Signed-off-by: Krystian Hebel <krystian.he...@3mdeb.com> --- grub-core/Makefile.core.def | 1 + grub-core/lib/i386/relocator32.S | 6 ++++++ grub-core/loader/i386/linux.c | 30 +++++++++++++++++++++++++++++- grub-core/loader/i386/slaunch.c | 21 ++++++++++++++++++++- include/grub/i386/slaunch.h | 11 +++++++++-- 5 files changed, 65 insertions(+), 4 deletions(-)
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index 204f9794dbce..68de5c07c060 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1829,6 +1829,7 @@ module = { x86 = loader/i386/txt/txt.c; x86 = loader/i386/txt/acmod.c; x86 = loader/i386/txt/verify.c; + x86 = loader/i386/skinit.c; enable = x86; }; diff --git a/grub-core/lib/i386/relocator32.S b/grub-core/lib/i386/relocator32.S index a2b377197b16..2bdc07018a78 100644 --- a/grub-core/lib/i386/relocator32.S +++ b/grub-core/lib/i386/relocator32.S @@ -115,6 +115,9 @@ VARIABLE(grub_relocator32_edx) cmpl $SLP_INTEL_TXT, %edi je LOCAL(intel_txt) + cmpl $SLP_AMD_SKINIT, %edi + je LOCAL(amd_skinit) + .byte 0xea VARIABLE(grub_relocator32_eip) .long 0 @@ -123,6 +126,9 @@ VARIABLE(grub_relocator32_eip) LOCAL(intel_txt): getsec +LOCAL(amd_skinit): + skinit + /* GDT. Copied from loader/i386/linux.c. */ .p2align 4 LOCAL(gdt): diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c index d83912c17aad..dc4dcaa0a2ef 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -35,6 +35,7 @@ #include <grub/i18n.h> #include <grub/lib/cmdline.h> #include <grub/i386/slaunch.h> +#include <grub/i386/skinit.h> #include <grub/i386/txt.h> #include <grub/linux.h> #include <grub/machine/kernel.h> @@ -233,7 +234,7 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align, prot_mode_mem = get_virtual_current_address (ch); prot_mode_target = get_physical_target_address (ch); - if (grub_slaunch_platform_type () == SLP_INTEL_TXT) + if (grub_slaunch_platform_type () != SLP_NONE) { slparams.mle_ptab_mem = prot_mode_mem; slparams.mle_ptab_target = prot_mode_target; @@ -803,6 +804,33 @@ grub_linux_boot (void) state.ecx = slparams.sinit_acm_size; state.edx = 0; } + else if (state.edi == SLP_AMD_SKINIT) + { + grub_relocator_chunk_t ch; + + slparams.params = ctx.real_mode_target; + + /* Contrary to the TXT, on AMD we do not have vendor-provided blobs in + * reserved memory, we are using normal RAM */ + err = grub_relocator_alloc_chunk_align (relocator, &ch, + 0, (0xffffffff - GRUB_SKINIT_SLB_SIZE), + GRUB_SKINIT_SLB_SIZE, + GRUB_SKINIT_SLB_ALIGN, + GRUB_RELOCATOR_PREFERENCE_LOW, 1); + + if (err != GRUB_ERR_NONE) + return err; + + slparams.lz_base = (grub_uint32_t) get_virtual_current_address (ch); + slparams.lz_size = grub_skinit_get_sl_size (); + + err = grub_skinit_boot_prepare (&slparams); + + if (err != GRUB_ERR_NONE) + return err; + + state.eax = get_physical_target_address (ch); + } else { /* FIXME. */ diff --git a/grub-core/loader/i386/slaunch.c b/grub-core/loader/i386/slaunch.c index 3acd177afd3b..9df04ff96538 100644 --- a/grub-core/loader/i386/slaunch.c +++ b/grub-core/loader/i386/slaunch.c @@ -57,7 +57,8 @@ grub_cmd_slaunch (grub_command_t cmd __attribute__ ((unused)), char *argv[] __attribute__ ((unused))) { grub_uint32_t manufacturer[3]; - grub_uint32_t eax; + grub_uint32_t eax, ebx, ecx, edx; + grub_uint64_t msr_value; grub_err_t err; if (!grub_cpu_is_cpuid_supported ()) @@ -79,6 +80,20 @@ grub_cmd_slaunch (grub_command_t cmd __attribute__ ((unused)), slp = SLP_INTEL_TXT; } + else if (!grub_memcmp (manufacturer, "AuthenticAMD", 12)) + { + + grub_cpuid (GRUB_AMD_CPUID_FEATURES, eax, ebx, ecx, edx); + if (! (ecx & GRUB_SVM_CPUID_FEATURE) ) + return grub_error (GRUB_ERR_BAD_DEVICE, N_("CPU does not support AMD SVM")); + + /* Check whether SVM feature is disabled in BIOS */ + msr_value = grub_rdmsr (GRUB_MSR_AMD64_VM_CR); + if (msr_value & GRUB_MSR_SVM_VM_CR_SVM_DISABLE) + return grub_error (GRUB_ERR_BAD_DEVICE, N_("BIOS has AMD SVM disabled")); + + slp = SLP_AMD_SKINIT; + } else return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("CPU is unsupported")); @@ -170,6 +185,10 @@ grub_cmd_slaunch_state (grub_command_t cmd __attribute__ ((unused)), grub_printf ("Secure launcher: Intel TXT\n"); grub_txt_state_show (); } + else if (slp == SLP_AMD_SKINIT) + { + grub_printf ("Secure launcher: AMD SKINIT\n"); + } return GRUB_ERR_NONE; } diff --git a/include/grub/i386/slaunch.h b/include/grub/i386/slaunch.h index e5c32152d285..18e10d82ffc7 100644 --- a/include/grub/i386/slaunch.h +++ b/include/grub/i386/slaunch.h @@ -24,6 +24,7 @@ /* Secure launch platform types. */ #define SLP_NONE 0 #define SLP_INTEL_TXT 1 +#define SLP_AMD_SKINIT 2 #define GRUB_SLAUNCH_TPM_EVT_LOG_SIZE (8 * GRUB_PAGE_SIZE) @@ -42,8 +43,14 @@ struct grub_slaunch_params grub_uint32_t mle_ptab_size; grub_uint32_t mle_header_offset; grub_uint64_t ap_wake_block; - grub_uint32_t sinit_acm_base; - grub_uint32_t sinit_acm_size; + union { + grub_uint32_t sinit_acm_base; + grub_uint32_t lz_base; + }; + union { + grub_uint32_t sinit_acm_size; + grub_uint32_t lz_size; + }; grub_uint64_t tpm_evt_log_base; grub_uint32_t tpm_evt_log_size; }; -- 2.17.1 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel