From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 959AD294A11; Fri, 27 Jun 2025 09:16:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.19 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751015772; cv=none; b=Y6XNAMBEcBoQHdfukEmYJyrZWpIMBOhIWObEXC9L/AWAe6KClBZMRE61ab1FXyA/as9+dc0nNJwoa4GdpML7jehrTwo6Yez6d4eE7ioHDCXG7b1CFWf9Ha00f+KnfyHR9XYIQe0OLV+j2sWpy1dDIa66Wq4jfxx1DKDfl6X057I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751015772; c=relaxed/simple; bh=w1wodMMkUrkAq5N+ROTEWJ25VqFG3j0E243TOCKOQiI=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=WpLK6n7PhC61bC2m0MCZi2ziZ/IbQLDWXkDIKjIyFXqgQLQurUHr+Q2RsUm44ZRn3LczC0mLvcJLCqRdvtVLDpSCJvzoNiNhj9/+WJaX/0QNRcig0k2eI9M/pluMk3GPdMXMysXaxNdHES/PO3CR18NHM0P84ba3K0KMlbH8KvQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LZmuaLTS; arc=none smtp.client-ip=192.198.163.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LZmuaLTS" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1751015769; x=1782551769; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=w1wodMMkUrkAq5N+ROTEWJ25VqFG3j0E243TOCKOQiI=; b=LZmuaLTS11NjdGDHbil7Jbt79IFrg2lZDRWr4uSXlVFJ+Zeg2YYNfw9c XJPX+0zRieDflUuhKMF2a08j6L1fUlxbprCSSdxaWHLM1vyz5I1Th2Vt/ vF7MAEEoQJ3ejl8ftwysO3yr2mdGr3XTgjswkCCzdvHvD5pUfQCpA5rHb 6M66leu52jGOgR9YIoyNGBf5gP0m3aymY1BbVQ0lnPsV4smQyQCbTySBx NGmDCAGNVrxlz4vWO/176bmMGi648D5CWSK6eT/s15MKE8TSc+ZJAG80H o3i28j/WGjUfkUAS0selZQAzxLgbus3sKfVvgGFMfBmhnUNx/5XWC/Z8H Q==; X-CSE-ConnectionGUID: iHCG77EaSRiXINZnYKLwMQ== X-CSE-MsgGUID: qHLrfXJ5RVyiiqanUbWCBQ== X-IronPort-AV: E=McAfee;i="6800,10657,11476"; a="52446085" X-IronPort-AV: E=Sophos;i="6.16,270,1744095600"; d="scan'208";a="52446085" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jun 2025 02:16:06 -0700 X-CSE-ConnectionGUID: mq94nDNhRKmXE2Pt3o0BJQ== X-CSE-MsgGUID: ec7jmhosQoeYL0KpNUvMRw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,270,1744095600"; d="scan'208";a="157141626" Received: from unknown (HELO [10.217.182.76]) ([10.217.182.76]) by ORVIESA003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jun 2025 02:15:59 -0700 Message-ID: <9a2246b3-8b52-48fa-a58f-996b31b8335a@linux.intel.com> Date: Fri, 27 Jun 2025 11:15:56 +0200 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v14 04/19] x86: Secure Launch main header file To: ross.philipson@oracle.com, linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, iommu@lists.linux.dev, daniel.kiper@oracle.com Cc: dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu, herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com, dwmw2@infradead.org, baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com, "Fedko, Artem" , "Mowka, Mateusz" , adamx.pawlicki@intel.com References: <20250421162712.77452-1-ross.philipson@oracle.com> <20250421162712.77452-5-ross.philipson@oracle.com> <4b989c05-0d02-4176-8840-edfae99a47bb@oracle.com> Content-Language: en-US From: "Camacho Romero, Michal" Organization: FST FIR Dev Poland In-Reply-To: <4b989c05-0d02-4176-8840-edfae99a47bb@oracle.