| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f856478803635d0b1efbd95e66c43b9c3808e4fc.1746037489.git.sergii.dmytruk@3mdeb.com>
Date: Thu, 1 May 2025 01:44:45 +0300
From: Sergii Dmytruk <sergii.dmytruk@...eb.com>
To: linux-kernel@...r.kernel.org
Cc: trenchboot-devel@...glegroups.com
Subject: [RFC PATCH v2 3/9] x86: Secure Launch main header file AMD support
From: Ross Philipson <ross.philipson@...cle.com>
Add additional Secure Launch definitions and declarations for AMD/SKINIT
support.
Use a single implementation of slaunch_is_txt_launch(),
slaunch_get_flags() returns to 0 if Secure Launch support isn't enabled.
Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
Signed-off-by: Michał Żygowski <michal.zygowski@...eb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@...eb.com>
---
include/linux/slaunch.h | 81 +++++++++++++++++++++++++++++++++++------
1 file changed, 70 insertions(+), 11 deletions(-)
diff --git a/include/linux/slaunch.h b/include/linux/slaunch.h
index ae67314c2aad..ec7e0d736a03 100644
--- a/include/linux/slaunch.h
+++ b/include/linux/slaunch.h
@@ -14,11 +14,14 @@
*/
#define SL_FLAG_ACTIVE 0x00000001
#define SL_FLAG_ARCH_TXT 0x00000002
+#define SL_FLAG_ARCH_SKINIT 0x00000004
+#define SL_FLAG_SKINIT_PSP 0x00000008
/*
* Secure Launch CPU Type
*/
#define SL_CPU_INTEL 1
+#define SL_CPU_AMD 2
#define __SL32_CS 0x0008
#define __SL32_DS 0x0010
@@ -146,6 +149,8 @@
#define SL_ERROR_INVALID_SLRT 0xc0008022
#define SL_ERROR_SLRT_MISSING_ENTRY 0xc0008023
#define SL_ERROR_SLRT_MAP 0xc0008024
+#define SL_ERROR_MISSING_EVENT_LOG 0xc0008025
+#define SL_ERROR_MAP_SETUP_DATA 0xc0008026
/*
* Secure Launch Defined Limits
@@ -325,9 +330,25 @@ struct smx_rlp_mle_join {
u32 rlp_entry_point; /* phys addr */
} __packed;
+/* The TCG original Spec ID structure defined for TPM 1.2 */
+#define TCG_SPECID_SIG00 "Spec ID Event00"
+
+struct tpm_tcg_specid_event_head {
+ char signature[16];
+ u32 platform_class;
+ u8 spec_ver_minor;
+ u8 spec_ver_major;
+ u8 errata;
+ u8 uintn_size; /* reserved (must be 0) for 1.21 */
+ u8 vendor_info_size;
+ /* vendor_info[]; */
+} __packed;
+
/*
- * TPM event log structures defined in both the TXT specification and
- * the TCG documentation.
+ * TPM event log structures defined by the TXT specification derived
+ * from the TCG documentation. For TXT this is setup as the conainter
+ * header. On AMD this header is embedded in to vendor information
+ * after the TCG spec ID header.
*/
#define TPM_EVTLOG_SIGNATURE "TXT Event Container"
@@ -344,6 +365,25 @@ struct tpm_event_log_header {
/* PCREvents[] */
} __packed;
+/* TPM Event Log Size Macros */
+#define TCG_PCClientSpecIDEventStruct_SIZE \
+ (sizeof(struct tpm_tcg_specid_event_head))
+#define TCG_EfiSpecIdEvent_SIZE(n) \
+ ((n) * sizeof(struct tcg_efi_specid_event_algs) \
+ + sizeof(struct tcg_efi_specid_event_head) \
+ + sizeof(u8) /* vendorInfoSize */)
+#define TPM2_HASH_COUNT(base) (*((u32 *)(base) \
+ + (offsetof(struct tcg_efi_specid_event_head, num_algs) >> 2)))
+
+/* AMD Specific Structures and Definitions */
+struct sl_header {
+ u16 skl_entry_point;
+ u16 length;
+ u8 reserved[62];
+ u16 skl_info_offset;
+ u16 bootloader_data_offset;
+} __packed;
+
/*
* Functions to extract data from the Intel TXT Heap Memory. The layout
* of the heap is as follows:
@@ -512,16 +552,14 @@ void slaunch_fixup_jump_vector(void);
u32 slaunch_get_flags(void);
struct sl_ap_wake_info *slaunch_get_ap_wake_info(void);
struct acpi_table_header *slaunch_get_dmar_table(struct acpi_table_header *dmar);
+void slaunch_cpu_setup_skinit(void);
+void __noreturn slaunch_skinit_reset(const char *msg, u64 error);
void __noreturn slaunch_txt_reset(void __iomem *txt,
const char *msg, u64 error);
void slaunch_finalize(int do_sexit);
-
-static inline bool slaunch_is_txt_launch(void)
-{
- u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT;
-
- return (slaunch_get_flags() & mask) == mask;
-}
+bool slaunch_psp_tmr_release(void);
+void slaunch_psp_setup(void);
+void slaunch_psp_finalize(void);
#else
@@ -529,6 +567,10 @@ static inline void slaunch_setup_txt(void)
{
}
+static inline void slaunch_cpu_setup_skinit(void)
+{
+}
+
static inline void slaunch_fixup_jump_vector(void)
{
}
@@ -545,14 +587,31 @@ static inline struct acpi_table_header *slaunch_get_dmar_table(struct acpi_table
static inline void slaunch_finalize(int do_sexit)
{
+ (void)do_sexit;
}
+#endif /* !IS_ENABLED(CONFIG_SECURE_LAUNCH) */
+
static inline bool slaunch_is_txt_launch(void)
{
- return false;
+ u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT;
+
+ return (slaunch_get_flags() & mask) == mask;
}
-#endif /* !IS_ENABLED(CONFIG_SECURE_LAUNCH) */
+static inline bool slaunch_is_skinit_launch(void)
+{
+ u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_SKINIT;
+
+ return (slaunch_get_flags() & mask) == mask;
+}
+
+static inline bool slaunch_is_skinit_psp(void)
+{
+ u32 mask = SL_FLAG_ACTIVE | SL_FLAG_ARCH_SKINIT | SL_FLAG_SKINIT_PSP;
+
+ return (slaunch_get_flags() & mask) == mask;
+}
#endif /* !__ASSEMBLY */
--
2.49.0
Powered by blists - more mailing lists