Hi, This is an addition to the RFC patchset which introduced TrenchBoot support for Intel TXT.
It includes all original patches sent by Daniel Kiper back in May, rebased on the top of current master so the AMD-specific changes can be applied cleanly. Additionally, a small bug fix to patch 18 was added - original patch erroneously passed pre-relocated address of Linux's zero_page instead of the target one. No other changes were made to the TXT code. Support for AMD SKINIT was added on top of those patches. Apart from SKINIT preparations it includes small modification to the relocator and Linux boot command, in similar matter as was done for TXT. Original cover letter by Daniel: Hi, This is an RFC patchset for the GRUB introducing the Intel TXT secure launcher. This is a part of larger work known as the TrenchBoot. Patchset can be split into two distinct parts: - 01-12: preparatory patches, - 13-18: the Intel TXT secure launcher itself. The initial implementation of the Intel TXT secure launcher works. However, there are still some missing bits and pieces, e.g.: - SINIT ACM auto loader, - lack of RMRR support, - lack of support for MLEs larger than 1 GiB, - lack of TPM 1.2 support. - various fixes and cleanups. Commands introduced by this patchset: tpm_type, slaunch, slaunch_module (not required on server platforms) and slaunch_state (useful for checking platform configuration and state; based on tboot's txt-stat). Daniel Krystian Hebel (4): i386/slaunch: Add code for searching for DRTM event log in ACPI i386/skinit: Add AMD SKINIT definitions header file i386/skinit: Add AMD SKINIT core implementation i386/slaunch: Add support for AMD SKINIT Norbert Kaminski (18): i386/msr: Merge rdmsr.h and wrmsr.h into msr.h i386/msr: Rename grub_msr_read() and grub_msr_write() i386/msr: Extract and improve MSR support detection code i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest() i386/tpm: Rename tpm module to tpm_verifier i386/tpm: Add TPM TIS and CRB driver efi: Make shim_lock GUID and protocol type public efi: Return grub_efi_status_t from grub_efi_get_variable() efi: Add a function to read EFI variables with attributes i386/efi: Report UEFI Secure Boot status to the Linux kernel i386/slaunch: Add basic platform support for secure launch i386/txt: Add Intel TXT definitions header file i386/txt: Add Intel TXT core implementation i386/txt: Add Intel TXT ACM module support i386/txt: Add Intel TXT verification routines i386/slaunch: Add secure launch framework and commands docs/grub.texi | 15 +- grub-core/Makefile.am | 3 + grub-core/Makefile.core.def | 18 +- grub-core/commands/efi/efifwsetup.c | 8 +- grub-core/commands/efi/shim_lock.c | 12 - grub-core/commands/i386/rdmsr.c | 25 +- grub-core/commands/i386/tpm.c | 182 ++++ grub-core/commands/i386/wrmsr.c | 25 +- grub-core/commands/{tpm.c => tpm_verifier.c} | 6 +- grub-core/kern/efi/efi.c | 30 +- grub-core/lib/i386/relocator32.S | 14 + grub-core/lib/i386/xen/relocator.S | 6 +- grub-core/lib/x86_64/xen/relocator.S | 4 +- grub-core/loader/i386/bsd.c | 7 + grub-core/loader/i386/linux.c | 320 ++++++- grub-core/loader/i386/skinit.c | 162 ++++ grub-core/loader/i386/slaunch.c | 326 +++++++ grub-core/loader/i386/txt/acmod.c | 575 ++++++++++++ grub-core/loader/i386/txt/txt.c | 886 +++++++++++++++++++ grub-core/loader/i386/txt/verify.c | 297 +++++++ grub-core/loader/i386/xen.c | 61 +- grub-core/loader/i386/xnu.c | 3 + grub-core/loader/multiboot.c | 5 + grub-core/mmap/mmap.c | 64 ++ grub-core/video/efi_gop.c | 2 +- include/grub/efi/api.h | 19 +- include/grub/efi/efi.h | 12 +- include/grub/file.h | 3 + include/grub/i386/cpuid.h | 13 + include/grub/i386/crfr.h | 186 ++++ include/grub/i386/linux.h | 28 +- include/grub/i386/memory.h | 8 +- include/grub/i386/mmio.h | 90 ++ include/grub/i386/msr.h | 135 +++ include/grub/i386/{wrmsr.h => skinit.h} | 35 +- include/grub/i386/slaunch.h | 64 ++ include/grub/i386/{rdmsr.h => tpm.h} | 31 +- include/grub/i386/txt.h | 690 +++++++++++++++ include/grub/memory.h | 3 + 39 files changed, 4212 insertions(+), 161 deletions(-) create mode 100644 grub-core/commands/i386/tpm.c rename grub-core/commands/{tpm.c => tpm_verifier.c} (96%) create mode 100644 grub-core/loader/i386/skinit.c create mode 100644 grub-core/loader/i386/slaunch.c create mode 100644 grub-core/loader/i386/txt/acmod.c create mode 100644 grub-core/loader/i386/txt/txt.c create mode 100644 grub-core/loader/i386/txt/verify.c create mode 100644 include/grub/i386/crfr.h create mode 100644 include/grub/i386/mmio.h create mode 100644 include/grub/i386/msr.h rename include/grub/i386/{wrmsr.h => skinit.h} (52%) create mode 100644 include/grub/i386/slaunch.h rename include/grub/i386/{rdmsr.h => tpm.h} (59%) create mode 100644 include/grub/i386/txt.h -- 2.17.1 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel