[PATCH v4 19/20] multiboot2: Support TXT Secure Launch

at the end of the list Signed-off-by: Michał Żygowski Signed-off-by: Tomasz Żyjewski Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/multiboot.c | 11 ++ grub-core/loader/multiboot_elfxx.c| 91 +++- grub-core/loader/multiboot_mbi2.c

[PATCH v4 20/20] efi/chainloader: support Secure Launch

Unallocated memory is cleared before loading an image. This is meant to make measurements of DLME more deterministic in the face of firmware that doesn't bother to zero area containing padding. Signed-off-by: Sergii Dmytruk --- grub-core/loader/efi/chainloader.c

[PATCH v4 14/20] i386/efi: Add DL stub as common DL event module

duplication legacy boot is performed through the stub as well, but GRUB calls it directly and DLME is started only once. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/x86_dlstub.c | 93 grub-core/loader/slaunch/x86_dltrampoline.S

[PATCH v4 09/20] i386/txt: Add Intel TXT definitions header file

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- include/grub/i386/txt.h | 720 1 file changed, 720 insertions(+) create mode 100644 include/grub/i386/txt.h diff --git a/include/grub

[PATCH v4 02/20] i386: Add CRx, MMIO, MSR and extend CPUID definitions

: Daniel Kiper Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk Reviewed-by: Alec Brown --- include/grub/i386/cpuid.h | 13 +++ include/grub/i386/crfr.h | 190 ++ include/grub/i386/mmio.h | 74 +++ include/grub/i386/msr.h | 63

[PATCH v4 18/20] slaunch: Introduce a hook for filling SLRT policy

Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/slrt.c | 37 - include/grub/slaunch.h | 10 + 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/grub-core/loader/slaunch/slrt.c b/grub-core/loader/slaunch/slrt.c index

[PATCH v4 12/20] slaunch/txt: Add Intel TXT ACM module support

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/acmod.c | 575 +++ 1 file changed, 575 insertions(+) create mode 100644 grub-core/loader/slaunch/acmod.c diff --git a/grub

[PATCH v4 07/20] slaunch: Add main Secure Launch definitions header

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.am | 3 ++ include/grub/slaunch.h | 108 + 2 files changed, 111 insertions(+) create mode 100644 include/grub/slaunch.h diff --git a/grub-core

[PATCH v4 17/20] multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size

f the amount of extra memory that follows it. Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/multiboot_mbi.c | 4 +++- grub-core/loader/multiboot.c | 3 ++- grub-core/loader/multiboot_mbi2.c | 6 -- include/grub/multiboot.h | 2 +- include/grub/multibo

[PATCH v4 10/20] i386: extract grub_get_max_phy_addr_bits ()

Convert part of grub_vbe_enable_mtrr () in video/i386/pc/vbe.c to an inline function in grub/i386/cpuid.h to enable its reuse. Signed-off-by: Sergii Dmytruk --- grub-core/video/i386/pc/vbe.c | 11 +-- include/grub/i386/cpuid.h | 14 ++ 2 files changed, 15 insertions

[PATCH v4 13/20] slaunch/txt: Add Intel TXT verification routines

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/verify.c | 297 ++ 1 file changed, 297 insertions(+) create mode 100644 grub-core/loader/slaunch/verify.c diff --git a/grub

[PATCH v4 16/20] efi/linux: Add Intel TXT Secure Launch support

From: Ross Philipson This is for Linux with its EFI stub, but the same Secure Launch code can work with something like Xen once chainloader is made aware of Secure Launch. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.core.def| 2 + grub-core

[PATCH v4 15/20] slaunch: Add Secure Launch framework and commands

: Daniel Kiper Signed-off-by: Sergii Dmytruk --- docs/grub.texi| 9 + grub-core/Makefile.core.def | 13 ++ grub-core/lib/i386/relocator32.S | 8 + grub-core/loader/i386/bsd.c | 3 + grub-core/loader/i386/linux.c | 85 - grub

[PATCH v4 06/20] slaunch: Add Secure Launch Resource Table (SLRT) header file

From: Ross Philipson Introduce the Secure Launch Resource Table which forms the formal interface between the pre and post launch code. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.am| 3 + include/grub/slr_table.h | 297

