Re: [PATCH 07/13] x86: Secure Launch kernel early boot stub

[Ross Philipson <ross.philipson@oracle.com>]

On 10/19/20 1:06 PM, Arvind Sankar wrote:
> On Mon, Oct 19, 2020 at 10:38:08AM -0400, Ross Philipson wrote:
>> On 10/16/20 4:51 PM, Arvind Sankar wrote:
>>> On Thu, Oct 15, 2020 at 08:26:54PM +0200, Daniel Kiper wrote:
>>>>
>>>> I am discussing with Ross the other option. We can create
>>>> .rodata.mle_header section and put it at fixed offset as
>>>> kernel_info is. So, we would have, e.g.:
>>>>
>>>> arch/x86/boot/compressed/vmlinux.lds.S:
>>>>         .rodata.kernel_info KERNEL_INFO_OFFSET : {
>>>>                 *(.rodata.kernel_info)
>>>>         }
>>>>         ASSERT(ABSOLUTE(kernel_info) == KERNEL_INFO_OFFSET, "kernel_info at bad address!")
>>>>
>>>>         .rodata.mle_header MLE_HEADER_OFFSET : {
>>>>                 *(.rodata.mle_header)
>>>>         }
>>>>         ASSERT(ABSOLUTE(mle_header) == MLE_HEADER_OFFSET, "mle_header at bad address!")
>>>>
>>>> arch/x86/boot/compressed/sl_stub.S:
>>>> #define mleh_rva(X) (((X) - mle_header) + MLE_HEADER_OFFSET)
>>>>
>>>>         .section ".rodata.mle_header", "a"
>>>>
>>>> SYM_DATA_START(mle_header)
>>>>         .long   0x9082ac5a    /* UUID0 */
>>>>         .long   0x74a7476f    /* UUID1 */
>>>>         .long   0xa2555c0f    /* UUID2 */
>>>>         .long   0x42b651cb    /* UUID3 */
>>>>         .long   0x00000034    /* MLE header size */
>>>>         .long   0x00020002    /* MLE version 2.2 */
>>>>         .long   mleh_rva(sl_stub_entry)    /* Linear entry point of MLE (virt. address) */
>>>>         .long   0x00000000    /* First valid page of MLE */
>>>>         .long   0x00000000    /* Offset within binary of first byte of MLE */
>>>>         .long   0x00000000    /* Offset within binary of last byte + 1 of MLE */
>>>>         .long   0x00000223    /* Bit vector of MLE-supported capabilities */
>>>>         .long   0x00000000    /* Starting linear address of command line (unused) */
>>>>         .long   0x00000000    /* Ending linear address of command line (unused) */
>>>> SYM_DATA_END(mle_header)
>>>>
>>>> Of course MLE_HEADER_OFFSET has to be defined as a constant somewhere.
>>>> Anyway, is it acceptable?
>>>>
>>>> There is also another problem. We have to put into mle_header size of
>>>> the Linux kernel image. Currently it is done by the bootloader but
>>>> I think it is not a role of the bootloader. The kernel image should
>>>> provide all data describing its properties and do not rely on the
>>>> bootloader to do that. Ross and I investigated various options but we
>>>> did not find a good/simple way to do that. Could you suggest how we
>>>> should do that or at least where we should take a look to get some
>>>> ideas?
>>>>
>>>> Daniel
>>>
>>> What exactly is the size you need here? Is it just the size of the
>>> protected mode image, that's startup_32 to _edata. Or is it the size of
>>
>> It is the size of the protected mode image. Though how to reference
>> those symbols to get the size might all more relocation issues.
>>
> 
> Ok, then I think mleh_rva(_edata) should get you that -- I assume you
> don't want to include the uninitialized data in the size? The kernel
> will access memory beyond _edata (upto the init_size in the setup
> header), but that's not part of the image itself.

Yea we basically want the size of the image. There is nothing to measure
beyond the image as loaded into memory by the bootloader. rva(_edata)
seems to be the ticket.

Thanks
Ross

>