lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <D936D925018D154694D8A362EEB0892005AC10E3@orsmsx416.amr.corp.intel.com>
Date:	Tue, 7 Oct 2008 14:09:29 -0700
From:	"Cihula, Joseph" <joseph.cihula@...el.com>
To:	<linux-kernel@...r.kernel.org>
Cc:	"Wang, Shane" <shane.wang@...el.com>,
	"Wei, Gang" <gang.wei@...el.com>,
	"Van De Ven, Arjan" <arjan.van.de.ven@...el.com>,
	"Mallick, Asit K" <asit.k.mallick@...el.com>,
	"Nakajima, Jun" <jun.nakajima@...el.com>,
	"Chris Wright" <chrisw@...hat.com>,
	"Jan Beulich" <jbeulich@...ell.com>, <mingo@...e.hu>,
	<tytso@....edu>
Subject: RE: [RFC][PATCH 3/3] TXT: Intel(R) TXT and tboot kernel support

(large) Patch inline below (and still attached for those who prefer it).

Linux kernel changes to support tboot and Intel TXT.
 
Signed-off-by:  Shane Wang <shane.wang@...el.com>
Signed-off-by:  Joseph Cihula <joseph.cihula@...el.com>
Signed-off-by:  Gang Wei <gang.wei@...el.com>

diff -r 29cfdc52a076 arch/x86/configs/i386_defconfig
--- a/arch/x86/configs/i386_defconfig	Mon Oct 06 12:50:47 2008 -0700
+++ b/arch/x86/configs/i386_defconfig	Tue Oct 07 00:13:02 2008 -0700
@@ -54,6 +54,7 @@ CONFIG_X86_TRAMPOLINE=y
 CONFIG_X86_TRAMPOLINE=y
 CONFIG_KTIME_SCALAR=y
 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+# CONFIG_TXT is not set
 
 #
 # General setup
diff -r 29cfdc52a076 arch/x86/configs/x86_64_defconfig
--- a/arch/x86/configs/x86_64_defconfig	Mon Oct 06 12:50:47 2008 -0700
+++ b/arch/x86/configs/x86_64_defconfig	Tue Oct 07 00:13:02 2008 -0700
@@ -54,6 +54,7 @@ CONFIG_X86_TRAMPOLINE=y
 CONFIG_X86_TRAMPOLINE=y
 # CONFIG_KTIME_SCALAR is not set
 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+# CONFIG_TXT is not set
 
 #
 # General setup
diff -r 29cfdc52a076 arch/x86/kernel/Makefile
--- a/arch/x86/kernel/Makefile	Mon Oct 06 12:50:47 2008 -0700
+++ b/arch/x86/kernel/Makefile	Tue Oct 07 00:13:02 2008 -0700
@@ -44,6 +44,7 @@ obj-$(CONFIG_X86_32)		+= tls.o
 obj-$(CONFIG_X86_32)		+= tls.o
 obj-$(CONFIG_IA32_EMULATION)	+= tls.o
 obj-y				+= step.o
+obj-$(CONFIG_TXT)		+= tboot.o
 obj-$(CONFIG_STACKTRACE)	+= stacktrace.o
 obj-y				+= cpu/
 obj-y				+= acpi/
diff -r 29cfdc52a076 arch/x86/kernel/reboot.c
--- a/arch/x86/kernel/reboot.c	Mon Oct 06 12:50:47 2008 -0700
+++ b/arch/x86/kernel/reboot.c	Tue Oct 07 00:13:02 2008 -0700
@@ -20,6 +20,8 @@
 #else
 # include <asm/iommu.h>
 #endif
+
+#include <asm/tboot.h>
 
 /*
  * Power off function, if any
@@ -456,11 +458,13 @@ static void native_machine_restart(char 
 
 	if (!reboot_force)
 		machine_shutdown();
+	tboot_shutdown(TB_SHUTDOWN_REBOOT);
 	machine_emergency_restart();
 }
 
 static void native_machine_halt(void)
 {
+	tboot_shutdown(TB_SHUTDOWN_HALT);
 }
 
 static void native_machine_power_off(void)
@@ -470,6 +474,8 @@ static void native_machine_power_off(voi
 			machine_shutdown();
 		pm_power_off();
 	}
+	/* a fallback in case there is no PM info available */
+	tboot_shutdown(TB_SHUTDOWN_HALT);
 }
 
 struct machine_ops machine_ops = {
diff -r 29cfdc52a076 arch/x86/kernel/setup.c
--- a/arch/x86/kernel/setup.c	Mon Oct 06 12:50:47 2008 -0700
+++ b/arch/x86/kernel/setup.c	Tue Oct 07 00:13:02 2008 -0700
@@ -115,6 +115,8 @@ struct boot_params __initdata boot_param
 #else
 struct boot_params boot_params;
 #endif
+
+#include <asm/tboot.h>
 