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On 6/23/2025 11:29 PM, ross.philipson@oracle.com wrote: > On 6/23/25 4:44 AM, Camacho Romero, Michal wrote: >> Hello Ross, >> >> I'm BIOS Engineer from Intel, working on the TXT-related security modules development, including TBOOT project. >> I'm leaving you my thougths and objections on this patch: >> >> On 4/21/2025 6:26 PM, Ross Philipson wrote: >> >> Michal Camacho Romero: Replace all tabs with indentations (4 spaces) in the file >> >>> Introduce the main Secure Launch header file used in the early SL stub >>> and the early setup code. >>> >>> This header file contains the following categories: >>>   - Secure Launch implementation specific structures and definitions. >>>   - Intel TXT architecture specific DRTM structures, definitions and functions >>> used by Secure Launch. >>>   - DRTM TPM event logging definitions and helper functions. >>> >>> Signed-off-by: Ross Philipson >>> --- >>>   include/linux/slaunch.h | 559 ++++++++++++++++++++++++++++++++++++++++ >>>   1 file changed, 559 insertions(+) >>>   create mode 100644 include/linux/slaunch.h >>> >>> diff --git a/include/linux/slaunch.h b/include/linux/slaunch.h >>> new file mode 100644 >>> index 000000000000..ae67314c2aad >>> --- /dev/null >>> +++ b/include/linux/slaunch.h >>> @@ -0,0 +1,559 @@ >>> +/* SPDX-License-Identifier: GPL-2.0 */ >>> +/* >>> + * Main Secure Launch header file. >>> + * >>> + * Copyright (c) 2025 Apertus Solutions, LLC >>> + * Copyright (c) 2025, Oracle and/or its affiliates. >>> + */ >>> + >>> +#ifndef _LINUX_SLAUNCH_H >>> +#define _LINUX_SLAUNCH_H >>> + >>> +/* >>> + * Secure Launch Defined State Flags >>> + */ >>> +#define SL_FLAG_ACTIVE        0x00000001 >>> +#define SL_FLAG_ARCH_TXT    0x00000002 >>> + >>> +/* >>> + * Secure Launch CPU Type >>> + */ >>> +#define SL_CPU_INTEL    1 >>> + >>> +#define __SL32_CS    0x0008 >>> +#define __SL32_DS    0x0010 >>> + >>> +/* >>> + * Intel Safer Mode Extensions (SMX) >>> + * >>> + * Intel SMX provides a programming interface to establish a Measured Launched >>> + * Environment (MLE). The measurement and protection mechanisms supported by the >>> + * capabilities of an Intel Trusted Execution Technology (TXT) platform. SMX is >>> + * the processor's programming interface in an Intel TXT platform. >>> + * >>> + * See: >>> + *   Intel SDM Volume 2 - 6.1 "Safer Mode Extensions Reference" >>> + *   Intel Trusted Execution Technology - Measured Launch Environment Developer's Guide >>> + */ >>> + >>> +/* >>> + * SMX GETSEC Leaf Functions >>> + */ >>> +#define SMX_X86_GETSEC_SEXIT    5 >>> +#define SMX_X86_GETSEC_SMCTRL    7 >>> +#define SMX_X86_GETSEC_WAKEUP    8 >>> + >> >> Michal Camacho Romero: Create a new header file, called include/linux/txt.h and move there the following code section (matched in the black quotations): > > That makes a lot of sense. I think that it has come up before. Since it is arch specific should it not go in arch/x86/include? Michal Camacho Romero: Hmm. I've reconsidered this idea and I agree with your suggestion