[PATCH v4 05/20] commands/i386/tpm: Add TPM TIS and CRB driver

: Sergii Dmytruk --- docs/grub.texi| 8 ++ grub-core/Makefile.core.def | 6 ++ grub-core/commands/i386/tpm.c | 151 ++ include/grub/i386/tpm.h | 35 4 files changed, 200 insertions(+) create mode 100644 grub-core/commands/i386

[PATCH v4 03/20] efi/tpm: Replace tpm command

From: Ross Philipson Replace UEFI tpm measuring command with TPM logging function, allowing the removal of the tpm command file. Specifying the license in commands/efi/tpm.c to make sure the code still builds. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core

[PATCH v4 01/20] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()

From: Daniel Kiper The functions find the lowest and highest values with regard to the passed in limit. Passing a low limit of 0 or a high limit of ~0 calculates lowest and highest available RAM addresses respectively. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by

[PATCH v4 00/20] x86: Trenchboot Secure Launch DRTM for Intel TXT (GRUB)

ons header file slaunch/txt: Add Intel TXT core implementation slaunch/txt: Add Intel TXT ACM module support slaunch/txt: Add Intel TXT verification routines i386/efi: Add DL stub as common DL event module efi/linux: Add Intel TXT Secure Launch support Sergii Dmytruk (4): i38

[PATCH v4 11/20] slaunch/txt: Add Intel TXT core implementation

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Michał Żygowski Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/txt.c | 1114 include/grub/i386/memory.h |5 + 2

[PATCH v4 04/20] commands/tpm: Rename tpm module to tpm_verifier

From: Aleksandr Burmashev This avoids naming collision with TPM TIS and CRB driver introduced by subsequent patch and characterizes the functionality of the module better. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- docs/grub.texi| 21 +++--- grub-core

[PATCH v4 08/20] slaunch: Add SLR table setup support module

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/slrt.c | 292 1 file changed, 292 insertions(+) create mode 100644 grub-core/loader/slaunch/slrt.c diff --git a/grub-core/loader/slaunch/slrt.c b

[RFC PATCH v2 6/7] efi: Add AMD SKINIT Secure Launch support

From: Ross Philipson Extend code introduced for legacy boot with AMD Secure Launch to support EFI. This is for Linux with its EFI stub and also for anything else that can be loaded by chainloader. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/loader/efi

[RFC PATCH v2 7/7] multiboot2: Support SKINIT Secure Launch

From: Michał Żygowski Signed-off-by: Michał Żygowski Signed-off-by: Tomasz Żyjewski Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/multiboot_mbi2.c | 14 +- grub-core/loader/slaunch/skl.c| 2 +- 2 files changed, 14 insertions(+), 2

[RFC PATCH v2 5/7] slaunch/skinit: AMD SKINIT Secure Launch core implementation

From: Ross Philipson Add core implementation for AMD SKINIT Secure Launch in GRUB based on Linux legacy boot protocol. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.core.def | 2 + grub-core/lib/i386/relocator32.S | 6 + grub-core

[RFC PATCH v2 1/7] i386: Extra x86 definitions needed by AMD SKINIT Secure Launch

From: Ross Philipson A few MSR/CPUID/PCI x86 definitions added. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- include/grub/i386/cpuid.h | 7 --- include/grub/i386/msr.h | 6 ++ include/grub/i386/pci.h | 1 + 3 files changed, 11 insertions(+), 3 deletions

[RFC PATCH v2 2/7] i386: Add PSP discovery code

From: Alec Brown Add base code for PSP discovery in grub. Signed-off-by: Alec Brown Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.core.def| 1 + grub-core/loader/slaunch/psp.c | 133 + include/grub/i386/psp.h| 42 +++ 3 files

[RFC PATCH v2 4/7] slaunch/psp: Setup TMRs to protect RAM from DMA

From: Alec Brown TMRs are setup and used to protect ranges of memory from outside access like DMA. Setting them up to cover all memory protects from DMA during the establishment of the DRTM environment. Signed-off-by: Alec Brown Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch

