Another update of [TrenchBoot] changes. More context can be found in
the cover letter for [v1]. This set is compatible with v14 of Linux patches
[linux-v14].
As the code gets used in more configurationis (different hardware, Xen on UEFI
systems) lack of handling of various cases gets discovered and fixed.
The changes can also be viewed on GitHub at [TrenchBoot/grub].
-----
Changes in v4:
- adjustments for latest master (4abac0ad5a791)
- added grub_slr_entry_intel_info::boot_params_base
- allocation of SLRT within OS2MLE
- fixed use with TPM1.2
- better compatibility with non-Linux
+ disabling boot_params-specific handling
+ making chainloader support Slaunch
- code now makes sure FEATURE_CONTROL MSR is locked
- fixed use on platforms where SINIT has MAXPHYSADDR capability (more than
36 valid bits in MTRRs)
- use safe math on constructing TXT heap
- efi/txt: map file offset of MLE to offset within a loaded EFI image
- efi/txt: don't assume that firmware can allocate page tables exactly where we
ask it to, allow address to be lower (permitted by TXT)
Changes in [v3]:
- rebase on latest master
- overhaul that changes how SLRT is built, adds UEFI support and a common DL
entry
- AMD changes were removed from this series to be submitted separately
Changes in [v2]:
- 5 patches landed as a separate [generic-x86] series
- 3 patches were in [generic-x86] as well, got Reviewed-Bys and returned here;
one of them was extracted out of a different patch
- patches related to modules received some documentation additions
- several commit messages became more verbose
- some commits have seen cosmetic changes with no impact on functionality
- a leak fix got dropped to be sent separately (it's not really related to the
rest of changes)
-----
[TrenchBoot]: https://trenchboot.org/
[v1]: https://lists.gnu.org/archive/html/grub-devel/2024-08/msg00088.html
[v2]: https://lists.gnu.org/archive/html/grub-devel/2024-11/msg00000.html
[v3]: https://lists.gnu.org/archive/html/grub-devel/2024-12/msg00028.html
[TrenchBoot/grub]:
https://github.com/TrenchBoot/grub/compare/4abac0a...tb-2.12-284-v4
[generic-x86]:
https://lists.gnu.org/archive/html/grub-devel/2024-10/msg00055.html
[linux-v14]:
https://lore.kernel.org/lkml/20250421162712.77452-1-ross.philip...@oracle.com/
-----
Aleksandr Burmashev (1):
commands/tpm: Rename tpm module to tpm_verifier
Daniel Kiper (2):
mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()
commands/i386/tpm: Add TPM TIS and CRB driver
Fedora Ninjas (1):
slaunch: Add Secure Launch framework and commands
Michał Żygowski (1):
multiboot2: Support TXT Secure Launch
Ross Philipson (11):
i386: Add CRx, MMIO, MSR and extend CPUID definitions
efi/tpm: Replace tpm command
slaunch: Add Secure Launch Resource Table (SLRT) header file
slaunch: Add main Secure Launch definitions header
slaunch: Add SLR table setup support module
i386/txt: Add Intel TXT definitions header file
slaunch/txt: Add Intel TXT core implementation
slaunch/txt: Add Intel TXT ACM module support
slaunch/txt: Add Intel TXT verification routines
i386/efi: Add DL stub as common DL event module
efi/linux: Add Intel TXT Secure Launch support
Sergii Dmytruk (4):
i386: extract grub_get_max_phy_addr_bits ()
multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size
slaunch: Introduce a hook for filling SLRT policy
efi/chainloader: support Secure Launch
docs/grub.texi | 32 +-
grub-core/Makefile.am | 6 +
grub-core/Makefile.core.def | 24 +-
grub-core/commands/efi/tpm.c | 4 +-
grub-core/commands/i386/tpm.c | 151 +++
grub-core/commands/{tpm.c => tpm_verifier.c} | 57 +-
grub-core/lib/i386/relocator32.S | 8 +
grub-core/loader/efi/chainloader.c | 144 ++-
grub-core/loader/efi/linux.c | 16 +
grub-core/loader/i386/bsd.c | 3 +
grub-core/loader/i386/linux.c | 85 +-
grub-core/loader/i386/multiboot_mbi.c | 4 +-
grub-core/loader/i386/xnu.c | 2 +
grub-core/loader/multiboot.c | 16 +-
grub-core/loader/multiboot_elfxx.c | 91 +-
grub-core/loader/multiboot_mbi2.c | 152 ++-
grub-core/loader/slaunch/acmod.c | 575 +++++++++
grub-core/loader/slaunch/i386_linux.c | 241 ++++
grub-core/loader/slaunch/slaunch.c | 204 ++++
grub-core/loader/slaunch/slrt.c | 327 +++++
grub-core/loader/slaunch/txt.c | 1114 ++++++++++++++++++
grub-core/loader/slaunch/verify.c | 297 +++++
grub-core/loader/slaunch/x86_dlstub.c | 93 ++
grub-core/loader/slaunch/x86_dltrampoline.S | 94 ++
grub-core/loader/slaunch/x86_efi.c | 379 ++++++
grub-core/mmap/mmap.c | 83 ++
grub-core/video/i386/pc/vbe.c | 11 +-
include/grub/file.h | 3 +
include/grub/i386/cpuid.h | 27 +
include/grub/i386/crfr.h | 190 +++
include/grub/i386/linux.h | 11 +
include/grub/i386/memory.h | 5 +
include/grub/i386/mmio.h | 74 ++
include/grub/i386/msr.h | 63 +
include/grub/i386/tpm.h | 35 +
include/grub/i386/txt.h | 720 +++++++++++
include/grub/memory.h | 3 +
include/grub/multiboot.h | 2 +-
include/grub/multiboot2.h | 6 +-
include/grub/slaunch.h | 151 +++
include/grub/slr_table.h | 299 +++++
include/grub/tpm.h | 2 +
42 files changed, 5716 insertions(+), 88 deletions(-)
create mode 100644 grub-core/commands/i386/tpm.c
rename grub-core/commands/{tpm.c => tpm_verifier.c} (60%)
create mode 100644 grub-core/loader/slaunch/acmod.c
create mode 100644 grub-core/loader/slaunch/i386_linux.c
create mode 100644 grub-core/loader/slaunch/slaunch.c
create mode 100644 grub-core/loader/slaunch/slrt.c
create mode 100644 grub-core/loader/slaunch/txt.c
create mode 100644 grub-core/loader/slaunch/verify.c
create mode 100644 grub-core/loader/slaunch/x86_dlstub.c
create mode 100644 grub-core/loader/slaunch/x86_dltrampoline.S
create mode 100644 grub-core/loader/slaunch/x86_efi.c
create mode 100644 include/grub/i386/crfr.h
create mode 100644 include/grub/i386/mmio.h
create mode 100644 include/grub/i386/tpm.h
create mode 100644 include/grub/i386/txt.h
create mode 100644 include/grub/slaunch.h
create mode 100644 include/grub/slr_table.h
base-commit: a4da71dafeea519b034beb159dfe80c486c2107c
prerequisite-patch-id: 5badbeabe202f72e525d8bcd95b6b18d996cb705
--
2.49.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
