lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f856478803635d0b1efbd95e66c43b9c3808e4fc.1746037489.git.sergii.dmytruk@3mdeb.com>
Date: Thu,  1 May 2025 01:44:45 +0300
From: Sergii Dmytruk <sergii.dmytruk@...eb.com>
To: linux-kernel@...r.kernel.org
Cc: trenchboot-devel@...glegroups.com
Subject: [RFC PATCH v2 3/9] x86: Secure Launch main header file AMD support

From: Ross Philipson <ross.philipson@...cle.com>

Add additional Secure Launch definitions and declarations for AMD/SKINIT
support.

Use a single implementation of slaunch_is_txt_launch(),
slaunch_get_flags() returns to 0 if Secure Launch support isn't enabled.

Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
Signed-off-by: Michał Żygowski <michal.zygowski@...eb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@...eb.com>
---
 include/linux/slaunch.h | 81 +++++++++++++++++++++++++++++++++++------
 1 file changed, 70 insertions(+), 11 deletions(-)

diff --git a/include/linux/slaunch.h b/include/linux/slaunch.h
index ae67314c2aad..ec7e0d736a03 100644
--- a/include/linux/slaunch.h
+++ b/include/linux/slaunch.h
@@ -14,11 +14,14 @@
  */
 #define SL_FLAG_ACTIVE		0x00000001
 #define SL_FLAG_ARCH_TXT	0x00000002
+#define SL_FLAG_ARCH_SKINIT	0x00000004
+#define SL_FLAG_SKINIT_PSP	0x00000008
 
 /*
  * Secure Launch CPU Type
  */
 #define SL_CPU_INTEL	1
+#define SL_CPU_AMD	2
 
 #define __SL32_CS	0x0008
 #define __SL32_DS	0x0010
@@ -146,6 +149,8 @@
 #define SL_ERROR_INVALID_SLRT		0xc0008022
 #define SL_ERROR_SLRT_MISSING_ENTRY	0xc0008023
 #define SL_ERROR_SLRT_MAP		0xc0008024
+#define SL_ERROR_MISSING_EVENT_LOG	0xc0008025
+#define SL_ERROR_MAP_SETUP_DATA		0xc0008026
 
 /*
  * Secure Launch Defined Limits
@@ -325,9 +330,25 @@ struct smx_rlp_mle_join {
 	u32 rlp_entry_point; /* phys addr */
 } __packed;
 
+/* The TCG original Spec ID structure defined for TPM 1.2 */
+#define TCG_SPECID_SIG00 "Spec ID Event00"
+
+struct tpm_tcg_specid_event_head {
+	char signature[16];
+	u32  platform_class;
+	u8   spec_ver_minor;
+	u8   spec_ver_major;
+	u8   errata;
+	u8   uintn_size;	/* reserved (must be 0) for 1.21 */
+	u8   vendor_info_size;
+	/* vendor_info[]; */
+} __packed;
+
 /*
- * TPM event log structures defined in both the TXT specification and
- * the TCG documentation.
+ * TPM event log structures defined by the TXT specification derived
+ * from the TCG documentation. For TXT this is setup as the conainter
+ * header. On AMD this header is embedded in to vendor information
+ * after the TCG spec ID header.
  */
 #define TPM_EVTLOG_SIGNATURE "TXT Event Container"
 
@@ -344,6 +365,25 @@ struct tpm_event_log_header {
 	/* PCREvents[] */
 } __packed;
 
+/* TPM Event Log Size Macros */
+#define TCG_PCClientSpecIDEventStruct_SIZE			\
+		(sizeof(struct tpm_tcg_specid_event_head))
+#define TCG_EfiSpecIdEvent_SIZE(n) \
+		((n) * sizeof(struct tcg_efi_specid_event_algs)	\
+		 + sizeof(struct tcg_efi_specid_event_head)	\
+		 + sizeof(u8) /* vendorInfoSize */)
+#define TPM2_HASH_COUNT(base) (*((u32 *)(base)			\
+		+ (offsetof(struct tcg_efi_specid_event_head, num_algs) >> 2)))
+
+/* AMD Specific Structures and Definitions */
+struct sl_header {
+	u16 skl_entry_point;
+	u16 length;
+	u8 reserved[62];
+	u16 skl_info_offset;
+	u16 bootloader_data_offset;
+} __packed;
+
 /*
  * Functions to extract data from the Intel TXT Heap Memory. The layout
  * of the heap is as follows:
@@ -512,16 +552,14 @@ void slaunch_fixup_jump_vector(void);
 u32 slaunch_get_flags(void);
 struct sl_ap_wake_info *slaunch_get_ap_wake_info(void);
 struct acpi_table_header *slaunch_get_dmar_table(struct acpi_table_header *dmar);
+void slaunch_cpu_setup_skinit(void);
+void __noreturn slaunch_skinit_reset(const char *msg, u64 error);
 void __noreturn slaunch_txt_reset(void __iomem *txt,
 					 const char *msg, u64 error);
 void slaunch_finalize(int do_sexit);
-
-static inline bool slaunch_is_txt_launch(void)
-{
-	u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT;
-
-	return (slaunch_get_flags() & mask) == mask;
-}
+bool slaunch_psp_tmr_release(void);
+void slaunch_psp_setup(void);
+void slaunch_psp_finalize(void);
 
 #else
 
@@ -529,6 +567,10 @@ static inline void slaunch_setup_txt(void)
 {
 }
 
+static inline void slaunch_cpu_setup_skinit(void)
+{
+}
+
 static inline void slaunch_fixup_jump_vector(void)
 {
 }
@@ -545,14 +587,31 @@ static inline struct acpi_table_header *slaunch_get_dmar_table(struct acpi_table
 
 static inline void slaunch_finalize(int do_sexit)
 {
+	(void)do_sexit;
 }
 
+#endif /* !IS_ENABLED(CONFIG_SECURE_LAUNCH) */
+
 static inline bool slaunch_is_txt_launch(void)
 {
-	return false;
+	u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT;
+
+	return (slaunch_get_flags() & mask) == mask;
 }
 
-#endif /* !IS_ENABLED(CONFIG_SECURE_LAUNCH) */
+static inline bool slaunch_is_skinit_launch(void)
+{
+	u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_SKINIT;
+
+	return (slaunch_get_flags() & mask) == mask;
+}
+
+static inline bool slaunch_is_skinit_psp(void)
+{
+	u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_SKINIT | SL_FLAG_SKINIT_PSP;
+
+	return (slaunch_get_flags() & mask) == mask;
+}
 
 #endif /* !__ASSEMBLY */
 
-- 
2.49.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