as the TXT technology has been designed to operate under the Intel x86 archictecture. Please then name this new header file: txt.h> >> >> """ [START]> +/* >>> + * Intel Trusted Execution Technology MMIO Registers Banks >>> + */ >>> +#define TXT_PUB_CONFIG_REGS_BASE    0xfed30000 >>> +#define TXT_PRIV_CONFIG_REGS_BASE    0xfed20000 >>> +#define TXT_NR_CONFIG_PAGES     ((TXT_PUB_CONFIG_REGS_BASE - \ >>> +                  TXT_PRIV_CONFIG_REGS_BASE) >> PAGE_SHIFT) >>> + >>> +/* >>> + * Intel Trusted Execution Technology (TXT) Registers >>> + */ >>> +#define TXT_CR_STS            0x0000 >>> +#define TXT_CR_ESTS            0x0008 >>> +#define TXT_CR_ERRORCODE        0x0030 >>> +#define TXT_CR_CMD_RESET        0x0038 >>> +#define TXT_CR_CMD_CLOSE_PRIVATE    0x0048 >>> +#define TXT_CR_DIDVID            0x0110 >>> +#define TXT_CR_VER_EMIF            0x0200 >>> +#define TXT_CR_CMD_UNLOCK_MEM_CONFIG    0x0218 >>> +#define TXT_CR_SINIT_BASE        0x0270 >>> +#define TXT_CR_SINIT_SIZE        0x0278 >>> +#define TXT_CR_MLE_JOIN            0x0290 >>> +#define TXT_CR_HEAP_BASE        0x0300 >>> +#define TXT_CR_HEAP_SIZE        0x0308 >>> +#define TXT_CR_SCRATCHPAD        0x0378 >>> +#define TXT_CR_CMD_OPEN_LOCALITY1    0x0380 >>> +#define TXT_CR_CMD_CLOSE_LOCALITY1    0x0388 >>> +#define TXT_CR_CMD_OPEN_LOCALITY2    0x0390 >>> +#define TXT_CR_CMD_CLOSE_LOCALITY2    0x0398 >>> +#define TXT_CR_CMD_SECRETS        0x08e0 >>> +#define TXT_CR_CMD_NO_SECRETS        0x08e8 >>> +#define TXT_CR_E2STS            0x08f0 >>> + >>> +/* TXT default register value */ >>> +#define TXT_REGVALUE_ONE        0x1ULL >>> + >>> +/* TXTCR_STS status bits */ >>> +#define TXT_SENTER_DONE_STS        BIT(0) >>> +#define TXT_SEXIT_DONE_STS        BIT(1) >>> + >>> +/* >>> + * SINIT/MLE Capabilities Field Bit Definitions >>> + */ >> >> >> """ [END] >> >> Michal Camacho Romero: Change TXT_SINIT_MLE_CAP_WAKE_GETSEC macro's name to TXT_SINIT_MLE_CAP_RLP_WAKE_GETSEC and also  TXT_SINIT_MLE_CAP_WAKE_MONITOR macro's name to TXT_SINIT_MLE_CAP_RLP_WAKE_MONITOR then move them to the newly created include/linux/txt.h: >> >>> +#define TXT_SINIT_MLE_CAP_WAKE_GETSEC    0 >>> +#define TXT_SINIT_MLE_CAP_WAKE_MONITOR    1 >>> + >> >> Michal Camacho Romero: Move the following code section (matched in the black quotations) into the new header file include/linux/txt.h: >> >> """ [START]> +/* >>> + * OS/MLE Secure Launch Specific Definitions >>> + */ >>> +#define TXT_OS_MLE_STRUCT_VERSION    1 >>> +#define TXT_OS_MLE_MAX_VARIABLE_MTRRS    32 >>> + >>> +/* >>> + * TXT Heap Table Enumeration >>> + */ >>> +#define TXT_BIOS_DATA_TABLE        1 >>> +#define TXT_OS_MLE_DATA_TABLE        2 >>> +#define TXT_OS_SINIT_DATA_TABLE        3 >>> +#define TXT_SINIT_MLE_DATA_TABLE    4 >>> +#define TXT_SINIT_TABLE_MAX        TXT_SINIT_MLE_DATA_TABLE >>> + >> >> """ [END]> +/* >>> + * Secure Launch Defined Error Codes used in MLE-initiated TXT resets. >>> + * >>> + * TXT Specification >>> + * Appendix I ACM Error Codes >>> + */ >>> +#define SL_ERROR_GENERIC        