[tboot-devel] [PATCH 4/4] Support OpenSSL 1.1.0+ for ECDSA signature verification
From: ben-skyportsystems <b...@skyportsystems.com>
The OpenSSL API has changed such that raw access to ECDSA_SIG structs
is not permitted. A compile-time check is added to determine whether
to access data members directly or via the new API.
Signed-off-by: Ben Warren <b...@skyportsystems.com>
---
lcptools-v2/crtpollist.c | 8
1 file changed, 8 insertions(+)
diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c
index a70ff5f..3fad3f3 100644
--- a/lcptools-v2/crtpollist.c
+++ b/lcptools-v2/crtpollist.c
@@ -387,8 +387,14 @@ static bool ecdsa_sign_tpm20_list_data(lcp_policy_list_t2
*pollist, EC_KEY *ecke
BIGNUM *r = BN_new();
BIGNUM *s = BN_new();
+
+/* OpenSSL Version 1.1.0 and later don't allow direct access to ECDSA_SIG
stuct */
+#if OPENSSL_VERSION_NUMBER >= 0x1010L
+ECDSA_SIG_get0(ecdsasig, (const BIGNUM **), (const BIGNUM **));
+#else
r = ecdsasig->r;
s = ecdsasig->s;
+#endif
unsigned int BN_r_size = BN_num_bytes(r);
unsigned int BN_s_size = BN_num_bytes(s);
unsigned char key_r[BN_r_size];
@@ -407,6 +413,8 @@ static bool ecdsa_sign_tpm20_list_data(lcp_policy_list_t2
*pollist, EC_KEY *ecke
display_tpm20_signature("", sig, pollist->sig_alg, false);
}
+BN_free(r);
+BN_free(s);
return true;
}
return false;
--
2.6.4
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
[tboot-devel] [PATCH 3/4] Support OpenSSL 1.1.0+ for RSA key manipulation
From: ben-skyportsystems <b...@skyportsystems.com>
The OpenSSL API has changed such that raw access to RSA structs
is not permitted. A compile-time check is added to determine
whether to access data members directly or via the new API.
Signed-off-by: Ben Warren <b...@skyportsystems.com>
---
lcptools-v2/crtpollist.c | 11 ++-
lcptools-v2/lcputils.c | 30 +++---
lcptools/crtpollist.c| 11 ++-
lcptools/lcputils2.c | 21 ++---
4 files changed, 65 insertions(+), 8 deletions(-)
diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c
index 4abf48d..a70ff5f 100644
--- a/lcptools-v2/crtpollist.c
+++ b/lcptools-v2/crtpollist.c
@@ -161,8 +161,16 @@ static lcp_signature_t2 *read_rsa_pubkey_file(const char
*file)
memset(sig, 0, sizeof(lcp_rsa_signature_t) + 2*keysize);
sig->rsa_signature.pubkey_size = keysize;
+BIGNUM *modulus = BN_new();
+
+/* OpenSSL Version 1.1.0 and later don't allow direct access to RSA stuct */
+#if OPENSSL_VERSION_NUMBER >= 0x1010L
+RSA_get0_key(pubkey, (const BIGNUM **), NULL, NULL);
+#else
+modulus = pubkey->n;
+#endif
unsigned char key[keysize];
-BN_bn2bin(pubkey->n, key);
+BN_bn2bin(modulus, key);
/* openssl key is big-endian and policy requires little-endian, so reverse
bytes */
for ( unsigned int i = 0; i < keysize; i++ )
@@ -174,6 +182,7 @@ static lcp_signature_t2 *read_rsa_pubkey_file(const char
*file)
}
LOG("read rsa pubkey succeed!\n");
+BN_free(modulus);
RSA_free(pubkey);
return sig;
}
diff --git a/lcptools-v2/lcputils.c b/lcptools-v2/lcputils.c