[RFC PATCH v2 3/7] slaunch/psp: Add core PSP commands and get capability command

From: Alec Brown Add various core DRTM commands for the PSP. Signed-off-by: Alec Brown Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/psp.c | 235 - include/grub/i386/psp.h| 48 +++ 2 files changed, 281 insertions(+), 2 deletions

[RFC PATCH v2 0/7] x86: Trenchboot Secure Launch DRTM for AMD SKINIT (GRUB)

This is a refresh of [rfc-v1] (no substantial changes) to accompany v4 of the main patch set, see more details there. Giving this a try and providing feedback is appreciated. The changes can also be viewed on GitHub at [TrenchBoot/grub]. - [rfc-v1]: https://lists.gnu.org/archive/html/grub-d

[RFC PATCH 6/7] efi/slaunch: Add AMD Secure Launch support for Linux EFI stub boot

From: Ross Philipson Changes built on the AMD Secure Launch base support for legacy Linux this allows booting through the kernel's EFI stub and dlstub to start a measured launch on AMD platforms. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/loade

[RFC PATCH 7/7] multiboot2: Support SKINIT Secure Launch

From: Michał Żygowski Signed-off-by: Michał Żygowski Signed-off-by: Tomasz Żyjewski Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/multiboot_mbi2.c | 14 +- grub-core/loader/slaunch/skl.c| 2 +- 2 files changed, 14 insertions(+), 2

[RFC PATCH 5/7] slaunch/skinit: AMD SKINIT Secure Launch core implementation

From: Ross Philipson Add core implementation for AMD SKINIT Secure Launch in GRUB based on Linux legacy boot protocol. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.core.def | 2 + grub-core/lib/i386/relocator32.S | 6 + grub-core

[RFC PATCH 0/7] x86: Trenchboot Secure Launch DRTM for AMD SKINIT (GRUB)

NOTE: this patch set follows up on Intel TXT DRTM patches that are currently under review in their 3rd version [v3]; therefore, it is not standalone! This targets v11 of Linux patches [linux-v11] and corresponding RFC patch set for AMD SKINIT on top of it [linux-amd-rfc]. The publication of the pa

[RFC PATCH 2/7] i386: Add PSP discovery code

From: Alec Brown Add base code for PSP discovery in grub. Signed-off-by: Alec Brown Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.core.def| 1 + grub-core/loader/slaunch/psp.c | 133 + include/grub/i386/psp.h| 42 +++ 3 files

[RFC PATCH 3/7] slaunch/psp: Add core PSP commands and get capability command

From: Alec Brown Add various core DRTM commands for the PSP. Signed-off-by: Alec Brown Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/psp.c | 235 - include/grub/i386/psp.h| 48 +++ 2 files changed, 281 insertions(+), 2 deletions

[RFC PATCH 1/7] i386: Extra x86 definitions needed by AMD SKINIT Secure Launch

From: Ross Philipson A few MSR/CPUID/PCI x86 definitions added. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- include/grub/i386/cpuid.h | 7 --- include/grub/i386/msr.h | 6 ++ include/grub/i386/pci.h | 1 + 3 files changed, 11 insertions(+), 3 deletions

[RFC PATCH 4/7] slaunch/psp: Setup TMRs to protect RAM from DMA

From: Alec Brown TMRs are setup and used to protect ranges of memory from outside access like DMA. Setting them up to cover all memory protects from DMA during the establishment of the DRTM environment. Signed-off-by: Alec Brown Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch

[PATCH v3 14/19] slaunch: Add Secure Launch framework and commands

: Daniel Kiper Signed-off-by: Sergii Dmytruk --- docs/grub.texi| 9 ++ grub-core/Makefile.core.def | 13 ++ grub-core/lib/i386/relocator32.S | 8 + grub-core/loader/i386/bsd.c | 3 + grub-core/loader/i386/linux.c | 87

[PATCH v3 18/19] slaunch: Introduce a hook for filling SLRT policy

Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/slrt.c | 37 - include/grub/slaunch.h | 10 + 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/grub-core/loader/slaunch/slrt.c b/grub-core/loader/slaunch/slrt.c index

