> -Original Message-
> From: xen-devel-boun...@lists.xen.org [mailto:xen-devel-
> boun...@lists.xen.org] On Behalf Of Borislav Petkov
> Sent: Wednesday, May 08, 2013 7:30 AM
> To: Konrad Rzeszutek Wilk
> Cc: fenghua...@intel.com; xen-de...@lists.xensource.com; x...@kernel.org;
> linux-kerne
On 5/22/20 9:24 AM, Krystian Hebel wrote:
>
> On 05.05.2020 01:21, Daniel Kiper wrote:
>> +static grub_err_t
>> +init_txt_heap (struct grub_slaunch_params *slparams, struct
>> grub_txt_acm_header *sinit)
>> +{
>> + grub_uint8_t *txt_heap;
>> + grub_uint32_t os_sinit_data_ver, sinit_caps;
>> + g
On 6/1/20 1:56 PM, Daniel P. Smith wrote:
> On 6/1/20 12:51 PM, Andy Lutomirski wrote:
>> On Mon, Jun 1, 2020 at 8:33 AM Daniel P. Smith
>> wrote:
>>>
>>> On 5/7/20 7:06 AM, Daniel Kiper wrote:
Hi Łukasz,
On Tue, May 05, 2020 at 04:38:02PM +0200, Lukasz Hawrylko wrote:
> On Tue,
> Ensure that kernel_info is aligned, and use the SYM_DATA.* macros
> instead of bare labels. This stores the size of the kernel_info
> structure in the ELF symbol table.
I pulled this change in and made all the changes to remove other code
that was causing relocations in the compressed k
On 9/25/20 3:18 PM, Arvind Sankar wrote:
> On Fri, Sep 25, 2020 at 10:56:43AM -0400, Ross Philipson wrote:
>> On 9/24/20 1:38 PM, Arvind Sankar wrote:
>>> On Thu, Sep 24, 2020 at 10:58:35AM -0400, Ross Philipson wrote:
>>>
>>>> diff --git a/arch/x86/boot/com
> Ensure that kernel_info is aligned, and use the SYM_DATA.* macros
> instead of bare labels. This stores the size of the kernel_info
> structure in the ELF symbol table.
That is great. It looks like just what we will need. Thank you very much.
Acked-by: Ross Philipson
>
On 9/24/20 1:38 PM, Arvind Sankar wrote:
> On Thu, Sep 24, 2020 at 10:58:35AM -0400, Ross Philipson wrote:
>> The Secure Launch (SL) stub provides the entry point for Intel TXT (and
>> later AMD SKINIT) to vector to during the late launch. The symbol
>> sl_stub_entry is tha
On 9/24/20 10:08 PM, Randy Dunlap wrote:
> On 9/24/20 7:58 AM, Ross Philipson wrote:
>> Initial bits to bring in Secure Launch functionality. Add Kconfig
>> options for compiling in/out the Secure Launch code.
