ia64/xen-unstable

changeset 16274:afd768e9382e

Intel(R) Trusted Execution Technology (Intel(R) TXT) support for Xen.
Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
author Keir Fraser <keir@xensource.com>
date Tue Oct 30 10:13:43 2007 +0000 (2007-10-30)
parents ceb195042ca7
children 26fb702fd8cf
files xen/arch/x86/Makefile xen/arch/x86/acpi/power.c xen/arch/x86/boot/cmdline.S xen/arch/x86/domain_build.c xen/arch/x86/hvm/vmx/vmcs.c xen/arch/x86/setup.c xen/arch/x86/shutdown.c xen/arch/x86/tboot.c xen/include/asm-x86/fixmap.h xen/include/asm-x86/tboot.h
line diff
     1.1 --- a/xen/arch/x86/Makefile	Tue Oct 30 09:33:49 2007 +0000
     1.2 +++ b/xen/arch/x86/Makefile	Tue Oct 30 10:13:43 2007 +0000
     1.3 @@ -46,6 +46,7 @@ obj-y += usercopy.o
     1.4  obj-y += x86_emulate.o
     1.5  obj-y += machine_kexec.o
     1.6  obj-y += crash.o
     1.7 +obj-y += tboot.o
     1.8  
     1.9  obj-$(crash_debug) += gdbstub.o
    1.10  
     2.1 --- a/xen/arch/x86/acpi/power.c	Tue Oct 30 09:33:49 2007 +0000
     2.2 +++ b/xen/arch/x86/acpi/power.c	Tue Oct 30 10:13:43 2007 +0000
     2.3 @@ -25,6 +25,7 @@
     2.4  #include <xen/domain.h>
     2.5  #include <xen/console.h>
     2.6  #include <public/platform.h>
     2.7 +#include <asm/tboot.h>
     2.8  
     2.9  #define pmprintk(_l, _f, _a...) printk(_l "<PM> " _f "\n", ## _a )
    2.10  
    2.11 @@ -94,11 +95,19 @@ static void acpi_sleep_prepare(u32 state
    2.12      wakeup_vector_va = __acpi_map_table(
    2.13          acpi_sinfo.wakeup_vector, sizeof(uint64_t));
    2.14      if ( acpi_sinfo.vector_width == 32 )
    2.15 -        *(uint32_t *)wakeup_vector_va =
    2.16 -            (uint32_t)bootsym_phys(wakeup_start);
    2.17 +    {
    2.18 +            *(uint32_t *)wakeup_vector_va =
    2.19 +                tboot_in_measured_env() ?
    2.20 +                (uint32_t)g_tboot_shared->s3_tb_wakeup_entry :
    2.21 +                (uint32_t)bootsym_phys(wakeup_start);
    2.22 +    }
    2.23      else
    2.24 -        *(uint64_t *)wakeup_vector_va =
    2.25 -            (uint64_t)bootsym_phys(wakeup_start);
    2.26 +    {
    2.27 +            *(uint64_t *)wakeup_vector_va =
    2.28 +                tboot_in_measured_env() ?
    2.29 +                (uint64_t)g_tboot_shared->s3_tb_wakeup_entry :
    2.30 +	        (uint64_t)bootsym_phys(wakeup_start);
    2.31 +    }
    2.32  }
    2.33  
    2.34  static void acpi_sleep_post(u32 state) {}
    2.35 @@ -221,9 +230,43 @@ static int acpi_get_wake_status(void)
    2.36      return val;
    2.37  }
    2.38  
    2.39 +static void tboot_sleep(u8 sleep_state)
    2.40 +{
    2.41 +   uint32_t shutdown_type;
    2.42 +   
    2.43 +   *((struct acpi_sleep_info *)(unsigned long)g_tboot_shared->acpi_sinfo) =
    2.44 +       acpi_sinfo;
    2.45 +
    2.46 +   switch ( sleep_state )
    2.47 +   {
    2.48 +       case ACPI_STATE_S3:
    2.49 +           shutdown_type = TB_SHUTDOWN_S3;
    2.50 +           g_tboot_shared->s3_k_wakeup_entry =
    2.51 +	       (uint32_t)bootsym_phys(wakeup_start);
    2.52 +           break;
    2.53 +       case ACPI_STATE_S4:
    2.54 +           shutdown_type = TB_SHUTDOWN_S4;
    2.55 +           break;
    2.56 +       case ACPI_STATE_S5:
    2.57 +           shutdown_type = TB_SHUTDOWN_S5;
