries ();
+ if (slp == SLP_INTEL_TXT)
+ grub_txt_add_slrt_policy_entries ();
add_multiboot2_slrt_policy_entries ();
grub_slaunch_finish_slr_table ();
grub_dprintf ("multiboot_loader", "slr_table_base = %lx, slr_table_size =
%x\n",
(unsigned long) slparams->slr_table_base,
(unsigned) slparams->slr_table_size);
- grub_memcpy ((void *)(grub_addr_t) slparams->slr_table_base,
- slparams->slr_table_mem,
- slparams->slr_table_size);
+
+ if (slp == SLP_INTEL_TXT)
+ grub_memcpy ((void *)(grub_addr_t) slparams->slr_table_base,
+ slparams->slr_table_mem,
+ slparams->slr_table_size);
return GRUB_ERR_NONE;
}
diff --git a/include/grub/multiboot2.h b/include/grub/multiboot2.h
index 2e843d24e..60d104fed 100644
--- a/include/grub/multiboot2.h
+++ b/include/grub/multiboot2.h
@@ -43,8 +43,8 @@ void grub_multiboot2_set_bootdev (void);
void
grub_multiboot2_add_elfsyms (grub_size_t num, grub_size_t entsize,
unsigned shndx, void *data);
-grub_err_t grub_multiboot2_prepare_slaunch_txt (grub_uint32_t mbi_target,
- grub_uint32_t mbi_size);
+grub_err_t grub_multiboot2_prepare_slaunch (grub_uint32_t mbi_target,
+ grub_uint32_t mbi_size);
grub_uint32_t grub_multiboot2_get_mmap_count (void);
grub_err_t grub_multiboot2_set_video_mode (void);
--
2.47.0
- [PATCH v2 00/19] i386: Intel TXT and AMD SKINIT secure launcher, Sergii Dmytruk, 2024/11/01
- [PATCH v2 02/19] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest(), Sergii Dmytruk, 2024/11/01
- [PATCH v2 01/19] i386/memory: Define GRUB_PAGE_MASK and GRUB_PAGE_{UP, DOWN} macros, Sergii Dmytruk, 2024/11/01
- [PATCH v2 03/19] i386: Add CRx, MMIO, MSR and extend CPUID definitions, Sergii Dmytruk, 2024/11/01
- [PATCH v2 04/19] i386/tpm: Rename tpm module to tpm_verifier, Sergii Dmytruk, 2024/11/01
- [PATCH v2 12/19] i386/txt: Initialize TPM 1.2 event log in TXT heap, Sergii Dmytruk, 2024/11/01
- [PATCH v2 14/19] multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size, Sergii Dmytruk, 2024/11/01
- [PATCH v2 15/19] multiboot2: Implement TXT slaunch support, Sergii Dmytruk, 2024/11/01
- [PATCH v2 17/19] i386/slaunch: Add support for AMD SKINIT, Sergii Dmytruk, 2024/11/01
- [PATCH v2 19/19] i386/linux: Add support for AMD SKINIT, Sergii Dmytruk, 2024/11/01
- [PATCH v2 18/19] multiboot2: Support AMD SKINIT,
Sergii Dmytruk <=