From: ross.philipson@oracle.com
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org,
dpsmith@apertussolutions.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
dave.hansen@linux.intel.com, mjg59@srcf.ucam.org,
James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de,
jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net,
nivedita@alum.mit.edu, herbert@gondor.apana.org.au,
davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com,
dwmw2@infradead.org, baolu.lu@linux.intel.com,
kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com,
trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v10 20/20] x86/efi: EFI stub DRTM launch support for Secure Launch
Date: Tue, 27 Aug 2024 10:19:13 -0700 [thread overview]
Message-ID: <833c9b45-b11d-4253-afab-6c4e92d650d2@oracle.com> (raw)
In-Reply-To: <CAMj1kXEyStoqmvvQirxt_GXTnO2qQjOxtQGzHzQeCdRCYzT7uA@mail.gmail.com>
On 8/27/24 3:28 AM, Ard Biesheuvel wrote:
> On Tue, 27 Aug 2024 at 00:44, Ross Philipson <ross.philipson@oracle.com> wrote:
>>
>> This support allows the DRTM launch to be initiated after an EFI stub
>> launch of the Linux kernel is done. This is accomplished by providing
>> a handler to jump to when a Secure Launch is in progress. This has to be
>> called after the EFI stub does Exit Boot Services.
>>
>> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
>
> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Thank you for the two reviews
Ross
>
>> ---
>> drivers/firmware/efi/libstub/efistub.h | 8 ++
>> drivers/firmware/efi/libstub/x86-stub.c | 98 +++++++++++++++++++++++++
>> 2 files changed, 106 insertions(+)
>>
>> diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
>> index d33ccbc4a2c6..baf42d6d0796 100644
>> --- a/drivers/firmware/efi/libstub/efistub.h
>> +++ b/drivers/firmware/efi/libstub/efistub.h
>> @@ -135,6 +135,14 @@ void efi_set_u64_split(u64 data, u32 *lo, u32 *hi)
>> *hi = upper_32_bits(data);
>> }
>>
>> +static inline
>> +void efi_set_u64_form(u32 lo, u32 hi, u64 *data)
>> +{
>> + u64 upper = hi;
>> +
>> + *data = lo | upper << 32;
>> +}
>> +
>> /*
>> * Allocation types for calls to boottime->allocate_pages.
>> */
>> diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
>> index f8e465da344d..04786c1b3b5d 100644
>> --- a/drivers/firmware/efi/libstub/x86-stub.c
>> +++ b/drivers/firmware/efi/libstub/x86-stub.c
>> @@ -9,6 +9,8 @@
>> #include <linux/efi.h>
>> #include <linux/pci.h>
>> #include <linux/stddef.h>
>> +#include <linux/slr_table.h>
>> +#include <linux/slaunch.h>
>>
>> #include <asm/efi.h>
>> #include <asm/e820/types.h>
>> @@ -923,6 +925,99 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry)
>> return efi_adjust_memory_range_protection(addr, kernel_text_size);
>> }
>>
>> +static bool efi_secure_launch_update_boot_params(struct slr_table *slrt,
>> + struct boot_params *boot_params)
>> +{
>> + struct slr_entry_intel_info *txt_info;
>> + struct slr_entry_policy *policy;
>> + struct txt_os_mle_data *os_mle;
>> + bool updated = false;
>> + int i;
>> +
>> + txt_info = slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_INTEL_INFO);
>> + if (!txt_info)
>> + return false;
>> +
>> + os_mle = txt_os_mle_data_start((void *)txt_info->txt_heap);
>> + if (!os_mle)
>> + return false;
>> +
>> + os_mle->boot_params_addr = (u64)boot_params;
>> +
>> + policy = slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_ENTRY_POLICY);
>> + if (!policy)
>> + return false;
>> +
>> + for (i = 0; i < policy->nr_entries; i++) {
>> + if (policy->policy_entries[i].entity_type == SLR_ET_BOOT_PARAMS) {
>> + policy->policy_entries[i].entity = (u64)boot_params;
>> + updated = true;
>> + break;
>> + }
>> + }
>> +
>> + /*
>> + * If this is a PE entry into EFI stub the mocked up boot params will
>> + * be missing some of the setup header data needed for the second stage
>> + * of the Secure Launch boot.
>> + */
>> + if (image) {
>> + struct setup_header *hdr = (struct setup_header *)((u8 *)image->image_base +
>> + offsetof(struct boot_params, hdr));
>> + u64 cmdline_ptr;
>> +
>> + boot_params->hdr.setup_sects = hdr->setup_sects;
>> + boot_params->hdr.syssize = hdr->syssize;
>> + boot_params->hdr.version = hdr->version;
>> + boot_params->hdr.loadflags = hdr->loadflags;
>> + boot_params->hdr.kernel_alignment = hdr->kernel_alignment;
>> + boot_params->hdr.min_alignment = hdr->min_alignment;
>> + boot_params->hdr.xloadflags = hdr->xloadflags;
>> + boot_params->hdr.init_size = hdr->init_size;
>> + boot_params->hdr.kernel_info_offset = hdr->kernel_info_offset;
>> + efi_set_u64_form(boot_params->hdr.cmd_line_ptr, boot_params->ext_cmd_line_ptr,
>> + &cmdline_ptr);
>> + boot_params->hdr.cmdline_size = strlen((const char *)cmdline_ptr);
>> + }
>> +
>> + return updated;
>> +}
>> +
>> +static void efi_secure_launch(struct boot_params *boot_params)
>> +{
>> + struct slr_entry_dl_info *dlinfo;
>> + efi_guid_t guid = SLR_TABLE_GUID;
>> + dl_handler_func handler_callback;
>> + struct slr_table *slrt;
>> +
>> + if (!IS_ENABLED(CONFIG_SECURE_LAUNCH))
>> + return;
>> +
>> + /*
>> + * The presence of this table indicated a Secure Launch
>> + * is being requested.