index a102172..96d3608 100644
--- a/lcptools-v2/lcputils.c
+++ b/lcptools-v2/lcputils.c
@@ -370,14 +370,24 @@ bool verify_signature(const uint8_t *data, size_t
data_size,
ERROR("Error: failed to allocate key\n");
return false;
}
-rsa_pubkey->n = BN_bin2bn(key, pubkey_size, NULL);
+
+BIGNUM *modulus = BN_new();
+BIGNUM *exponent = BN_new();
+modulus = BN_bin2bn(key, pubkey_size, NULL);
/* uses fixed exponent (LCP_SIG_EXPONENT) */
char exp[32];
snprintf(exp, sizeof(exp), "%u", LCP_SIG_EXPONENT);
-rsa_pubkey->e = NULL;
-BN_dec2bn(_pubkey->e, exp);
+BN_dec2bn(, exp);
+
+/* OpenSSL Version 1.1.0 and later don't allow direct access to RSA stuct */
+#if OPENSSL_VERSION_NUMBER >= 0x1010L
+RSA_set0_key(rsa_pubkey, modulus, exponent, NULL);
+#else
+rsa_pubkey->n = modulus;
+rsa_pubkey->e = exponent;
rsa_pubkey->d = rsa_pubkey->p = rsa_pubkey->q = NULL;
+#endif
uint16_t hashalg = TPM_ALG_SHA1;
lcp_mle_element_t2 *mle;
@@ -397,6 +407,8 @@ bool verify_signature(const uint8_t *data, size_t data_size,
tb_hash_t digest;
if ( !hash_buffer(data, data_size, , hashalg) ) {
ERROR("Error: failed to hash list\n");
+BN_free(modulus);
+BN_free(exponent);
RSA_free(rsa_pubkey);
return false;
}
@@ -439,6 +451,8 @@ bool verify_signature(const uint8_t *data, size_t data_size,
ERROR("Error: failed to verify list: %s\n",
ERR_error_string(ERR_get_error(), NULL));
ERR_free_strings();
+BN_free(modulus);
+BN_free(exponent);
RSA_free(rsa_pubkey);
return false;
}
@@ -453,6 +467,8 @@ bool verify_signature(const uint8_t *data, size_t data_size,
ERROR("Error: failed to verify list: %s\n",
ERR_error_string(ERR_get_error(), NULL));
ERR_free_strings();
+BN_free(modulus);
+BN_free(exponent);
RSA_free(rsa_pubkey);
return false;
}
@@ -467,6 +483,8 @@ bool verify_signature(const uint8_t *data, size_t data_size,
ERROR("Error: failed to verify list: %s\n",
ERR_error_string(ERR_get_error(), NULL));
ERR_free_strings();
+BN_free(modulus);
+BN_free(exponent);
RSA_free(rsa_pubkey);
return false;
}
@@ -481,6 +499,8 @@ bool verify_signature(const uint8_t *data, size_t data_size,
ERROR("Error: failed to verify list: %s\n",
ERR_error_string(ERR_get_error(), NULL));
ERR_free_strings();
+BN_free(modulus);
+BN_free(exponent);
RSA_free(rsa_pubkey);
return false;
}
@@ -488,9 +508,13 @@ bool verify_signature(const uint8_t *data, size_t
data_size,
default :
LOG("unknown hash alg\n");
+BN_free(modulus);
+BN_free(exponent);
return false;
}
+BN_free(modulus);
+BN_free(exponent);
RSA_free(rsa_pubkey);
return true;
}
diff --git a/lcptools/crtpollist.c b/lcptool
[tboot-devel] [PATCH 2/4] Remove unnecessary public key modulus size check
From: ben-skyportsystems <b...@skyportsystems.com>
The OpenSSL function RSA_size() returns the size of the modulus.
The variable 'keysize' is set to the return value of this function. The
subsequent comparison of modulus size to keysize thus compares a
variable to itself.
