[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH 7/7] multiboot2: Support SKINIT Secure Launch
|
From: |
Sergii Dmytruk |
|
Subject: |
[RFC PATCH 7/7] multiboot2: Support SKINIT Secure Launch |
|
Date: |
Wed, 18 Dec 2024 21:08:03 +0200 |
From: Michał Żygowski <michal.zygowski@3mdeb.com>
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Signed-off-by: Tomasz Żyjewski <tomasz.zyjewski@3mdeb.com>
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
grub-core/loader/multiboot_mbi2.c | 14 +++++++++++++-
grub-core/loader/slaunch/skl.c | 2 +-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/grub-core/loader/multiboot_mbi2.c
b/grub-core/loader/multiboot_mbi2.c
index dcbfbed1f..9b480c0c2 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -37,6 +37,7 @@
#include <grub/net.h>
#include <grub/lib/cmdline.h>
#include <grub/i386/memory.h>
+#include <grub/i386/skinit.h>
#include <grub/i386/txt.h>
#include <grub/slaunch.h>
#include <grub/slr_table.h>
@@ -430,7 +431,8 @@ grub_multiboot2_load (grub_file_t file, const char
*filename)
slparams->tpm_evt_log_base = get_physical_target_address (ch);
slparams->tpm_evt_log_size = GRUB_SLAUNCH_TPM_EVT_LOG_SIZE;
- if (slparams->platform_type == SLP_INTEL_TXT)
+ /* It's OK to call this for AMD SKINIT because SKL erases the log before
use. */
+ if (slparams->platform_type == SLP_INTEL_TXT || slparams->platform_type
== SLP_AMD_SKINIT)
grub_txt_init_tpm_event_log (get_virtual_current_address (ch),
slparams->tpm_evt_log_size);
@@ -1246,6 +1248,16 @@ grub_multiboot2_perform_slaunch (grub_uint32_t
mbi_target,
if (err != GRUB_ERR_NONE)
return grub_error (err, "TXT boot preparation failed");
}
+ else if (slparams->platform_type == SLP_AMD_SKINIT)
+ {
+ err = grub_skl_setup_module (slparams);
+ if (err != GRUB_ERR_NONE)
+ return grub_error (err, "Failed to setup SKL for Multiboot2");
+
+ err = grub_skl_prepare_bootloader_data (slparams);
+ if (err != GRUB_ERR_NONE)
+ return grub_error (err, "SKL preparations have failed");
+ }
else
return grub_error (GRUB_ERR_BAD_DEVICE,
N_("Unknown secure launcher platform type: %d\n"),
slparams->platform_type);
diff --git a/grub-core/loader/slaunch/skl.c b/grub-core/loader/slaunch/skl.c
index 5de009754..465f2fb7e 100644
--- a/grub-core/loader/slaunch/skl.c
+++ b/grub-core/loader/slaunch/skl.c
@@ -149,7 +149,7 @@ grub_skl_setup_module (struct grub_slaunch_params *slparams)
grub_addr_t max_addr;
#endif
- if (slparams->boot_type == GRUB_SL_BOOT_TYPE_LINUX)
+ if (slparams->boot_type == GRUB_SL_BOOT_TYPE_LINUX || slparams->boot_type ==
GRUB_SL_BOOT_TYPE_MB2)
{
err = grub_relocator_alloc_chunk_align (slparams->relocator, &ch,
0, UP_TO_TOP32(SLB_SIZE),
SLB_SIZE,
--
2.47.1
- [RFC PATCH 0/7] x86: Trenchboot Secure Launch DRTM for AMD SKINIT (GRUB), Sergii Dmytruk, 2024/12/18
- [RFC PATCH 4/7] slaunch/psp: Setup TMRs to protect RAM from DMA, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 1/7] i386: Extra x86 definitions needed by AMD SKINIT Secure Launch, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 7/7] multiboot2: Support SKINIT Secure Launch,
Sergii Dmytruk <=
- [RFC PATCH 5/7] slaunch/skinit: AMD SKINIT Secure Launch core implementation, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 6/7] efi/slaunch: Add AMD Secure Launch support for Linux EFI stub boot, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 2/7] i386: Add PSP discovery code, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 3/7] slaunch/psp: Add core PSP commands and get capability command, Sergii Dmytruk, 2024/12/18