Implement boot with AMD SKINIT #130
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
krystian-hebel
requested changes
Oct 29, 2024
SergiiDmytruk
force-pushed
the
linux-sl-amd-refresh
branch
2 times, most recently
from
1f29b6d to
b3a7100
Compare
When the inner for loop doesn't break upon finding a matching algorithm, it: - finds SHA1 ID and updates `alg_id_field` but not `dptr` - finds SHA256 ID and copies SHA1 and bytes that follow it as SHA256 - exits and outer loop gets to run again with `alg_id_field` pointing past the list of digests, this time likely doing nothing, leading to a PCR being extended with a semi-random hash Breaking isn't enough on its own because then alg_id_field might end up not being moved if corresponding TPM bank is off, so instead advance the pointer outside of the inner loop. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
* Add additional Secure Launch definitions and declarations specific to AMD and SKINIT. * Rename slaunch_setup_txt() to slaunch_late_setup() so it can deal with AMD in the future. * Make slaunch_is_txt_launch() implementation unconditional as conditional slaunch_get_flags() is enough to account for everything. Signed-off-by: Ross Philipson <ross.philipson@oracle.com> Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
AMD SKINIT uses the same entry point as Intel TXT (sl_stub_entry). It follows similar, but simpler path than TXT; there is no TXT heap and APs are started by a standard INIT/SIPI/SIPI sequence. Contrary to the TXT, SKINIT does not use code provided by a CPU vendor. Instead it requires an intermediate loader (SKL), whose task is to set up memory protection and set a proper CPU context before handling control over to the kernel. In order to simplify adding new entries and to minimize the number of differences between AMD and Intel, the event logs have actually two headers, both for TPM 1.2 and 2.0. For TPM 1.2 this is TCG_PCClientSpecIDEventStruct [1] with Intel's own TXT-specific header embedded inside its 'vendorInfo' field. The offset to this field is added to the base address on AMD path, making the code for adding new events the same for both vendors. TPM 2.0 in TXT uses HEAP_EVENT_LOG_POINTER_ELEMENT2_1 structure, which is normally constructed on the TXT stack [2]. For AMD, this structure is put inside TCG_EfiSpecIdEvent [3], also in 'vendorInfo' field. The actual offset to this field depends on the number of hash algorithms supported by the event log. Differences with Intel TXT beyond event log: - don't assume (on Intel as well) that %ebx contains absolute offset to sl_stub_entry() and determine it because SKL won't provide this value - make sl_stub.S save base to SKL which it passes in %ebp which is our only way to find any information in the absence of TXT register space - pass SKL base from compressed/head_64.S to head_64.S %rdi to avoid requiring bootloader to provide this information - update common code to handle reset on AMD as well - reserve memory region occupied by SKL (called SLB) and event log - don't measure SLRT on AMD (there is nothing to measure) [1] https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementation_1-21_1_00.pdf [2] http://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf [3] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Ross Philipson <ross.philipson@oracle.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
The SKINIT instruction disables the GIF and it must be re-enabled on the BSP and APs as they are started. Since enabling GIT also re-enables NMIs, it should be done after a valid IDT is loaded for each CPU. The #INITs were already sent to the APs before SKINIT and it should not be done again by the kernel. Signed-off-by: Ross Philipson <ross.philipson@oracle.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Most of the changes are related to generalization: - common macro for resetting the platform - common code to map event log The rest are: - SKINIT-specific way of getting to SLRT - handling of TPM log which has TXT-specific header embedded as vendor data of a TCG-complient one Signed-off-by: Ross Philipson <ross.philipson@oracle.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
SergiiDmytruk
force-pushed
the
linux-sl-amd-refresh
branch
from
b3a7100 to
bd46a26
Compare
krystian-hebel
approved these changes
Nov 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.