Signed-off-by: Ben Warren <b...@skyportsystems.com>
---
lcptools-v2/crtpollist.c | 7 +--
lcptools/crtpollist.c| 7 +--
2 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c
index ed94c5d..4abf48d 100644
--- a/lcptools-v2/crtpollist.c
+++ b/lcptools-v2/crtpollist.c
@@ -160,12 +160,7 @@ static lcp_signature_t2 *read_rsa_pubkey_file(const char
*file)
memset(sig, 0, sizeof(lcp_rsa_signature_t) + 2*keysize);
sig->rsa_signature.pubkey_size = keysize;
-if ( (unsigned int)BN_num_bytes(pubkey->n) != keysize ) {
-ERROR("Error: modulus size not match key size\n");
-free(sig);
-RSA_free(pubkey);
-return NULL;
-}
+
unsigned char key[keysize];
BN_bn2bin(pubkey->n, key);
/* openssl key is big-endian and policy requires little-endian, so reverse
diff --git a/lcptools/crtpollist.c b/lcptools/crtpollist.c
index caf4897..e4e2474 100644
--- a/lcptools/crtpollist.c
+++ b/lcptools/crtpollist.c
@@ -155,12 +155,7 @@ static lcp_signature_t *read_pubkey_file(const char *file)
memset(sig, 0, sizeof(*sig) + 2*keysize);
sig->pubkey_size = keysize;
-if ( (unsigned int)BN_num_bytes(pubkey->n) != keysize ) {
-ERROR("Error: modulus size not match key size\n");
-free(sig);
-RSA_free(pubkey);
-return NULL;
-}
+
unsigned char key[keysize];
BN_bn2bin(pubkey->n, key);
/* openssl key is big-endian and policy requires little-endian, so reverse
--
2.6.4
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
[tboot-devel] [PATCH 0/4] Make code compatible with OpenSSL 1.1.0+
From: Ben Warren <b...@skyportsystems.com> One major change with OpenSSL 1.1.0 is that access to many raw data structures is removed. This patch set does version checking where necessary to use the appropriate API. Compile-tested against OpenSSL v1.0.2d and v1.1.0e ben-skyportsystems (4): Manage OpenSSL EVP_MD_CTX objects as pointers Remove unnecessary public key modulus size check Support OpenSSL 1.1.0+ for RSA key manipulation Support OpenSSL 1.1.0+ for ECDSA signature verification lcptools-v2/crtpollist.c | 26 +++--- lcptools-v2/hash.c | 36 lcptools-v2/lcputils.c | 30 +++--- lcptools/crtpollist.c| 18 +++--- lcptools/hash.c | 18 ++ lcptools/lcputils2.c | 21 ++--- lcptools/mlehash.c | 10 ++ tb_polgen/commands.c | 26 -- tb_polgen/hash.c | 18 ++ 9 files changed, 137 insertions(+), 66 deletions(-) -- 2.6.4 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
[tboot-devel] [PATCH 1/4] Manage OpenSSL EVP_MD_CTX objects as pointers
From: ben-skyportsystems <b...@skyportsystems.com>
Newer versions of OpenSSL (v1.1.0+) do not allow direct manipulation of
evp_md_ctx structs, so manage the object lifecycles by functions.
