Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1647134pxj; Fri, 18 Jun 2021 11:37:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzfxTRc944Ab54TLcSXj/swOZuLPH0NXdgJlNXls8NnqtjJ4Ho3Yl/GDF/REnLDhKRo5JLu X-Received: by 2002:a05:6e02:e0d:: with SMTP id a13mr7742651ilk.224.1624041474492; Fri, 18 Jun 2021 11:37:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624041474; cv=none; d=google.com; s=arc-20160816; b=vIaKj1nCV+KW7Z/YFTrDgloU0pAC5gW4+SHyx6KGrFI0WH5eTqk2+sD/NN6CMP0NWd ROGbIaSi8cePvyRxTufCFFqF7NMiYz1IuapL534X2HlE46SGoyEo7i8ZTjqqgyj7ubB3 yhNxcaUIg0It9NGRn3YK8Yl1ooqDyZhnYjmempVqlnQ9rgN2ZIdmmGKl/pAm0zbYxhQ+ STv3iHz/VRoYoMww4IXCFgnYHX+vbU0+7OzzYYLQseIHSl1xerEJyXLXrSFQzY/bKte9 XiGdGEr5GLBAXVnOH0nUlD1lqtKjFw4kCW8h+M/0LjLYInmdkOP2inlGgGnocaHjtL3v oL9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=qO4swfJXRtPFLY0tVLDsZJG9xnfATwh6+HePhGd5nOM=; b=FjeKerMfdwVKMfM6hkIvOhwXqWlLtHsVfEZnaS7Ft4hQqveEPSxGke3os+m2oB9XWO mDOXNknjZVKQdZRmmydqKwzw3svtfBFvCo02in/afR96MDFc0RHnpHnrv6MBF+QWShOH ygREZuQ1alOwqobrXsiHJ1wcDR+Jwf9F6UrhLWY4ACP3K3K8ralIn+4maffPq91totUC UxcDYX+2bshocoN3AkOTMcE6LY1NV1YtTC+MwBZqAt3Bc1HMEI/dUcyqs3R8SotaR3sE jku7DawsPGlgvU1czwA0LfmukYkrCpIw6E3Czx0zCL0X0f6ilAGs/gudbJngJPPYfZ+g dT9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=rDoqGCTO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k24si10235043jan.49.2021.06.18.11.37.41; Fri, 18 Jun 2021 11:37:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=rDoqGCTO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232630AbhFRQJg (ORCPT + 99 others); Fri, 18 Jun 2021 12:09:36 -0400 Received: from mx0a-00069f02.pphosted.com ([205.220.165.32]:49316 "EHLO mx0a-00069f02.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231466AbhFRQJa (ORCPT ); Fri, 18 Jun 2021 12:09:30 -0400 Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15IG2h2Q030717; Fri, 18 Jun 2021 16:06:56 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=corp-2020-01-29; bh=qO4swfJXRtPFLY0tVLDsZJG9xnfATwh6+HePhGd5nOM=; b=rDoqGCTOIpNn4Ves81MkPAA7TGVJcu6zT7dlZCIRNyB0ryxqrs0kpd2R9oHWTuTKBhOl XvQdfvlWLaem5YLr8rH4hq3/Sz+8uO9s4QoaU+N1SKr2oDtTGieR8D0IwYfp923qZbu0 0SCJz+fEFu0QDErVnhgyj0kSa7nUIw5l3l+zeGBWNaTIaPwYdNH5otn3Mnd0jhpgf2/k jdidEB7J6zl6TgZFPXTHYfnZZjS9WSggd9r25uul0apedEIGwrKFXuVm7wEF7R73H/zD 1GkXKBnvoloSsLlmOY7R9T9NHrdqOweUjd436KMGv6t0+VPoCPuWksGtpnKiqR6UMGaf XQ== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by mx0b-00069f02.pphosted.com with ESMTP id 398tu1rgsa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Jun 2021 16:06:56 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 15IG1cGn154976; Fri, 18 Jun 2021 16:06:55 GMT Received: from pps.reinject (localhost [127.0.0.1]) by userp3020.oracle.com with ESMTP id 396wayyuxv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Jun 2021 16:06:55 +0000 Received: from userp3020.oracle.com (userp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 15IG6sWH167638; Fri, 18 Jun 2021 16:06:54 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userp3020.oracle.com with ESMTP id 396wayyuxe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Jun 2021 16:06:54 +0000 Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 15IG6qgO018499; Fri, 18 Jun 2021 16:06:52 GMT Received: from lateralus.us.oracle.com (/10.149.232.101) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 18 Jun 2021 16:06:52 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, iommu@lists.linux-foundation.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, luto@amacapital.net, trenchboot-devel@googlegroups.com Subject: [PATCH v2 09/12] reboot: Secure Launch SEXIT support on reboot paths Date: Fri, 18 Jun 2021 12:12:54 -0400 Message-Id: <1624032777-7013-10-git-send-email-ross.philipson@oracle.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1624032777-7013-1-git-send-email-ross.philipson@oracle.com> References: <1624032777-7013-1-git-send-email-ross.philipson@oracle.com> X-Proofpoint-GUID: ka2tYm6LQG-8tnhAckHMo3RPSiJmLN4G X-Proofpoint-ORIG-GUID: ka2tYm6LQG-8tnhAckHMo3RPSiJmLN4G Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If the MLE kernel is being powered off, rebooted or halted, then SEXIT must be called. Note that the SEXIT GETSEC leaf can only be called after a machine_shutdown() has been done on these paths. The machine_shutdown() is not called on a few paths like when poweroff action does not have a poweroff callback (into ACPI code) or when an emergency reset is done. In these cases, just the TXT registers are finalized but SEXIT is skipped. Signed-off-by: Ross Philipson --- arch/x86/kernel/reboot.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c index b29657b..796cbfb 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -731,6 +732,7 @@ static void native_machine_restart(char *__unused) if (!reboot_force) machine_shutdown(); + slaunch_finalize(!reboot_force); __machine_emergency_restart(0); } @@ -741,6 +743,9 @@ static void native_machine_halt(void) tboot_shutdown(TB_SHUTDOWN_HALT); + /* SEXIT done after machine_shutdown() to meet TXT requirements */ + slaunch_finalize(1); + stop_this_cpu(NULL); } @@ -749,8 +754,12 @@ static void native_machine_power_off(void) if (pm_power_off) { if (!reboot_force) machine_shutdown(); + slaunch_finalize(!reboot_force); pm_power_off(); + } else { + slaunch_finalize(0); } + /* A fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); } @@ -778,6 +787,7 @@ void machine_shutdown(void) void machine_emergency_restart(void) { + slaunch_finalize(0); __machine_emergency_restart(1); } -- 1.8.3.1