[PATCH v3 00/19] x86: Trenchboot Secure Launch DRTM for Intel TXT (GRUB)

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 00/19] x86: Trenchboot Secure Launch DRTM for Intel TXT (GRUB)

From:	Sergii Dmytruk
Subject:	[PATCH v3 00/19] x86: Trenchboot Secure Launch DRTM for Intel TXT (GRUB)
Date:	Thu, 12 Dec 2024 15:41:28 +0200

Hello,

Continuing upstreaming [TrenchBoot] code changes.  More context can be found in
the cover letter for [v1].  This set targets v11 of Linux patches [linux-v11].

How the patches look now:

1. [01-02]  Various additions in preparation for later commits
2. [03-05]  TPM-related part (`tpm` module rename, addition of a simple TPM
            driver)
3. [06-08]  SecureLaunch with its SLRT
4. [09-12]  Support for Intel TXT D-RTM
5. [13-15]  Implementation of SecureLaunch commands
6. [16]     Support for TPM 1
7. [17-19]  Multiboot2 support for Intel TXT

This set of changes can also be viewed on GitHub at [TrenchBoot/grub].

Best regards,
Sergii

-----

Changes in v3:
 - rebase on latest master
 - overhaul that changes how SLRT is built, adds UEFI support and a common DL
   entry
 - AMD changes were removed from this series to be submitted separately

Changes in [v2]:
 - 5 patches landed as a separate [generic-x86] series
 - 3 patches were in [generic-x86] as well, got Reviewed-Bys and returned here;
   one of them was extracted out of a different patch
 - patches related to modules received some documentation additions
 - several commit messages became more verbose
 - some commits have seen cosmetic changes with no impact on functionality
 - a leak fix got dropped to be sent separately (it's not really related to the
   rest of changes)

-----

[TrenchBoot]: https://trenchboot.org/
[v1]: https://lists.gnu.org/archive/html/grub-devel/2024-08/msg00088.html
[v2]: https://lists.gnu.org/archive/html/grub-devel/2024-11/msg00000.html
[TrenchBoot/grub]: 
https://github.com/TrenchBoot/grub/compare/f6e2ef2...tb-2.12-139-v3
[generic-x86]: 
https://lists.gnu.org/archive/html/grub-devel/2024-10/msg00055.html
[linux-v11]: https://lkml.org/lkml/2024/9/13/1396

-----

Aleksandr Burmashev (1):
  commands/tpm: Rename tpm module to tpm_verifier

Daniel Kiper (2):
  mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()
  commands/i386/tpm: Add TPM TIS and CRB driver

Fedora Ninjas (1):
  slaunch: Add Secure Launch framework and commands

Michał Żygowski (2):
  i386/txt: Initialize TPM 1.2 event log in TXT heap
  multiboot2: Support TXT Secure Launch

Ross Philipson (11):
  i386: Add CRx, MMIO, MSR and extend CPUID definitions
  efi/tpm: Replace tpm command
  slaunch: Add Secure Launch Resource Table (SLRT) header file
  slaunch: Add main Secure Launch definitions header
  slaunch: Add SLR table setup support module
  i386/txt: Add Intel TXT definitions header file
  slaunch/txt: Add Intel TXT core implementation
  slaunch/txt: Add Intel TXT ACM module support
  slaunch/txt: Add Intel TXT verification routines
  i386/efi: Add DL stub as common DL event module
  efi: Add Secure Launch support for efi/linux boot through EFI stub

Sergii Dmytruk (2):
  multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size
  slaunch: Introduce a hook for filling SLRT policy