Signed-off-by: Ben Warren <b...@skyportsystems.com>
---
lcptools-v2/hash.c | 36
lcptools/hash.c | 18 ++
lcptools/mlehash.c | 10 ++
tb_polgen/commands.c | 26 --
tb_polgen/hash.c | 18 ++
5 files changed, 62 insertions(+), 46 deletions(-)
diff --git a/lcptools-v2/hash.c b/lcptools-v2/hash.c
index e8e8d72..0fbaecc 100644
--- a/lcptools-v2/hash.c
+++ b/lcptools-v2/hash.c
@@ -82,33 +82,36 @@ bool hash_buffer(const unsigned char* buf, size_t size,
tb_hash_t *hash,
return false;
if ( hash_alg == TB_HALG_SHA1 ) {
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha1();
-EVP_DigestInit(, md);
-EVP_DigestUpdate(, buf, size);
-EVP_DigestFinal(, hash->sha1, NULL);
+EVP_DigestInit(ctx, md);
+EVP_DigestUpdate(ctx, buf, size);
+EVP_DigestFinal(ctx, hash->sha1, NULL);
+EVP_MD_CTX_destroy(ctx);
return true;
}
else if (hash_alg == TB_HALG_SHA256) {
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha256();
-EVP_DigestInit(, md);
-EVP_DigestUpdate(, buf, size);
-EVP_DigestFinal(, hash->sha256, NULL);
+EVP_DigestInit(ctx, md);
+EVP_DigestUpdate(ctx, buf, size);
+EVP_DigestFinal(ctx, hash->sha256, NULL);
+EVP_MD_CTX_destroy(ctx);
return true;
}
else if (hash_alg == TB_HALG_SHA384) {
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha384();
-EVP_DigestInit(, md);
-EVP_DigestUpdate(, buf, size);
-EVP_DigestFinal(, hash->sha384, NULL);
+EVP_DigestInit(ctx, md);
+EVP_DigestUpdate(ctx, buf, size);
+EVP_DigestFinal(ctx, hash->sha384, NULL);
+EVP_MD_CTX_destroy(ctx);
return true;
}
else
@@ -129,15 +132,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t
*hash2, uint16_t hash_alg)
return false;
if ( hash_alg == TB_HALG_SHA1 ) {
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1));
memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1));
md = EVP_sha1();
-EVP_DigestInit(, md);
-EVP_DigestUpdate(, buf, 2*sizeof(hash1->sha1));
-EVP_DigestFinal(, hash1->sha1, NULL);
+EVP_DigestInit(ctx, md);
+EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1));
+EVP_DigestFinal(ctx, hash1->sha1, NULL);
+EVP_MD_CTX_destroy(ctx);
return true;
}
else
diff --git a/lcptools/hash.c b/lcptools/hash.c
index 8f666ac..86338ea 100644
--- a/lcptools/hash.c
+++ b/lcptools/hash.c
@@ -74,13 +74,14 @@ bool hash_buffer(const unsigned char* buf, size_t size,
tb_hash_t *hash,
return false;
if ( hash_alg == TB_HALG_SHA1_LG ) {
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
md = EVP_sha1();
-EVP_DigestInit(, md);
-EVP_DigestUpdate(, buf, size);
-EVP_DigestFinal(, hash->sha1, NULL);
+EVP_DigestInit(ctx, md);
+EVP_DigestUpdate(ctx, buf, size);
+EVP_DigestFinal(ctx, hash->sha1, NULL);
+EVP_MD_CTX_destroy(ctx);
return true;
}
else
@@ -101,15 +102,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t
*hash2, uint16_t hash_alg)
return false;
if ( hash_alg == TB_HALG_SHA1_LG ) {
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx = EVP_MD_CTX_create();
const EVP_MD *md;
memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1));
memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1));
md = EVP_sha1();
-EVP_DigestInit(, md);
-EVP_DigestUpdate(, buf, 2*sizeof(hash1->sha1));
-EVP_DigestFinal(, hash1->sha1, NULL);
+EVP_DigestInit(ctx, md);
+EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1));
+EVP_DigestFinal(ctx, hash1->sha1, NULL);
+EVP_MD_CTX_destroy(ctx);
return true;
}
else
diff --git a/lcptools/mlehash.c b/lcptools/mlehash.c
index dc9ddb1..e727c29 100644
--- a/lcptools/mlehash.c
+++ b/lcptools/mlehash.c
@@ -336,7 +336,7 @@ int main(int argc, char* argv[])
bool help = false;
char *mle_file;
extern int optind;/* current index of get_opt() */
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx = EVP_MD
[tboot-devel] [PATCH v8 2/3] x86/tboot: Fail extended mode reduced hardware sleep
Register for the extended sleep callback from acpi.
As tboot currently does not support the reduced hardware sleep
interface, fail this extended call.