[PATCH v3 10/19] slaunch/txt: Add Intel TXT core implementation

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/txt.c | 935 + include/grub/i386/linux.h | 5 +- include/grub/i386/memory.h | 5 + 3 files changed, 944

[PATCH v3 13/19] i386/efi: Add DL stub as common DL event module

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/loader/efi/dltrampoline.S | 94 + grub-core/loader/slaunch/dlstub.c | 93 2 files changed, 187 insertions(+) create mode 100644 grub-core

[PATCH v3 06/19] slaunch: Add Secure Launch Resource Table (SLRT) header file

From: Ross Philipson Introduce the Secure Launch Resource Table which forms the formal interface between the pre and post launch code. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.am| 3 + include/grub/slr_table.h | 296

[PATCH v3 12/19] slaunch/txt: Add Intel TXT verification routines

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/verify.c | 297 ++ 1 file changed, 297 insertions(+) create mode 100644 grub-core/loader/slaunch/verify.c diff --git a/grub

[PATCH v3 11/19] slaunch/txt: Add Intel TXT ACM module support

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/acmod.c | 575 +++ 1 file changed, 575 insertions(+) create mode 100644 grub-core/loader/slaunch/acmod.c diff --git a/grub

[PATCH v3 05/19] commands/i386/tpm: Add TPM TIS and CRB driver

: Sergii Dmytruk --- docs/grub.texi| 8 ++ grub-core/Makefile.core.def | 6 ++ grub-core/commands/i386/tpm.c | 151 ++ include/grub/i386/tpm.h | 35 4 files changed, 200 insertions(+) create mode 100644 grub-core/commands/i386

[PATCH v3 16/19] i386/txt: Initialize TPM 1.2 event log in TXT heap

From: Michał Żygowski Signed-off-by: Michał Żygowski Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/txt.c | 68 +- include/grub/i386/txt.h| 33 + 2 files changed, 100 insertions(+), 1 deletion

[PATCH v3 17/19] multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size

f the amount of extra memory that follows it. Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/multiboot_mbi.c | 4 +++- grub-core/loader/multiboot.c | 3 ++- grub-core/loader/multiboot_mbi2.c | 6 -- include/grub/multiboot.h | 2 +- include/grub/multibo

[PATCH v3 09/19] i386/txt: Add Intel TXT definitions header file

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- include/grub/i386/txt.h | 673 1 file changed, 673 insertions(+) create mode 100644 include/grub/i386/txt.h diff --git a/include/grub

[PATCH v3 04/19] commands/tpm: Rename tpm module to tpm_verifier

From: Aleksandr Burmashev This avoids naming collision with TPM TIS and CRB driver introduced by subsequent patch and characterizes the functionality of the module better. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- docs/grub.texi| 21 +++--- grub-core

[PATCH v3 08/19] slaunch: Add SLR table setup support module

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/loader/slaunch/slrt.c | 285 1 file changed, 285 insertions(+) create mode 100644 grub-core/loader/slaunch/slrt.c diff --git a/grub-core/loader/slaunch/slrt.c b

[PATCH v3 02/19] i386: Add CRx, MMIO, MSR and extend CPUID definitions

: Daniel Kiper Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk Reviewed-by: Alec Brown --- include/grub/i386/cpuid.h | 13 +++ include/grub/i386/crfr.h | 190 ++ include/grub/i386/mmio.h | 74 +++ include/grub/i386/msr.h | 61

[PATCH v3 07/19] slaunch: Add main Secure Launch definitions header

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.am | 3 ++ include/grub/slaunch.h | 96 ++ 2 files changed, 99 insertions(+) create mode 100644 include/grub/slaunch.h diff --git a/grub-core

[PATCH v3 19/19] multiboot2: Support TXT Secure Launch

Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/multiboot.c | 11 +++ grub-core/loader/multiboot_elfxx.c | 90 +++- grub-core/loader/multiboot_mbi2.c | 132 + grub-core/loader/slaunch/dlstub.c | 2 +- include

[PATCH v3 03/19] efi/tpm: Replace tpm command

From: Ross Philipson Replace UEFI tpm measuring command with TPM logging function, allowing the removal of the tpm command file. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.core.def | 1 - grub-core/commands/efi/tpm.c | 2 +- grub-core/commands

