ost likely break those.
Best regards,
--
Krystian Hebel
Firmware Engineer
https://3mdeb.com | @3mdeb_com
If it turns out to be impossible to implement on the loader side we
should consider doing it in Xen, but that's not my first option.
Thanks, Roger.
_
Signed-off-by: Krystian Hebel
---
grub-core/Makefile.core.def | 1 +
grub-core/lib/i386/relocator32.S | 6 ++
grub-core/loader/i386/linux.c| 30 +-
grub-core/loader/i386/slaunch.c | 21 -
include/grub/i386/slaunch.h | 11
Signed-off-by: Krystian Hebel
---
include/grub/i386/skinit.h | 46 ++
1 file changed, 46 insertions(+)
create mode 100644 include/grub/i386/skinit.h
diff --git a/include/grub/i386/skinit.h b/include/grub/i386/skinit.h
new file mode 100644
index
From: Norbert Kaminski
It will be used to properly detect and report UEFI Secure Boot status to
the x86 Linux kernel. The functionality will be added by subsequent patches.
Signed-off-by: Ignat Korchagin
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/kern/efi/efi.c
From: Norbert Kaminski
Signed-off-by: Ross Philipson
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
Signed-off-by: Krystian Hebel
---
grub-core/Makefile.am| 3 +
grub-core/Makefile.core.def | 15 +++
grub-core/lib/i386/relocator32.S | 8 ++
grub-core
From: Norbert Kaminski
Signed-off-by: Ross Philipson
Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/loader/i386/txt/acmod.c | 575 ++
1 file changed, 575 insertions(+)
create mode 100644 grub-core/loader/i386/txt/acmod.c
diff --git a/grub-core/loader/
From: Norbert Kaminski
Subsequent patches will use that constant.
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/loader/i386/xen.c | 35 +--
include/grub/i386/memory.h | 1 +
2 files changed, 18 insertions(+), 18 deletions(-)
diff
From: Norbert Kaminski
Signed-off-by: Ross Philipson
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/loader/i386/txt/verify.c | 297 +
1 file changed, 297 insertions(+)
create mode 100644 grub-core/loader/i386/txt/verify.c
diff --git a/g
Signed-off-by: Krystian Hebel
---
grub-core/loader/i386/skinit.c | 162 +
1 file changed, 162 insertions(+)
create mode 100644 grub-core/loader/i386/skinit.c
diff --git a/grub-core/loader/i386/skinit.c b/grub-core/loader/i386/skinit.c
new file mode 100644
index
From: Norbert Kaminski
Signed-off-by: Ross Philipson
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
include/grub/i386/txt.h | 690
1 file changed, 690 insertions(+)
create mode 100644 include/grub/i386/txt.h
diff --git a/include/grub
From: Norbert Kaminski
Currently rdmsr and wrmsr commands have own MSR support detection code.
This code is the same. So, it is duplicated. Additionally, this code
cannot be reused by others. Hence, extract this code to a function and
make it public. By the way, improve a code a bit.
Additionall
TCG D-RTM Architecture Specification defines DRTM ACPI table. Its fields
include Event Log base and size.
Note that not all of the firmware vendors fill that table, so leave the
previous allocation as a fallback.
Signed-off-by: Krystian Hebel
---
grub-core/loader/i386/linux.c | 20
From: Norbert Kaminski
Signed-off-by: Ross Philipson
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/loader/i386/txt/txt.c | 886
include/grub/i386/memory.h | 5 +
2 files changed, 891 insertions(+)
create mode 100644 grub-cor
From: Norbert Kaminski
Signed-off-by: Ross Philipson
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
include/grub/i386/cpuid.h | 13 +++
include/grub/i386/crfr.h | 186 ++
include/grub/i386/mmio.h | 90 ++
include/grub/i3
From: Norbert Kaminski
to grub_rdmsr() and grub_wrmsr() respectively. New names are more
obvious than older ones.
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/commands/i386/rdmsr.c | 2 +-
grub-core/commands/i386/wrmsr.c | 2 +-
include/grub/i386/msr.h | 4
From: Norbert Kaminski
This is needed to properly detect and report UEFI Secure Boot status
to the x86 Linux kernel. The functionality will be added by subsequent
patches.
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/commands/efi/efifwsetup.c | 8
grub-c
From: Norbert Kaminski
Otherwise the kernel does not know its state and cannot enable various
security features depending on UEFI Secure Boot.
Signed-off-by: Ignat Korchagin
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/loader/i386/linux.c | 86 +++
From: Norbert Kaminski
..to avoid naming collision with TPM TIS and CRB driver introduced
by subsequent patch.
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
docs/grub.texi | 15 ---
grub-core/Makefile.core.def | 4 +
From: Norbert Kaminski
The GUID will be used to properly detect and report UEFI Secure Boot
status to the x86 Linux kernel. The functionality will be added by
subsequent patches. The shim_lock protocol type is made public for
completeness.
Additionally, fix formatting of four preceding GUIDs.
S
From: Norbert Kaminski
The functions calculate lowest and highest available RAM
addresses respectively.
Both functions are needed to calculate PMR boundaries for
Intel TXT secure launcher introduced by subsequent patches.
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-c
From: Norbert Kaminski
It will be used by Intel TXT secure launcher introduced
by subsequent patches.
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/commands/i386/tpm.c | 182 ++
include/grub/i386/tpm.h | 36 +++
2 files ch
From: Norbert Kaminski
..to avoid potential conflicts and confusion.
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
grub-core/lib/i386/xen/relocator.S | 6 +++---
grub-core/lib/x86_64/xen/relocator.S | 4 ++--
grub-core/loader/i386/xen.c | 28 ++--
From: Norbert Kaminski
It does not make sense to have separate headers for separate static
functions. Additionally, we have to add some constants with MSR addresses
in subsequent patches. So, make one common place to store them.
Signed-off-by: Daniel Kiper
Signed-off-by: Norbert Kaminski
---
s txt-stat).
Daniel
Krystian Hebel (4):
i386/slaunch: Add code for searching for DRTM event log in ACPI
i386/skinit: Add AMD SKINIT definitions header file
i386/skinit: Add AMD SKINIT core implementation
i386/slaunch: Add support for AMD SKINIT
Norbert Kaminski (18):
i386/msr: Merge rdmsr.h a
terrible) to enable multiboot2 on ARM64 if this is the approach
required/desired?
Chris
Uli
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lis
);
+
+ err = grub_txt_prepare_cpu ();
+ if ( err )
+return err;
+
+ if (!(grub_rdmsr (GRUB_MSR_X86_APICBASE) & GRUB_MSR_X86_APICBASE_BSP))
+return grub_error (GRUB_ERR_BAD_DEVICE, N_("secure launch must run on
BSP"));
This test should be the first one, before messing with TPM and MTTRs.
+
+ return GRUB_ERR_NONE;
+}
Best regards,
--
Krystian Hebel
Firmware Engineer
https://3mdeb.com | @3mdeb_com
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Sorry it took so long.
Tested with mismatch between kernel and GRUB size of that structure,
works as
expected.
Reviewed-by: Krystian Hebel
--
Krystian Hebel
Firmware Engineer
https://3mdeb.com | @3mdeb_com
___
Grub-devel mailing list
Grub-devel
Docs/24593.pdf
Signed-off-by: Krystian Hebel
---
grub-core/Makefile.core.def| 2 +
grub-core/lib/i386/relocator_slaunch.c | 71 ++
grub-core/lib/i386/relocator_slaunch_asm.S | 37 +++
include/grub/i386/relocator.h | 4 ++
4 files ch
28 matches
Mail list logo