>>
>> Signed-off-by: Ross Philipson
>
> Hi,
&g
On 10/19/20 1:06 PM, Arvind Sankar wrote:
> On Mon, Oct 19, 2020 at 10:38:08AM -0400, Ross Philipson wrote:
>> On 10/16/20 4:51 PM, Arvind Sankar wrote:
>>> On Thu, Oct 15, 2020 at 08:26:54PM +0200, Daniel Kiper wrote:
>>>>
>>>> I am discussing
On 10/21/20 12:18 PM, Arvind Sankar wrote:
> On Wed, Oct 21, 2020 at 05:28:33PM +0200, Daniel Kiper wrote:
>> On Mon, Oct 19, 2020 at 01:18:22PM -0400, Arvind Sankar wrote:
>>> On Mon, Oct 19, 2020 at 04:51:53PM +0200, Daniel Kiper wrote:
On Fri, Oct 16, 2020 at 04:51:51PM -0400, Arvind Sankar
On 10/16/20 4:51 PM, Arvind Sankar wrote:
> On Thu, Oct 15, 2020 at 08:26:54PM +0200, Daniel Kiper wrote:
>>
>> I am discussing with Ross the other option. We can create
>> .rodata.mle_header section and put it at fixed offset as
>> kernel_info is. So, we would have, e.g.:
>>
>> arch/x86/boot/compr
From: "Daniel P. Smith"
The late init functionality registers securityfs nodes to allow access
to TXT register fields on Intel along with the fetching of and writing
events to the late launch TPM log.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
Signed-off-by: g
callback (into
ACPI code) or when an emergency reset is done. In these cases,
just the TXT registers are finalized but SEXIT is skipped.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/reboot.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/arch/x86/kernel/reboot.c b/arch/x86
-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 4 +
arch/x86/boot/compressed/early_sha1.c | 104
arch/x86/boot/compressed/early_sha1.h | 17 +++
arch/x86/boot/compressed/early_sha256.c | 6 +
arch/x86/boot/compressed
From: "Daniel P. Smith"
This commit exposes a minimal general interface for the compressed
kernel to request the required TPM operations to send measurements to
a TPM.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 2 +-
arc
Prior to running the next kernel via kexec, the Secure Launch code
closes down private SMX resources and does an SEXIT. This allows the
next kernel to start normally without any issues starting the APs etc.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/slaunch.c | 70
then jumps the the standard RM piggy protected mode
entry point.
Signed-off-by: Ross Philipson
---
arch/x86/include/asm/realmode.h | 3 ++
arch/x86/kernel/smpboot.c| 86
arch/x86/realmode/rm/header.S| 3 ++
arch/x86/realmode/rm
handling the APs on Intel
platforms. The routine sl_main which runs after entering 64b mode is
responsible for measuring configuration and module information before
it is used like the boot params, the kernel command line, the TXT heap,
an external initramfs, etc.
Signed-off-by: Ross Philipson
The Secure Launch MLE environment uses PCRs that are only accessible from
the DRTM locality 2. By default the TPM drivers always initialize the
locality to 0. When a Secure Launch is in progress, initialize the
locality to 2.
Signed-off-by: Ross Philipson
---
drivers/char/tpm/tpm-chip.c | 13
From: "Daniel P. Smith"
This commit introduces an abstraction for TPM1.2 and TPM2.0 devices
above the TPM hardware interface.
Signed-off-by: Daniel P. Smith
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 3 +-
arch/x86/boot/compressed/
th
Signed-off-by: Ross Philipson
---
arch/x86/boot/compressed/Makefile | 2 +
arch/x86/boot/compressed/tpm/crb.c| 304 ++
arch/x86/boot/compressed/tpm/crb.h| 20 ++
arch/x86/boot/compressed/tpm/tis.c| 215 +
arc
Initial bits to bring in Secure Launch functionality. Add Kconfig
options for compiling in/out the Secure Launch code.
Signed-off-by: Ross Philipson
---
arch/x86/Kconfig | 36
1 file changed, 36 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
Introduce the main Secure Launch header file used in the early SL stub
and the early setup code.
Signed-off-by: Ross Philipson
---
include/linux/slaunch.h | 544
1 file changed, 544 insertions(+)
create mode 100644 include/linux/slaunch.h
diff
protections are in place.
For TXT, this code also reserves the original compressed kernel setup
area where the APs were left looping so that this memory cannot be used.
Signed-off-by: Ross Philipson
---
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/setup.c| 3 +
arch/x86/kernel/slaunch.c
upport patchset (WIP):
https://lists.gnu.org/archive/html/grub-devel/2020-05/msg00011.html
Thanks
Ross Philipson and Daniel P. Smith
Daniel P. Smith (4):
x86: Add early TPM TIS/CRB interface support for Secure Launch
x86: Add early TPM1.2/TPM2.0 interface support for Secure Launch
x86: A
25 matches
Mail list logo
