NOTE: this patch set follows up on Intel TXT DRTM patches that are currently under review in their 3rd version [v3]; therefore, it is not standalone! This targets v11 of Linux patches [linux-v11] and corresponding RFC patch set for AMD SKINIT on top of it [linux-amd-rfc].
The publication of the patches at this point pursues several goals: - Make anyone tracking upstream aware of the maturity of the support for AMD SKINIT. - Collect early feedback on the SKINIT implementation. - Finally, demonstrate the extensibility of Secure Launch for incorporating additional platforms. As the RFC suggest, this series is temporal and will be updated based on changes made to the initial Secure Launch series for Intel TXT. Review comments are greatly welcomed and will be worked/addressed, but we would caution that changes to the Secure Launch series for Intel TXT targeting Linux and GRUB will take precedence over review comments. Once Intel TXT Secure Launch series are merged, this series will transition from RFC to a formally submitted one. ----- These changes are based on those posted as part of [v1] and [v2], but also support new [drtm-service] that is available for some CPU families when PSP/ASP firmware is new enough. The set of changes can also be viewed on GitHub at [TrenchBoot/grub]. ----- [v1]: https://lists.gnu.org/archive/html/grub-devel/2024-08/msg00088.html [v2]: https://lists.gnu.org/archive/html/grub-devel/2024-11/msg00000.html [v3]: https://lists.gnu.org/archive/html/grub-devel/2024-12/msg00028.html [linux-v11]: https://lkml.org/lkml/2024/9/13/1396 [linux-amd-rfc]: https://lore.kernel.org/lkml/cover.1734008878.git.sergii.dmyt...@3mdeb.com/ [drtm-service]: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/user-guides/58453.pdf [TrenchBoot/grub]: https://github.com/TrenchBoot/grub/compare/tb-2.12-139-v3...tb-amd-2.12-139-rfc-v1 ----- Alec Brown (3): i386: Add PSP discovery code slaunch/psp: Add core PSP commands and get capability command slaunch/psp: Setup TMRs to protect RAM from DMA Michał Żygowski (1): multiboot2: Support SKINIT Secure Launch Ross Philipson (3): i386: Extra x86 definitions needed by AMD SKINIT Secure Launch slaunch/skinit: AMD SKINIT Secure Launch core implementation efi/slaunch: Add AMD Secure Launch support for Linux EFI stub boot grub-core/Makefile.core.def | 3 + grub-core/lib/i386/relocator32.S | 6 + grub-core/loader/efi/dltrampoline.S | 35 +- grub-core/loader/efi/linux.c | 9 + grub-core/loader/i386/linux.c | 39 ++- grub-core/loader/multiboot_mbi2.c | 14 +- grub-core/loader/slaunch/dlstub.c | 60 +++- grub-core/loader/slaunch/i386_linux.c | 41 +++ grub-core/loader/slaunch/psp.c | 420 +++++++++++++++++++++++ grub-core/loader/slaunch/skinit.c | 198 +++++++++++ grub-core/loader/slaunch/skl.c | 256 ++++++++++++++ grub-core/loader/slaunch/slaunch.c | 24 +- grub-core/loader/slaunch/x86_efi_linux.c | 72 ++++ include/grub/i386/cpuid.h | 7 +- include/grub/i386/msr.h | 6 + include/grub/i386/pci.h | 1 + include/grub/i386/psp.h | 91 +++++ include/grub/i386/skinit.h | 69 ++++ include/grub/slaunch.h | 9 + include/grub/slr_table.h | 16 + 20 files changed, 1351 insertions(+), 25 deletions(-) create mode 100644 grub-core/loader/slaunch/psp.c create mode 100644 grub-core/loader/slaunch/skinit.c create mode 100644 grub-core/loader/slaunch/skl.c create mode 100644 include/grub/i386/psp.h create mode 100644 include/grub/i386/skinit.h base-commit: 5b86bec39d0de1851ddc46d4fc4a80e5a3c52683 prerequisite-patch-id: a4ef62a68c8e0db3ec468dc543ee62a3e6b99a6e -- 2.47.1 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