 /*
  * Machine setup..
@@ -833,6 +835,8 @@ void __init setup_arch(char **cmdline_p)
 	paravirt_pagetable_setup_done(swapper_pg_dir);
 	paravirt_post_allocator_init();
 
+	tboot_probe();
+
 #ifdef CONFIG_X86_64
 	map_vsyscall();
 #endif
diff -r 29cfdc52a076 arch/x86/kernel/tboot.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/arch/x86/kernel/tboot.c	Tue Oct 07 00:13:02 2008 -0700
@@ -0,0 +1,258 @@
+/*
+ * tboot.c: main implementation of helper functions used by kernel for
+ *          runtime support
+ *
+ * Copyright (c) 2006-2008, Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify
it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but
WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License
along with
+ * this program; if not, write to the Free Software Foundation, Inc., 
+ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <linux/init.h>
+#include <linux/sched.h>
+#include <linux/pfn.h>
+#include <asm/pgtable.h>
+#include <asm/processor.h>
+#include <asm/bootparam.h>
+#include <asm/tboot.h>
+
+/* Global pointer to shared data; NULL means no measured launch. */
+struct tboot_shared *tboot_shared;
+
+void __init tboot_probe(void)
+{
+	extern struct boot_params boot_params;
+
+	/* Look for valid page-aligned address for shared page. */
+	if (boot_params.hdr.tboot_shared_addr == 0)
+		return;
+
+	/* Map and check for tboot UUID. */
+	set_fixmap(FIX_TBOOT_SHARED_BASE,
boot_params.hdr.tboot_shared_addr);
+	tboot_shared = (struct tboot_shared *)
+				fix_to_virt(FIX_TBOOT_SHARED_BASE);
+	if (memcmp(&TBOOT_SHARED_UUID, &tboot_shared->uuid,
+		   sizeof(struct tboot_uuid))) {
+		printk(KERN_WARNING "tboot_shared at %lxP/%pV is
invalid\n",
+		       (unsigned long)boot_params.hdr.tboot_shared_addr,
+		       tboot_shared);
+		tboot_shared = NULL;
+		return;
+	}
+	if (tboot_shared->version < 2) {
+		printk(KERN_WARNING "tboot_shared version is invalid:
%d\n",
+		       tboot_shared->version);
+		tboot_shared = NULL;
+		return;
+	}
+
+	printk(KERN_INFO "TBOOT: found shared page at phys addr
0x%lx:\n",
+	       (unsigned long)boot_params.hdr.tboot_shared_addr);
+	printk(KERN_DEBUG "  version: %d\n", tboot_shared->version);
+	printk(KERN_DEBUG "  log_addr: 0x%08x\n",
tboot_shared->log_addr);
+	printk(KERN_DEBUG "  shutdown_entry32: 0x%08x\n",
+	       tboot_shared->shutdown_entry32);
+	printk(KERN_DEBUG "  shutdown_entry64: 0x%08x\n",
+	       tboot_shared->shutdown_entry64);
+	printk(KERN_DEBUG "  shutdown_type: %d\n",
tboot_shared->shutdown_type);
+	printk(KERN_DEBUG "  s3_tb_wakeup_entry: 0x%08x\n",
+	       tboot_shared->s3_tb_wakeup_entry);
+	printk(KERN_DEBUG "  s3_k_wakeup_entry: 0x%08x\n",
+	       tboot_shared->s3_k_wakeup_entry);
+	printk(KERN_DEBUG "  &acpi_sinfo: 0x%p\n",
&tboot_shared->acpi_sinfo);
+	printk(KERN_DEBUG "  tboot_base: 0x%08x\n",
tboot_shared->tboot_base);
+	printk(KERN_DEBUG "  tboot_size: 0x%x\n",
tboot_shared->tboot_size);
+}
+
+static pgd_t *tboot_pg_dir;
+static inline void switch_to_tboot_pt(void)
+{
+	native_write_cr3(__pa(tboot_pg_dir));
+}
+
+struct tboot_pgt_struct {
+	unsigned long ptr;
+	struct tboot_pgt_struct *next;
+};
+static struct tboot_pgt_struct *tboot_pgt;
+
+/* Allocate (and save for later release) a page */
+static unsigned long alloc_tboot_page(void)
+{
+	unsigned long ptr;
+	struct tboot_pgt_struct *pgt;
+
+	ptr = get_zeroed_page(GFP_ATOMIC);
+	if (ptr) {
+		pgt = kmalloc(sizeof(*pgt), GFP_ATOMIC);
+		if (!pgt) {
+			free_page(ptr);
+			return 0;
+		}
+		pgt->ptr = ptr;
+		pgt->next = tboot_pgt;
+		tboot_pgt = pgt;
+	}
+	return ptr;
+}
+
+/* Clean up memory used for tboot mapping */
+void clean_up_tboot_mapping(void)
+{
