Aem staging 14 10 24 rebase #19
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
krystian-hebel
force-pushed
the
aem-staging-14-10-24-rebase
branch
2 times, most recently
from
25a3a94 to
e5764e1
Compare
|
Modified the entry point to fix There is |
krystian-hebel
force-pushed
the
aem-staging-14-10-24-rebase
branch
from
e5764e1 to
40033c8
Compare
|
Rebased to newer Also included fix from d2aa2f5 (for others commits from #17 I'd like to check on hardware whether they actually fix any issue before including them) and reordered the commits to group them into categories. The code still builds on each commit. Some commit messages became outdated, but additional ones will be outdated after 32b code linking, so I left them for now. |
krystian-hebel
force-pushed
the
aem-staging-14-10-24-rebase
branch
from
40033c8 to
6a50fd9
Compare
|
Updated SLRT definition to the latest one. No rebase done today as the patch I'm waiting for hasn't been merged. There is an ongoing unification of all possible Xen entry points (MB2, EFI, PVH) being done, which doesn't impact us too much, but slight modifications will be needed. https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=0fe607b2a1440191b59cc6da83a3e717bf3ff7c0 would cause problems on old (pre-SLRT) implementation, but now everything is measured before |
krystian-hebel
force-pushed
the
aem-staging-14-10-24-rebase
branch
6 times, most recently
from
8a4535d to
a9f4275
Compare
krystian-hebel
force-pushed
the
aem-staging-14-10-24-rebase
branch
7 times, most recently
from
13962c4 to
61d5a16
Compare
SergiiDmytruk
previously requested changes
Nov 17, 2024
krystian-hebel
force-pushed
the
aem-staging-14-10-24-rebase
branch
from
61d5a16 to
b9d7cd4
Compare
A precarious approach was used to release the pages used to hold a boot module. The precariousness stemmed from the fact that in the case of PV dom0, the initrd module pages may be either mapped or copied into the dom0 address space. In the former case, the PV dom0 construction code will set the size of the module to zero, relying on discard_initial_images() to skip any modules with a size of zero. In the latter case, the pages are freed by the PV dom0 construction code. This freeing of pages is done so that in either case, the initrd variable can be reused for tracking the initrd location in dom0 memory through the remaining dom0 construction code. To encapsulate the logical action of releasing a boot module, the function release_boot_module() is introduced along with the `released` flag added to boot module. The boot module flag `released` allows the tracking of when a boot module has been released by release_boot_module(). As part of adopting release_boot_module() the function discard_initial_images() is renamed to free_boot_modules(), a name that better reflects the functions actions. Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
There was a problem hiding this comment.
Works on APU with a small change on top to use amd_info instead of dl_info for newer SKL and GRUB.
void * -> uint8_t * I think goes somewhat against Qubes OS review. Changes to not use things like u32 and __u32 in sha1/sha256 make files differ more from the original Linux sources. Otherwise this version seem to be in alignment with the previous ones, although I didn't go line by line.
Mind that there is also a FIXME commit regarding stack_base.
krystian-hebel
force-pushed
the
aem-staging-14-10-24-rebase
branch
from
b9d7cd4 to
599b132
Compare
|
I've removed the FIXME commit, added smaller change in its place instead (a994bec). I've also moved change to x86/shutdown after commits directly related to SMP. |
While not strictly needed to guarantee operator precedence is as expected, add the parentheses to comply with Misra Rule 20.7. No functional change intended. Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> Fixes: 5b52e1b ('x86/mm: skip super-page alignment checks for non-present entries') Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
No functional change. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
These tests validate that important parts of memory are protected against DMA attacks, including Xen and MBI. Modules can be tested later, when it is possible to report issues to user before invoking TXT reset. TPM event log validation is temporarily disabled due to issue with its allocation by bootloader (GRUB) which will need to be modified to address this. Ultimately event log will also have to be validated early as it is used immediately after these tests to hold MBI measurements. See larger comment in verify_pmr_ranges(). Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
TXT heap is marked as reserved in e820 to protect against being allocated and overwritten. Signed-off-by: Kacper Stojek <kacper.stojek@3mdeb.com> Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
In preparation for TXT SENTER call, GRUB had to modify MTRR settings to be UC for everything except SINIT ACM. Old values are restored from SLRT where they were saved by the bootloader. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
The code comes from [1] and is licensed under GPL-2.0 license. It's a combination of: - include/crypto/sha1.h - include/crypto/sha1_base.h - lib/crypto/sha1.c - crypto/sha1_generic.c Changes: - includes - formatting - renames and splicing of trivial some functions that are called once - dropping of `int` return values (only zero was ever returned) - getting rid of references to `struct shash_desc` [1]: https://github.com/torvalds/linux/tree/afdab700f65e14070d8ab92175544b1c62b8bf03 Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
The code comes from [1] and is licensed under GPL-2.0 or later version of license. It's a combination of: - include/crypto/sha2.h - include/crypto/sha256_base.h - lib/crypto/sha256.c - crypto/sha256_generic.c Changes: - includes - formatting - renames and splicing of trivial some functions that are called once - dropping of `int` return values (only zero was ever returned) - getting rid of references to `struct shash_desc` [1]: https://github.com/torvalds/linux/tree/afdab700f65e14070d8ab92175544b1c62b8bf03 Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This file is built twice: for early 32b mode without paging to measure MBI and for 64b code to measure dom0 kernel and initramfs. Since MBI is small, the first case uses TPM to do the hashing. Kernel and initramfs on the other hand are too big, sending them to the TPM would take multiple minutes. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
