Hi,
This is an addition to the RFC patchset which introduced TrenchBoot support for
Intel TXT.
It includes all original patches sent by Daniel Kiper back in May, rebased on
the top of current master so the AMD-specific changes can be applied cleanly.
Additionally, a small bug fix to patch 18 was added - original patch erroneously
passed pre-relocated address of Linux's zero_page instead of the target one. No
other changes were made to the TXT code.
Support for AMD SKINIT was added on top of those patches. Apart from SKINIT
preparations it includes small modification to the relocator and Linux boot
command, in similar matter as was done for TXT.
Original cover letter by Daniel:
Hi,
This is an RFC patchset for the GRUB introducing the Intel TXT secure
launcher.
This is a part of larger work known as the TrenchBoot. Patchset can be split
into two distinct parts:
- 01-12: preparatory patches,
- 13-18: the Intel TXT secure launcher itself.
The initial implementation of the Intel TXT secure launcher works. However,
there are still some missing bits and pieces, e.g.:
- SINIT ACM auto loader,
- lack of RMRR support,
- lack of support for MLEs larger than 1 GiB,
- lack of TPM 1.2 support.
- various fixes and cleanups.
Commands introduced by this patchset: tpm_type, slaunch, slaunch_module (not
required on server platforms) and slaunch_state (useful for checking platform
configuration and state; based on tboot's txt-stat).
Daniel
Krystian Hebel (4):
i386/slaunch: Add code for searching for DRTM event log in ACPI
i386/skinit: Add AMD SKINIT definitions header file
i386/skinit: Add AMD SKINIT core implementation
i386/slaunch: Add support for AMD SKINIT
Norbert Kaminski (18):
i386/msr: Merge rdmsr.h and wrmsr.h into msr.h
i386/msr: Rename grub_msr_read() and grub_msr_write()
i386/msr: Extract and improve MSR support detection code
i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT
i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global
mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()
i386/tpm: Rename tpm module to tpm_verifier
i386/tpm: Add TPM TIS and CRB driver
efi: Make shim_lock GUID and protocol type public
efi: Return grub_efi_status_t from grub_efi_get_variable()
efi: Add a function to read EFI variables with attributes
i386/efi: Report UEFI Secure Boot status to the Linux kernel
i386/slaunch: Add basic platform support for secure launch
i386/txt: Add Intel TXT definitions header file
i386/txt: Add Intel TXT core implementation
i386/txt: Add Intel TXT ACM module support
i386/txt: Add Intel TXT verification routines
i386/slaunch: Add secure launch framework and commands
docs/grub.texi | 15 +-
grub-core/Makefile.am| 3 +
grub-core/Makefile.core.def | 18 +-
grub-core/commands/efi/efifwsetup.c | 8 +-
grub-core/commands/efi/shim_lock.c | 12 -
grub-core/commands/i386/rdmsr.c | 25 +-
grub-core/commands/i386/tpm.c| 182
grub-core/commands/i386/wrmsr.c | 25 +-
grub-core/commands/{tpm.c => tpm_verifier.c} | 6 +-
grub-core/kern/efi/efi.c | 30 +-
grub-core/lib/i386/relocator32.S | 14 +
grub-core/lib/i386/xen/relocator.S | 6 +-
grub-core/lib/x86_64/xen/relocator.S | 4 +-
grub-core/loader/i386/bsd.c | 7 +
grub-core/loader/i386/linux.c| 320 ++-
grub-core/loader/i386/skinit.c | 162
grub-core/loader/i386/slaunch.c | 326 +++
grub-core/loader/i386/txt/acmod.c| 575
grub-core/loader/i386/txt/txt.c | 886 +++
grub-core/loader/i386/txt/verify.c | 297 +++
grub-core/loader/i386/xen.c | 61 +-
grub-core/loader/i386/xnu.c | 3 +
grub-core/loader/multiboot.c | 5 +
grub-core/mmap/mmap.c| 64 ++
grub-core/video/efi_gop.c| 2 +-
include/grub/efi/api.h | 19 +-
include/grub/efi/efi.h | 12 +-
include/grub/file.h | 3 +
include/grub/i386/cpuid.h| 13 +
include/grub/i386/crfr.h | 186
include/grub/i386/linux.h| 28 +-
include/grub/i386/memory.h | 8 +-
include/grub/i386/mmio.h | 90 ++
include/grub/i386/msr.h | 135 +++
include/grub/i386/{wrmsr.h => skinit.h} | 35 +-
include/grub/i386/slaunch.h | 64 ++
include/grub/i386/{rdmsr.h => tpm.h} | 31 +-
include/grub/i386/txt.h | 690 +++
include/grub/memory.h| 3 +
39 files changed, 4212 insertions(+), 161 deletions(-)
create
