On 8/26/24 5:44 AM, Sergii Dmytruk wrote:
From: Ross Philipson <ross.philip...@oracle.com>
Some of the commands declared in header files will be implemented in
the follow-up commits.
In addition to submitting the first seven patches standalone, if you
split this patch up and remove the slaunch.h changes, you can then
submit the rest of this patch (which is just generic x86 stuff) with the
other other seven. Does this make sense?
Thanks
Ross
Signed-off-by: Ross Philipson <ross.philip...@oracle.com>
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
Signed-off-by: Krystian Hebel <krystian.he...@3mdeb.com>
Signed-off-by: Sergii Dmytruk <sergii.dmyt...@3mdeb.com>
---
include/grub/i386/cpuid.h | 12 ++++
include/grub/i386/crfr.h | 127 ++++++++++++++++++++++++++++++++++++
include/grub/i386/mmio.h | 72 ++++++++++++++++++++
include/grub/i386/msr.h | 63 ++++++++++++++++++
include/grub/i386/slaunch.h | 77 ++++++++++++++++++++++
5 files changed, 351 insertions(+)
create mode 100644 include/grub/i386/crfr.h
create mode 100644 include/grub/i386/mmio.h
create mode 100644 include/grub/i386/slaunch.h
diff --git a/include/grub/i386/cpuid.h b/include/grub/i386/cpuid.h
index f7ae4b0a4..0ddd87b15 100644
--- a/include/grub/i386/cpuid.h
+++ b/include/grub/i386/cpuid.h
@@ -19,6 +19,18 @@
#ifndef GRUB_CPU_CPUID_HEADER
#define GRUB_CPU_CPUID_HEADER 1
+/* General */
+#define GRUB_X86_CPUID_VENDOR 0x00000000
+#define GRUB_X86_CPUID_FEATURES 0x00000001
+/* Intel */
+#define GRUB_X86_CPUID_FEATURES_ECX_VMX (1<<5)
+#define GRUB_X86_CPUID_FEATURES_ECX_SMX (1<<6)
+
+/* AMD */
+#define GRUB_AMD_CPUID_FEATURES 0x80000001
+#define GRUB_AMD_CPUID_FEATURES_ECX_SVM (1<<2)
+#define GRUB_AMD_CPUID_FUNC 0x8000000a
+
extern unsigned char grub_cpuid_has_longmode;
extern unsigned char grub_cpuid_has_pae;
diff --git a/include/grub/i386/crfr.h b/include/grub/i386/crfr.h
new file mode 100644
index 000000000..881a4dad4
--- /dev/null
+++ b/include/grub/i386/crfr.h
@@ -0,0 +1,127 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 Oracle and/or its affiliates.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see
<https://urldefense.com/v3/__https://www.gnu.org/licenses/__;!!ACWV5N9M2RV99hQ!NqURlAB94pWy-U_y0OQCEskDAeDx649zRrId6IAY4aLN-cTVUL83BqeuRNwg2voFzfxGaH1xrK7OGQO5jMzkl3v4DIDY$
>.
+ */
+
+#ifndef GRUB_CRFR_H
+#define GRUB_CRFR_H 1
+
+#include <grub/types.h>
+
+/* Routines for R/W of control and flags registers */
+
+#define GRUB_CR0_X86_PE 0x00000001 /* Enable Protected Mode */
+#define GRUB_CR0_X86_MP 0x00000002 /* "Math" (FPU) Present */
+#define GRUB_CR0_X86_EM 0x00000004 /* EMulate FPU */
+#define GRUB_CR0_X86_TS 0x00000008 /* Task Switched */
+#define GRUB_CR0_X86_PG 0x80000000 /* Enable PaGing */
+
+#define GRUB_CR0_X86_NE 0x00000020 /* Numeric Error enable
(EX16 vs IRQ13) */
+#define GRUB_CR0_X86_WP 0x00010000 /* Write Protect */
+#define GRUB_CR0_X86_AM 0x00040000 /* Alignment Mask */
+#define GRUB_CR0_X86_NW 0x20000000 /* Not Write-through */
+#define GRUB_CR0_X86_CD 0x40000000 /* Cache Disable */
+
+#define GRUB_CR4_X86_VME 0x00000001 /* Virtual 8086 mode extensions */
+#define GRUB_CR4_X86_PVI 0x00000002 /* Protected-mode virtual interrupts
*/
+#define GRUB_CR4_X86_TSD 0x00000004 /* Time stamp disable */
