Add patches for Intel TXT support v2

Signed-off-by: Krystian Hebel <[email protected]>
3mdeb · Apr 13, 2023 · 32c30b9 · 32c30b9
1 parent 3e5c333
commit 32c30b9
Show file tree

Hide file tree

Showing 19 changed files with 632 additions and 633 deletions.
diff --git a/...erge-rdmsr.h-and-wrmsr.h-into-msr.h.patch → ...erge-rdmsr.h-and-wrmsr.h-into-msr.h.patch b/...erge-rdmsr.h-and-wrmsr.h-into-msr.h.patch → ...erge-rdmsr.h-and-wrmsr.h-into-msr.h.patch
@@ -1,7 +1,7 @@
-From a78796a23a33f12934ad45169be57735b05cdd81 Mon Sep 17 00:00:00 2001
+From 1614664a12563b23b2efd3b0c7b59a9c4ad10484 Mon Sep 17 00:00:00 2001
 From: Daniel Kiper <[email protected]>
 Date: Tue, 17 Dec 2019 17:51:29 +0100
-Subject: [PATCH 1101/1118] i386/msr: Merge rdmsr.h and wrmsr.h into msr.h
+Subject: [PATCH] i386/msr: Merge rdmsr.h and wrmsr.h into msr.h
 
 It does not make sense to have separate headers for separate static
 functions. Additionally, we have to add some constants with MSR addresses

diff --git a/...me-grub_msr_read-and-grub_msr_write.patch → ...me-grub_msr_read-and-grub_msr_write.patch b/...me-grub_msr_read-and-grub_msr_write.patch → ...me-grub_msr_read-and-grub_msr_write.patch
@@ -1,8 +1,7 @@
-From 4529bfd79f5ba84a9fd11cef803bd8c8f8aa9f8f Mon Sep 17 00:00:00 2001
+From bb8fe14ea78fbd7ad92b3d53c69e3b961eb8ccdd Mon Sep 17 00:00:00 2001
 From: Daniel Kiper <[email protected]>
 Date: Tue, 17 Dec 2019 20:02:37 +0100
-Subject: [PATCH 1102/1118] i386/msr: Rename grub_msr_read() and
- grub_msr_write()
+Subject: [PATCH] i386/msr: Rename grub_msr_read() and grub_msr_write()
 
 ... to grub_rdmsr() and grub_wrmsr() respectively. New names are more
 obvious than older ones.

diff --git a/...and-improve-MSR-support-detection-c.patch → ...and-improve-MSR-support-detection-c.patch b/...and-improve-MSR-support-detection-c.patch → ...and-improve-MSR-support-detection-c.patch
@@ -1,8 +1,7 @@
-From ccee3f6377ecf0fba2edda7518911b3167657838 Mon Sep 17 00:00:00 2001
+From e0f617c89e3a03cba4b5e48ffac8ef76cc7c0838 Mon Sep 17 00:00:00 2001
 From: Daniel Kiper <[email protected]>
 Date: Sat, 25 Apr 2020 16:43:52 +0200
-Subject: [PATCH 1103/1118] i386/msr: Extract and improve MSR support detection
- code
+Subject: [PATCH] i386/msr: Extract and improve MSR support detection code
 
 Currently rdmsr and wrmsr commands have own MSR support detection code.
 This code is the same. So, it is duplicated. Additionally, this code

diff --git a/...ename-PAGE_SHIFT-to-GRUB_PAGE_SHIFT.patch → ...ename-PAGE_SHIFT-to-GRUB_PAGE_SHIFT.patch b/...ename-PAGE_SHIFT-to-GRUB_PAGE_SHIFT.patch → ...ename-PAGE_SHIFT-to-GRUB_PAGE_SHIFT.patch
@@ -1,7 +1,7 @@
-From e6e4cf0b0e1f2ee45706203ba8f30a7954acc83d Mon Sep 17 00:00:00 2001
+From 938357ec4fd8a8522fc55d3d050eff1f2235407d Mon Sep 17 00:00:00 2001
 From: Daniel Kiper <[email protected]>
 Date: Wed, 20 Nov 2019 12:40:42 +0100
-Subject: [PATCH 1104/1118] i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT
+Subject: [PATCH] i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT
 
 ...to avoid potential conflicts and confusion.
 

diff --git a/...e-PAGE_SIZE-to-GRUB_PAGE_SIZE-and-m.patch → ...e-PAGE_SIZE-to-GRUB_PAGE_SIZE-and-m.patch b/...e-PAGE_SIZE-to-GRUB_PAGE_SIZE-and-m.patch → ...e-PAGE_SIZE-to-GRUB_PAGE_SIZE-and-m.patch
@@ -1,8 +1,8 @@
-From be6df1e0e6b5fcbf26389e27288c54675d7e1aa5 Mon Sep 17 00:00:00 2001
+From 4e9a66d61b076b01826af440f581bb0c26c58431 Mon Sep 17 00:00:00 2001
 From: Daniel Kiper <[email protected]>
 Date: Wed, 20 Nov 2019 12:52:16 +0100
-Subject: [PATCH 1105/1118] i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and
- make it global
+Subject: [PATCH] i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it
+ global
 
 Subsequent patches will use that constant.
 

diff --git a/...p_get_lowest-and-grub_mmap_get_high.patch → ...p_get_lowest-and-grub_mmap_get_high.patch b/...p_get_lowest-and-grub_mmap_get_high.patch → ...p_get_lowest-and-grub_mmap_get_high.patch
@@ -1,8 +1,7 @@
-From 534e9d569caa75c0e36a80134dea6bf0f9350bc7 Mon Sep 17 00:00:00 2001
+From 47c88e17987444c862dd83a5e5aeb2faa6b4afb1 Mon Sep 17 00:00:00 2001
 From: Daniel Kiper <[email protected]>
 Date: Mon, 4 May 2020 22:34:59 +0200
-Subject: [PATCH 1106/1118] mmap: Add grub_mmap_get_lowest() and
- grub_mmap_get_highest()
+Subject: [PATCH] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()
 
 The functions calculate lowest and highest available RAM
 addresses respectively.
@@ -12,15 +11,15 @@ Intel TXT secure launcher introduced by subsequent patches.
 
 Signed-off-by: Daniel Kiper <[email protected]>
 ---
- grub-core/mmap/mmap.c | 64 +++++++++++++++++++++++++++++++++++++++++++
+ grub-core/mmap/mmap.c | 70 +++++++++++++++++++++++++++++++++++++++++++
  include/grub/memory.h |  3 ++
- 2 files changed, 67 insertions(+)
+ 2 files changed, 73 insertions(+)
 
 diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
-index c8c8312c56f2..270730fc770f 100644
+index c8c8312c56f2..1e93b7e3cabb 100644
 --- a/grub-core/mmap/mmap.c
 +++ b/grub-core/mmap/mmap.c
-@@ -343,6 +343,70 @@ grub_mmap_unregister (int handle)
+@@ -343,6 +343,76 @@ grub_mmap_unregister (int handle)
 
  #endif /* ! GRUB_MMAP_REGISTER_BY_FIRMWARE */
 
@@ -49,6 +48,8 @@ index c8c8312c56f2..270730fc770f 100644
 +  return 0;
 +}
 +
++/* This function calculates lowest available RAM address that is at or above
++   the passed limit. If no RAM exists above the limit, ~0 is returned. */
 +grub_uint64_t
 +grub_mmap_get_lowest (grub_uint64_t limit)
 +{
@@ -78,6 +79,10 @@ index c8c8312c56f2..270730fc770f 100644
 +  return 0;
 +}
 +
++/* This function calculates highest available RAM address that is below the
++   passed limit. Returned address is either one byte after last byte of RAM or
++   equal to limit, whichever is lower. If no RAM exists below limit, 0 is
++   returned. */
 +grub_uint64_t
 +grub_mmap_get_highest (grub_uint64_t limit)
 +{

diff --git a/...basic-platform-support-for-secure-l.patch → ...basic-platform-support-for-secure-l.patch b/...basic-platform-support-for-secure-l.patch → ...basic-platform-support-for-secure-l.patch
@@ -1,50 +1,49 @@
-From 92abb1b1c33a697d51d3c95ee0861f65c939e092 Mon Sep 17 00:00:00 2001
+From 33c31aa22cab2841aa9d4f9578f61a926c30eb8e Mon Sep 17 00:00:00 2001
 From: Ross Philipson <[email protected]>
 Date: Wed, 7 Aug 2019 13:50:14 -0400
-Subject: [PATCH 1109/1118] i386/slaunch: Add basic platform support for secure
- launch
+Subject: [PATCH] i386/slaunch: Add basic platform support for secure launch
 
