grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 18/19] slaunch: Introduce a hook for filling SLRT policy

From: Sergii Dmytruk
Subject: [PATCH v3 18/19] slaunch: Introduce a hook for filling SLRT policy
Date: Thu, 12 Dec 2024 15:41:46 +0200 
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
 grub-core/loader/slaunch/slrt.c | 37 ++++++++++++++++++++++++++++++++-
 include/grub/slaunch.h          | 10 +++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/grub-core/loader/slaunch/slrt.c b/grub-core/loader/slaunch/slrt.c
index b5213bcaa..0fe10041f 100644
--- a/grub-core/loader/slaunch/slrt.c
+++ b/grub-core/loader/slaunch/slrt.c
@@ -30,7 +30,7 @@
 #include <grub/i386/mmio.h>
 #include <grub/i386/txt.h>
 
-#define SLR_MAX_POLICY_ENTRIES         7
+#define SLR_MAX_POLICY_ENTRIES         16
 
 /* Area to collect and build SLR Table information */
 static grub_uint8_t slr_policy_buf[GRUB_PAGE_SIZE] = {0};
@@ -65,12 +65,30 @@ grub_setup_slrt_policy (struct grub_slaunch_params 
*slparams,
   struct grub_efi_info *efi_info = NULL;
   grub_uint64_t hi_val;
   int i = 0;
+  int added;
 
   /* A bit of work to extract the v2.08 EFI info from the linux params */
   if (boot_params != NULL)
     efi_info = (struct grub_efi_info *)((grub_uint8_t *)&(boot_params->v0208)
                                          + 2*sizeof(grub_uint32_t));
 
+  if (slparams->fill_policy_hook)
+    {
+      added = slparams->fill_policy_hook (1, SLR_MAX_POLICY_ENTRIES - i,
+                                          
&slr_policy_staging->policy_entries[i],
+                                          slparams->fill_policy_hook_data);
+      if (added < 0)
+        return grub_error (GRUB_ERR_OUT_OF_RANGE,
+                           N_("failed to prepend policy entries"));
+
+      i += added;
+    }
+
+  /* The code below always adds 7 entries. */
+  if (SLR_MAX_POLICY_ENTRIES - i < 7)
+    return grub_error (GRUB_ERR_OUT_OF_RANGE,
+                       N_("not enough policy entry slots"));
+
   /* the SLR table should be measured too, at least parts of it */
   slr_policy_staging->policy_entries[i].pcr = 18;
   slr_policy_staging->policy_entries[i].entity_type = GRUB_SLR_ET_SLRT;
@@ -159,6 +177,23 @@ grub_setup_slrt_policy (struct grub_slaunch_params 
*slparams,
     }
   else
     slr_policy_staging->policy_entries[i].entity_type = GRUB_SLR_ET_UNUSED;
+  i++;
+
+  if (slparams->fill_policy_hook)
+    {
+      added = slparams->fill_policy_hook (0, SLR_MAX_POLICY_ENTRIES - i,
+                                          
&slr_policy_staging->policy_entries[i],
+                                          slparams->fill_policy_hook_data);
+      if (added < 0)
+        return grub_error (GRUB_ERR_OUT_OF_RANGE,
+                           N_("failed to append policy entries"));
+
+      i += added;
+    }
+
+  /* Mark any unused entries with the appropriate type */
+  for (; i < SLR_MAX_POLICY_ENTRIES; ++i)
+      slr_policy_staging->policy_entries[i].entity_type = GRUB_SLR_ET_UNUSED;
 
   return GRUB_ERR_NONE;
 }
diff --git a/include/grub/slaunch.h b/include/grub/slaunch.h
index e0b51f12c..f7bea641e 100644
--- a/include/grub/slaunch.h
+++ b/include/grub/slaunch.h
@@ -68,6 +68,16 @@ struct grub_slaunch_params
   grub_uint32_t dce_size;
   grub_uint64_t tpm_evt_log_base;
   grub_uint32_t tpm_evt_log_size;
+
+  /*
+   * Can be NULL.  Called twice: when starting to add standard SLRT entries and
+   * after adding them.  Should return the number of entries added by the hook
+   * or a negative value on failure.
+   */
+  int (*fill_policy_hook)(int is_start, int available_entries,
+                          struct grub_slr_policy_entry *next_entry, void 
*data);
+  /* Data passed to fill_policy_hook. */
+  void *fill_policy_hook_data;
 };
 
 struct grub_efi_info
-- 
2.47.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]