multiboot2: Support AMD SKINIT

Signed-off-by: Krystian Hebel <[email protected]> Signed-off-by: Sergii Dmytruk <[email protected]>
TrenchBoot · Oct 22, 2024 · e0663d2 · e0663d2
1 parent 3b5c7ee
commit e0663d2
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 34 deletions.
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
@@ -51,6 +51,7 @@
 #include <grub/memory.h>
 #include <grub/i18n.h>
 #if defined (__i386__) || defined (__x86_64__)
+#include <grub/i386/skinit.h>
 #include <grub/i386/slaunch.h>
 #include <grub/i386/txt.h>
 #endif
@@ -176,6 +177,10 @@ normal_boot (struct grub_relocator *rel, struct grub_relocator32_state state)
       state.ecx = slparams->dce_size;
       state.edx = 0;
     }
+  else if (state.edi == SLP_AMD_SKINIT)
+    {
+      state.eax = slparams->dce_base;
+    }
 
   grub_relocator32_boot (rel, state, 0);
 }
@@ -206,10 +211,10 @@ grub_multiboot_boot (void)
     return err;
 
 #ifdef GRUB_USE_MULTIBOOT2
-  if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+  if (grub_slaunch_platform_type () != SLP_NONE)
     {
-      err = grub_multiboot2_prepare_slaunch_txt (state.MULTIBOOT_MBI_REGISTER,
-                                                 mbi_size);
+      err = grub_multiboot2_prepare_slaunch (state.MULTIBOOT_MBI_REGISTER,
+                                             mbi_size);
       if (err)
         return err;
     }

diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
@@ -104,13 +104,15 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
 
   if (mld->relocatable)
     {
+#ifndef GRUB_USE_MULTIBOOT2
+      if (grub_slaunch_platform_type () != SLP_NONE)
+        return grub_error (GRUB_ERR_BAD_OS, "Only multiboot2 supported for slaunch");
+#endif
+
       load_size = highest_load - mld->link_base_addr;
 
       if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
         {
-#ifndef GRUB_USE_MULTIBOOT2
-          return grub_error (GRUB_ERR_BAD_OS, "Only multiboot2 supported for slaunch");
-#else
           /*
            * We allocate the binary together with the page tables to make one
            * contiguous block for MLE.
@@ -121,7 +123,6 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
           /* Do not go below GRUB_TXT_PMR_ALIGN. */
           if (mld->align < GRUB_TXT_PMR_ALIGN)
             mld->align = GRUB_TXT_PMR_ALIGN;
-#endif
         }
       else
         {
@@ -153,14 +154,14 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
       grub_dprintf ("multiboot_loader", "load_base_addr=0x%lx, source=0x%lx\n",
                     (long) mld->load_base_addr, (long) source);
 
-      if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+      if (grub_slaunch_platform_type () != SLP_NONE)
         {
-#ifndef GRUB_USE_MULTIBOOT2
-          return grub_error (GRUB_ERR_BAD_OS, "Only multiboot2 supported for slaunch");
-#else
           slparams->mle_start = mld->load_base_addr;
           slparams->mle_mem = source;
+        }
 
+      if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+        {
           err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch,
                                                        GRUB_MEMORY_MACHINE_UPPER_START,
                                                        mld->load_base_addr - slparams->mle_ptab_size,
@@ -177,14 +178,13 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
           grub_dprintf ("multiboot_loader", "mle_ptab_mem = %p, mle_ptab_target = %lx, mle_ptab_size = %x\n",
                         slparams->mle_ptab_mem, (unsigned long) slparams->mle_ptab_target,
                         (unsigned) slparams->mle_ptab_size);
-#endif
         }
     }
   else
     {
       mld->load_base_addr = mld->link_base_addr;
       /* TODO: support non-relocatable */
-      if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+      if (grub_slaunch_platform_type () != SLP_NONE)
         return grub_error (GRUB_ERR_BAD_OS, "Non-relocatable ELF not supported with slaunch");
     }
 
@@ -242,7 +242,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
         }
     }
 
-  if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+  if (grub_slaunch_platform_type () != SLP_NONE)
     {
       slparams->mle_header_offset = 0xffffffff;
 

diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
@@ -37,6 +37,7 @@
 #include <grub/net.h>
 #include <grub/lib/cmdline.h>
 #include <grub/i386/memory.h>
+#include <grub/i386/skinit.h>
 #include <grub/i386/slaunch.h>
 #include <grub/i386/txt.h>
 #include <grub/slr_table.h>
@@ -281,7 +282,7 @@ grub_multiboot2_load (grub_file_t file, const char *filename)
 
   if (addr_tag)
     {
-      if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+      if (grub_slaunch_platform_type () != SLP_NONE)
         return grub_error (GRUB_ERR_BAD_OS, "Slaunch not supported with multiboot addr tag");
 
       grub_uint64_t load_addr = (addr_tag->load_addr + 1)
@@ -398,7 +399,7 @@ grub_multiboot2_load (grub_file_t file, const char *filename)
 				       accepted_consoles,
 				       0, 0, 0, console_required);
 