 Signed-off-by: Ross Philipson <[email protected]>
 Signed-off-by: Daniel Kiper <[email protected]>
+Signed-off-by: Krystian Hebel <[email protected]>
 ---
- include/grub/i386/cpuid.h |  13 +++
- include/grub/i386/crfr.h  | 186 ++++++++++++++++++++++++++++++++++++++
- include/grub/i386/mmio.h  |  90 ++++++++++++++++++
- include/grub/i386/msr.h   |  61 +++++++++++++
- 4 files changed, 350 insertions(+)
+ include/grub/i386/cpuid.h |  12 ++++
+ include/grub/i386/crfr.h  | 127 ++++++++++++++++++++++++++++++++++++++
+ include/grub/i386/mmio.h  |  72 +++++++++++++++++++++
+ include/grub/i386/msr.h   |  61 ++++++++++++++++++
+ 4 files changed, 272 insertions(+)
  create mode 100644 include/grub/i386/crfr.h
  create mode 100644 include/grub/i386/mmio.h
 
 diff --git a/include/grub/i386/cpuid.h b/include/grub/i386/cpuid.h
-index f7ae4b0a4641..8176e5d113d8 100644
+index f7ae4b0a4641..0ddd87b1544e 100644
 --- a/include/grub/i386/cpuid.h
 +++ b/include/grub/i386/cpuid.h
-@@ -19,6 +19,19 @@
+@@ -19,6 +19,18 @@
  #ifndef GRUB_CPU_CPUID_HEADER
  #define GRUB_CPU_CPUID_HEADER 1
 
 +/* General  */
-+#define GRUB_X86_CPUID_VENDOR	0x00000000
-+#define GRUB_X86_CPUID_FEATURES	0x00000001
-+
++#define GRUB_X86_CPUID_VENDOR		0x00000000
++#define GRUB_X86_CPUID_FEATURES		0x00000001
 +/* Intel  */
-+#define GRUB_VMX_CPUID_FEATURE	(1<<5)
-+#define GRUB_SMX_CPUID_FEATURE	(1<<6)
++#define GRUB_X86_CPUID_FEATURES_ECX_VMX	(1<<5)
++#define GRUB_X86_CPUID_FEATURES_ECX_SMX	(1<<6)
 +
 +/* AMD  */
-+#define GRUB_AMD_CPUID_FEATURES	0x80000001
-+#define GRUB_SVM_CPUID_FEATURE	(1<<2)
-+#define GRUB_AMD_CPUID_FUNC	0x8000000a
++#define GRUB_AMD_CPUID_FEATURES		0x80000001
++#define GRUB_AMD_CPUID_FEATURES_ECX_SVM	(1<<2)
++#define GRUB_AMD_CPUID_FUNC		0x8000000a
 +
  extern unsigned char grub_cpuid_has_longmode;
  extern unsigned char grub_cpuid_has_pae;
 