>> + */
>> + slrt = (struct slr_table *)get_efi_config_table(guid);
>> + if (!slrt || slrt->magic != SLR_TABLE_MAGIC)
>> + return;
>> +
>> + /*
>> + * Since the EFI stub library creates its own boot_params on entry, the
>> + * SLRT and TXT heap have to be updated with this version.
>> + */
>> + if (!efi_secure_launch_update_boot_params(slrt, boot_params))
>> + return;
>> +
>> + /* Jump through DL stub to initiate Secure Launch */
>> + dlinfo = slr_next_entry_by_tag(slrt, NULL, SLR_ENTRY_DL_INFO);
>> +
>> + handler_callback = (dl_handler_func)dlinfo->dl_handler;
>> +
>> + handler_callback(&dlinfo->bl_context);
>> +
>> + unreachable();
>> +}
>> +
>> static void __noreturn enter_kernel(unsigned long kernel_addr,
>> struct boot_params *boot_params)
>> {
>> @@ -1050,6 +1145,9 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
>> goto fail;
>> }
>>
>> + /* If a Secure Launch is in progress, this never returns */
>> + efi_secure_launch(boot_params);
>> +
>> /*
>> * Call the SEV init code while still running with the firmware's
>> * GDT/IDT, so #VC exceptions will be handled by EFI.
>> --
>> 2.39.3
>>
next prev parent reply other threads:[~2024-08-27 17:20 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-26 22:38 [PATCH v10 00/20] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2024-08-26 22:38 ` [PATCH v10 01/20] Documentation/x86: Secure Launch kernel documentation Ross Philipson
2024-08-26 22:38 ` [PATCH v10 02/20] x86: Secure Launch Kconfig Ross Philipson
2024-08-26 22:38 ` [PATCH v10 03/20] x86: Secure Launch Resource Table header file Ross Philipson
2024-08-26 22:38 ` [PATCH v10 04/20] x86: Secure Launch main " Ross Philipson
2024-08-26 22:38 ` [PATCH v10 05/20] x86: Add early SHA-1 support for Secure Launch early measurements Ross Philipson
2024-08-26 22:38 ` [PATCH v10 06/20] x86: Add early SHA-256 " Ross Philipson
2024-08-26 22:38 ` [PATCH v10 07/20] x86/msr: Add variable MTRR base/mask and x2apic ID registers Ross Philipson
2024-08-26 22:38 ` [PATCH v10 08/20] x86/boot: Place TXT MLE header in the kernel_info section Ross Philipson
2024-08-27 10:29 ` Ard Biesheuvel
2024-08-26 22:38 ` [PATCH v10 09/20] x86: Secure Launch kernel early boot stub Ross Philipson
2024-08-26 22:38 ` [PATCH v10 10/20] x86: Secure Launch kernel late " Ross Philipson
2024-08-26 22:38 ` [PATCH v10 11/20] x86: Secure Launch SMP bringup support Ross Philipson
2024-08-26 22:38 ` [PATCH v10 12/20] kexec: Secure Launch kexec SEXIT support Ross Philipson
2024-08-26 22:38 ` [PATCH v10 13/20] x86/reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2024-08-26 22:38 ` [PATCH v10 14/20] tpm: Protect against locality counter underflow Ross Philipson
2024-08-26 22:38 ` [PATCH v10 15/20] tpm: Ensure tpm is in known state at startup Ross Philipson
2024-08-26 22:38 ` [PATCH v10 16/20] tpm: Make locality requests return consistent values Ross Philipson
2024-08-26 22:38 ` [PATCH v10 17/20] tpm: Add ability to set the default locality the TPM chip uses Ross Philipson
2024-08-26 22:38 ` [PATCH v10 18/20] tpm: Add sysfs interface to allow setting and querying the default locality Ross Philipson
2024-08-26 22:38 ` [PATCH v10 19/20] x86: Secure Launch late initcall platform module Ross Philipson
2024-08-26 22:38 ` [PATCH v10 20/20] x86/efi: EFI stub DRTM launch support for Secure Launch Ross Philipson
2024-08-27 10:28 ` Ard Biesheuvel
2024-08-27 17:19 ` ross.philipson [this message]
2024-08-27 20:09 ` kernel test robot
2024-08-28 17:09 ` kernel test robot
2024-08-28 17:14 ` Ard Biesheuvel
2024-08-28 20:19 ` ross.philipson
2024-08-29 13:23 ` Jonathan McDowell
2024-08-29 13:28 ` Ard Biesheuvel
2024-08-29 15:13 ` ross.philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=833c9b45-b11d-4253-afab-6c4e92d650d2@oracle.com \
--to=ross.philipson@oracle.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox