Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp230353ybi; Fri, 24 May 2019 02:59:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqxWHex93qmrybxvLrconayX2oTrHxB7+8pvyQmQZJ2FZCo0LNuyBUWEYmQOO8dnQT51RT4R X-Received: by 2002:a65:4306:: with SMTP id j6mr2056961pgq.418.1558691982385; Fri, 24 May 2019 02:59:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558691982; cv=none; d=google.com; s=arc-20160816; b=rMwvrS7/hlqTq6ajzdwzFVF5WWMt5XvYnVvibYGLYYe3UEHdp6cLHH2VAJm5hdGOCf 6CQSIRBqZsmGmBzr23WWNIef32IKFQ6FI1zZ7iwxpRlVr34TiebUuI3GUmYgJEycOJ7/ q3Uaae1OifFEJicFQlO/zuqxr0ChvsEEhM6nj6kbneaUDUyh4c+Car5BbtMIVDXVs4wi vAupXzQ3B/1kgzckTWe0kahRafrNmbZNZKdRB4CUFTgI38Z1dtevLSRbgCV/gtxM8Fq1 Fktpyu+4yjrJbQ3hGtGUMHB3TBlcEPwZMNcleREepphAFq4C69stQ5jjdI4hGGbfu2T1 W5fQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=gph/cZtiNouDdoN+j1zsu+fZav7CrzoQ3asuHLB7WAM=; b=t7eVKYbDyyo+UysDhEJQOfhk0FuSAX3mUyDiC6O94EKeJaWJYkDJFW8mASNPLcRoFi sn5zRLp/e+rjrQ51K5iYMXl1yFd1klie5qwuM7V+dgzX5LjK+1TZJyjaf37Bp2vrg5Ad Ad7JG7c4bie7iepk3WR7Y8w3mjwZovgrQD8O2YV5+qJpbWT6kKwFMhQtIa5yFfK5hd3S K3iOGeY+YftIrvuAakO7MyF6+BylCk1L8csEK5kkj7SfMcsaN0v9NacU2mXKI0lFFQBT 7vVJDlllEv/ILLHmCXWpFqg/lZjyrFnBNskqZGIHoxm9sljag7YB/EhkeCh8nNzbycrT BtWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=xHc7JZPt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u28si3639547pfl.138.2019.05.24.02.59.24; Fri, 24 May 2019 02:59:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=xHc7JZPt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390373AbfEXJ4K (ORCPT + 99 others); Fri, 24 May 2019 05:56:10 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:57888 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390247AbfEXJ4J (ORCPT ); Fri, 24 May 2019 05:56:09 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4O9rYtP154062; Fri, 24 May 2019 09:56:06 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=corp-2018-07-02; bh=gph/cZtiNouDdoN+j1zsu+fZav7CrzoQ3asuHLB7WAM=; b=xHc7JZPtrR3yGBCBdSUIC6QItzPJ6112PvNTPnsdtI+15j82K4ObCHLmlo0+zq81ESBf b3vchUJWuh4hlHZ3VKP+fz3K6eZS9qrgd7YTWd0f4Ke9B6TtT/zLeLJUyd6HcVVJrlVD 87Y7pOeLXHWQPSXufLC6+9NK7qXjwGEAvYtK+lZJ843OBl4TMTAuQNaPydBIRsyh7n51 cnjIwHDRi9Yoa9ENnxL1GA/9nbSlOMkYrRVXv7rzmc/1SQoNUXqNzIIcL82TTfsOA9JG 6r2InjI10ZlRVbE0Ix+gqSXAT9Os7ULyLoyEwS+DiyeAfKjRRUi+qBtNPFtNZH/7IRLq Zw== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2120.oracle.com with ESMTP id 2smsk5g2qp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 24 May 2019 09:56:06 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4O9tlVn151536; Fri, 24 May 2019 09:56:05 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userp3020.oracle.com with ESMTP id 2smsgw1gk4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 24 May 2019 09:56:05 +0000 Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x4O9u4tl023849; Fri, 24 May 2019 09:56:04 GMT Received: from tomti.i.net-space.pl (/10.175.163.203) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 24 May 2019 09:56:04 +0000 From: Daniel Kiper To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: dpsmith@apertussolutions.com, eric.snowberg@oracle.com, hpa@zytor.com, kanth.ghatraju@oracle.com, konrad.wilk@oracle.com, ross.philipson@oracle.com Subject: [PATCH RFC 2/2] x86/boot: Introduce dummy MLE header Date: Fri, 24 May 2019 11:55:04 +0200 Message-Id: <20190524095504.12894-3-daniel.kiper@oracle.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190524095504.12894-1-daniel.kiper@oracle.com> References: <20190524095504.12894-1-daniel.kiper@oracle.com> X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9266 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905240068 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9266 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905240068 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org DO NOT APPLY!!! THIS PATCH INTRODUCES DUMMY MLE HEADER AND SIMPLY ILLUSTRATES HOW TO EXTEND THE setup_header2 PROPERLY. DO NOT APPLY!!! Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Reviewed-by: Ross Philipson --- Documentation/x86/boot.txt | 6 ++++++ arch/x86/Kconfig | 7 +++++++ arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/setup_header2.S | 6 ++++++ arch/x86/boot/compressed/sl_stub.S | 28 ++++++++++++++++++++++++++++ 5 files changed, 48 insertions(+) create mode 100644 arch/x86/boot/compressed/sl_stub.S diff --git a/Documentation/x86/boot.txt b/Documentation/x86/boot.txt index ff10c6116662..09cf50d7dca2 100644 --- a/Documentation/x86/boot.txt +++ b/Documentation/x86/boot.txt @@ -793,6 +793,12 @@ Offset/size: 0x0004/4 This field contains the size of the setup_header2 including setup_header2.header. It should be used by the boot loader to detect supported fields in the setup_header2. +Field name: mle_header_offset +Offset/size: 0x0008/4 + + This field contains the MLE header offset from the beginning of the kernel image. + If it is set to zero then it means that MLE header is not build into the kernel. + **** THE IMAGE CHECKSUM diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 5ad92419be19..021e274ede54 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1961,6 +1961,13 @@ config EFI_MIXED If unsure, say N. +config SECURE_LAUNCH_STUB + bool "Secure Launch stub support" + depends on X86_64 + ---help--- + This kernel feature allows a bzImage to be loaded directly + through Intel TXT or AMD SKINIT measured launch. + config SECCOMP def_bool y prompt "Enable seccomp to safely compute untrusted bytecode" diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index c12ccc2bd923..9722d119e19a 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -78,6 +78,7 @@ vmlinux-objs-y := $(obj)/vmlinux.lds $(obj)/setup_header2.o $(obj)/head_$(BITS). vmlinux-objs-$(CONFIG_EARLY_PRINTK) += $(obj)/early_serial_console.o vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/kaslr.o +vmlinux-objs-$(CONFIG_SECURE_LAUNCH_STUB) += $(obj)/sl_stub.o ifdef CONFIG_X86_64 vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/kaslr_64.o vmlinux-objs-y += $(obj)/mem_encrypt.o diff --git a/arch/x86/boot/compressed/setup_header2.S b/arch/x86/boot/compressed/setup_header2.S index 0b3963296825..eb732626fd22 100644 --- a/arch/x86/boot/compressed/setup_header2.S +++ b/arch/x86/boot/compressed/setup_header2.S @@ -9,4 +9,10 @@ setup_header2: .ascii "hDR2" /* Size. */ .long setup_header2_end - setup_header2 + /* MLE header offset. */ +#ifdef CONFIG_SECURE_LAUNCH_STUB + .long mle_header +#else + .long 0 +#endif setup_header2_end: diff --git a/arch/x86/boot/compressed/sl_stub.S b/arch/x86/boot/compressed/sl_stub.S new file mode 100644 index 000000000000..34f5000528e4 --- /dev/null +++ b/arch/x86/boot/compressed/sl_stub.S @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved. + * + * Author(s): + * Ross Philipson + */ + .code32 + .text + + /* The MLE Header per the TXT Specification, section 4.1 */ + .global mle_header + +mle_header: + .long 0x9082ac5a /* UUID0 */ + .long 0x74a7476f /* UUID1 */ + .long 0xa2555c0f /* UUID2 */ + .long 0x42b651cb /* UUID3 */ + .long 0x00000034 /* MLE header size */ + .long 0x00020002 /* MLE version 2.2 */ + .long 0x01234567 /* Linear entry point of MLE (virt. address) */ + .long 0x00000000 /* First valid page of MLE */ + .long 0x00000000 /* Offset within binary of first byte of MLE */ + .long 0x00000000 /* Offset within binary of last byte + 1 of MLE */ + .long 0x00000223 /* Bit vector of MLE-supported capabilities */ + .long 0x00000000 /* Starting linear address of command line */ + .long 0x00000000 /* Ending linear address of command line */ -- 2.11.0