0xc0008001 >>> +#define SL_ERROR_TPM_INIT        0xc0008002 >>> +#define SL_ERROR_TPM_INVALID_LOG20    0xc0008003 >>> +#define SL_ERROR_TPM_LOGGING_FAILED    0xc0008004 >>> +#define SL_ERROR_REGION_STRADDLE_4GB    0xc0008005 >>> +#define SL_ERROR_TPM_EXTEND        0xc0008006 >>> +#define SL_ERROR_MTRR_INV_VCNT        0xc0008007 >>> +#define SL_ERROR_MTRR_INV_DEF_TYPE    0xc0008008 >>> +#define SL_ERROR_MTRR_INV_BASE        0xc0008009 >>> +#define SL_ERROR_MTRR_INV_MASK        0xc000800a >>> +#define SL_ERROR_MSR_INV_MISC_EN    0xc000800b >>> +#define SL_ERROR_INV_AP_INTERRUPT    0xc000800c >>> +#define SL_ERROR_INTEGER_OVERFLOW    0xc000800d >>> +#define SL_ERROR_HEAP_WALK        0xc000800e >>> +#define SL_ERROR_HEAP_MAP        0xc000800f >>> +#define SL_ERROR_REGION_ABOVE_4GB    0xc0008010 >>> +#define SL_ERROR_HEAP_INVALID_DMAR    0xc0008011 >>> +#define SL_ERROR_HEAP_DMAR_SIZE        0xc0008012 >>> +#define SL_ERROR_HEAP_DMAR_MAP        0xc0008013 >>> +#define SL_ERROR_HI_PMR_BASE        0xc0008014 >>> +#define SL_ERROR_HI_PMR_SIZE        0xc0008015 >>> +#define SL_ERROR_LO_PMR_BASE        0xc0008016 >>> +#define SL_ERROR_LO_PMR_MLE        0xc0008017 >>> +#define SL_ERROR_INITRD_TOO_BIG        0xc0008018 >>> +#define SL_ERROR_HEAP_ZERO_OFFSET    0xc0008019 >>> +#define SL_ERROR_WAKE_BLOCK_TOO_SMALL    0xc000801a >>> +#define SL_ERROR_MLE_BUFFER_OVERLAP    0xc000801b >>> +#define SL_ERROR_BUFFER_BEYOND_PMR    0xc000801c >>> +#define SL_ERROR_OS_SINIT_BAD_VERSION    0xc000801d >>> +#define SL_ERROR_EVENTLOG_MAP        0xc000801e >>> +#define SL_ERROR_TPM_INVALID_ALGS    0xc000801f >>> +#define SL_ERROR_TPM_EVENT_COUNT    0xc0008020 >>> +#define SL_ERROR_TPM_INVALID_EVENT    0xc0008021 >>> +#define SL_ERROR_INVALID_SLRT        0xc0008022 >>> +#define SL_ERROR_SLRT_MISSING_ENTRY    0xc0008023 >>> +#define SL_ERROR_SLRT_MAP        0xc0008024 >>> + >>> +/* >>> + * Secure Launch Defined Limits >>> + */ >>> +#define TXT_MAX_CPUS        512 >>> +#define TXT_BOOT_STACK_SIZE    128 >>> + >>> +/* >>> + * Secure Launch event log entry type. The TXT specification defines the >>> + * base event value as 0x400 for DRTM values. >>> + */ >>> +#define TXT_EVTYPE_BASE            0x400 >>> +#define TXT_EVTYPE_SLAUNCH        (TXT_EVTYPE_BASE + 0x102) >>> +#define TXT_EVTYPE_SLAUNCH_START    (TXT_EVTYPE_BASE + 0x103) >>> +#define TXT_EVTYPE_SLAUNCH_END        (TXT_EVTYPE_BASE + 0x104) >>> + >>> +/* >>> + * MLE scratch area offsets >>> + */ >>> +#define SL_SCRATCH_AP_EBX        0 >>> +#define SL_SCRATCH_AP_JMP_OFFSET    4 >>> +#define SL_SCRATCH_AP_STACKS_OFFSET    8 >>> + >>> +#ifndef __ASSEMBLY__ >>> + >>> +#include >>> +#include >>> +#include >>> + >>> +/* >>> + * Secure Launch AP stack and monitor block >>> + */ >>> +struct sl_ap_stack_and_monitor { >>> +    u32 monitor; >>> +    u32 cache_pad[15]; >>> +    u32 stack_pad[15]; >>> +    u32 apicid; >>> +} __packed; >>> + >>> +/* >>> + * Secure Launch AP wakeup information fetched in SMP boot code. >>> + */ >>> +struct sl_ap_wake_info { >>> +    u32 ap_wake_block; >>> +    u32 ap_wake_block_size; >>> +    u32 ap_jmp_offset; >>> +    u32 ap_stacks_offset; >>> +}; >>> + >> >>   Michal Camacho Romero: Move the following code section (matched in the black quotations) into the new header file include/linux/txt.h: >> >> """ [START]> +/* >>> + * TXT heap extended data elements. >>> + */ >>> +struct txt_heap_ext_data_element { >>> +    u32 type; >>> +    u32 size; >>> +    /* Data */ >>> +} __packed; >>> + >>> +#define TXT_HEAP_EXTDATA_TYPE_END            0 >>> + >>> +struct txt_heap_end_element { >>> +    u32 type; >>> +    u32 size; >>> +} __packed; >>> + >>> +#define TXT_HEAP_EXTDATA_TYPE_TPM_EVENT_LOG_PTR        5 >>> + >>> +struct txt_heap_event_log_element { >>> +    u64 event_log_phys_addr; >>> +} __packed; >>> + >>> +#define TXT_HEAP_EXTDATA_TYPE_EVENT_LOG_POINTER2_1    8 >>> + >>> +struct txt_heap_event_log_pointer2_1_element { >>> +    u64 phys_addr; >>> +    u32 allocated_event_container_size; >>> +    u32 first_record_offset; >>> +    u32 next_record_offset; >>> +} __packed; >>> + >>> +/* >>> + * Secure Launch defined OS/MLE TXT Heap table >>> + */ >>> +struct txt_os_mle_data { >>> +    u32 version; >>> +    u32 reserved; >>> +    u64 slrt; >>> +    u64 txt_info; >>> +    u32 ap_wake_block; >>> +    u32 ap_wake_block_size; >>> +    u8 mle_scratch[64]; >>> +} __packed; >>> + >>> +/* >>> + * TXT specification defined BIOS data TXT Heap table >>> + */ >>> +struct txt_bios_data { >>> +    u32 version; /* Currently 5 for TPM 1.2 and 6 for TPM 2.0 */ >>> +    u32 bios_sinit_size; >>> +    u64 reserved1; >>> +    u64 reserved2; >>> +    u32 num_logical_procs; >> >> >> Michal Camacho Romero: Put the comment /* Versions >= 5 with updates in version 6 */ under the sinit_flags struct member. The sinit_flags member exists in the BiosData struct since version 3. > > Ack > >> >>> +    /* Versions >= 5 with updates in version 6 */ >> >> >>> +    u32 sinit_flags; >>> +    u32 mle_flags; >>> +    /* Versions >= 4 */ >>> +    /* Ext Data Elements */ >>> +} __packed; >>> + >>> +/* >>> + * TXT specification defined OS/SINIT TXT Heap table >>> + */ >>> +struct txt_os_sinit_data { >>> +    u32 version; /* Currently 6 for TPM 1.2 and 7 for TPM 2.0 */ >>> +    u32 flags; >>> +    u64 mle_ptab; >>> +    u64 mle_size; >>> +    u64 mle_hdr_base; >>> +    u64 vtd_pmr_lo_base; >>> +    u64 vtd_pmr_lo_size; >>> +    u64 vtd_pmr_hi_base; >>> +    u64 vtd_pmr_hi_size; >>> +    u64 lcp_po_base; >>> +    u64 lcp_po_size; >>> +    u32 capabilities; >>> +    /* Version = 5 */ >>> +    u64 efi_rsdt_ptr; >>> +    /* Versions >= 6 */ >>> +    /* Ext Data Elements */ >>> +} __packed; >>> + >>> +/* >>> + * TXT specification defined SINIT/MLE TXT Heap table >>> + */ >>> +struct txt_sinit_mle_data { >>> +    u32 version;             /* Current values are 6 through 9 */ >>> +    /* Versions <= 8 */ >>> +    u8 bios_acm_id[20]; >>> +    u32 edx_senter_flags; >>> +    u64 mseg_valid; >>> +    u8 sinit_hash[20]; >>> +    u8 mle_hash[20]; >>> +    