+	struct tboot_pgt_struct *pgt;
+
+	if (!tboot_in_measured_env())
+		return;
+
+	pgt = tboot_pgt;
+	while (pgt) {
+		free_page(pgt->ptr);
+		tboot_pgt = pgt->next;
+		kfree(pgt);
+		pgt = tboot_pgt;
+	}
+}
+
+static int map_page_for_tboot(unsigned long vaddr, unsigned long pfn,
+				pgprot_t prot)
+{
+	pgd_t *pgd;
+	pud_t *pud;
+	pmd_t *pmd;
+	pte_t *pte, new_pte;
+
+	pgd = tboot_pg_dir + pgd_index(vaddr);
+#ifdef __x86_64__
+	if (!pgd_val(*pgd)) {
+		pud = (pud_t *)alloc_tboot_page();
+		if (!pud)
+			return -1;
+		set_pgd(pgd, __pgd(__pa(pud) | _KERNPG_TABLE));
+	}
+	pud = pud_offset(pgd, vaddr);
+	if (!pud_val(*pud)) {
+		pmd = (pmd_t *)alloc_tboot_page();
+		if (!pmd)
+			return -1;
+		set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE));
+	}
+	pmd = pmd_offset(pud, vaddr);
+#else
+#ifdef CONFIG_X86_PAE
+	if (!pgd_val(*pgd)) {
+		pmd = (pmd_t *)alloc_tboot_page();
+		if (!pmd)
+			return -1;
+		set_pgd(pgd, __pgd(__pa(pmd) | _PAGE_PRESENT));
+		pud = pud_offset(pgd, 0);
+	}
+	pud = pud_offset(pgd, 0);
+	pmd = pmd_offset(pud, vaddr);
+#else
+	pud = pud_offset(pgd, 0);
+	pmd = pmd_offset(pud, 0);
+#endif
+#endif
+	if (!pmd_val(*pmd)) {
+		pte = (pte_t *)alloc_tboot_page();
+		if (!pte)
+			return -1;
+		set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
+	}
+	new_pte = pfn_pte(pfn, prot);
+
+	pte = pte_offset_kernel(pmd, vaddr);
+
+	if (pte_val(*pte) &&
+#if defined(CONFIG_X86_PAE) || defined(__x86_64__)
+	    pte_val(*pte) != (pte_val(new_pte) & __supported_pte_mask)
+#else
+	    pte_val(*pte) != pte_val(new_pte)
+#endif
+	   ) {
+		pte_ERROR(*pte);
+		return -1;
+	}
+
+	set_pte(pte, new_pte);
+
+	return 0;
+}
+
+static int map_pages_for_tboot(unsigned long vaddr, unsigned long
start_pfn,
+				unsigned long nr)
+{
+	printk(KERN_DEBUG "map_pages_for_tboot %lx to %lx (%lx)\n",
+		vaddr, start_pfn << PAGE_SHIFT, nr << PAGE_SHIFT);
+
+	/* Reuse the original kernel mapping */
+	tboot_pg_dir = (pgd_t *)alloc_tboot_page();
+	if (!tboot_pg_dir)
+		return -1;
+
+#ifdef __x86_64__
+	set_pgd(tboot_pg_dir + pgd_index(__START_KERNEL_map),
+		swapper_pg_dir[pgd_index(__START_KERNEL_map)]);
+#else
+	memcpy(tboot_pg_dir + KERNEL_PGD_BOUNDARY,
+		swapper_pg_dir + KERNEL_PGD_BOUNDARY,
+		sizeof(swapper_pg_dir[0]) * KERNEL_PGD_PTRS);
+#endif
+
+	for (; nr > 0; nr--, vaddr += PAGE_SIZE, start_pfn++) {
+		if (map_page_for_tboot(vaddr, start_pfn,
+				       __pgprot(__PAGE_KERNEL_EXEC)))
+			return -1;
+	}
+
+	return 0;
+}
+
+void tboot_shutdown(u32 shutdown_type)
+{
+	u32 map_base, map_size;
+
+	if (!tboot_in_measured_env())
+		return;
+
+	tboot_shared->shutdown_type = shutdown_type;
+
+	local_irq_disable();
+
+	/* Create identity map for tboot shutdown code. */
+	if (tboot_shared->version >= 0x02) {
+		map_base = PFN_DOWN(tboot_shared->tboot_base);
+		map_size = PFN_UP(tboot_shared->tboot_size);
+	} else {
+		map_base = 0;
+		map_size = PFN_UP(0xa0000);
+	}
+
+	if (map_pages_for_tboot(map_base << PAGE_SHIFT, map_base,
map_size)) {
+		printk(KERN_DEBUG "error mapping tboot pages "
+				  "(mfns) @ 0x%x, 0x%x\n", map_base,
map_size);
+		clean_up_tboot_mapping();
+		return;
+	}
+
+	switch_to_tboot_pt();
+
+#ifdef __x86_64__
+	asm volatile ("jmp *%%rdi" : : "D"
(tboot_shared->shutdown_entry64));
+#else
+	asm volatile ("jmp *%%edi" : : "D"
(tboot_shared->shutdown_entry32));
+#endif
+
+	BUG(); /* should not reach here */
+}
diff -r 29cfdc52a076 arch/x86/power/cpu_32.c
--- a/arch/x86/power/cpu_32.c	Mon Oct 06 12:50:47 2008 -0700
+++ b/arch/x86/power/cpu_32.c	Tue Oct 07 00:13:02 2008 -0700
@@ -11,6 +11,7 @@
 #include <linux/suspend.h>
 #include <asm/mtrr.h>
 #include <asm/mce.h>
+#include <asm/tboot.h>
 