    2.58 +           break;
    2.59 +       default:
    2.60 +           return;
    2.61 +   }
    2.62 +
    2.63 +   tboot_shutdown(shutdown_type);
    2.64 +}
    2.65 +         
    2.66  /* System is really put into sleep state by this stub */
    2.67  acpi_status asmlinkage acpi_enter_sleep_state(u8 sleep_state)
    2.68  {
    2.69 +    if ( tboot_in_measured_env() )
    2.70 +    {
    2.71 +        tboot_sleep(sleep_state);
    2.72 +        pmprintk(XENLOG_ERR, "TBOOT failed entering s3 state\n");
    2.73 +        return_ACPI_STATUS(AE_ERROR);
    2.74 +    }
    2.75 +
    2.76      ACPI_FLUSH_CPU_CACHE();
    2.77  
    2.78      outw((u16)acpi_sinfo.pm1a_cnt_val, acpi_sinfo.pm1a_cnt);
     3.1 --- a/xen/arch/x86/boot/cmdline.S	Tue Oct 30 09:33:49 2007 +0000
     3.2 +++ b/xen/arch/x86/boot/cmdline.S	Tue Oct 30 10:13:43 2007 +0000
     3.3 @@ -170,6 +170,12 @@ cmdline_parse_early:
     3.4          test    %eax,%eax
     3.5          setnz   bootsym_phys(skip_realmode)
     3.6  
     3.7 +        /* Check for 'tboot=' command-line option. */
     3.8 +        movl    $sym_phys(.Ltboot_opt),4(%esp)
     3.9 +        call    .Lfind_option
    3.10 +        test    %eax,%eax
    3.11 +        setnz   bootsym_phys(skip_realmode) /* tboot= implies no-real-mode */
    3.12 +
    3.13  .Lparse_edd:
    3.14          /* Check for 'edd=' command-line option. */
    3.15          movl    $sym_phys(.Ledd_opt),4(%esp)
    3.16 @@ -346,6 +352,8 @@ 1:      lodsw
    3.17          .asciz  "current"
    3.18  .Lno_rm_opt:
    3.19          .asciz  "no-real-mode"
    3.20 +.Ltboot_opt:
    3.21 +        .asciz  "tboot"
    3.22  .Ledid_opt:
    3.23          .asciz  "edid"
    3.24  .Ledid_force:
     4.1 --- a/xen/arch/x86/domain_build.c	Tue Oct 30 09:33:49 2007 +0000
     4.2 +++ b/xen/arch/x86/domain_build.c	Tue Oct 30 10:13:43 2007 +0000
     4.3 @@ -990,14 +990,16 @@ int __init construct_dom0(
     4.4              rc |= iomem_deny_access(dom0, mfn, mfn);
     4.5      }
     4.6  
     4.7 -    /* Remove access to E820_UNUSABLE I/O regions. */
     4.8 +    /* Remove access to E820_UNUSABLE I/O regions above 1MB. */
     4.9      for ( i = 0; i < e820.nr_map; i++ )
    4.10      {
    4.11 -        if ( e820.map[i].type != E820_UNUSABLE)
    4.12 -            continue;
    4.13 -        mfn = paddr_to_pfn(e820.map[i].addr);
    4.14 -        nr_pages = (e820.map[i].size + PAGE_SIZE - 1) >> PAGE_SHIFT;
    4.15 -        rc |= iomem_deny_access(dom0, mfn, mfn + nr_pages - 1);
    4.16 +        unsigned long sfn, efn;
    4.17 +        sfn = max_t(unsigned long, paddr_to_pfn(e820.map[i].addr), 0x100ul);
    4.18 +        efn = paddr_to_pfn(e820.map[i].addr + e820.map[i].size - 1);
    4.19 +        if ( (e820.map[i].type == E820_UNUSABLE) &&
    4.20 +             (e820.map[i].size != 0) &&
    4.21 +             (sfn <= efn) )
    4.22 +            rc |= iomem_deny_access(dom0, sfn, efn);
    4.23      }
    4.24  
    4.25      BUG_ON(rc != 0);
     5.1 --- a/xen/arch/x86/hvm/vmx/vmcs.c	Tue Oct 30 09:33:49 2007 +0000
     5.2 +++ b/xen/arch/x86/hvm/vmx/vmcs.c	Tue Oct 30 10:13:43 2007 +0000
     5.3 @@ -36,6 +36,7 @@
     5.4  #include <xen/kernel.h>
     5.5  #include <xen/keyhandler.h>
     5.6  #include <asm/shadow.h>
