From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E54E6CD4F3C for ; Fri, 15 May 2026 21:16:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=yh0gWGTCHr3HLLSp6B0/bzede+AfJuos48AZ5KwqkJE=; b=K8ITKRnGiFKVP9ejJp/wd2Ywsr pfvQ4gSmw1iTEf2Lg/MMj+xqJD4+G5H8wFkCrwH92OFfjZ1pOXz+vqrBa7bKESEYAnXTnl7Dn4+RQ xiCCULA61AvNNzpZ7VuUDknrxmp329YPe5ouknc2ej38xjEIlLcRSuBTVShUyKiZc9rD2eyJgDCZg tXZzoMLo01yMQQn6Rmvtck4iU542NMTmjqpbLFQ5gv1Lf7pRBFE3c1v+SNH69w3gLtB9CmdU2YN1t E1xLABMvR3nT+0YnJW5WKcDZZH/J6s3sbZV2qhrvYENM5QAtEWO3kTRb7iFzFAwgHAOtKmEdZOAja gdMadSrQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wNzt3-00000009UP7-2ZFL; Fri, 15 May 2026 21:16:01 +0000 Received: from mail-dy1-x1334.google.com ([2607:f8b0:4864:20::1334]) by bombadil.infradead.org with esmtps (Exim 4.99.1 #2 (Red Hat Linux)) id 1wNzt0-00000009UMZ-3jyB for kexec@lists.infradead.org; Fri, 15 May 2026 21:16:00 +0000 Received: by mail-dy1-x1334.google.com with SMTP id 5a478bee46e88-2f7ca62a3c4so297627eec.0 for ; Fri, 15 May 2026 14:15:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778879758; x=1779484558; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yh0gWGTCHr3HLLSp6B0/bzede+AfJuos48AZ5KwqkJE=; b=Nh2OHR0d83pNfRuZGBSvWt1jQXT7ra/LguaublcuYudIuGascIRYEkkHwXpIqq3vo+ fENSr8iKOWcPbMJ63V8GokQ93T6CDXKPpwV2jhPb4g/tY/nUrKrIspSsr0U79fRxrYbR ei0li7cHCl2WmL08u3AaE8cahIkWuezk7QaEOp79slU8xipXBd97ybE3dBeuojAmnWKE t+t0XoiqHRdU8fHGxU4PMtZg7mNqVWCbJUp6SFmjLkkhW1nSfxb8ZppGTEcIzQwUCUvM F8A7ZcWjY39UFSsOZZ6B+pz2AR7FuFfesMUEVpaIFIApegyqC9dm56DbZfYM0TAjA7Og p/mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778879758; x=1779484558; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=yh0gWGTCHr3HLLSp6B0/bzede+AfJuos48AZ5KwqkJE=; b=r9Xc9ZniK+3rmRTtll8gQanqxb7286L7ocH924Wm27ydeZWxFL1kSFg57p/760v7wG OiKqMmfZ0j/618C6oQ7UPRsjmdS1KR7hNBJfy6z5LrxnnLOWIcou3ujVBrt6seNEn/T/ sowhLOMC/mX/0x876TmMWA5hNeFxClb8cosXGD2+IGOCgdKl8haKHOf/SWkthrl/PJQ6 YrYKGhccTPGJjo4dxTrEuH80jihTjJ4fEIU2zaLzn7o2Ao36lJve1KU+nE6z3bIycdLz DJlio9LcldhMqMl3HrI+kRszKlBGQEoIYZmqZkmqocLMCq4oMZE0ygy9uvyRdivfk4k6 T4aA== X-Forwarded-Encrypted: i=1; AFNElJ9YG/4Fwpn/2MPcGEnHoAuwWEWwebLX0L3IcQ53k/irdHcEXZx6C7sfWqgfzURiNyrKV7J2rw==@lists.infradead.org X-Gm-Message-State: AOJu0YxYqsrwIMOfTdmpkl/CAEBatvduIwsmcxsxV4UVqpuLerKynl59 f7hCdcCePYtpRKXyvSreVYg+ALkx8wkXu6Na8Fjjo+VWzj7prHpc9WdS X-Gm-Gg: Acq92OFbRSuv2+3zZ/vuZkvR4+I8KUG/783JyIJVRMHYcV60oQ2Cc7QdK4a3vRwhKJn ubUYll56XXs1Pzi2YKS0rQpAhNSyjbgOJCcNk+mBXMTHITuSqY168FNVmV06cnh507YO581VVr4 wGYPsKG9NFCq2v9oCKNGZq/2pi37uEQEk/FSaR+KbFYCSxSztWclq4KdSEFxY+1b9KfE0K0H8WL sEGNiuhZFSVJ5lf9LSG1EQQHIhrRjL1eYtACi0WJM4MVktrVxPtPn9m33lEmYPEUpzQsP7aBPG6 aCxzXwuSICpJFYMZUNvr43VbjOjSGCiTcovFP4H34cppEi9NRiXLEpacVjxzr+LShmLRLwf6/Kh O52x2M1hPyVqcjMbjvXUj+loF0DWDAP51wn90VU0H+3WFkIqoABeJIf0VUzjBiS700Ck/5/9YvB Ald77YCDV/zJfS6AfP1hFvzaknVhFY4uEVyKoWZQB/tw== X-Received: by 2002:a05:7301:7c12:b0:2ed:e14:7f57 with SMTP id 5a478bee46e88-303986c651cmr3242643eec.33.1778879758108; Fri, 15 May 2026 14:15:58 -0700 (PDT) Received: from mimas.lan ([2603:8000:df01:38f7:a6bb:6dff:fecf:e71a]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-302947e917dsm8006639eec.12.2026.05.15.14.15.