 static struct saved_context saved_context;
 
@@ -136,5 +137,8 @@ void restore_processor_state(void)
 void restore_processor_state(void)
 {
 	__restore_processor_state(&saved_context);
+
+	/* Clean up memory mapping for tboot range */
+	clean_up_tboot_mapping();
 }
 EXPORT_SYMBOL(restore_processor_state);
diff -r 29cfdc52a076 arch/x86/power/cpu_64.c
--- a/arch/x86/power/cpu_64.c	Mon Oct 06 12:50:47 2008 -0700
+++ b/arch/x86/power/cpu_64.c	Tue Oct 07 00:13:02 2008 -0700
@@ -14,6 +14,7 @@
 #include <asm/page.h>
 #include <asm/pgtable.h>
 #include <asm/mtrr.h>
+#include <asm/tboot.h>
 
 static void fix_processor_context(void);
 
@@ -131,6 +132,9 @@ void restore_processor_state(void)
 void restore_processor_state(void)
 {
 	__restore_processor_state(&saved_context);
+
+	/* Clean up memory mapping for tboot range */
+	clean_up_tboot_mapping();
 }
 
 static void fix_processor_context(void)
diff -r 29cfdc52a076 drivers/acpi/hardware/hwsleep.c
--- a/drivers/acpi/hardware/hwsleep.c	Mon Oct 06 12:50:47 2008 -0700
+++ b/drivers/acpi/hardware/hwsleep.c	Tue Oct 07 00:13:02 2008 -0700
@@ -44,6 +44,7 @@
 
 #include <acpi/acpi.h>
 #include <acpi/actables.h>
+#include <asm/tboot.h>
 
 #define _COMPONENT          ACPI_HARDWARE
 ACPI_MODULE_NAME("hwsleep")
@@ -77,6 +78,13 @@ acpi_set_firmware_waking_vector(acpi_phy
 	if (ACPI_FAILURE(status)) {
 		return_ACPI_STATUS(status);
 	}
+
+#ifdef CONFIG_TXT
+	if (tboot_in_measured_env()) {
+		tboot_shared->s3_k_wakeup_entry =
(uint32_t)physical_address;
+		physical_address = tboot_shared->s3_tb_wakeup_entry;
+	}
+#endif
 