     5.7 +#include <asm/tboot.h>
     5.8  
     5.9  /* Dynamic (run-time adjusted) execution control flags. */
    5.10  u32 vmx_pin_based_exec_control __read_mostly;
    5.11 @@ -277,6 +278,13 @@ int vmx_cpu_up(void)
    5.12          wrmsr(IA32_FEATURE_CONTROL_MSR, eax, 0);
    5.13      }
    5.14  
    5.15 +    if ( !tboot_in_measured_env() &&
    5.16 +         !(eax & IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX) )
    5.17 +    {
    5.18 +        printk("VMX only allowed in SMX but SMX not active.\n");
    5.19 +        return 0;
    5.20 +    }
    5.21 +
    5.22      vmx_init_vmcs_config();
    5.23  
    5.24      INIT_LIST_HEAD(&this_cpu(active_vmcs_list));
     6.1 --- a/xen/arch/x86/setup.c	Tue Oct 30 09:33:49 2007 +0000
     6.2 +++ b/xen/arch/x86/setup.c	Tue Oct 30 10:13:43 2007 +0000
     6.3 @@ -37,6 +37,7 @@
     6.4  #include <xen/kexec.h>
     6.5  #include <asm/edd.h>
     6.6  #include <xsm/xsm.h>
     6.7 +#include <asm/tboot.h>
     6.8  
     6.9  #if defined(CONFIG_X86_64)
    6.10  #define BOOTSTRAP_DIRECTMAP_END (1UL << 32) /* 4GB */
    6.11 @@ -846,6 +847,8 @@ void __init __start_xen(unsigned long mb
    6.12  
    6.13      paging_init();
    6.14  
    6.15 +    tboot_probe();
    6.16 +
    6.17      /* Unmap the first page of CPU0's stack. */
    6.18      memguard_guard_stack(cpu0_stack);
    6.19  
     7.1 --- a/xen/arch/x86/shutdown.c	Tue Oct 30 09:33:49 2007 +0000
     7.2 +++ b/xen/arch/x86/shutdown.c	Tue Oct 30 10:13:43 2007 +0000
     7.3 @@ -21,6 +21,7 @@
     7.4  #include <asm/io.h>
     7.5  #include <asm/processor.h>
     7.6  #include <asm/mpspec.h>
     7.7 +#include <asm/tboot.h>
     7.8  
     7.9  /* reboot_str: comma-separated list of reboot options. */
    7.10  static char __initdata reboot_str[10] = "";
    7.11 @@ -219,6 +220,9 @@ void machine_restart(void)
    7.12  
    7.13      smp_send_stop();
    7.14  
    7.15 +    if ( tboot_in_measured_env() )
    7.16 +        tboot_shutdown(TB_SHUTDOWN_REBOOT);
    7.17 +
    7.18      /* Rebooting needs to touch the page at absolute address 0. */
    7.19      *((unsigned short *)__va(0x472)) = reboot_mode;
    7.20  
    7.21 @@ -328,3 +332,13 @@ static int __init reboot_init(void)
    7.22      return 0;
    7.23  }
    7.24  __initcall(reboot_init);
    7.25 +
    7.26 +/*
    7.27 + * Local variables:
    7.28 + * mode: C
    7.29 + * c-set-style: "BSD"
    7.30 + * c-basic-offset: 4
    7.31 + * tab-width: 4
    7.32 + * indent-tabs-mode: nil
    7.33 + * End:
    7.34 + */
     8.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     8.2 +++ b/xen/arch/x86/tboot.c	Tue Oct 30 10:13:43 2007 +0000
     8.3 @@ -0,0 +1,70 @@
     8.4 +#include <xen/config.h>
     8.5 +#include <xen/init.h>
     8.6 +#include <xen/types.h>
     8.7 +#include <xen/lib.h>
     8.8 +#include <xen/sched.h>
     8.9 +#include <asm/fixmap.h>
    8.10 +#include <asm/page.h>
    8.11 +#include <asm/processor.h>
    8.12 +#include <asm/tboot.h>
    8.13 +
    8.14 +/* tboot=<physical address of shared page> */
    8.15 +static char opt_tboot[20] = "";
    8.16 +string_param("tboot", opt_tboot);
    8.17 +
    8.18 +/* Global pointer to shared data; NULL means no measured launch. */
    8.19 +tboot_shared_t *g_tboot_shared;
    8.20 +
