[PATCH v2 00/19] i386: Intel TXT and AMD SKINIT secure launcher

Fri, 01 Nov 2024 15:54:45 -0700 

Hello,

Continuing upstreaming [TrenchBoot] code changes.  More context can be found in
the cover letter for [v1].

How the patches look now:

1. [01-03]  Various additions in preparation for later commits
2. [04-05]  TPM-related part (`tpm` module rename, addition of a simple TPM
            driver) (relatively small in size)
3. [06-07]  SecureLaunch with its SLRT (lots of definitions)
4. [08-12]  Support for Intel TXT D-RTM (the bulk of the patches)
5. [13]     Implementation of SecureLaunch commands
6. [14-15]  Multiboot2 support for Intel TXT (medium)
7. [16-19]  Support for AMD SKINIT D-RTM (medium size when combined)

This set of changes can also be viewed on GitHub at [TrenchBoot/grub].

Best regards,
Sergii

Changes in v2:
 - 5 patches landed as a separate [generic-x86] series
 - 3 patches were in [generic-x86] as well, got Reviewed-Bys and returned here;
   one of them was extracted out of a different patch
 - patches related to modules received some documentation additions
 - several commit messages became more verbose
 - some commits have seen cosmetic changes with no impact on functionality
 - a leak fix got dropped to be sent separately (it's not really related to the
   rest of changes)

[TrenchBoot]: https://trenchboot.org/
[v1]: https://lists.gnu.org/archive/html/grub-devel/2024-08/msg00088.html
[TrenchBoot/grub]: 
https://github.com/TrenchBoot/grub/compare/6c5d4b3...tb-2.12-97-v2
[generic-x86]: 
https://lists.gnu.org/archive/html/grub-devel/2024-10/msg00055.html

Daniel Kiper (3):
  mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()
  i386/tpm: Rename tpm module to tpm_verifier
  i386/tpm: Add TPM TIS and CRB driver

Krystian Hebel (4):
  i386/memory: Define GRUB_PAGE_MASK and GRUB_PAGE_{UP,DOWN} macros
  i386/skinit: Add AMD SKINIT implementation
  i386/slaunch: Add support for AMD SKINIT
  multiboot2: Support AMD SKINIT

Michał Żygowski (2):
  i386/txt: Initialize TPM 1.2 event log in TXT heap
  multiboot2: Implement TXT slaunch support

Ross Philipson (9):
  i386: Add CRx, MMIO, MSR and extend CPUID definitions
  include/grub: Introduce Secure Launch Resource Table (SLRT)
  i386/slaunch: Add Secure Launch header
  i386/txt: Add Intel TXT definitions header file
  i386/txt: Add Intel TXT core implementation
  i386/txt: Add Intel TXT ACM module support
  i386/txt: Add Intel TXT verification routines
  i386/slaunch: Add secure launch framework and commands
  i386/linux: Add support for AMD SKINIT

Sergii Dmytruk (1):
  multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size

 docs/grub.texi                               |   32 +-
 grub-core/Makefile.am                        |    6 +
 grub-core/Makefile.core.def                  |   18 +-
 grub-core/commands/i386/tpm.c                |  151 +++
 grub-core/commands/{tpm.c => tpm_verifier.c} |    6 +-
 grub-core/lib/i386/relocator32.S             |   14 +
 grub-core/loader/i386/bsd.c                  |    4 +
 grub-core/loader/i386/coreboot/chainloader.c |    2 +
 grub-core/loader/i386/linux.c                |  337 +++++-
 grub-core/loader/i386/multiboot_mbi.c        |    4 +-
 grub-core/loader/i386/pc/plan9.c             |    3 +-
 grub-core/loader/i386/skinit.c               |  156 +++
 grub-core/loader/i386/slaunch.c              |  337 ++++++
 grub-core/loader/i386/txt/acmod.c            |  605 ++++++++++
 grub-core/loader/i386/txt/txt.c              | 1110 ++++++++++++++++++
 grub-core/loader/i386/txt/verify.c           |  277 +++++
 grub-core/loader/i386/xnu.c                  |    3 +
 grub-core/loader/multiboot.c                 |   34 +-
 grub-core/loader/multiboot_elfxx.c           |   88 +-
 grub-core/loader/multiboot_mbi2.c            |  118 +-
 grub-core/mmap/mmap.c                        |   83 ++
 include/grub/file.h                          |    3 +
 include/grub/i386/cpuid.h                    |   11 +
 include/grub/i386/crfr.h                     |  127 ++
 include/grub/i386/linux.h                    |   14 +-
 include/grub/i386/memory.h                   |    5 +
 include/grub/i386/mmio.h                     |   72 ++
 include/grub/i386/msr.h                      |   63 +
 include/grub/i386/skinit.h                   |   36 +
 include/grub/i386/slaunch.h                  |   90 ++
 include/grub/i386/tpm.h                      |   35 +
 include/grub/i386/txt.h                      |  742 ++++++++++++
 include/grub/memory.h                        |    3 +
 include/grub/multiboot.h                     |    2 +-
 include/grub/multiboot2.h                    |    5 +-
 include/grub/slr_table.h                     |  328 ++++++
 36 files changed, 4892 insertions(+), 32 deletions(-)
 create mode 100644 grub-core/commands/i386/tpm.c
 rename grub-core/commands/{tpm.c => tpm_verifier.c} (97%)
 create mode 100644 grub-core/loader/i386/skinit.c
 create mode 100644 grub-core/loader/i386/slaunch.c
 create mode 100644 grub-core/loader/i386/txt/acmod.c
 create mode 100644 grub-core/loader/i386/txt/txt.c
 create mode 100644 grub-core/loader/i386/txt/verify.c
 create mode 100644 include/grub/i386/crfr.h
 create mode 100644 include/grub/i386/mmio.h
 create mode 100644 include/grub/i386/skinit.h
 create mode 100644 include/grub/i386/slaunch.h
 create mode 100644 include/grub/i386/tpm.h
 create mode 100644 include/grub/i386/txt.h
 create mode 100644 include/grub/slr_table.h


base-commit: bd2d85a141236f454485b995c3a024669cd5a017
prerequisite-patch-id: 450e6ee179d407f3718821303500f65cb955b5db
-- 
2.47.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to