 	/* Set the vector */
 
@@ -238,6 +246,29 @@ acpi_status acpi_enter_sleep_state_prep(
 
 ACPI_EXPORT_SYMBOL(acpi_enter_sleep_state_prep)
 
+#ifdef CONFIG_TXT
+static void tboot_sleep(u8 sleep_state)
+{
+	uint32_t shutdown_type;
+
+	switch (sleep_state) {
+	case ACPI_STATE_S3:
+		shutdown_type = TB_SHUTDOWN_S3;
+		break;
+	case ACPI_STATE_S4:
+		shutdown_type = TB_SHUTDOWN_S4;
+		break;
+	case ACPI_STATE_S5:
+		shutdown_type = TB_SHUTDOWN_S5;
+		break;
+	default:
+		return;
+	}
+
+	tboot_shutdown(shutdown_type);
+}
+#endif
+
 
/***********************************************************************
********
  *
  * FUNCTION:    acpi_enter_sleep_state
@@ -361,6 +392,20 @@ acpi_status asmlinkage acpi_enter_sleep_
 
 	PM1Acontrol |= sleep_enable_reg_info->access_bit_mask;
 	PM1Bcontrol |= sleep_enable_reg_info->access_bit_mask;
+
+#ifdef CONFIG_TXT
+	if (tboot_in_measured_env()) {
+		tboot_shared->acpi_sinfo.pm1a_cnt =
+
(uint16_t)acpi_gbl_FADT.xpm1a_control_block.address;
+		tboot_shared->acpi_sinfo.pm1b_cnt =
+
(uint16_t)acpi_gbl_FADT.xpm1b_control_block.address;
+		tboot_shared->acpi_sinfo.pm1a_cnt_val = PM1Acontrol;
+		tboot_shared->acpi_sinfo.pm1b_cnt_val = PM1Bcontrol;
+		tboot_sleep(sleep_state);
+		printk(KERN_DEBUG "TBOOT failed entering s3 state\n");
+		return_ACPI_STATUS(AE_ERROR);
+	}
+#endif
 
 	/* Write #2: SLP_TYP + SLP_EN */
 
diff -r 29cfdc52a076 include/asm-x86/bootparam.h
--- a/include/asm-x86/bootparam.h	Mon Oct 06 12:50:47 2008 -0700
+++ b/include/asm-x86/bootparam.h	Tue Oct 07 00:13:02 2008 -0700
@@ -62,6 +62,7 @@ struct setup_header {
 	__u32	payload_offset;
 	__u32	payload_length;
 	__u64	setup_data;
+	__u32   tboot_shared_addr;
 } __attribute__((packed));
 
