| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250616-coreboot-payload-mm-v2-1-5d679b682e13@9elements.com>
Date: Mon, 16 Jun 2025 16:01:12 +0200
From: Michal Gorlas <michal.gorlas@...ements.com>
To: Tzung-Bi Shih <tzungbi@...nel.org>,
Brian Norris <briannorris@...omium.org>,
Julius Werner <jwerner@...omium.org>
Cc: linux-kernel@...r.kernel.org, chrome-platform@...ts.linux.dev,
Marcello Sylvester Bauer <marcello.bauer@...ements.com>,
Michal Gorlas <michal.gorlas@...ements.com>
Subject: [PATCH v2 1/3] firmware: coreboot: support for parsing SMM related
informations from coreboot tables
coreboot exposes (S)MM related data in the coreboot table. Extends existing interface
with structure corresponding to (S)MM data, and adds COREBOOT_PAYLOAD_MM config used by
follow-up patches.
Signed-off-by: Michal Gorlas <michal.gorlas@...ements.com>
---
drivers/firmware/google/Kconfig | 12 +++++++
drivers/firmware/google/coreboot_table.h | 11 ++++++
drivers/firmware/google/mm_payload.h | 58 ++++++++++++++++++++++++++++++++
3 files changed, 81 insertions(+)
diff --git a/drivers/firmware/google/Kconfig b/drivers/firmware/google/Kconfig
index 41b78f5cb7351e512cbaeb6443634a4b97bf6255..ff443f0c4a9a990052d83903fb0f0b0795cc76bd 100644
--- a/drivers/firmware/google/Kconfig
+++ b/drivers/firmware/google/Kconfig
@@ -81,4 +81,16 @@ config GOOGLE_VPD
This option enables the kernel to expose the content of Google VPD
under /sys/firmware/vpd.
+config COREBOOT_PAYLOAD_MM
+ tristate "SMI handling in Linux (LinuxBootSMM)"
+ depends on X86 && GOOGLE_COREBOOT_TABLE
+ help
+ Enables support for SMI handling by Linux-owned code.
+ coreboot reserves region for payload-owned SMI handler, the Linux
+ driver prepares its SMI handler outside of SMRAM, and lets coreboot
+ know where the handler is placed by issuing an SMI. On this SMI, the
+ handler is being placed in SMRAM and all supported SMIs from that point
+ on are handled by Linux-owned SMI handler.
+ If in doubt, say N.
+
endif # GOOGLE_FIRMWARE
diff --git a/drivers/firmware/google/coreboot_table.h b/drivers/firmware/google/coreboot_table.h
index bb6f0f7299b4670d0b1f91bd7a3c038cdb412f7b..8a7934e679903e39ce1d86b4aecbc2b4e89363fd 100644
--- a/drivers/firmware/google/coreboot_table.h
+++ b/drivers/firmware/google/coreboot_table.h
@@ -52,6 +52,16 @@ struct lb_cbmem_entry {
u32 id;
};
+/* Corresponds to LB_TAG_PLD_MM_INTERFACE_INFO */
+#define LB_TAG_PLD_MM_INTERFACE_INFO 0x3b
+struct lb_pld_mm_interface_info {
+ u32 tag;
+ u32 size;
+ u8 revision;
+ u8 requires_long_mode_call;
+ u8 register_mm_entry_command;
+};
+
/* Describes framebuffer setup by coreboot */
struct lb_framebuffer {
u32 tag;
@@ -80,6 +90,7 @@ struct coreboot_device {
struct lb_cbmem_ref cbmem_ref;
struct lb_cbmem_entry cbmem_entry;
struct lb_framebuffer framebuffer;
+ struct lb_pld_mm_interface_info mm_info;
DECLARE_FLEX_ARRAY(u8, raw);
};
};
diff --git a/drivers/firmware/google/mm_payload.h b/drivers/firmware/google/mm_payload.h
new file mode 100644
index 0000000000000000000000000000000000000000..bb2f55c4f24096dfd526e281a937f100031d5315
--- /dev/null
+++ b/drivers/firmware/google/mm_payload.h
@@ -0,0 +1,58 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * mm_payload.h
+ *
+ * Internal header for MM payload driver.
+ *
+ * Copyright 2025 9elements gmbh
+ * Copyright 2025 Michal Gorlas <michal.gorlas@...ements.com>
+ */
+
+#ifndef __MM_PAYLOAD_H
+#define __MM_PAYLOAD_H
+
+#define PAYLOAD_MM_RET_SUCCESS 0
+#define PAYLOAD_MM_RET_FAILURE 1
+#define PAYLOAD_MM_REGISTER_ENTRY 2
+
+#define REALMODE_END_SIGNATURE 0x65a22c82
+
+struct mm_info {
+ u8 revision;
+ u8 requires_long_mode_call;
+ u8 register_mm_entry_command;
+};
+
+extern struct mm_info *mm_info;
+
+#ifndef __ASSEMBLY__
+
+#include <linux/types.h>
+
+/* This must match data at mm_handler/mm_header.S */
+struct mm_header {
+ u32 text_start;
+ u32 mm_entry_32;
+ u32 mm_entry_64;
+ u32 mm_signature;
+ u32 mm_blob_size;
+};
+
+extern struct mm_header *mm_header;
+extern unsigned char mm_blob_end[];
+
+extern unsigned char mm_blob[];
+extern unsigned char mm_relocs[];
+
+/*
+ * This has to be under 1MB (see tseg_region.c in coreboot source tree).
+ * The actual check for this is made in coreboot after we fill the header
+ * (see above) with the blob size.
+ */
+static inline size_t mm_payload_size_needed(void)
+{
+ return mm_blob_end - mm_blob;
+}
+
+#endif /* __ASSEMBLER__ */
+#endif /* __MM_PAYLOAD_H */
--
2.49.0
Powered by blists - more mailing lists