+#define GRUB_CR4_X86_DE 0x00000008 /* Debugging extensions */
+#define GRUB_CR4_X86_PSE 0x00000010 /* Page size extensions */
+#define GRUB_CR4_X86_PAE 0x00000020 /* Physical address extension */
+#define GRUB_CR4_X86_MCE 0x00000040 /* Enable Machine check enable */
+#define GRUB_CR4_X86_PGE 0x00000080 /* Enable Page global */
+#define GRUB_CR4_X86_PCE 0x00000100 /* Enable Performance monitoring
counter */
+#define GRUB_CR4_X86_FXSR 0x00000200 /* Fast FPU save/restore */
+#define GRUB_CR4_X86_XMM 0x00000400 /* Generate #XM instead of #UD for
SIMD */
+#define GRUB_CR4_X86_VMXE 0x00002000 /* Enable VMX */
+#define GRUB_CR4_X86_SMXE 0x00004000 /* Enable SMX */
+#define GRUB_CR4_X86_PCIDE 0x00020000 /* Enable PCID */
+
+static inline unsigned long
+grub_read_cr0 (void)
+{
+ unsigned long val;
+
+ asm volatile ("mov %%cr0, %0" : "=r" (val) : : "memory");
+
+ return val;
+}
+
+static inline void
+grub_write_cr0 (unsigned long val)
+{
+ asm volatile ("mov %0, %%cr0" : : "r" (val) : "memory");
+}
+
+static inline unsigned long
+grub_read_cr4 (void)
+{
+ unsigned long val;
+
+ asm volatile ("mov %%cr4, %0" : "=r" (val) : : "memory");
+
+ return val;
+}
+
+static inline void
+grub_write_cr4 (unsigned long val)
+{
+ asm volatile ("mov %0, %%cr4" : : "r" (val) : "memory");
+}
+
+#define GRUB_EFLAGS_X86_CF 0x00000001 /* Carry Flag */
+#define GRUB_EFLAGS_X86_PF 0x00000004 /* Parity Flag */
+#define GRUB_EFLAGS_X86_AF 0x00000010 /* Auxillary carry Flag */
+#define GRUB_EFLAGS_X86_ZF 0x00000040 /* Zero Flag */
+#define GRUB_EFLAGS_X86_SF 0x00000080 /* Sign Flag */
+#define GRUB_EFLAGS_X86_TF 0x00000100 /* Trap Flag */
+#define GRUB_EFLAGS_X86_IF 0x00000200 /* Interrupt Flag */
+#define GRUB_EFLAGS_X86_DF 0x00000400 /* Direction Flag */
+#define GRUB_EFLAGS_X86_OF 0x00000800 /* Overflow Flag */
+#define GRUB_EFLAGS_X86_IOPL 0x00003000 /* IOPL mask */
+#define GRUB_EFLAGS_X86_NT 0x00004000 /* Nested Task */
+#define GRUB_EFLAGS_X86_RF 0x00010000 /* Resume Flag */
+#define GRUB_EFLAGS_X86_VM 0x00020000 /* Virtual Mode */
+#define GRUB_EFLAGS_X86_AC 0x00040000 /* Alignment Check */
+#define GRUB_EFLAGS_X86_VIF 0x00080000 /* Virtual Interrupt Flag */
+#define GRUB_EFLAGS_X86_VIP 0x00100000 /* Virtual Interrupt Pending */
+#define GRUB_EFLAGS_X86_ID 0x00200000 /* CPUID detection flag */
+
+static inline unsigned long
+grub_read_flags_register (void)
+{
+ unsigned long flags;
+
+#ifdef __x86_64__
+ asm volatile ("pushfq; popq %0" : "=r" (flags));
+#else
+ asm volatile ("pushfl; popl %0" : "=r" (flags));
+#endif
+
+ return flags;
+}
+
+static inline void
+grub_write_flags_register (unsigned long flags)
+{
+#ifdef __x86_64__
+ asm volatile ("pushq %0; popfq" : : "r" (flags));
+#else
+ asm volatile ("pushl %0; popfl" : : "r" (flags));
+#endif
+}
+
+#endif
diff --git a/include/grub/i386/mmio.h b/include/grub/i386/mmio.h
new file mode 100644
index 000000000..97a30f7d8
--- /dev/null
+++ b/include/grub/i386/mmio.h
@@ -0,0 +1,72 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 Oracle and/or its affiliates.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see
<https://urldefense.com/v3/__https://www.gnu.org/licenses/__;!!ACWV5N9M2RV99hQ!NqURlAB94pWy-U_y0OQCEskDAeDx649zRrId6IAY4aLN-cTVUL83BqeuRNwg2voFzfxGaH1xrK7OGQO5jMzkl3v4DIDY$
>.