[PATCH v3 00/19] x86: Trenchboot Secure Launch DRTM for Intel TXT (GRUB)

odule efi: Add Secure Launch support for efi/linux boot through EFI stub Sergii Dmytruk (2): multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size slaunch: Introduce a hook for filling SLRT policy docs/grub.texi | 32 +- grub-core/M

[PATCH v3 15/19] efi: Add Secure Launch support for efi/linux boot through EFI stub

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- grub-core/Makefile.core.def | 1 + grub-core/loader/efi/linux.c | 16 ++ grub-core/loader/slaunch/x86_efi_linux.c | 212 +++ include/grub/slaunch.h

[PATCH v3 01/19] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()

From: Daniel Kiper The functions find the lowest and highest values with regard to the passed in limit. Passing a low limit of 0 or a high limit of ~0 calculates lowest and highest available RAM addresses respectively. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by

[PATCH v2 01/19] i386/memory: Define GRUB_PAGE_MASK and GRUB_PAGE_{UP, DOWN} macros

From: Krystian Hebel GRUB_PAGE_MASK is intentionally signed to make use of sign extension. Subsequent patches will use them. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson --- include/grub/i386/memory.h | 5 + 1 file changed, 5 insertions

[PATCH v2 14/19] multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size

GRUB_MULTIBOOT(get_mbi_size) returns an upper bound on MBI's size instead of the actual size. It could also be used for measurements after zeroing unused parts of the buffer, but using an actual size seems like a better option as the same MBI will always have the same hash. Signed-off-by: S

[PATCH] loader/i386/linux.c: Fix cleanup if kernel doesn't support 64-bit addressing

Simply returning from `grub_cmd_linux()` doesn't free `file` resource nor calls `grub_dl_ref(my_mod)`. Jump to `fail` label for proper cleanup like other error checks do. Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/linux.c | 8 +--- 1 file changed, 5 insertions(+), 3 dele

[PATCH v2 12/19] i386/txt: Initialize TPM 1.2 event log in TXT heap

From: Michał Żygowski This extends the code to support TPM 1.2 in addition to already available TPM 2.0. Signed-off-by: Michał Żygowski Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/txt/txt.c | 62 +++-- include/grub/i386

[PATCH v2 03/19] i386: Add CRx, MMIO, MSR and extend CPUID definitions

check error reporting status) - EFER (LME, LMA, SVEM (AMD-V)) - AMD: SVM control CPUID: - flags for availability of vendor, features - Intel: VMX, SMX - AMD: SVM Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk Reviewed

[PATCH v2 18/19] multiboot2: Support AMD SKINIT

From: Krystian Hebel Hook up this platform in all the places which previously were specific to Intel TXT. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/multiboot.c | 11 +-- grub-core/loader/multiboot_elfxx.c | 22 ++--- grub-core/loader

[PATCH v2 00/19] i386: Intel TXT and AMD SKINIT secure launcher

ecure launch framework and commands i386/linux: Add support for AMD SKINIT Sergii Dmytruk (1): multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size docs/grub.texi | 32 +- grub-core/Makefile.am|6 + grub-core/Makefil

[PATCH v2 15/19] multiboot2: Implement TXT slaunch support

-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/multiboot.c | 23 ++- grub-core/loader/multiboot_elfxx.c | 88 ++- grub-core/loader/multiboot_mbi2.c | 96 ++ include/grub/multiboot2.h | 2 + 4 files

[PATCH v2 19/19] i386/linux: Add support for AMD SKINIT

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/linux.c | 57 --- 1 file changed, 40 insertions(+), 17 deletions(-) diff --git a/grub-core/loader/i386/linux.c b/grub-core

[PATCH v2 02/19] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()

From: Daniel Kiper The functions find the lowest and highest values with regard to the passed in limit. Passing a low limit of 0 or a high limit of ~0 calculates lowest and highest available RAM addresses respectively. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by

[PATCH v2 17/19] i386/slaunch: Add support for AMD SKINIT

From: Krystian Hebel Extend slaunch command to work on AMD CPUs and validate input binary to reject obviously incorrect ones. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/lib/i386/relocator32.S | 6 grub-core/loader/i386/skinit.c | 58