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 May 2026 14:15:57 -0700 (PDT) From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, iommu@lists.linux.dev Cc: ross.philipson@gmail.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu, herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com, dwmw2@infradead.org, baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com, daniel.kiper@oracle.com, andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com Subject: [PATCH v16 37/38] x86/efistub: EFI stub DRTM support for Secure Launch Date: Fri, 15 May 2026 14:14:09 -0700 Message-ID: <20260515211410.31440-38-ross.philipson@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260515211410.31440-1-ross.philipson@gmail.com> References: <20260515211410.31440-1-ross.philipson@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.9.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260515_141559_270519_B87F319F X-CRM114-Status: GOOD ( 18.20 ) X-BeenThere: kexec@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "kexec" Errors-To: kexec-bounces+kexec=archiver.kernel.org@lists.infradead.org From: Ard Biesheuvel Invoke the Secure Launch protocol exposed by the boot loader at the appropriate time to perform a measured launch of the decompressed kernel after ExitBootServices(). Co-developed-by: Ross Philipson Signed-off-by: Ard Biesheuvel Signed-off-by: Ross Philipson --- drivers/firmware/efi/libstub/Makefile | 1 + drivers/firmware/efi/libstub/efistub.h | 24 ++++++++++++++ drivers/firmware/efi/libstub/x86-slaunch.c | 38 ++++++++++++++++++++++ drivers/firmware/efi/libstub/x86-stub.c | 27 ++++++++++++--- 4 files changed, 86 insertions(+), 4 deletions(-) create mode 100644 drivers/firmware/efi/libstub/x86-slaunch.c diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index e386ffd009b7..fd5eaf3142b2 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -86,6 +86,7 @@ lib-$(CONFIG_ARM) += arm32-stub.o lib-$(CONFIG_ARM64) += kaslr.o arm64.o arm64-stub.o smbios.o lib-$(CONFIG_X86) += x86-stub.o smbios.o lib-$(CONFIG_X86_64) += x86-5lvl.o +lib-$(CONFIG_SECURE_LAUNCH) += x86-slaunch.o lib-$(CONFIG_RISCV) += kaslr.o riscv.o riscv-stub.o lib-$(CONFIG_LOONGARCH) += loongarch.o loongarch-stub.o diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 979a21818cc1..18301ba3ae0f 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -1267,4 +1267,28 @@ void arch_accept_memory(phys_addr_t start, phys_addr_t end); efi_status_t efi_zboot_decompress_init(unsigned long *alloc_size); efi_status_t efi_zboot_decompress(u8 *out, unsigned long outlen); +#ifdef CONFIG_SECURE_LAUNCH +efi_status_t efi_secure_launch_init(efi_handle_t image_handle); +efi_status_t efi_secure_launch_prepare(struct boot_params *boot_params, + phys_addr_t base); +void efi_secure_launch(void); +#else +static inline +efi_status_t efi_secure_launch_init(efi_handle_t image_handle) +{ + return EFI_UNSUPPORTED; +} + +static inline +efi_status_t efi_secure_launch_prepare(struct boot_params *boot_params, + phys_addr_t base) +{ + return EFI_SUCCESS; +} + +static inline void efi_secure_launch(void) +{ +} +#endif + #endif diff --git a/drivers/firmware/efi/libstub/x86-slaunch.c b/drivers/firmware/efi/libstub/x86-slaunch.c new file mode 100644 index 000000000000..98ff15f94996 --- /dev/null +++ b/drivers/firmware/efi/libstub/x86-slaunch.c @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "efistub.h" + +static struct efi_slaunch_protocol *slaunch; + +efi_status_t efi_secure_launch_init(efi_handle_t image_handle) +{ + return efi_bs_call(handle_protocol, image_handle, + &EFI_SLAUNCH_PROTOCOL_GUID, (void **)&slaunch); +} + +efi_status_t efi_secure_launch_prepare(struct boot_params *boot_params, + phys_addr_t base) +{ + if (!slaunch) + return EFI_SUCCESS; + + return slaunch->setup_dlme(slaunch, base, mle_header_offset, (u64)boot_params); +} + +void efi_secure_launch(void) +{ + if (!slaunch) + return; + + slaunch->launch(slaunch); +} diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index cef32e2c82d8..339e63ae84ef 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -833,7 +833,8 @@ static efi_status_t parse_options(const char *cmdline) } static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry, - struct boot_params *boot_params) + struct boot_params *boot_params, + unsigned long alloc_limit) { unsigned long virt_addr = LOAD_PHYSICAL_ADDR; unsigned long addr, alloc_size, entry; @@ -877,8 +878,7 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry, status = efi_random_alloc(alloc_size, CONFIG_PHYSICAL_ALIGN, &addr, seed[0], EFI_LOADER_CODE, - LOAD_PHYSICAL_ADDR, - EFI_X86_KERNEL_ALLOC_LIMIT); + LOAD_PHYSICAL_ADDR, alloc_limit); if (status != EFI_SUCCESS) return status; @@ -890,6 +890,10 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry, *kernel_entry = addr + entry; + status = efi_secure_launch_prepare(boot_params, addr); + if (status != EFI_SUCCESS) + return status; + return efi_adjust_memory_range_protection(addr, kernel_text_size) ?: efi_adjust_memory_range_protection(addr + kernel_inittext_offset, kernel_inittext_size); @@ -914,6 +918,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, struct boot_params *boot_params) { + unsigned long alloc_limit = EFI_X86_KERNEL_ALLOC_LIMIT; efi_guid_t guid = EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; const struct linux_efi_initrd *initrd = NULL; unsigned long kernel_entry; @@ -925,6 +930,17 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_system_table->hdr.signature != EFI_SYSTEM_TABLE_SIGNATURE) efi_exit(handle, EFI_INVALID_PARAMETER); + status = efi_secure_launch_init(handle); + switch (status) { + case EFI_SUCCESS: + alloc_limit = U32_MAX; + break; + case EFI_UNSUPPORTED: + break; + default: + efi_exit(handle, status); + } + if (!IS_ENABLED(CONFIG_EFI_HANDOVER_PROTOCOL) || !boot_params) { status = efi_allocate_bootparams(handle, &boot_params); if (status != EFI_SUCCESS) @@ -974,7 +990,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (efi_mem_encrypt > 0) hdr->xloadflags |= XLF_MEM_ENCRYPTION; - status = efi_decompress_kernel(&kernel_entry, boot_params); + status = efi_decompress_kernel(&kernel_entry, boot_params, alloc_limit); if (status != EFI_SUCCESS) { efi_err("Failed to decompress kernel\n"); goto fail; @@ -1029,6 +1045,9 @@ void __noreturn efi_stub_entry(efi_handle_t handle, goto fail; } + /* If a Secure Launch is in progress, this never returns */ + efi_secure_launch(); + /* * Call the SEV init code while still running with the firmware's * GDT/IDT, so #VC exceptions will be handled by EFI. -- 2.47.3