 struct sys_desc_table {
diff -r 29cfdc52a076 include/asm-x86/fixmap_32.h
--- a/include/asm-x86/fixmap_32.h	Mon Oct 06 12:50:47 2008 -0700
+++ b/include/asm-x86/fixmap_32.h	Tue Oct 07 00:13:02 2008 -0700
@@ -85,6 +85,9 @@ enum fixed_addresses {
 #ifdef CONFIG_PARAVIRT
 	FIX_PARAVIRT_BOOTMAP,
 #endif
+#ifdef CONFIG_TXT
+	FIX_TBOOT_SHARED_BASE,
+#endif
 	__end_of_permanent_fixed_addresses,
 	/*
 	 * 256 temporary boot-time mappings, used by early_ioremap(),
diff -r 29cfdc52a076 include/asm-x86/fixmap_64.h
--- a/include/asm-x86/fixmap_64.h	Mon Oct 06 12:50:47 2008 -0700
+++ b/include/asm-x86/fixmap_64.h	Tue Oct 07 00:13:02 2008 -0700
@@ -56,6 +56,9 @@ enum fixed_addresses {
 #ifdef CONFIG_PROVIDE_OHCI1394_DMA_INIT
 	FIX_OHCI1394_BASE,
 #endif
+#ifdef CONFIG_TXT
+	FIX_TBOOT_SHARED_BASE,
+#endif
 	__end_of_permanent_fixed_addresses,
 	/*
 	 * 256 temporary boot-time mappings, used by early_ioremap(),
diff -r 29cfdc52a076 include/asm-x86/tboot.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/include/asm-x86/tboot.h	Tue Oct 07 00:13:02 2008 -0700
@@ -0,0 +1,101 @@
+/*
+ * tboot.h: shared data structure with MLE and kernel and functions
+ *          used by kernel for runtime support
+ *
+ * Copyright (c) 2006-2008, Intel Corporation
+ *
+ * This program is free software; you can redistribute it and/or modify
it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but
WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License
along with
+ * this program; if not, write to the Free Software Foundation, Inc., 
+ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#ifndef _ASM_TBOOT_H
+#define _ASM_TBOOT_H
+
+#define TB_SHUTDOWN_REBOOT      0
+#define TB_SHUTDOWN_S5          1
+#define TB_SHUTDOWN_S4          2
+#define TB_SHUTDOWN_S3          3
+#define TB_SHUTDOWN_HALT        4
+
+#ifdef CONFIG_TXT
+struct tboot_uuid {
+	u32    data1;
+	u16    data2;
+	u16    data3;
+	u16    data4;
+	u8     data5[6];
+} __attribute__ ((__packed__));
+
+/* used to communicate between tboot and the launched kernel */
+
+struct tboot_acpi_sleep_info {
+	u16 pm1a_cnt;
+	u16 pm1b_cnt;
+	u16 pm1a_evt;
+	u16 pm1b_evt;
+	u16 pm1a_cnt_val;
+	u16 pm1b_cnt_val;
+}  __attribute__ ((__packed__));
+
+struct tboot_shared {
+	/* version 0x01+ fields: */
+	struct tboot_uuid uuid; /* TBOOT_SHARED_UUID */
+	u32  version;      	/* Version number: 2 is current */
+	u32  log_addr;     	/* physical addr of tb_log_t log */
+	u32  shutdown_entry32;	/* entry point for tboot shutdown from
32b */
+	u32  shutdown_entry64;	/* entry point for tboot shutdown from
64b */
+	u32  shutdown_type;	/* type of shutdown (TB_SHUTDOWN_*) */
+	u32  s3_tb_wakeup_entry;/* entry point for tboot s3 wake up */
+	u32  s3_k_wakeup_entry;	/* entry point for kernel s3 wake up */
+	struct tboot_acpi_sleep_info
+		  acpi_sinfo;	/* where kernel put acpi sleep info in
Sx */
+	u8   reserved[52];	/* this pad is for compat with old field
*/
+	/* version 0x02+ fields: */
+	u32  tboot_base;	/* starting addr for tboot */
+	u32  tboot_size;	/* size of tboot */
+} __attribute__ ((__packed__));
+
+/* {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} */
+#define TBOOT_SHARED_UUID     \
+		((struct tboot_uuid){ 0x663c8dff, 0xe8b3, 0x4b82,
0xaabf,   \
+				{ 0x19, 0xea, 0x4d, 0x5, 0x7a, 0x8 } })
+
+extern struct tboot_shared *tboot_shared;
+
+static inline int tboot_in_measured_env(void)
+{
+	return tboot_shared != NULL;
+}
+
+extern void clean_up_tboot_mapping(void);
+extern void tboot_probe(void);
+extern void tboot_shutdown(u32 shutdown_type);
+
+#else     /* CONFIG_TXT */
+
+static inline void clean_up_tboot_mapping(void)
+{
+}
+
+static inline void tboot_probe(void)
+{
+}
+
+static inline void tboot_shutdown(u32 shutdown_type)
+{
+}
+
+#endif /* !CONFIG_TXT */
+
+#endif /* _ASM_TBOOT_H */
diff -r 29cfdc52a076 security/Kconfig
--- a/security/Kconfig	Mon Oct 06 12:50:47 2008 -0700
+++ b/security/Kconfig	Tue Oct 07 00:13:02 2008 -0700
@@ -115,6 +115,23 @@ config SECURITY_DEFAULT_MMAP_MIN_ADDR
 	  /proc/sys/vm/mmap_min_addr tunable.
 
 
+config TXT
+        bool "Enable Intel(R) Trusted Execution Technology (TXT)"
+        depends on EXPERIMENTAL && X86
+        help
+          This option enables support for booting the kernel with
+          the Trusted Boot (tboot) module. This will utilize
+          Intel(R) Trusted Execution Technology (TXT) to perform a
+          measured launch of the kernel. If the system does not
+          support TXT, this will have no effect.
+
+          See <http://www.intel.com/technology/security/> for more
+          information about Intel(R) TXT.
+          And see <http://tboot.sourceforge.net> for more information
+          about tboot.
+
+          If you are unsure as to whether this is required, answer N.
+
 source security/selinux/Kconfig
 source security/smack/Kconfig


Download attachment "txt-linux-tboot.patch" of type "application/octet-stream" (18495 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