intel_txt: to fix intel txt S3 resume failure since c/s 21108

This patch is to fix S3 resume failure with Intel TXT/tboot launched,
brought by c/s 21108.  Don't printk anything between two
tboot_gen_xenheap_integrity() calls for release build or debug build.
Or else xen heap will be changed, which causes that memory integrity
will be lost on S3 resume.

Signed-off-by: Shane Wang <shane.wang@intel.com>

diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
index 4a0a171a425a9867e3c502ec45e01357c6c5ebd6..9cbed0b09f6ac8bfbb74f89a9387b4f6b1ad4701 100644 (file)
--- a/xen/arch/x86/tboot.c
+++ b/xen/arch/x86/tboot.c
@@ -230,8 +230,6 @@ static void tboot_gen_domain_integrity(const uint8_t key[TB_KEY_SIZE],
 
     *mac = vmac(NULL, 0, nonce, NULL, &ctx);
 
-    printk("MAC for domains is: 0x%08"PRIx64"\n", *mac);
-
     /* wipe ctx to ensure key is not left in memory */
     memset(&ctx, 0, sizeof(ctx));
 }
@@ -294,8 +292,6 @@ static void tboot_gen_xenheap_integrity(const uint8_t key[TB_KEY_SIZE],
     }
     *mac = vmac(NULL, 0, nonce, NULL, &ctx);
 
-    printk("MAC for xenheap is: 0x%08"PRIx64"\n", *mac);
-
     /* wipe ctx to ensure key is not left in memory */
     memset(&ctx, 0, sizeof(ctx));
 }
@@ -325,8 +321,6 @@ static void tboot_gen_frametable_integrity(const uint8_t key[TB_KEY_SIZE],
 
     *mac = vmac(NULL, 0, nonce, NULL, &ctx);
 
-    printk("MAC for frametable is: 0x%08"PRIx64"\n", *mac);
-
     /* wipe ctx to ensure key is not left in memory */
     memset(&ctx, 0, sizeof(ctx));
 }
@@ -505,14 +499,20 @@ int tboot_s3_resume(void)
 
     /* need to do these in reverse order of shutdown */
     tboot_gen_xenheap_integrity(g_tboot_shared->s3_key, &mac);
+    printk("MAC for xenheap before S3 is: 0x%08"PRIx64"\n", xenheap_mac);
+    printk("MAC for xenheap after S3 is: 0x%08"PRIx64"\n", mac);
     if ( mac != xenheap_mac )
         return -1;
 
     tboot_gen_frametable_integrity(g_tboot_shared->s3_key, &mac);
+    printk("MAC for frametable before S3 is: 0x%08"PRIx64"\n", frametable_mac);
+    printk("MAC for frametable after S3 is: 0x%08"PRIx64"\n", mac);
     if ( mac != frametable_mac )
         return -2;
 
     tboot_gen_domain_integrity(g_tboot_shared->s3_key, &mac);
+    printk("MAC for domains before S3 is: 0x%08"PRIx64"\n", domain_mac);
+    printk("MAC for domains after S3 is: 0x%08"PRIx64"\n", mac);
     if ( mac != domain_mac )
         return -3;