Signed-off-by: Jan Beulich jbeul...@suse.com
Signed-off-by: Ben Guthro benjamin.gut...@citrix.com
Cc: tboot-devel@lists.sourceforge.net
Cc: Gang Wei gang@intel.com
Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com
---
arch/x86/kernel/tboot.c | 12
1 file changed, 12 insertions(+)
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index addf7b5..ade00c8 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -301,6 +301,17 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control,
u32 pm1b_control)
return 0;
}
+static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
+{
+ if (!tboot_enabled())
+ return 0;
+
+ pr_warning(tboot is not able to suspend on platforms with
+ reduced hardware sleep (ACPIv5). Please contact
+ tboot-devel@lists.sourceforge.net mailing list.);
+ return -ENODEV;
+}
+
static atomic_t ap_wfs_count;
static int tboot_wait_for_aps(int num_aps)
@@ -422,6 +433,7 @@ static __init int tboot_late_init(void)
#endif
acpi_os_set_prepare_sleep(tboot_sleep);
+ acpi_os_set_prepare_extended_sleep(tboot_extended_sleep);
return 0;
}
--
1.7.9.5
--
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
[tboot-devel] [PATCH v7 2/3] x86/tboot: Fail extended mode reduced hardware sleep
Register for the extended sleep callback from acpi.
As tboot currently does not support the reduced hardware sleep
interface, fail this extended call.
Signed-off-by: Jan Beulich jbeul...@suse.com
Signed-off-by: Ben Guthro benjamin.gut...@citrix.com
Cc: tboot-devel@lists.sourceforge.net
Cc: Gang Wei gang@intel.com
Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com
---
arch/x86/kernel/tboot.c | 12
1 file changed, 12 insertions(+)
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index addf7b5..760f431 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -301,6 +301,17 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control,
u32 pm1b_control)
return 0;
}
+static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
+{
+ if (!tboot_enabled())
+ return 0;
+
+ pr_warning(tboot is not able to suspend on platforms with
+ reduced hardware sleep (ACPIv5). Please contact
+ tboot-devel@lists.sourceforge.net mailing list.);
+ return -1;
+}
+
static atomic_t ap_wfs_count;
static int tboot_wait_for_aps(int num_aps)
@@ -422,6 +433,7 @@ static __init int tboot_late_init(void)
#endif
acpi_os_set_prepare_sleep(tboot_sleep);
+ acpi_os_set_prepare_extended_sleep(tboot_extended_sleep);
return 0;
}
--
1.7.9.5
--
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] [PATCH v7 2/3] x86/tboot: Fail extended mode reduced hardware sleep
On 07/29/2013 04:21 PM, Rafael J. Wysocki wrote:
On Monday, July 29, 2013 01:14:14 PM Ben Guthro wrote:
Register for the extended sleep callback from acpi.
As tboot currently does not support the reduced hardware sleep
interface, fail this extended call.
Signed-off-by: Jan Beulich jbeul...@suse.com
Signed-off-by: Ben Guthro benjamin.gut...@citrix.com
Cc: tboot-devel@lists.sourceforge.net
Cc: Gang Wei gang@intel.com
Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com
---
arch/x86/kernel/tboot.c | 12
1 file changed, 12 insertions(+)
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index addf7b5..760f431 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -301,6 +301,17 @@ static int tboot_sleep(u8 sleep_state, u32
pm1a_control, u32 pm1b_control)
return 0;
}
+static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
+{
+if (!tboot_enabled())
+return 0;
+
+pr_warning(tboot is not able to suspend on platforms with
+reduced hardware sleep (ACPIv5). Please contact
+tboot-devel@lists.sourceforge.net mailing list.);
+return -1;
Please use a meaningful error code here. For example -ENODEV.
