[tboot-devel] [PATCH 4/4] Support OpenSSL 1.1.0+ for ECDSA signature verification
From: ben-skyportsystems <b...@skyportsystems.com> The OpenSSL API has changed such that raw access to ECDSA_SIG structs is not permitted. A compile-time check is added to determine whether to access data members directly or via the new API. Signed-off-by: Ben Warren <b...@skyportsystems.com> --- lcptools-v2/crtpollist.c | 8 1 file changed, 8 insertions(+) diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c index a70ff5f..3fad3f3 100644 --- a/lcptools-v2/crtpollist.c +++ b/lcptools-v2/crtpollist.c @@ -387,8 +387,14 @@ static bool ecdsa_sign_tpm20_list_data(lcp_policy_list_t2 *pollist, EC_KEY *ecke BIGNUM *r = BN_new(); BIGNUM *s = BN_new(); + +/* OpenSSL Version 1.1.0 and later don't allow direct access to ECDSA_SIG stuct */ +#if OPENSSL_VERSION_NUMBER >= 0x1010L +ECDSA_SIG_get0(ecdsasig, (const BIGNUM **), (const BIGNUM **)); +#else r = ecdsasig->r; s = ecdsasig->s; +#endif unsigned int BN_r_size = BN_num_bytes(r); unsigned int BN_s_size = BN_num_bytes(s); unsigned char key_r[BN_r_size]; @@ -407,6 +413,8 @@ static bool ecdsa_sign_tpm20_list_data(lcp_policy_list_t2 *pollist, EC_KEY *ecke display_tpm20_signature("", sig, pollist->sig_alg, false); } +BN_free(r); +BN_free(s); return true; } return false; -- 2.6.4 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
[tboot-devel] [PATCH 3/4] Support OpenSSL 1.1.0+ for RSA key manipulation
From: ben-skyportsystems <b...@skyportsystems.com> The OpenSSL API has changed such that raw access to RSA structs is not permitted. A compile-time check is added to determine whether to access data members directly or via the new API. Signed-off-by: Ben Warren <b...@skyportsystems.com> --- lcptools-v2/crtpollist.c | 11 ++- lcptools-v2/lcputils.c | 30 +++--- lcptools/crtpollist.c| 11 ++- lcptools/lcputils2.c | 21 ++--- 4 files changed, 65 insertions(+), 8 deletions(-) diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c index 4abf48d..a70ff5f 100644 --- a/lcptools-v2/crtpollist.c +++ b/lcptools-v2/crtpollist.c @@ -161,8 +161,16 @@ static lcp_signature_t2 *read_rsa_pubkey_file(const char *file) memset(sig, 0, sizeof(lcp_rsa_signature_t) + 2*keysize); sig->rsa_signature.pubkey_size = keysize; +BIGNUM *modulus = BN_new(); + +/* OpenSSL Version 1.1.0 and later don't allow direct access to RSA stuct */ +#if OPENSSL_VERSION_NUMBER >= 0x1010L +RSA_get0_key(pubkey, (const BIGNUM **), NULL, NULL); +#else +modulus = pubkey->n; +#endif unsigned char key[keysize]; -BN_bn2bin(pubkey->n, key); +BN_bn2bin(modulus, key); /* openssl key is big-endian and policy requires little-endian, so reverse bytes */ for ( unsigned int i = 0; i < keysize; i++ ) @@ -174,6 +182,7 @@ static lcp_signature_t2 *read_rsa_pubkey_file(const char *file) } LOG("read rsa pubkey succeed!\n"); +BN_free(modulus); RSA_free(pubkey); return sig; } diff --git a/lcptools-v2/lcputils.c b/lcptools-v2/lcputils.c index a102172..96d3608 100644 --- a/lcptools-v2/lcputils.c +++ b/lcptools-v2/lcputils.c @@ -370,14 +370,24 @@ bool verify_signature(const uint8_t *data, size_t data_size, ERROR("Error: failed to allocate key\n"); return false; } -rsa_pubkey->n = BN_bin2bn(key, pubkey_size, NULL); + +BIGNUM *modulus = BN_new(); +BIGNUM *exponent = BN_new(); +modulus = BN_bin2bn(key, pubkey_size, NULL); /* uses fixed exponent (LCP_SIG_EXPONENT) */ char exp[32]; snprintf(exp, sizeof(exp), "%u", LCP_SIG_EXPONENT); -rsa_pubkey->e = NULL; -BN_dec2bn(_pubkey->e, exp); +BN_dec2bn(, exp); + +/* OpenSSL Version 1.1.0 and later don't allow direct access to RSA stuct */ +#if OPENSSL_VERSION_NUMBER >= 0x1010L +RSA_set0_key(rsa_pubkey, modulus, exponent, NULL); +#else +rsa_pubkey->n = modulus; +rsa_pubkey->e = exponent; rsa_pubkey->d = rsa_pubkey->p = rsa_pubkey->q = NULL; +#endif uint16_t hashalg = TPM_ALG_SHA1; lcp_mle_element_t2 *mle; @@ -397,6 +407,8 @@ bool verify_signature(const uint8_t *data, size_t data_size, tb_hash_t digest; if ( !hash_buffer(data, data_size, , hashalg) ) { ERROR("Error: failed to hash list\n"); +BN_free(modulus); +BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -439,6 +451,8 @@ bool verify_signature(const uint8_t *data, size_t data_size, ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); +BN_free(modulus); +BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -453,6 +467,8 @@ bool verify_signature(const uint8_t *data, size_t data_size, ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); +BN_free(modulus); +BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -467,6 +483,8 @@ bool verify_signature(const uint8_t *data, size_t data_size, ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); +BN_free(modulus); +BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -481,6 +499,8 @@ bool verify_signature(const uint8_t *data, size_t data_size, ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); +BN_free(modulus); +BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -488,9 +508,13 @@ bool verify_signature(const uint8_t *data, size_t data_size, default : LOG("unknown hash alg\n"); +BN_free(modulus); +BN_free(exponent); return false; } +BN_free(modulus); +BN_free(exponent); RSA_free(rsa_pubkey); return true; } diff --git a/lcptools/crtpollist.c b/lcptool
[tboot-devel] [PATCH 2/4] Remove unnecessary public key modulus size check
From: ben-skyportsystems <b...@skyportsystems.com> The OpenSSL function RSA_size() returns the size of the modulus. The variable 'keysize' is set to the return value of this function. The subsequent comparison of modulus size to keysize thus compares a variable to itself. Signed-off-by: Ben Warren <b...@skyportsystems.com> --- lcptools-v2/crtpollist.c | 7 +-- lcptools/crtpollist.c| 7 +-- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c index ed94c5d..4abf48d 100644 --- a/lcptools-v2/crtpollist.c +++ b/lcptools-v2/crtpollist.c @@ -160,12 +160,7 @@ static lcp_signature_t2 *read_rsa_pubkey_file(const char *file) memset(sig, 0, sizeof(lcp_rsa_signature_t) + 2*keysize); sig->rsa_signature.pubkey_size = keysize; -if ( (unsigned int)BN_num_bytes(pubkey->n) != keysize ) { -ERROR("Error: modulus size not match key size\n"); -free(sig); -RSA_free(pubkey); -return NULL; -} + unsigned char key[keysize]; BN_bn2bin(pubkey->n, key); /* openssl key is big-endian and policy requires little-endian, so reverse diff --git a/lcptools/crtpollist.c b/lcptools/crtpollist.c index caf4897..e4e2474 100644 --- a/lcptools/crtpollist.c +++ b/lcptools/crtpollist.c @@ -155,12 +155,7 @@ static lcp_signature_t *read_pubkey_file(const char *file) memset(sig, 0, sizeof(*sig) + 2*keysize); sig->pubkey_size = keysize; -if ( (unsigned int)BN_num_bytes(pubkey->n) != keysize ) { -ERROR("Error: modulus size not match key size\n"); -free(sig); -RSA_free(pubkey); -return NULL; -} + unsigned char key[keysize]; BN_bn2bin(pubkey->n, key); /* openssl key is big-endian and policy requires little-endian, so reverse -- 2.6.4 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
[tboot-devel] [PATCH 0/4] Make code compatible with OpenSSL 1.1.0+