SHA1 and SHA256 is hardcoded here, but their support by TPM is checked for. Addition of event log for TPM2.0 will generalize the code further. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This is made as the first step of making parallel AP bring-up possible. It should be enough for pre-C code. Parallel AP bring-up is necessary because TXT by design releases all APs at once. In addition to that it reduces number of IPIs (and more importantly, delays between them) required to start all logical processors. This results in significant reduction of boot time, even when DRTM is not used, with performance gain growing with the number of logical CPUs. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
On Intel TXT, APs are started in one of two ways, depending on ACM which reports it in its information table. In both cases, all APs are started simultaneously after BSP requests them to do so. Two possible ways are: - GETSEC[WAKEUP] instruction, - MONITOR address. GETSEC[WAKEUP] requires versions >= 7 of SINIT to MLE Data, but there is no clear mapping of that version with regard to processor family and it's not known which CPUs actually use it. It could have been designed for TXT support on CPUs that lack MONITOR/MWAIT, because GETSEC[WAKEUP] seems to be more complicated, in software and hardware alike. This patch implements only MONITOR approach, GETSEC[WAKEUP] support will be added later once more details and means of testing are available and if there is a practical need for it. With this patch, every AP goes through assembly part, and only when in start_secondary() in C they re-enter MONITOR/MWAIT iff they are not the AP that was asked to boot. The same address is reused for simplicity, and on next wakeup call APs don't have to go through assembly part again (GDT, paging, stack setting). Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com> Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
…_id(cpu) This is done in preparation to move data from x86_cpu_to_apicid[] elsewhere. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Both fields held the same data. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Remove setting of this variable in do_boot_cpu(). It was not consumed after that point, and the only consumer is BSP which isn't booted through do_boot_cpu() in the first place. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
It used to be called from smp_callin(), however BUG_ON() was invoked on multiple occasions before that. It may end up calling machine_restart() which tries to get APIC ID for CPU running this code. If BSP detected that x2APIC is enabled, get_apic_id() will try to use it for all CPUs. Enabling x2APIC on secondary CPUs earlier protects against an endless loop of #GP exceptions caused by attempts to read IA32_X2APIC_APICID MSR while x2APIC is disabled in IA32_APIC_BASE. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
CPU id is obtained as a side effect of searching for appropriate stack for AP. It can be used as a parameter to start_secondary(). Coincidentally this also makes further work on making AP bring-up code parallel easier. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This will be used for parallel AP bring-up. CPU_STATE_INIT changed direction. It was previously set by BSP and never consumed by AP. Now it signals that AP got through assembly part of initialization and waits for BSP to call notifiers that set up data structures required for further initialization. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This is no longer necessary, since AP loops on cpu_state and CPU index is passed as argument. In addition, move TXT JOIN structure to static data. There is no guarantee that it would be consumed before it is overwritten on BSP stack. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
This is another requirement for parallel AP bringup. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Multiple delays are required when sending IPIs and waiting for responses. During boot, 4 such IPIs were sent per each AP. With this change, only one set of broadcast IPIs is sent. This reduces boot time, especially for platforms with large number of cores. Single CPU initialization is still possible, it is used for hotplug. During wakeup from S3 APs are started one by one. It should be possible to enable parallel execution there as well, but I don't have a way of testing it as of now. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
If multiple CPUs called machine_restart() before actual restart took place, but after boot CPU declared itself not online, ASSERT in on_selected_cpus() will fail. Few calls later execution would end up in machine_restart() again, with another frame on call stack for new exception. To protect against running out of stack, code checks if boot CPU is still online before calling on_selected_cpus(). Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Go through entires in the DRTM policy of SLRT to hash and extend data that they describe into corresponding PCRs. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
It holds physical address of SLRT. The value is produced by slaunch_early (known as txt_early previously), gets set in assembly and then used by the main C code which don't need to know how we got it (which is different for different CPUs). This change additionally renames txt_early.c into slaunch_early.c Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
secure-kernel-loader on AMD with SKINIT passes MBI as a parameter for Multiboot kernel. Another thing of interest is the location of SLRT which is bootloader's data after SKL. Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This mostly involves not running Intel-specific code when on AMD. There are only a few new AMD-specific implementation details: - finding SLB start and size and then mapping and protecting it - managing offset for adding the next TPM log entry (TXT-compatible data prepared by SKL is stored inside of vendor data field of TCG header) Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com> Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
krystian-hebel
force-pushed
the
aem-staging-14-10-24-rebase
branch
from
599b132 to
afd6b78
Compare
|
https://lore.kernel.org/xen-devel/87d2a1e6-c69e-4789-b4e1-54aaf60eb858@amd.com/T/#m6c15a4ab1773d2563621532c3e324240d12a4134 got merged, I rebased this PR and updated the target branch to include it. This was the last of bootinfo patches. |
SergiiDmytruk
approved these changes
Nov 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes beyond rebase (from
aem-4.17.4, few changes aren't merged there yet) itself:%esicalculated based on%ebxinstead of call/pop, GDT loaded with CS selector as DS is undefined)#include ""to now supported#include <>in the early code, cleaned it up a bitgit bisect), but haven't test booting yetsomehow I messed upnever mind, my IDE didn't refresh the view automaticallytpm.cduring rebase - its early entry point lost an argument, but as it's called from assembly, no error was produced%ebpis overwritten before it is passed toslaunch_early_tests()