+ */
+
+#ifndef GRUB_I386_MMIO_H
+#define GRUB_I386_MMIO_H 1
+
+#include <grub/types.h>
+
+static inline grub_uint8_t
+grub_read8 (const grub_addr_t addr)
+{
+ grub_uint8_t val;
+
+ val = (*(volatile grub_uint8_t *) (addr));
+
+ return val;
+}
+
+static inline grub_uint32_t
+grub_read32 (const grub_addr_t addr)
+{
+ grub_uint32_t val;
+
+ val = (*(volatile grub_uint32_t *) (addr));
+
+ return val;
+}
+
+static inline grub_uint64_t
+grub_read64 (const grub_addr_t addr)
+{
+ grub_uint64_t val;
+
+ val = (*(volatile grub_uint64_t *) (addr));
+
+ return val;
+}
+
+static inline void
+grub_write8 (grub_uint8_t val, grub_addr_t addr)
+{
+ (*(volatile grub_uint8_t *) (addr)) = val;
+}
+
+static inline void
+grub_write32 (grub_uint32_t val, grub_addr_t addr)
+{
+ (*(volatile grub_uint32_t *) (addr)) = val;
+}
+
+static inline void
+grub_write64 (grub_uint64_t val, grub_addr_t addr)
+{
+ (*(volatile grub_uint64_t *) (addr)) = val;
+}
+
+#endif /* GRUB_I386_MMIO_H */
diff --git a/include/grub/i386/msr.h b/include/grub/i386/msr.h
index 1e838c022..52c923ab9 100644
--- a/include/grub/i386/msr.h
+++ b/include/grub/i386/msr.h
@@ -2,6 +2,9 @@
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2019 Free Software Foundation, Inc.
*
+ * Some definitions in this header are extracted from the Trusted Computing
+ * Group's "TPM Main Specification", Parts 1-3.
+ *
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
@@ -19,6 +22,64 @@
#ifndef GRUB_I386_MSR_H
#define GRUB_I386_MSR_H 1
+/* General */
+#define GRUB_MSR_X86_PLATFORM_ID 0x00000017
+
+#define GRUB_MSR_X86_APICBASE 0x0000001b
+#define GRUB_MSR_X86_APICBASE_BSP (1<<8)
+#define GRUB_MSR_X86_APICBASE_ENABLE (1<<11)
+#define GRUB_MSR_X86_APICBASE_BASE (0xfffff<<12) /* Mask for APIC base
address */
+
+#define GRUB_MSR_X86_FEATURE_CONTROL 0x0000003a
+#define GRUB_MSR_X86_FEATURE_CTRL_LOCK (1<<0) /* Lock writes to this
register */
+#define GRUB_MSR_X86_ENABLE_VMX_IN_SMX (1<<1) /* Enable VMX inside SMX */
+#define GRUB_MSR_X86_ENABLE_VMX_OUT_SMX (1<<2) /* Enable VMX
outside SMX */
+#define GRUB_MSR_X86_SENTER_FUNCTIONS (0x7f<<8) /* Bitmap of SENTER function
enables */
+#define GRUB_MSR_X86_SENTER_ENABLE (1<<15) /* SENTER global enable */
+
+#define GRUB_MSR_X86_MTRRCAP 0x000000fe
+#define GRUB_MSR_X86_VCNT_MASK 0xff /* Number of variable MTRRs
*/
+
+#define GRUB_MSR_X86_MCG_CAP 0x00000179
+#define GRUB_MSR_MCG_BANKCNT_MASK 0xff /* Number of banks */
+#define GRUB_MSR_X86_MCG_STATUS 0x0000017a
+#define GRUB_MSR_MCG_STATUS_MCIP (1ULL<<2) /* MC in progress */
+
+#define GRUB_MSR_X86_MISC_ENABLE 0x000001a0
+#define GRUB_MSR_X86_ENABLE_MONITOR_FSM (1<<18)
+
+#define GRUB_MSR_X86_MTRR_PHYSBASE0 0x00000200
+#define GRUB_MSR_X86_MTRR_PHYSMASK0 0x00000201
+#define GRUB_MSR_X86_MTRR_PHYSBASE(n) (GRUB_MSR_X86_MTRR_PHYSBASE0 + 2 * (n))
+#define GRUB_MSR_X86_MTRR_PHYSMASK(n) (GRUB_MSR_X86_MTRR_PHYSMASK0 + 2 * (n))
+#define GRUB_MSR_X86_BASE_DEF_TYPE_MASK 0xff
+#define GRUB_MSR_X86_MASK_VALID (1<<11)
+
+#define GRUB_MSR_X86_MTRR_DEF_TYPE 0x000002ff
+#define GRUB_MSR_X86_DEF_TYPE_MASK 0xff
+#define GRUB_MSR_X86_MTRR_ENABLE_FIXED (1<<10)
+#define GRUB_MSR_X86_MTRR_ENABLE (1<<11)