From: Ben Warren <b...@skyportsystems.com> One major change with OpenSSL 1.1.0 is that access to many raw data structures is removed. This patch set does version checking where necessary to use the appropriate API. Compile-tested against OpenSSL v1.0.2d and v1.1.0e ben-skyportsystems (4): Manage OpenSSL EVP_MD_CTX objects as pointers Remove unnecessary public key modulus size check Support OpenSSL 1.1.0+ for RSA key manipulation Support OpenSSL 1.1.0+ for ECDSA signature verification lcptools-v2/crtpollist.c | 26 +++--- lcptools-v2/hash.c | 36 lcptools-v2/lcputils.c | 30 +++--- lcptools/crtpollist.c| 18 +++--- lcptools/hash.c | 18 ++ lcptools/lcputils2.c | 21 ++--- lcptools/mlehash.c | 10 ++ tb_polgen/commands.c | 26 -- tb_polgen/hash.c | 18 ++ 9 files changed, 137 insertions(+), 66 deletions(-) -- 2.6.4 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
[tboot-devel] [PATCH 1/4] Manage OpenSSL EVP_MD_CTX objects as pointers
From: ben-skyportsystems <b...@skyportsystems.com> Newer versions of OpenSSL (v1.1.0+) do not allow direct manipulation of evp_md_ctx structs, so manage the object lifecycles by functions. Signed-off-by: Ben Warren <b...@skyportsystems.com> --- lcptools-v2/hash.c | 36 lcptools/hash.c | 18 ++ lcptools/mlehash.c | 10 ++ tb_polgen/commands.c | 26 -- tb_polgen/hash.c | 18 ++ 5 files changed, 62 insertions(+), 46 deletions(-) diff --git a/lcptools-v2/hash.c b/lcptools-v2/hash.c index e8e8d72..0fbaecc 100644 --- a/lcptools-v2/hash.c +++ b/lcptools-v2/hash.c @@ -82,33 +82,36 @@ bool hash_buffer(const unsigned char* buf, size_t size, tb_hash_t *hash, return false; if ( hash_alg == TB_HALG_SHA1 ) { -EVP_MD_CTX ctx; +EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha1(); -EVP_DigestInit(, md); -EVP_DigestUpdate(, buf, size); -EVP_DigestFinal(, hash->sha1, NULL); +EVP_DigestInit(ctx, md); +EVP_DigestUpdate(ctx, buf, size); +EVP_DigestFinal(ctx, hash->sha1, NULL); +EVP_MD_CTX_destroy(ctx); return true; } else if (hash_alg == TB_HALG_SHA256) { -EVP_MD_CTX ctx; +EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha256(); -EVP_DigestInit(, md); -EVP_DigestUpdate(, buf, size); -EVP_DigestFinal(, hash->sha256, NULL); +EVP_DigestInit(ctx, md); +EVP_DigestUpdate(ctx, buf, size); +EVP_DigestFinal(ctx, hash->sha256, NULL); +EVP_MD_CTX_destroy(ctx); return true; } else if (hash_alg == TB_HALG_SHA384) { -EVP_MD_CTX ctx; +EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha384(); -EVP_DigestInit(, md); -EVP_DigestUpdate(, buf, size); -EVP_DigestFinal(, hash->sha384, NULL); +EVP_DigestInit(ctx, md); +EVP_DigestUpdate(ctx, buf, size); +EVP_DigestFinal(ctx, hash->sha384, NULL); +EVP_MD_CTX_destroy(ctx); return true; } else @@ -129,15 +132,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t *hash2, uint16_t hash_alg) return false; if ( hash_alg == TB_HALG_SHA1 ) { -EVP_MD_CTX ctx; +EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1)); memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1)); md = EVP_sha1(); -EVP_DigestInit(, md); -EVP_DigestUpdate(, buf, 2*sizeof(hash1->sha1)); -EVP_DigestFinal(, hash1->sha1, NULL); +EVP_DigestInit(ctx, md); +EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1)); +EVP_DigestFinal(ctx, hash1->sha1, NULL); +EVP_MD_CTX_destroy(ctx); return true; } else diff --git a/lcptools/hash.c b/lcptools/hash.c index 8f666ac..86338ea 100644 --- a/lcptools/hash.c +++ b/lcptools/hash.c @@ -74,13 +74,14 @@ bool hash_buffer(const unsigned char* buf, size_t size, tb_hash_t *hash, return false; if ( hash_alg == TB_HALG_SHA1_LG ) { -EVP_MD_CTX ctx; +EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; md = EVP_sha1(); -EVP_DigestInit(, md); -EVP_DigestUpdate(, buf, size); -EVP_DigestFinal(, hash->sha1, NULL); +EVP_DigestInit(ctx, md); +EVP_DigestUpdate(ctx, buf, size); +EVP_DigestFinal(ctx, hash->sha1, NULL); +EVP_MD_CTX_destroy(ctx); return