u8 stm_hash[20]; >>> +    u8 lcp_policy_hash[20]; >>> +    u32 lcp_policy_control; >>> +    /* Versions >= 7 */ >>> +    u32 rlp_wakeup_addr; >>> +    u32 reserved; >>> +    u32 num_of_sinit_mdrs; >>> +    u32 sinit_mdrs_table_offset; >>> +    u32 sinit_vtd_dmar_table_size; >>> +    u32 sinit_vtd_dmar_table_offset; >>> +    /* Versions >= 8 */ >>> +    u32 processor_scrtm_status; >>> +    /* Versions >= 9 */ >>> +    /* Ext Data Elements */ >>> +} __packed; >>> + >>> +/* >>> + * TXT data reporting structure for memory types >>> + */ >>> +struct txt_sinit_memory_descriptor_record { >>> +    u64 address; >>> +    u64 length; >>> +    u8 type; >>> +    u8 reserved[7]; >>> +} __packed; >>> + >>> +/* >>> + * TXT data structure used by a responsive local processor (RLP) to start >>> + * execution in response to a GETSEC[WAKEUP]. >>> + */ >>> +struct smx_rlp_mle_join { >>> +    u32 rlp_gdt_limit; >>> +    u32 rlp_gdt_base; >>> +    u32 rlp_seg_sel;     /* cs (ds, es, ss are seg_sel+8) */ >>> +    u32 rlp_entry_point; /* phys addr */ >>> +} __packed; >>> + >>> +/* >>> + * TPM event log structures defined in both the TXT specification and >>> + * the TCG documentation. >>> + */ >>> +#define TPM_EVTLOG_SIGNATURE "TXT Event Container" >>> + >>> +struct tpm_event_log_header { >>> +    char signature[20]; >>> +    char reserved[12]; >>> +    u8 container_ver_major; >>> +    u8 container_ver_minor; >>> +    u8 pcr_event_ver_major; >>> +    u8 pcr_event_ver_minor; >>> +    u32 container_size; >>> +    u32 pcr_events_offset; >>> +    u32 next_event_offset; >>> +    /* PCREvents[] */ >>> +} __packed; >>> + > > Should the following accessor functions be moved? They are specific to an environment (like protected mode paging off or x64 identity mapped) and thus this implementation. Michal Camacho Romero: Yes. As these functions will be used to access the specific regions of the Intel TXT Heap, so they should be located at the same place as all of the TXT-related registers and structures.> >>> +/* >>> + * Functions to extract data from the Intel TXT Heap Memory. The layout >>> + * of the heap is as follows: >>> + *  +----------------------------+ >>> + *  | Size Bios Data table (u64) | >>> + *  +----------------------------+ >>> + *  | Bios Data table            | >>> + *  +----------------------------+ >>> + *  | Size OS MLE table (u64)    | >>> + *  +----------------------------+ >>> + *  | OS MLE table               | >>> + *  +--------------------------- + >>> + *  | Size OS SINIT table (u64)  | >>> + *  +----------------------------+ >>> + *  | OS SINIT table             | >>> + *  +----------------------------+ >>> + *  | Size SINIT MLE table (u64) | >>> + *  +----------------------------+ >>> + *  | SINIT MLE table            | >>> + *  +----------------------------+ >>> + * >>> + *  NOTE: the table size fields include the 8 byte size field itself. >>> + */ >>> +static inline u64 txt_bios_data_size(void *heap) >>> +{ >>> +    return *((u64 *)heap); >>> +} >>> + >>> +static inline void *txt_bios_data_start(void *heap) >>> +{ >>> +    return heap + sizeof(u64); >>> +} >>> + >>> +static inline u64 txt_os_mle_data_size(void *heap) >>> +{ >>> +    return *((u64 *)(heap + txt_bios_data_size(heap))); >>> +} >>> + >>> +static inline void *txt_os_mle_data_start(void *heap) >>> +{ >>> +    return heap + txt_bios_data_size(heap) + sizeof(u64); >>> +} >>> + >>> +static inline u64 txt_os_sinit_data_size(void *heap) >>> +{ >>> +    return *((u64 *)(heap + txt_bios_data_size(heap) + >>> +            txt_os_mle_data_size(heap))); >>> +} >>> + >>> +static inline void *txt_os_sinit_data_start(void *heap) >>> +{ >>> +    return heap + txt_bios_data_size(heap) + >>> +        txt_os_mle_data_size(heap) + sizeof(u64); >>> +} >>> + >>> +static inline u64 txt_sinit_mle_data_size(void *heap) >>> +{ >>> +    return *((u64 *)(heap + txt_bios_data_size(heap) + >>> +            txt_os_mle_data_size(heap) + >>> +            txt_os_sinit_data_size(heap))); >>> +} >>> + >>> +static inline void *txt_sinit_mle_data_start(void *heap) >>> +{ >>> +    return heap + txt_bios_data_size(heap) + >>> +        txt_os_mle_data_size(heap) + >>> +        txt_os_sinit_data_size(heap) + sizeof(u64); >>> +} >>> + >>> +#if IS_ENABLED(CONFIG_SECURE_LAUNCH) >>> + >>> +/* >>> + * TPM event logging functions. >>> + */ >>> + >>> +/* >>> + * Find the TPM v2 event log element in the TXT heap. This element contains >>> + * the information about the size and location of the DRTM event log. Note >>> + * this is a TXT specific structure. >>> + * >>> + * See: >>> + *   Intel Trusted Execution Technology - Measured Launch Environment Developer's Guide - Appendix C. >>> + */ >>> +static inline struct txt_heap_event_log_pointer2_1_element* >>> +tpm2_find_log2_1_element(struct txt_os_sinit_data *os_sinit_data) >>> +{ >>> +    struct txt_heap_ext_data_element *ext_elem; >>> + >>> +    /* The extended element array as at the end of this table */ >>> +    ext_elem = (struct txt_heap_ext_data_element *) >>> +        ((u8 *)os_sinit_data + sizeof(struct txt_os_sinit_data)); >>> + >>> +    while (ext_elem->type != TXT_HEAP_EXTDATA_TYPE_END) { >>> +        if (ext_elem->type == TXT_HEAP_EXTDATA_TYPE_EVENT_LOG_POINTER2_1) { >>> +            return (struct txt_heap_event_log_pointer2_1_element *) >>> +                ((u8 *)ext_elem + sizeof(struct txt_heap_ext_data_element)); >>> +        } >>> +        ext_elem = (struct txt_heap_ext_data_element *) >>> +                ((u8 *)ext_elem + ext_elem->size); >>> +    } >>> + >>> +    return NULL; >>> +} >>> + >>> +/* >>> + * Log a TPM v1 formatted event to the given DRTM event log. >>> + */ >>> +static inline int tpm_log_event(void *evtlog_base, u32 evtlog_size, >>> +                u32 event_size, void *event) >>> +{ >>> +    struct tpm_event_log_header *evtlog = >>> +        (struct tpm_event_log_header *)evtlog_base; >>> + >>> +    if (memcmp(evtlog->signature, TPM_EVTLOG_SIGNATURE, >>> +           sizeof(TPM_EVTLOG_SIGNATURE))) >>> +        return -EINVAL; >>> + >>> +    if (evtlog->container_size > evtlog_size) >>> +        return -EINVAL; >>> + >>> +    if (evtlog->next_event_offset + event_size > evtlog->container_size) >>> +        return -E2BIG; >>> + >>> +    memcpy(evtlog_base + evtlog->next_event_offset, event, event_size); >>> +    evtlog->next_event_offset += event_size; >>> + >>> +    return 0; >>> +} >>> + >>> +/* >>> + * Log a TPM v2 formatted event to the given DRTM event log. >>> + */ >>> +static inline int tpm2_log_event(struct txt_heap_event_log_pointer2_1_element *elem, >>> +                 void *evtlog_base, u32 evtlog_size, >>> +                 u32 event_size, void *event) >>> +{ >>> +    struct tcg_pcr_event *header = >>> +        (struct tcg_pcr_event *)evtlog_base; >>> + >>> +    /* Has to be at least big enough for the signature */ >>> +    if (header->event_size < sizeof(TCG_SPECID_SIG)) >>> +        return -EINVAL; >>> + >>> +    if (memcmp((u8 *)header + sizeof(struct tcg_pcr_event), >>> +           TCG_SPECID_SIG, sizeof(TCG_SPECID_SIG))) >>> +        return -EINVAL; >>> + >>> +    if (elem->allocated_event_container_size > evtlog_size) >>> +        return -EINVAL; >>> + >>> +    if (elem->next_record_offset + event_size > >>> +        elem->allocated_event_container_size) >>> +        return -E2BIG; >>> + >>> +    memcpy(evtlog_base + elem->next_record_offset, event, event_size); >>> +    elem->next_record_offset += event_size; >>> + >>> +    return 0; >>> +} >>> + >> """[END] >> >>> +/* >>> + * External functions available in mainline kernel. >>> + */ >>> +void slaunch_setup_txt(void); >>> +void slaunch_fixup_jump_vector(void); >>> +u32 slaunch_get_flags(void); >>> +struct sl_ap_wake_info *slaunch_get_ap_wake_info(void); >>> +struct acpi_table_header *slaunch_get_dmar_table(struct acpi_table_header *dmar); >>> +void __noreturn slaunch_txt_reset(void __iomem *txt, >>> +                     const char *msg, u64 error); >>> +void slaunch_finalize(int do_sexit); >>> + >>> +static inline bool slaunch_is_txt_launch(void) >>> +{ >>> +    u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT; >>> + >>> +    return (slaunch_get_flags() & mask) == mask; >>> +} >>> + >>> +#else >>> + >>> +static inline void slaunch_setup_txt(void) >>> +{ >>> +} >>> + >>> +static inline void slaunch_fixup_jump_vector(void) >>> +{ >>> +} >>> + >>> +static inline u32 slaunch_get_flags(void) >>> +{ >>> +    return 0; >>> +} >>> + >>> +static inline struct acpi_table_header *slaunch_get_dmar_table(struct acpi_table_header *dmar) >>> +{ >>> +    return dmar; >>> +} >>> + >>> +static inline void slaunch_finalize(int do_sexit) >>> +{ >>> +} >>> + >>> +static inline bool slaunch_is_txt_launch(void) >>> +{ >>> +    return false; >>> +} >>> + >>> +#endif /* !IS_ENABLED(CONFIG_SECURE_LAUNCH) */ >>> + >>> +#endif /* !__ASSEMBLY */ >>> + >>> +#endif /* _LINUX_SLAUNCH_H */ >> Regards, >> Michal Camacho Romero (michal.camacho.romero@linux.intel.com) > > Thank you for your feedback. > Ross > > Regards, Michal Camacho Romero (michal.camacho.romero@linux.intel.com)