ia64/xen-unstable

changeset 19115:378a85ff1260

tboot: hypervisor integrity on S3

When launched from tboot, utilise tboot interface to provide integrity
protection to the hypervisor during S3

Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
ACKed-by: Shane Wang <shane.wang@intel.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Jan 29 11:36:09 2009 +0000 (2009-01-29)
parents b86df1139133
children 202afa5384c4
files xen/arch/x86/tboot.c xen/include/asm-x86/tboot.h
line diff
     1.1 --- a/xen/arch/x86/tboot.c	Thu Jan 29 11:35:19 2009 +0000
     1.2 +++ b/xen/arch/x86/tboot.c	Thu Jan 29 11:36:09 2009 +0000
     1.3 @@ -17,6 +17,8 @@ tboot_shared_t *g_tboot_shared;
     1.4  
     1.5  static const uuid_t tboot_shared_uuid = TBOOT_SHARED_UUID;
     1.6  
     1.7 +extern char __init_begin[], __per_cpu_start[], __per_cpu_end[], __bss_start[];
     1.8 +
     1.9  void __init tboot_probe(void)
    1.10  {
    1.11      tboot_shared_t *tboot_shared;
    1.12 @@ -59,6 +61,25 @@ void tboot_shutdown(uint32_t shutdown_ty
    1.13  
    1.14      local_irq_disable();
    1.15  
    1.16 +    /* if this is S3 then set regions to MAC */
    1.17 +    if ( shutdown_type == TB_SHUTDOWN_S3 ) {
    1.18 +        g_tboot_shared->num_mac_regions = 4;
    1.19 +        /* S3 resume code (and other real mode trampoline code) */
    1.20 +        g_tboot_shared->mac_regions[0].start =
    1.21 +            (uint64_t)bootsym_phys(trampoline_start);
    1.22 +        g_tboot_shared->mac_regions[0].end =
    1.23 +            (uint64_t)bootsym_phys(trampoline_end);
    1.24 +        /* hypervisor code + data */
    1.25 +        g_tboot_shared->mac_regions[1].start = (uint64_t)__pa(&_stext);
    1.26 +        g_tboot_shared->mac_regions[1].end = (uint64_t)__pa(&__init_begin);
    1.27 +        /* per-cpu data */
    1.28 +        g_tboot_shared->mac_regions[2].start = (uint64_t)__pa(&__per_cpu_start);
    1.29 +        g_tboot_shared->mac_regions[2].end = (uint64_t)__pa(&__per_cpu_end);
    1.30 +        /* bss */
    1.31 +        g_tboot_shared->mac_regions[3].start = (uint64_t)__pa(&__bss_start);
    1.32 +        g_tboot_shared->mac_regions[3].end = (uint64_t)__pa(&_end);
    1.33 +    }
    1.34 +
    1.35      /* Create identity map for tboot shutdown code. */
    1.36      map_base = PFN_DOWN(g_tboot_shared->tboot_base);
    1.37      map_size = PFN_UP(g_tboot_shared->tboot_size);
     2.1 --- a/xen/include/asm-x86/tboot.h	Thu Jan 29 11:35:19 2009 +0000
     2.2 +++ b/xen/include/asm-x86/tboot.h	Thu Jan 29 11:36:09 2009 +0000
     2.3 @@ -51,6 +51,12 @@ typedef struct __packed {
     2.4  
     2.5  /* used to communicate between tboot and the launched kernel (i.e. Xen) */
     2.6  
     2.7 +#define MAX_TB_MAC_REGIONS      32
     2.8 +typedef struct __packed {
     2.9 +    uint64_t  start;
    2.10 +    uint64_t  end;
    2.11 +} tboot_mac_region_t;
    2.12 +
    2.13  /* GAS - Generic Address Structure (ACPI 2.0+) */
    2.14  typedef struct __packed {
    2.15  	uint8_t  space_id;
    2.16 @@ -83,6 +89,9 @@ typedef struct __packed {
    2.17                acpi_sinfo;        /* where kernel put acpi sleep info in Sx */
    2.18      uint32_t  tboot_base;        /* starting addr for tboot */
    2.19      uint32_t  tboot_size;        /* size of tboot */
    2.20 +    uint8_t   num_mac_regions;   /* number mem regions to MAC on S3 */
    2.21 +                                 /* contig regions memory to MAC on S3 */
    2.22 +    tboot_mac_region_t mac_regions[MAX_TB_MAC_REGIONS];
    2.23  } tboot_shared_t;
    2.24  
    2.25  #define TB_SHUTDOWN_REBOOT      0