true; } else @@ -101,15 +102,16 @@ bool extend_hash(tb_hash_t *hash1, const tb_hash_t *hash2, uint16_t hash_alg) return false; if ( hash_alg == TB_HALG_SHA1_LG ) { -EVP_MD_CTX ctx; +EVP_MD_CTX *ctx = EVP_MD_CTX_create(); const EVP_MD *md; memcpy(buf, &(hash1->sha1), sizeof(hash1->sha1)); memcpy(buf + sizeof(hash1->sha1), &(hash2->sha1), sizeof(hash1->sha1)); md = EVP_sha1(); -EVP_DigestInit(, md); -EVP_DigestUpdate(, buf, 2*sizeof(hash1->sha1)); -EVP_DigestFinal(, hash1->sha1, NULL); +EVP_DigestInit(ctx, md); +EVP_DigestUpdate(ctx, buf, 2*sizeof(hash1->sha1)); +EVP_DigestFinal(ctx, hash1->sha1, NULL); +EVP_MD_CTX_destroy(ctx); return true; } else diff --git a/lcptools/mlehash.c b/lcptools/mlehash.c index dc9ddb1..e727c29 100644 --- a/lcptools/mlehash.c +++ b/lcptools/mlehash.c @@ -336,7 +336,7 @@ int main(int argc, char* argv[]) bool help = false; char *mle_file; extern int optind;/* current index of get_opt() */ -EVP_MD_CTX ctx; +EVP_MD_CTX *ctx = EVP_MD
[tboot-devel] [PATCH v8 2/3] x86/tboot: Fail extended mode reduced hardware sleep
Register for the extended sleep callback from acpi. As tboot currently does not support the reduced hardware sleep interface, fail this extended call. Signed-off-by: Jan Beulich jbeul...@suse.com Signed-off-by: Ben Guthro benjamin.gut...@citrix.com Cc: tboot-devel@lists.sourceforge.net Cc: Gang Wei gang@intel.com Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com --- arch/x86/kernel/tboot.c | 12 1 file changed, 12 insertions(+) diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index addf7b5..ade00c8 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -301,6 +301,17 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) return 0; } +static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b) +{ + if (!tboot_enabled()) + return 0; + + pr_warning(tboot is not able to suspend on platforms with + reduced hardware sleep (ACPIv5). Please contact + tboot-devel@lists.sourceforge.net mailing list.); + return -ENODEV; +} + static atomic_t ap_wfs_count; static int tboot_wait_for_aps(int num_aps) @@ -422,6 +433,7 @@ static __init int tboot_late_init(void) #endif acpi_os_set_prepare_sleep(tboot_sleep); + acpi_os_set_prepare_extended_sleep(tboot_extended_sleep); return 0; } -- 1.7.9.5 -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
[tboot-devel] [PATCH v7 2/3] x86/tboot: Fail extended mode reduced hardware sleep
Register for the extended sleep callback from acpi. As tboot currently does not support the reduced hardware sleep interface, fail this extended call. Signed-off-by: Jan Beulich jbeul...@suse.com Signed-off-by: Ben Guthro benjamin.gut...@citrix.com Cc: tboot-devel@lists.sourceforge.net Cc: Gang Wei gang@intel.com Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com --- arch/x86/kernel/tboot.c | 12 1 file changed, 12 insertions(+) diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index addf7b5..760f431 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -301,6 +301,17 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) return 0; } +static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b) +{ + if (!tboot_enabled()) + return 0; + + pr_warning(tboot is not able to suspend on platforms with + reduced hardware sleep (ACPIv5). Please contact + tboot-devel@lists.sourceforge.net mailing list.); + return -1; +} + static atomic_t ap_wfs_count; static int tboot_wait_for_aps(int num_aps) @@ -422,6 +433,7 @@ static __init int tboot_late_init(void) #endif acpi_os_set_prepare_sleep(tboot_sleep); + acpi_os_set_prepare_extended_sleep(tboot_extended_sleep); return 0; } -- 1.7.9.5 -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] [PATCH v7 2/3] x86/tboot: Fail extended mode reduced hardware sleep