    8.21 +static const uuid_t tboot_shared_uuid = TBOOT_SHARED_UUID;
    8.22 +
    8.23 +void __init tboot_probe(void)
    8.24 +{
    8.25 +    tboot_shared_t *tboot_shared;
    8.26 +    unsigned long p_tboot_shared;
    8.27 +
    8.28 +    /* Look for valid page-aligned address for shared page. */
    8.29 +    p_tboot_shared = simple_strtoul(opt_tboot, NULL, 0);
    8.30 +    if ( (p_tboot_shared == 0) || ((p_tboot_shared & ~PAGE_MASK) != 0) )
    8.31 +        return;
    8.32 +
    8.33 +    /* Map and check for tboot UUID. */
    8.34 +    set_fixmap(FIX_TBOOT_SHARED_BASE, p_tboot_shared);
    8.35 +    tboot_shared = (tboot_shared_t *)fix_to_virt(FIX_TBOOT_SHARED_BASE);
    8.36 +    if ( memcmp(&tboot_shared_uuid, (uuid_t *)tboot_shared, sizeof(uuid_t)) )
    8.37 +        return;
    8.38 +
    8.39 +    g_tboot_shared = tboot_shared;
    8.40 +    printk("TBOOT: found shared page at phys addr %lx:\n", p_tboot_shared);
    8.41 +    printk("  version: %d\n", tboot_shared->version);
    8.42 +    printk("  log_addr: 0x%08x\n", tboot_shared->log_addr);
    8.43 +    printk("  shutdown_entry32: 0x%08x\n", tboot_shared->shutdown_entry32);
    8.44 +    printk("  shutdown_entry64: 0x%08x\n", tboot_shared->shutdown_entry64);
    8.45 +    printk("  shutdown_type: %d\n", tboot_shared->shutdown_type);
    8.46 +    printk("  s3_tb_wakeup_entry: 0x%08x\n", tboot_shared->s3_tb_wakeup_entry);
    8.47 +    printk("  s3_k_wakeup_entry: 0x%08x\n", tboot_shared->s3_k_wakeup_entry);
    8.48 +    printk("  &acpi_sinfo: 0x%p\n", &tboot_shared->acpi_sinfo);
    8.49 +}
    8.50 +
    8.51 +void tboot_shutdown(uint32_t shutdown_type)
    8.52 +{
    8.53 +    g_tboot_shared->shutdown_type = shutdown_type;
    8.54 +
    8.55 +    local_irq_disable();
    8.56 +
    8.57 +    /* Create identity map for 0-640k to include tboot code. */
    8.58 +    map_pages_to_xen(0, 0, PFN_UP(0xa0000), __PAGE_HYPERVISOR);
    8.59 +    write_ptbase(idle_vcpu[0]);
    8.60 +
    8.61 +#ifdef __x86_64__
    8.62 +    asm volatile ( "call *%%rdi" :: "D" (g_tboot_shared->shutdown_entry64) );
    8.63 +#else
    8.64 +    asm volatile ( "call *%0" :: "r" (g_tboot_shared->shutdown_entry32) );
    8.65 +#endif
    8.66 +
    8.67 +    BUG(); /* should not reach here */
    8.68 +}
    8.69 +
    8.70 +int tboot_in_measured_env(void)
    8.71 +{
    8.72 +    return (g_tboot_shared != NULL);
    8.73 +}
     9.1 --- a/xen/include/asm-x86/fixmap.h	Tue Oct 30 09:33:49 2007 +0000
     9.2 +++ b/xen/include/asm-x86/fixmap.h	Tue Oct 30 10:13:43 2007 +0000
     9.3 @@ -46,6 +46,7 @@ enum fixed_addresses {
     9.4      FIX_IOMMU_REGS_END = FIX_IOMMU_REGS_BASE_0 + MAX_IOMMUS-1,
     9.5      FIX_IOMMU_MMIO_BASE_0,
     9.6      FIX_IOMMU_MMIO_END = FIX_IOMMU_MMIO_BASE_0 + IOMMU_PAGES -1,
     9.7 +    FIX_TBOOT_SHARED_BASE,
     9.8      __end_of_fixed_addresses
     9.9  };
    9.10  
    10.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
    10.2 +++ b/xen/include/asm-x86/tboot.h	Tue Oct 30 10:13:43 2007 +0000
    10.3 @@ -0,0 +1,90 @@
    10.4 +/*
    10.5 + * tboot.h: shared data structure with MLE and kernel and functions
    10.6 + *          used by kernel for runtime support
    10.7 + *
    10.8 + * Copyright (c) 2006-2007, Intel Corporation
    10.9 + * All rights reserved.