Would AE_NOT_IMPLEMENTED be more appropriate?
include/acpi/acexcep.h:
#define AE_NOT_IMPLEMENTED EXCEP_ENV (0x000E)
+}
+
static atomic_t ap_wfs_count;
static int tboot_wait_for_aps(int num_aps)
@@ -422,6 +433,7 @@ static __init int tboot_late_init(void)
#endif
acpi_os_set_prepare_sleep(tboot_sleep);
+acpi_os_set_prepare_extended_sleep(tboot_extended_sleep);
return 0;
}
Thanks,
Rafael
--
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] [PATCH v7 2/3] x86/tboot: Fail extended mode reduced hardware sleep
On Mon, Jul 29, 2013 at 4:29 PM, Rafael J. Wysocki r...@sisk.pl wrote:
On Monday, July 29, 2013 04:18:22 PM Ben Guthro wrote:
On 07/29/2013 04:21 PM, Rafael J. Wysocki wrote:
On Monday, July 29, 2013 01:14:14 PM Ben Guthro wrote:
Register for the extended sleep callback from acpi.
As tboot currently does not support the reduced hardware sleep
interface, fail this extended call.
Signed-off-by: Jan Beulich jbeul...@suse.com
Signed-off-by: Ben Guthro benjamin.gut...@citrix.com
Cc: tboot-devel@lists.sourceforge.net
Cc: Gang Wei gang@intel.com
Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com
---
arch/x86/kernel/tboot.c | 12
1 file changed, 12 insertions(+)
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index addf7b5..760f431 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -301,6 +301,17 @@ static int tboot_sleep(u8 sleep_state, u32
pm1a_control, u32 pm1b_control)
return 0;
}
+static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
+{
+ if (!tboot_enabled())
+ return 0;
+
+ pr_warning(tboot is not able to suspend on platforms with
+ reduced hardware sleep (ACPIv5). Please contact
+ tboot-devel@lists.sourceforge.net mailing list.);
+ return -1;
Please use a meaningful error code here. For example -ENODEV.
Would AE_NOT_IMPLEMENTED be more appropriate?
include/acpi/acexcep.h:
#define AE_NOT_IMPLEMENTED EXCEP_ENV (0x000E)
This is not an ACPI error. :-)
Good point.
-ENODEV it is, then.
I'll respin tomorrow morning, to allow for anyone else who wishes to
comment on the series.
Thanks for the review
Ben
Rafael
--
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk
___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
--
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] tboot, xen, grub2 infinite loop
If it makes a difference, I am running the grub2 that ships with ubuntu 11.04 -
which is 1.99 with a few ubuntu patches on top of it.
/btg
On Jul 13, 2011, at 9:58 PM, Wei, Gang gang@intel.com wrote:
I will look into this issue. Thanks for raising it.
Jimmy
-Original Message-
From: Ben Guthro [mailto:b...@guthro.net]
Sent: Thursday, July 07, 2011 1:06 AM
To: tboot-devel@lists.sourceforge.net
Cc: Ken Kane
Subject: [tboot-devel] tboot, xen, grub2 infinite loop
I am attempting to get tboot working with Xen-4.0.2, grub2, and the
2nd_gen_i5_i7_SINIT_19.BIN module working, but have been having
limited results, with things seeming to hang when loading xen
I've traced this back to tboot/common/elf.c in expand_elf_image()
objdump shows that tboot gets loaded at the following:
start address 0x00803000
Program Header:
LOAD off0x1000 vaddr 0x00803000 paddr 0x00803000 align
2**12
filesz 0x00022000 memsz 0x0007ae60 flags rwx
...and xen at the following:
start address 0x0010
Program Header:
LOAD off0x0080 vaddr 0x0010 paddr 0x0010 align 2**6
filesz 0x00172000 memsz 0x002b8000 flags rwx
In the for loop in expand_elf_image, when it is doing the memcpy, and
memset - it seems to overwrite the heap, and get into an infinite loop
Is anyone else running into issues like this?
Any suggestions, or ideas would be greatly appreciated.