On 07/29/2013 04:21 PM, Rafael J. Wysocki wrote: On Monday, July 29, 2013 01:14:14 PM Ben Guthro wrote: Register for the extended sleep callback from acpi. As tboot currently does not support the reduced hardware sleep interface, fail this extended call. Signed-off-by: Jan Beulich jbeul...@suse.com Signed-off-by: Ben Guthro benjamin.gut...@citrix.com Cc: tboot-devel@lists.sourceforge.net Cc: Gang Wei gang@intel.com Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com --- arch/x86/kernel/tboot.c | 12 1 file changed, 12 insertions(+) diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index addf7b5..760f431 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -301,6 +301,17 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) return 0; } +static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b) +{ +if (!tboot_enabled()) +return 0; + +pr_warning(tboot is not able to suspend on platforms with +reduced hardware sleep (ACPIv5). Please contact +tboot-devel@lists.sourceforge.net mailing list.); +return -1; Please use a meaningful error code here. For example -ENODEV. Would AE_NOT_IMPLEMENTED be more appropriate? include/acpi/acexcep.h: #define AE_NOT_IMPLEMENTED EXCEP_ENV (0x000E) +} + static atomic_t ap_wfs_count; static int tboot_wait_for_aps(int num_aps) @@ -422,6 +433,7 @@ static __init int tboot_late_init(void) #endif acpi_os_set_prepare_sleep(tboot_sleep); +acpi_os_set_prepare_extended_sleep(tboot_extended_sleep); return 0; } Thanks, Rafael -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] [PATCH v7 2/3] x86/tboot: Fail extended mode reduced hardware sleep
On Mon, Jul 29, 2013 at 4:29 PM, Rafael J. Wysocki r...@sisk.pl wrote: On Monday, July 29, 2013 04:18:22 PM Ben Guthro wrote: On 07/29/2013 04:21 PM, Rafael J. Wysocki wrote: On Monday, July 29, 2013 01:14:14 PM Ben Guthro wrote: Register for the extended sleep callback from acpi. As tboot currently does not support the reduced hardware sleep interface, fail this extended call. Signed-off-by: Jan Beulich jbeul...@suse.com Signed-off-by: Ben Guthro benjamin.gut...@citrix.com Cc: tboot-devel@lists.sourceforge.net Cc: Gang Wei gang@intel.com Reviewed-by: Konrad Rzeszutek Wilk konrad.w...@oracle.com --- arch/x86/kernel/tboot.c | 12 1 file changed, 12 insertions(+) diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index addf7b5..760f431 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -301,6 +301,17 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) return 0; } +static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b) +{ + if (!tboot_enabled()) + return 0; + + pr_warning(tboot is not able to suspend on platforms with + reduced hardware sleep (ACPIv5). Please contact + tboot-devel@lists.sourceforge.net mailing list.); + return -1; Please use a meaningful error code here. For example -ENODEV. Would AE_NOT_IMPLEMENTED be more appropriate? include/acpi/acexcep.h: #define AE_NOT_IMPLEMENTED EXCEP_ENV (0x000E) This is not an ACPI error. :-) Good point. -ENODEV it is, then. I'll respin tomorrow morning, to allow for anyone else who wishes to comment on the series. Thanks for the review Ben Rafael -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] tboot, xen, grub2 infinite loop
If it makes a difference, I am running the grub2 that ships with ubuntu 11.04 - which is 1.99 with a few ubuntu patches on top of it. /btg On Jul 13, 2011, at 9:58 PM, Wei, Gang gang@intel.com wrote: I will look into this issue. Thanks for raising it. Jimmy -Original Message- From: Ben Guthro [mailto:b...@guthro.net] Sent: Thursday, July 07, 2011 1:06 AM To: tboot-devel@lists.sourceforge.net Cc: Ken Kane Subject: [tboot-devel] tboot, xen, grub2 infinite loop I am attempting to get tboot working with Xen-4.0.2, grub2, and the 2nd_gen_i5_i7_SINIT_19.BIN module working, but have been having limited results, with things seeming to hang when loading xen I've traced this back to tboot/common/elf.c in expand_elf_image() objdump shows that tboot gets loaded at the following: start address 0x00803000 Program Header: LOAD off0x1000 vaddr 0x00803000 paddr 0x00803000 align 2**12 filesz 0x00022000 memsz 0x0007ae60 flags rwx ...and xen at the following: start address 0x0010 Program Header: LOAD off0x0080 vaddr 0x0010 paddr 0x0010 align 2**6 filesz 0x00172000 memsz 0x002b8000 flags rwx In the for loop in expand_elf_image, when it is doing the memcpy, and memset - it seems to overwrite the heap, and get into an infinite loop Is anyone else running into issues like this? Any suggestions, or ideas would be greatly appreciated. Ben Guthro My grub entry looks like the following: menuentry TXT: test1 { saved_entry=0 save_env saved_entry set root=(MyVG-MyBootDisk) multiboot /tboot.gz logging=vga,memory serial=115200,8n1,0x4000,19 module /xen.gz com1=115200,8n1,magic console=com1 iommu=required dom0_mem=1024MB cpufreq=xen cpuidle earlyprintk=xenboot loglvl=all module /vmlinuz-2.6.38 root=/dev/mapper/MyRootDisk ro quiet splash xencons=tty console=hvc0 module /initrd.img-2.6.38 module /2nd_gen_i5_i7_SINIT_19.BIN } tboot debug looks like the following: diff -r 17221ef98ed6 tboot/common/elf.c --- a/tboot/common/elf.c +++ b/tboot/common/elf.c @@ -163,16 +163,29 @@ /* assumed that already passed is_elf_image() check */ + /* load elf image into memory */ for ( int i = 0; i elf-e_phnum; i++ ) { elf_program_header_t *ph = (elf_program_header_t *) ((void *)elf + elf-e_phoff + i*elf-e_phentsize); - + printk(i=%d\n, i); + printk( elf = 0x%x\n, (int)elf); + printk( elf.e_phnum = 0x%x\n, elf-e_phnum); + printk( elf.p_phentsize = 0x%x\n, elf-e_phentsize); + printk( elf.p_phoff = 0x%x\n, elf-e_phoff); + printk( ph.p_filesz = 0x%x\n, ph-p_filesz); + printk( ph.p_memsz = 0x%x\n, ph-p_memsz); + printk( ph.p_addr = 0x%x\n, ph-p_paddr); + printk( ph.p_offset = 0x%x\n, ph-p_offset); if ( ph-p_type == PT_LOAD ) { memcpy((void *)ph-p_paddr, (void *)elf + ph-p_offset, ph-p_filesz); +#if 0 memset((void *)(ph-p_paddr + ph-p_filesz), 0, ph-p_memsz - ph-p_filesz); +#else + break; +#endif } } And finally, my tboot debug output: TBOOT: *** TBOOT *** TBOOT:2011-07-06 08:00 -0400 1:17221ef98ed6 TBOOT: * TBOOT: command line: serial=115200,8n1,0x4000,19 TBOOT: BSP is cpu 0 TBOOT: original e820 map: TBOOT: - 0009d800 (1) TBOOT: 0009d800 - 000a (2) TBOOT: 000e - 0010 (2) TBOOT: 0010 - ba59f000 (1) TBOOT: ba59f000 - baa9f000 (2) TBOOT: baa9f000 - bab9f000 (4) TBOOT: bab9f000 - babff000 (3) TBOOT: babff000 - bac0 (1) TBOOT: bac0 - bfa0 (2) TBOOT: f800 - fc00 (2) TBOOT: fec0 - fec01000 (2) TBOOT: fed08000 - fed09000 (2) TBOOT: fed1 - fed1a000 (2) TBOOT: fed1c000 - fed2 (2) TBOOT: fee0 - fee01000 (2) TBOOT: ffd2 - 0001 (2) TBOOT: 0001 - 00013e60 (1) TBOOT: TPM is ready TBOOT: TPM nv_locked: TRUE TBOOT: TPM timeout values: A: 750, B: 750, C: 750, D: 750 TBOOT: reading Verified Launch Policy from TPM NV... TBOOT: :512 bytes read TBOOT: policy: TBOOT: version: 2 TBOOT: policy_type: TB_POLTYPE_HALT TBOOT: hash_alg: TB_HALG_SHA1 TBOOT: policy_control: 0001 (EXTEND_PCR17) TBOOT: num_entries: 1 TBOOT: policy entry[0]: TBOOT: mod_num: any TBOOT: pcr: none TBOOT: hash_type: TB_HTYPE_ANY TBOOT: num_hashes: 0 TBOOT: IA32_FEATURE_CONTROL_MSR: ff07 TBOOT: CPU is SMX-capable