   10.10 + *
   10.11 + * Redistribution and use in source and binary forms, with or without
   10.12 + * modification, are permitted provided that the following conditions
   10.13 + * are met:
   10.14 + *
   10.15 + *   * Redistributions of source code must retain the above copyright
   10.16 + *     notice, this list of conditions and the following disclaimer.
   10.17 + *   * Redistributions in binary form must reproduce the above
   10.18 + *     copyright notice, this list of conditions and the following
   10.19 + *     disclaimer in the documentation and/or other materials provided
   10.20 + *     with the distribution.
   10.21 + *   * Neither the name of the Intel Corporation nor the names of its
   10.22 + *     contributors may be used to endorse or promote products derived
   10.23 + *     from this software without specific prior written permission.
   10.24 + *
   10.25 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   10.26 + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   10.27 + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
   10.28 + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
   10.29 + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   10.30 + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   10.31 + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
   10.32 + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   10.33 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   10.34 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   10.35 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
   10.36 + * OF THE POSSIBILITY OF SUCH DAMAGE.
   10.37 + *
   10.38 + */
   10.39 +
   10.40 +#ifndef __TBOOT_H__
   10.41 +#define __TBOOT_H__
   10.42 +
   10.43 +typedef struct __attribute__ ((__packed__)) {
   10.44 +  uint32_t    data1;
   10.45 +  uint16_t    data2;
   10.46 +  uint16_t    data3;
   10.47 +  uint16_t    data4;
   10.48 +  uint8_t     data5[6];
   10.49 +} uuid_t;
   10.50 +
   10.51 +/* used to communicate between tboot and the launched kernel (i.e. Xen) */
   10.52 +#define MAX_TB_ACPI_SINFO_SIZE   64
   10.53 +
   10.54 +typedef struct __attribute__ ((__packed__)) {
   10.55 +    uuid_t    uuid;              /* {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} */
   10.56 +    uint32_t  version;           /* 0x01 */
   10.57 +    uint32_t  log_addr;          /* physical addr of tb_log_t log */
   10.58 +    uint32_t  shutdown_entry32;  /* entry point for tboot shutdown from 32b */
   10.59 +    uint32_t  shutdown_entry64;  /* entry point for tboot shutdown from 64b */
   10.60 +    uint32_t  shutdown_type;     /* type of shutdown (TB_SHUTDOWN_*) */
   10.61 +    uint32_t  s3_tb_wakeup_entry;/* entry point for tboot s3 wake up */
   10.62 +    uint32_t  s3_k_wakeup_entry; /* entry point for xen s3 wake up */
   10.63 +    uint8_t   acpi_sinfo[MAX_TB_ACPI_SINFO_SIZE];
   10.64 +                                 /* where kernel put acpi sleep info in Sx */
   10.65 +} tboot_shared_t;
   10.66 +
   10.67 +#define TB_SHUTDOWN_REBOOT      0
   10.68 +#define TB_SHUTDOWN_S5          1
   10.69 +#define TB_SHUTDOWN_S4          2
   10.70 +#define TB_SHUTDOWN_S3          3
   10.71 +#define TB_SHUTDOWN_HALT        4
   10.72 +
   10.73 +/* {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} */
   10.74 +#define TBOOT_SHARED_UUID    { 0x663c8dff, 0xe8b3, 0x4b82, 0xaabf, \
   10.75 +                               { 0x19, 0xea, 0x4d, 0x5, 0x7a, 0x8 } };
   10.76 +
   10.77 +extern tboot_shared_t *g_tboot_shared;
   10.78 +
   10.79 +void tboot_probe(void);
   10.80 +void tboot_shutdown(uint32_t shutdown_type);
   10.81 +int tboot_in_measured_env(void);
   10.82 +
   10.83 +#endif /* __TBOOT_H__ */
   10.84 +
   10.85 +/*
   10.86 + * Local variables:
   10.87 + * mode: C
   10.88 + * c-set-style: "BSD"
   10.89 + * c-basic-offset: 4
   10.90 + * tab-width: 4
   10.91 + * indent-tabs-mode: nil
   10.92 + * End:
   10.93 + */