On 2013-05-08, Matthew Garrett wrote:
> On Tue, 2013-05-07 at 22:55 +0800, Qiaowei Ren wrote:
>
> > +What: /sys/devices/platform/intel_txt/parameter/acm_max_size
> > +Date: May 2013
> > +KernelVersion: 3.9
> > +Contact: "Qiaowei Ren" <qiaowei....@intel.com>
> > +Description: The "acm_max_size" property will show max size of
> > + authenticated code execution area.
>
> What would userspace use this for?
These sysfs files are just export SMX & TXT related information to userspace.
So that other developers (or OSV & ISV) can be able to develop txt related
applications or tools based on these information.
> > +What: /sys/devices/platform/intel_txt/parameter/acm_mem_types
> > +Date: May 2013
> > +KernelVersion: 3.9
> > +Contact: "Qiaowei Ren" <qiaowei....@intel.com>
> > +Description: The "acm_max_types" property will show external memory
> > + types supported during AC mode.
>
> Or this? And what's AC mode?
It means that the property will show supportable memory types for memory mapped
outside of the authenticated code execution area.
> > + __asm__ __volatile__ (IA32_GETSEC_OPCODE "\n"
> > + : "=a"(eax), "=b"(ebx), "=c"(ecx)
> > + : "a"(IA32_GETSEC_PARAMETERS), "b"(index));
> > +
> > + *param_type = eax & 0x1f;
> > + *peax = eax;
> > + *pebx = ebx;
> > + *pecx = ecx;
>
> Should there be a check for failure here? Is it possible for this operation
> to fail?
You mean GETSEC instruction? I don't notice related description in manual. Next
function get_parameters() will process return eax/ebx/ecx returned by this
instruction.
> > + write_cr4(read_cr4() | CR4_SMXE);
>
> Whoo. This needs at least a giant comment and probably some locking, but if
> this is supposed to be set during runtime then it should be done in core
> architecture code rather than just in this driver.
Oh. This code should be removed, because tboot code have set SMXE bit.
Thanks,
Qiaowei
N�����r��y����b�X��ǧv�^�){.n�+����{����zX�����ܨ}���Ơz�&j:+v��������zZ+��+zf���h���~����i���z���w���?�����&�)ߢ�f��^jǫy�m��@A�a���
�0��h����i