Ben Guthro
My grub entry looks like the following:
menuentry TXT: test1 {
saved_entry=0
save_env saved_entry
set root=(MyVG-MyBootDisk)
multiboot /tboot.gz logging=vga,memory serial=115200,8n1,0x4000,19
module /xen.gz com1=115200,8n1,magic console=com1
iommu=required dom0_mem=1024MB cpufreq=xen cpuidle
earlyprintk=xenboot
loglvl=all
module /vmlinuz-2.6.38 root=/dev/mapper/MyRootDisk ro quiet
splash xencons=tty console=hvc0
module /initrd.img-2.6.38
module /2nd_gen_i5_i7_SINIT_19.BIN
}
tboot debug looks like the following:
diff -r 17221ef98ed6 tboot/common/elf.c
--- a/tboot/common/elf.c
+++ b/tboot/common/elf.c
@@ -163,16 +163,29 @@
/* assumed that already passed is_elf_image() check */
+
/* load elf image into memory */
for ( int i = 0; i elf-e_phnum; i++ ) {
elf_program_header_t *ph = (elf_program_header_t *)
((void *)elf + elf-e_phoff + i*elf-e_phentsize);
-
+ printk(i=%d\n, i);
+ printk( elf = 0x%x\n, (int)elf);
+ printk( elf.e_phnum = 0x%x\n, elf-e_phnum);
+ printk( elf.p_phentsize = 0x%x\n, elf-e_phentsize);
+ printk( elf.p_phoff = 0x%x\n, elf-e_phoff);
+ printk( ph.p_filesz = 0x%x\n, ph-p_filesz);
+ printk( ph.p_memsz = 0x%x\n, ph-p_memsz);
+ printk( ph.p_addr = 0x%x\n, ph-p_paddr);
+ printk( ph.p_offset = 0x%x\n, ph-p_offset);
if ( ph-p_type == PT_LOAD ) {
memcpy((void *)ph-p_paddr, (void *)elf + ph-p_offset,
ph-p_filesz);
+#if 0
memset((void *)(ph-p_paddr + ph-p_filesz), 0,
ph-p_memsz - ph-p_filesz);
+#else
+ break;
+#endif
}
}
And finally, my tboot debug output:
TBOOT: *** TBOOT ***
TBOOT:2011-07-06 08:00 -0400 1:17221ef98ed6
TBOOT: *
TBOOT: command line: serial=115200,8n1,0x4000,19
TBOOT: BSP is cpu 0
TBOOT: original e820 map:
TBOOT: - 0009d800 (1)
TBOOT: 0009d800 - 000a (2)
TBOOT: 000e - 0010 (2)
TBOOT: 0010 - ba59f000 (1)
TBOOT: ba59f000 - baa9f000 (2)
TBOOT: baa9f000 - bab9f000 (4)
TBOOT: bab9f000 - babff000 (3)
TBOOT: babff000 - bac0 (1)
TBOOT: bac0 - bfa0 (2)
TBOOT: f800 - fc00 (2)
TBOOT: fec0 - fec01000 (2)
TBOOT: fed08000 - fed09000 (2)
TBOOT: fed1 - fed1a000 (2)
TBOOT: fed1c000 - fed2 (2)
TBOOT: fee0 - fee01000 (2)
TBOOT: ffd2 - 0001 (2)
TBOOT: 0001 - 00013e60 (1)
TBOOT: TPM is ready
TBOOT: TPM nv_locked: TRUE
TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750
TBOOT: reading Verified Launch Policy from TPM NV...
TBOOT: :512 bytes read
TBOOT: policy:
TBOOT: version: 2
TBOOT: policy_type: TB_POLTYPE_HALT
TBOOT: hash_alg: TB_HALG_SHA1
TBOOT: policy_control: 0001 (EXTEND_PCR17)
TBOOT: num_entries: 1
TBOOT: policy entry[0]:
TBOOT: mod_num: any
TBOOT: pcr: none
TBOOT: hash_type: TB_HTYPE_ANY
TBOOT: num_hashes: 0
TBOOT: IA32_FEATURE_CONTROL_MSR: ff07
TBOOT: CPU is SMX-capable
