Thanks very much for the patch, it was validated and merged…
-Ning
From: Sahil Rihan [mailto:sri...@fb.com]
Sent: Thursday, May 03, 2018 3:26 PM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] Ensure tboot log is available even when measured launch
is skipped
Tboot only protects the log area in the e820 map in post_launch i.e. only if a
measured launch has successfully been performed. This means that in cases where
measured launch is skipped, tboot log’s memory is not reserved in the e820 map
and can be reused by the kernel. This can make it hard to figure out why
measured launch was skipped.
This change moves the code to reserve the tboot log in the E820 map to the
start of launch_kernel, which is called regardless of whether measured launch
succeeded or not.
Testing: Disable TXT. Boot host. Verify no log is displayed without fix, and
tboot log is displayed with fix.
Signed-off-by: Sahil Rihan <sri...@fb.com<mailto:sri...@fb.com>>
diff --git a/tboot/common/loader.c b/tboot/common/loader.c
--- a/tboot/common/loader.c
+++ b/tboot/common/loader.c
@@ -76,6 +76,7 @@
extern bool jump_linux_image(const void *entry_point);
extern bool is_sinit_acmod(const void *acmod_base, uint32_t acmod_size,
bool quiet);
+extern void apply_policy(tb_error_t error);
extern uint32_t g_mb_orig_size;
@@ -1368,6 +1369,20 @@
printk(TBOOT_ERR"CRB workaround failed \n");
}
+ /* if using memory logging, reserve log area */
+ if ( g_log_targets & TBOOT_LOG_TARGET_MEMORY ) {
+ uint64_t base = TBOOT_SERIAL_LOG_ADDR;
+ uint64_t size = TBOOT_SERIAL_LOG_SIZE;
+ printk(TBOOT_INFO"reserving tboot memory log (%Lx - %Lx) in e820
table\n", base, (base + size - 1));
+ if ( !e820_protect_region(base, size, E820_RESERVED) )
+ apply_policy(TB_ERR_FATAL);
+ }
+
+ /* replace map in loader context with copy */
+ replace_e820_map(g_ldr_ctx);
+ printk(TBOOT_DETA"adjusted e820 map:\n");
+ print_e820_map();
+
if ( !verify_loader_context(g_ldr_ctx) )
return false;
diff --git a/tboot/common/tboot.c b/tboot/common/tboot.c
--- a/tboot/common/tboot.c
+++ b/tboot/common/tboot.c
@@ -207,21 +207,6 @@
if ( !e820_protect_region(base, size, mem_type) )
apply_policy(TB_ERR_FATAL);
- /* if using memory logging, reserve log area */
- if ( g_log_targets & TBOOT_LOG_TARGET_MEMORY ) {
- base = TBOOT_SERIAL_LOG_ADDR;
- size = TBOOT_SERIAL_LOG_SIZE;
- printk(TBOOT_INFO"reserving tboot memory log (%Lx - %Lx) in e820
table\n", base, (base + size - 1));
- if ( !e820_protect_region(base, size, E820_RESERVED) )
- apply_policy(TB_ERR_FATAL);
- }
-
- /* replace map in loader context with copy */
- replace_e820_map(g_ldr_ctx);
-
- printk(TBOOT_DETA"adjusted e820 map:\n");
- print_e820_map();
-
/*
* verify modules against policy
*/
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