 diff --git a/include/grub/i386/crfr.h b/include/grub/i386/crfr.h
 new file mode 100644
-index 000000000000..284d6967be4b
+index 000000000000..1dcae427dc8b
 --- /dev/null
 +++ b/include/grub/i386/crfr.h
-@@ -0,0 +1,186 @@
+@@ -0,0 +1,127 @@
 +/*
 + *  GRUB  --  GRand Unified Bootloader
 + *  Copyright (C) 2020  Oracle and/or its affiliates.
@@ -98,94 +97,35 @@ index 000000000000..284d6967be4b
 +#define GRUB_CR4_X86_PCIDE	0x00020000 /* Enable PCID */
 +
 +static inline unsigned long
-+grub_read_cr4 (void)
++grub_read_cr0 (void)
 +{
 +  unsigned long val;
 +
-+  asm volatile ("mov %%cr4, %0" : "=r" (val) : : "memory");
++  asm volatile ("mov %%cr0, %0" : "=r" (val) : : "memory");
 +
 +  return val;
 +}
 +
 +static inline void
-+grub_write_cr4 (unsigned long val)
++grub_write_cr0 (unsigned long val)
 +{
-+  asm volatile ("mov %0, %%cr4" : : "r" (val) : "memory");
++  asm volatile ("mov %0, %%cr0" : : "r" (val) : "memory");
 +}
 +
-+#define GRUB_CR0	0
-+#define GRUB_CR1	1
-+#define GRUB_CR2	2
-+#define GRUB_CR3	3
-+#define GRUB_CR4	4
-+
-+#ifdef __x86_64__
-+#define read_cr(r, d) asm volatile ("movq %%cr" r ", %0" : "=r" (d))
-+#else
-+#define read_cr(r, d) asm volatile ("movl %%cr" r ", %0" : "=r" (d))
-+#endif
-+
 +static inline unsigned long
-+grub_read_control_register(grub_uint8_t reg)
++grub_read_cr4 (void)
 +{
-+  unsigned long data;
-+
-+  switch (reg)
-+  {
-+  case GRUB_CR0:
-+    read_cr("0", data);
-+    break;
-+  case GRUB_CR1:
-+    read_cr("1", data);
-+    break;
-+  case GRUB_CR2:
-+    read_cr("2", data);
-+    break;
-+  case GRUB_CR3:
-+    read_cr("3", data);
-+    break;
-+  case GRUB_CR4:
-+    read_cr("4", data);
-+    break;
-+  default:
-+    /* TODO: Loudly complain if this is called. Even some kind of BUG() */
-+    data = ~0UL;
-+    break;
-+  }
-+
-+  return data;
-+}
++  unsigned long val;
 +
-+#ifdef __x86_64__
-+#define write_cr(r, d) asm volatile ("movq %0, %%cr" r : : "r" (d))
-+#else
-+#define write_cr(r, d) asm volatile ("movl %0, %%cr" r : : "r" (d))
-+#endif
++  asm volatile ("mov %%cr4, %0" : "=r" (val) : : "memory");
++
++  return val;
++}
 +
 +static inline void
-+grub_write_control_register(grub_uint8_t reg, unsigned long data)
++grub_write_cr4 (unsigned long val)
 +{
-+  switch (reg)
-+  {
-+  case GRUB_CR0:
-+    write_cr("0", data);
-+    break;
-+  case GRUB_CR1:
-+    write_cr("1", data);
-+    break;
-+  case GRUB_CR2:
-+    write_cr("2", data);
-+    break;
-+  case GRUB_CR3:
-+    write_cr("3", data);
-+    break;
-+  case GRUB_CR4:
-+    write_cr("4", data);
-+    break;
-+  default:
-+    /* TODO: Loudly complain if this is called. Even some kind of BUG() */
-+    ;
-+  }
++  asm volatile ("mov %0, %%cr4" : : "r" (val) : "memory");
 +}
 +
 +#define GRUB_EFLAGS_X86_CF	0x00000001 /* Carry Flag */
@@ -233,10 +173,10 @@ index 000000000000..284d6967be4b
 +#endif
 diff --git a/include/grub/i386/mmio.h b/include/grub/i386/mmio.h
 new file mode 100644
-index 000000000000..6f5bf18ce3ac
+index 000000000000..b5bce71ef8d6
 --- /dev/null
 +++ b/include/grub/i386/mmio.h
-@@ -0,0 +1,90 @@
+@@ -0,0 +1,72 @@
 +/*
 + *  GRUB  --  GRand Unified Bootloader
 + *  Copyright (C) 2020  Oracle and/or its affiliates.
@@ -260,70 +200,52 @@ index 000000000000..6f5bf18ce3ac
 +
 +#include <grub/types.h>
 +
-+/* TODO: Are these barirers really needed??? */
-+#define grub_mb()	asm volatile ("mfence" : : : "memory")
-+#define grub_rmb()	asm volatile ("lfence" : : : "memory")
-+#define grub_wmb()	asm volatile ("sfence" : : : "memory")
-+#define grub_barrier()	asm volatile ("" : : : "memory")
-+
 +static inline grub_uint8_t
-+grub_readb (const volatile void *addr)
++grub_readb (const grub_addr_t addr)
 +{
 +  grub_uint8_t val;
 +
-+  grub_barrier ();
 +  val = (*(volatile grub_uint8_t *) (addr));
-+  grub_rmb ();
 +
 +  return val;
 +}
 +
 +static inline grub_uint32_t
-+grub_readl (const volatile void *addr)
++grub_readl (const grub_addr_t addr)
 +{
 +  grub_uint32_t val;
 +
-+  grub_barrier ();
 +  val = (*(volatile grub_uint32_t *) (addr));
-+  grub_rmb ();
 +
 +  return val;
 +}
 +
 +static inline grub_uint64_t
-+grub_readq (const volatile void *addr)
++grub_readq (const grub_addr_t addr)
 +{
 +  grub_uint64_t val;
 +
-+  grub_barrier ();
 +  val = (*(volatile grub_uint64_t *) (addr));
-+  grub_rmb ();
 +
 +  return val;
 +}
 +
 +static inline void
-+grub_writeb (grub_uint8_t val, volatile void *addr)
++grub_writeb (grub_uint8_t val, grub_addr_t addr)
 +{
-+  grub_wmb ();
 +  (*(volatile grub_uint8_t *) (addr)) = val;
-+  grub_barrier ();
 +}
 +
 +static inline void
-+grub_writel (grub_uint32_t val, volatile void *addr)
++grub_writel (grub_uint32_t val, grub_addr_t addr)
 +{
-+  grub_wmb ();
 +  (*(volatile grub_uint32_t *) (addr)) = val;
-+  grub_barrier ();
 +}
 +
 +static inline void
-+grub_writeq (grub_uint64_t val, volatile void *addr)
++grub_writeq (grub_uint64_t val, grub_addr_t addr)
 +{
-+  grub_wmb ();
 +  (*(volatile grub_uint64_t *) (addr)) = val;
-+  grub_barrier ();
 +}
 +
 +#endif /* GRUB_I386_MMIO_H */