 docs/grub.texi                               |   32 +-
 grub-core/Makefile.am                        |    6 +
 grub-core/Makefile.core.def                  |   23 +-
 grub-core/commands/efi/tpm.c                 |    2 +-
 grub-core/commands/i386/tpm.c                |  151 +++
 grub-core/commands/{tpm.c => tpm_verifier.c} |   57 +-
 grub-core/lib/i386/relocator32.S             |    8 +
 grub-core/loader/efi/dltrampoline.S          |   94 ++
 grub-core/loader/efi/linux.c                 |   16 +
 grub-core/loader/i386/bsd.c                  |    3 +
 grub-core/loader/i386/linux.c                |   87 +-
 grub-core/loader/i386/multiboot_mbi.c        |    4 +-
 grub-core/loader/i386/xnu.c                  |    2 +
 grub-core/loader/multiboot.c                 |   16 +-
 grub-core/loader/multiboot_elfxx.c           |   90 +-
 grub-core/loader/multiboot_mbi2.c            |  138 ++-
 grub-core/loader/slaunch/acmod.c             |  575 ++++++++++
 grub-core/loader/slaunch/dlstub.c            |   93 ++
 grub-core/loader/slaunch/i386_linux.c        |  220 ++++
 grub-core/loader/slaunch/slaunch.c           |  204 ++++
 grub-core/loader/slaunch/slrt.c              |  320 ++++++
 grub-core/loader/slaunch/txt.c               | 1001 ++++++++++++++++++
 grub-core/loader/slaunch/verify.c            |  297 ++++++
 grub-core/loader/slaunch/x86_efi_linux.c     |  212 ++++
 grub-core/mmap/mmap.c                        |   83 ++
 include/grub/file.h                          |    3 +
 include/grub/i386/cpuid.h                    |   13 +
 include/grub/i386/crfr.h                     |  190 ++++
 include/grub/i386/linux.h                    |   19 +-
 include/grub/i386/memory.h                   |    5 +
 include/grub/i386/mmio.h                     |   74 ++
 include/grub/i386/msr.h                      |   61 ++
 include/grub/i386/tpm.h                      |   35 +
 include/grub/i386/txt.h                      |  708 +++++++++++++
 include/grub/memory.h                        |    3 +
 include/grub/multiboot.h                     |    2 +-
 include/grub/multiboot2.h                    |    6 +-
 include/grub/slaunch.h                       |  129 +++
 include/grub/slr_table.h                     |  298 ++++++
 include/grub/tpm.h                           |    2 +
 40 files changed, 5217 insertions(+), 65 deletions(-)
 create mode 100644 grub-core/commands/i386/tpm.c
 rename grub-core/commands/{tpm.c => tpm_verifier.c} (60%)
 create mode 100644 grub-core/loader/efi/dltrampoline.S
 create mode 100644 grub-core/loader/slaunch/acmod.c
 create mode 100644 grub-core/loader/slaunch/dlstub.c
 create mode 100644 grub-core/loader/slaunch/i386_linux.c
 create mode 100644 grub-core/loader/slaunch/slaunch.c
 create mode 100644 grub-core/loader/slaunch/slrt.c
 create mode 100644 grub-core/loader/slaunch/txt.c
 create mode 100644 grub-core/loader/slaunch/verify.c
 create mode 100644 grub-core/loader/slaunch/x86_efi_linux.c
 create mode 100644 include/grub/i386/crfr.h
 create mode 100644 include/grub/i386/mmio.h
 create mode 100644 include/grub/i386/tpm.h
 create mode 100644 include/grub/i386/txt.h
 create mode 100644 include/grub/slaunch.h
 create mode 100644 include/grub/slr_table.h


base-commit: 3b8b9e330a3ef211c334a6a6f53ece883d94f8be
prerequisite-patch-id: 450e6ee179d407f3718821303500f65cb955b5db
-- 
2.47.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 00/19] x86: Trenchboot Secure Launch DRTM for Intel TXT (GRUB), Sergii Dmytruk <=
- [PATCH v3 03/19] efi/tpm: Replace tpm command, Sergii Dmytruk, 2024/12/12
- [PATCH v3 01/19] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest(), Sergii Dmytruk, 2024/12/12
- [PATCH v3 02/19] i386: Add CRx, MMIO, MSR and extend CPUID definitions, Sergii Dmytruk, 2024/12/12
- [PATCH v3 04/19] commands/tpm: Rename tpm module to tpm_verifier, Sergii Dmytruk, 2024/12/12
- [PATCH v3 08/19] slaunch: Add SLR table setup support module, Sergii Dmytruk, 2024/12/12
- [PATCH v3 06/19] slaunch: Add Secure Launch Resource Table (SLRT) header file, Sergii Dmytruk, 2024/12/12
- [PATCH v3 07/19] slaunch: Add main Secure Launch definitions header, Sergii Dmytruk, 2024/12/12
- [PATCH v3 14/19] slaunch: Add Secure Launch framework and commands, Sergii Dmytruk, 2024/12/12
- [PATCH v3 05/19] commands/i386/tpm: Add TPM TIS and CRB driver, Sergii Dmytruk, 2024/12/12
- [PATCH v3 10/19] slaunch/txt: Add Intel TXT core implementation, Sergii Dmytruk, 2024/12/12

Prev by Date: [PATCH v3 14/19] slaunch: Add Secure Launch framework and commands
Next by Date: [PATCH v3 05/19] commands/i386/tpm: Add TPM TIS and CRB driver
Previous by thread: [PATCH v2] tpm2_key_protector: dump PCRs on policy fail
Next by thread: [PATCH v3 03/19] efi/tpm: Replace tpm command
Index(es):
- Date
- Thread