+
+#define GRUB_MSR_X86_MC0_STATUS 0x00000401
+
+#define GRUB_MSR_X86_EFER 0xc0000080 /* Extended features */
+#define GRUB_MSR_EFER_LME (1<<8) /* Enable Long Mode/IA-32e */
+#define GRUB_MSR_EFER_LMA (1<<10) /* Long Mode/IA-32e Active */
+#define GRUB_MSR_EFER_SVME (1<<12) /* Enable SVM (AMD-V) */
+
+/* AMD Specific */
+#define GRUB_MSR_AMD64_VM_CR 0xc0010114 /* SVM control register */
+#define GRUB_MSR_SVM_VM_CR_SVM_DISABLE (1<<4) /* Disable writes to
EFER.SVME */
+
+/* MTRR Specific */
+#define GRUB_MTRR_MEMORY_TYPE_UC 0
+#define GRUB_MTRR_MEMORY_TYPE_WC 1
+#define GRUB_MTRR_MEMORY_TYPE_WT 4
+#define GRUB_MTRR_MEMORY_TYPE_WP 5
+#define GRUB_MTRR_MEMORY_TYPE_WB 6
+
+#ifndef ASM_FILE
+
#include <grub/err.h>
#include <grub/i386/cpuid.h>
#include <grub/types.h>
@@ -71,4 +132,6 @@ grub_wrmsr (grub_uint32_t msr_id, grub_uint64_t msr_value)
asm volatile ("wrmsr" : : "c" (msr_id), "a" (low), "d" (high));
}
+#endif /* ASM_FILE */
+
#endif /* GRUB_I386_MSR_H */
diff --git a/include/grub/i386/slaunch.h b/include/grub/i386/slaunch.h
new file mode 100644
index 000000000..1574b3a1c
--- /dev/null
+++ b/include/grub/i386/slaunch.h
@@ -0,0 +1,77 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 Oracle and/or its affiliates.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see
<https://urldefense.com/v3/__http://www.gnu.org/licenses/__;!!ACWV5N9M2RV99hQ!NqURlAB94pWy-U_y0OQCEskDAeDx649zRrId6IAY4aLN-cTVUL83BqeuRNwg2voFzfxGaH1xrK7OGQO5jMzkl_8XFohg$
>.
+ *
+ * Main secure launch definitions header file.
+ */
+
+#ifndef GRUB_I386_SLAUNCH_H
+#define GRUB_I386_SLAUNCH_H 1
+
+/* Secure launch platform types. */
+#define SLP_NONE 0
+#define SLP_INTEL_TXT 1
+
+/* PCRs used by Secure launch. */
+#define GRUB_SLAUNCH_CODE_PCR 17
+#define GRUB_SLAUNCH_DATA_PCR 18
+
+#define GRUB_SLAUNCH_TPM_EVT_LOG_SIZE (8 * GRUB_PAGE_SIZE)
+
+#ifndef ASM_FILE
+
+#include <grub/i386/linux.h>
+#include <grub/types.h>
+
+struct grub_slaunch_params
+{
+ grub_uint32_t boot_params_addr;
+ grub_uint64_t slr_table_base;
+ /* This is size of SLRT buffer, so maximum size of the table. */
+ grub_uint32_t slr_table_size;
+ void *slr_table_mem;
+ grub_uint32_t mle_start;
+ grub_uint32_t mle_size;
+ void *mle_mem;
+ grub_uint64_t mle_ptab_target;
+ grub_uint32_t mle_ptab_size;
+ void *mle_ptab_mem;
+ grub_uint32_t mle_header_offset;
+ grub_uint32_t ap_wake_block;
+ grub_uint32_t ap_wake_block_size;
+ grub_uint32_t dce_base;
+ grub_uint32_t dce_size;
+ grub_uint64_t tpm_evt_log_base;
+ grub_uint32_t tpm_evt_log_size;
+};
+
+extern grub_uint32_t grub_slaunch_platform_type (void);
+extern void *grub_slaunch_module (void);
+extern struct grub_slaunch_params *grub_slaunch_params (void);
+
+extern void grub_slaunch_init_slrt_storage (int arch);
+extern void grub_slaunch_add_slrt_policy_entries (void);
+extern void grub_slaunch_add_slrt_policy_entry (grub_uint16_t pcr,
+ grub_uint16_t entity_type,
+ grub_uint16_t flags,
+ grub_uint64_t entity,
+ grub_uint64_t size,
+ const char *evt_info);
+extern void grub_slaunch_finish_slr_table (void);
+
+#endif /* ASM_FILE */
+
+#endif /* GRUB_I386_SLAUNCH_H */
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