-  if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+  if (grub_slaunch_platform_type () != SLP_NONE)
     {
       grub_relocator_chunk_t ch;
       struct grub_slaunch_params *slparams = grub_slaunch_params();
@@ -415,14 +416,16 @@ grub_multiboot2_load (grub_file_t file, const char *filename)
       slparams->tpm_evt_log_base = get_physical_target_address (ch);
       slparams->tpm_evt_log_size = GRUB_SLAUNCH_TPM_EVT_LOG_SIZE;
 
+      /* It's OK to call this for AMD SKINIT because SKL erases the log before use. */
       grub_txt_init_tpm_event_log(get_virtual_current_address (ch),
                                   slparams->tpm_evt_log_size);
 
       grub_dprintf ("multiboot_loader", "tpm_evt_log_base = %lx, tpm_evt_log_size = %x\n",
                     (unsigned long) slparams->tpm_evt_log_base,
                     (unsigned) slparams->tpm_evt_log_size);
 
-      grub_txt_setup_mle_ptab (slparams);
+      if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+        grub_txt_setup_mle_ptab (slparams);
     }
 
   return err;
@@ -1182,27 +1185,37 @@ add_multiboot2_slrt_policy_entries (void)
 }
 
 grub_err_t
-grub_multiboot2_prepare_slaunch_txt (grub_uint32_t mbi_target,
-                                     grub_uint32_t mbi_size)
+grub_multiboot2_prepare_slaunch (grub_uint32_t mbi_target,
+                                 grub_uint32_t mbi_size)
 {
   grub_err_t err;
   struct grub_slaunch_params *slparams = grub_slaunch_params ();
+  grub_uint32_t slp = grub_slaunch_platform_type ();
 
   slparams->boot_params_addr = mbi_target;
 
-  slparams->slr_table_base = GRUB_SLAUNCH_STORE_IN_OS2MLE;
-  slparams->slr_table_size = GRUB_PAGE_SIZE;
+  if (slp == SLP_INTEL_TXT)
+    {
+      slparams->slr_table_base = GRUB_SLAUNCH_STORE_IN_OS2MLE;
+      slparams->slr_table_size = GRUB_PAGE_SIZE;
 
-  slparams->slr_table_mem = grub_zalloc (slparams->slr_table_size);
-  if (slparams->slr_table_mem == NULL)
-    return GRUB_ERR_OUT_OF_MEMORY;
+      slparams->slr_table_mem = grub_zalloc (slparams->slr_table_size);
+      if (slparams->slr_table_mem == NULL)
+          return GRUB_ERR_OUT_OF_MEMORY;
 
-  err = grub_txt_boot_prepare (slparams);
-  if (err != GRUB_ERR_NONE)
+      err = grub_txt_boot_prepare (slparams);
+      if (err != GRUB_ERR_NONE)
+          return grub_error (err, "TXT boot preparation failed");
+    }
+  else if (slp == SLP_AMD_SKINIT)
     {
-      grub_printf ("TXT boot preparation failed");
-      return err;
+      err = grub_skinit_boot_prepare (grub_multiboot2_relocator, slparams);
+      if (err != GRUB_ERR_NONE)
+        return grub_error (err, "SKINIT preparations have failed");
     }
+  else
+    return grub_error (GRUB_ERR_BAD_ARGUMENT,
+                       N_("Unknown secure launcher platform type: %d\n"), slp);
 
   grub_slaunch_add_slrt_policy_entry (18,
                                       GRUB_SLR_ET_MULTIBOOT2_INFO,
@@ -1211,16 +1224,19 @@ grub_multiboot2_prepare_slaunch_txt (grub_uint32_t mbi_target,
                                       mbi_size,
                                       "Measured MB2 information");
   grub_slaunch_add_slrt_policy_entries ();
-  grub_txt_add_slrt_policy_entries ();
+  if (slp == SLP_INTEL_TXT)
+    grub_txt_add_slrt_policy_entries ();
   add_multiboot2_slrt_policy_entries ();
   grub_slaunch_finish_slr_table ();
 
   grub_dprintf ("multiboot_loader", "slr_table_base = %lx, slr_table_size = %x\n",
                 (unsigned long) slparams->slr_table_base,
                 (unsigned) slparams->slr_table_size);
-  grub_memcpy ((void *)(grub_addr_t) slparams->slr_table_base,
-               slparams->slr_table_mem,
-               slparams->slr_table_size);
+
+  if (slp == SLP_INTEL_TXT)
+    grub_memcpy ((void *)(grub_addr_t) slparams->slr_table_base,
+                 slparams->slr_table_mem,
+                 slparams->slr_table_size);
 
   return GRUB_ERR_NONE;
 }
diff --git a/include/grub/multiboot2.h b/include/grub/multiboot2.h
@@ -43,8 +43,8 @@ void grub_multiboot2_set_bootdev (void);
 void
 grub_multiboot2_add_elfsyms (grub_size_t num, grub_size_t entsize,
 			    unsigned shndx, void *data);
-grub_err_t grub_multiboot2_prepare_slaunch_txt (grub_uint32_t mbi_target,
-                                                grub_uint32_t mbi_size);
+grub_err_t grub_multiboot2_prepare_slaunch (grub_uint32_t mbi_target,
+                                            grub_uint32_t mbi_size);
 
 grub_uint32_t grub_multiboot2_get_mmap_count (void);
 grub_err_t grub_multiboot2_set_video_mode (void);