[PATCH v2 04/19] i386/tpm: Rename tpm module to tpm_verifier

From: Daniel Kiper This avoids naming collision with TPM TIS and CRB driver introduced by subsequent patch and characterizes the functionality of the module better. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- docs/grub.texi | 21

[PATCH v4 0/6] i386: memory/MSR/CR code updates

Hi, These are generally useful x86-related changes which were originally posted as part of DRTM patchset [0]. The changes can also be viewed on GitHub [1]. Best regards, Sergii Changes in v2: - updated commit messages - added missing Signed-off-by Changes in v3: - patches 1-3: added reviewe

[PATCH v4 6/6] i386/memory: Define GRUB_PAGE_MASK and GRUB_PAGE_{UP, DOWN} macros

From: Krystian Hebel GRUB_PAGE_MASK is intentionally signed to make use of sign extension. Subsequent patches will use them. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson --- include/grub/i386/memory.h | 5 + 1 file changed, 5 insertions

[PATCH v4 2/6] i386/msr: Rename grub_msr_read() and grub_msr_write()

From: Daniel Kiper Use more obvious names which match corresponding instructions: * grub_msr_read() => grub_rdmsr() * grub_msr_write() => grub_wrmsr() Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson Reviewed-by: Daniel Kiper --- grub-core/co

[PATCH v4 1/6] i386/msr: Merge rdmsr.h and wrmsr.h into msr.h

From: Daniel Kiper It does not make sense to have separate headers for individual static functions. So, make one common place to store them. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson Reviewed-by: Daniel Kiper --- grub-core/commands/i386/rdmsr.c

[PATCH v4 4/6] i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT

From: Daniel Kiper This fixes naming inconsistency that goes against coding style as well as helps to avoid potential conflicts and confusion as this constant is used in multiple places. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson Reviewed-by: Daniel

[PATCH v4 3/6] i386/msr: Extract and improve MSR support detection code

, use GRUB_ERR_BAD_DEVICE instead of GRUB_ERR_BUG to signal an error because errors encountered by this new routine are not bugs. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson Reviewed-by: Daniel Kiper --- grub-core/commands/i386/rdmsr.c | 21

[PATCH v4 5/6] i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global

From: Daniel Kiper This is an x86-specific thing and should be available globally. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson Reviewed-by: Daniel Kiper --- grub-core/loader/i386/xen.c | 35 +-- include/grub/i386

Re: [PATCH v3 8/8] i386: Add CRx, MMIO, MSR and extend CPUID definitions

Ping. 7 other patches of this series already have Reviewed-by. Best regards, Sergii On Sun, Sep 22, 2024 at 08:17:54PM +0300, Sergii Dmytruk wrote: > From: Ross Philipson > > Control registers and flags: > - CR0 read/write and flags (PE, MP, EM, TS, PG, NE, WP, AM, NW, CD) > -

[PATCH v3 6/8] i386/memory: Define GRUB_PAGE_MASK and GRUB_PAGE_{UP, DOWN} macros

From: Krystian Hebel GRUB_PAGE_MASK is intentionally signed to make use of sign extension. Subsequent patches will use them. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- include/grub/i386/memory.h | 5 + 1 file changed, 5 insertions(+) diff --git a/include/grub/i386

[PATCH v3 3/8] i386/msr: Extract and improve MSR support detection code

, use GRUB_ERR_BAD_DEVICE instead of GRUB_ERR_BUG to signal an error because errors encountered by this new routine are not bugs. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson --- grub-core/commands/i386/rdmsr.c | 21 + grub-core

[PATCH v3 4/8] i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT

From: Daniel Kiper This fixes naming inconsistency that goes against coding style as well as helps to avoid potential conflicts and confusion. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/lib/i386/xen/relocator.S | 6 +++--- grub-core/lib/x86_64/xen/relocator.S

[PATCH v3 1/8] i386/msr: Merge rdmsr.h and wrmsr.h into msr.h

From: Daniel Kiper It does not make sense to have separate headers for individual static functions. Additionally, we have to add some constants with MSR addresses in subsequent patches. So, make one common place to store them. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed

[PATCH v3 2/8] i386/msr: Rename grub_msr_read() and grub_msr_write()

From: Daniel Kiper Use more obvious names which match corresponding instructions: * grub_msr_read() => grub_rdmsr() * grub_msr_write() => grub_wrmsr() Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk Reviewed-by: Ross Philipson --- grub-core/commands/i386/rdmsr.c | 2 +-

[PATCH v3 5/8] i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global

From: Daniel Kiper Subsequent patches will use that constant. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/xen.c | 35 +-- include/grub/i386/memory.h | 1 + 2 files changed, 18 insertions(+), 18 deletions(-) diff --git

[PATCH v3 7/8] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()

From: Daniel Kiper The functions find the lowest and highest values with regard to the passed in limit. Passing a low limit of 0 or a high limit of ~0 calculates lowest and highest available RAM addresses respectively. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core

[PATCH v3 8/8] i386: Add CRx, MMIO, MSR and extend CPUID definitions

check error reporting status) - EFER (LME, LMA, SVEM (AMD-V)) - AMD: SVM control CPUID: - flags for availability of vendor, features - Intel: VMX, SMX - AMD: SVM Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk

[PATCH v3 0/8] i386: memory/MSR/CR code updates

Hi, These are generally useful x86-related changes which were originally posted as part of DRTM patchset [0]. The changes can also be viewed on GitHub [1]. Best regards, Sergii Changes in v2: - updated commit messages - added missing Signed-off-by Changes in v3: - patch 6: updated commit me

Re: [PATCH v2 6/8] i386/memory: Define GRUB_PAGE_MASK constant and GRUB_PAGE_{UP, DOWN} macros

On Fri, Sep 20, 2024 at 02:40:22PM +0100, Frediano Ziglio via Grub-devel wrote: > On Thu, Sep 19, 2024 at 11:03 PM Sergii Dmytruk > wrote: > > > > From: Krystian Hebel > > > > Subsequent patches will use those macros and constant. > > > > Minor, but &quo

Re: [PATCH 07/24] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()

Sent 0-7 and part of 11 separately taking all the comments into account: https://lists.gnu.org/archive/html/grub-devel/2024-09/msg00194.html Regards, Sergii On Tue, Sep 17, 2024 at 11:06:51AM -0700, Ross Philipson via Grub-devel wrote: > On 8/26/24 5:44 AM, Sergii Dmytruk wrote: >

[PATCH v2 7/8] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()

From: Daniel Kiper The functions calculate lowest and highest available RAM addresses respectively. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/mmap/mmap.c | 83 +++ include/grub/memory.h | 3 ++ 2 files changed, 86

[PATCH v2 4/8] i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT

From: Daniel Kiper This fixes naming inconsistency that goes against coding style as well as helps to avoid potential conflicts and confusion. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/lib/i386/xen/relocator.S | 6 +++--- grub-core/lib/x86_64/xen/relocator.S

[PATCH v2 8/8] i386: Add CRx, MMIO, MSR and extend CPUID definitions

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- include/grub/i386/cpuid.h | 11 include/grub/i386/crfr.h | 127 ++ include/grub/i386/mmio.h | 72

[PATCH v2 5/8] i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global

From: Daniel Kiper Subsequent patches will use that constant. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/xen.c | 35 +-- include/grub/i386/memory.h | 1 + 2 files changed, 18 insertions(+), 18 deletions(-) diff --git

[PATCH v2 1/8] i386/msr: Merge rdmsr.h and wrmsr.h into msr.h

From: Daniel Kiper It does not make sense to have separate headers for individual static functions. Additionally, we have to add some constants with MSR addresses in subsequent patches. So, make one common place to store them. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk

[PATCH v2 0/8] i386: memory/MSR/CR code updates

Hi, These are generally useful x86-related changes which were originally posted as part of DRTM patchset [0]. This version took comments there into account, hence v2. The changes can also be viewed on GitHub [1]. Best regards, Sergii [0]: https://lists.gnu.org/archive/html/grub-devel/2024-08/m

[PATCH v2 6/8] i386/memory: Define GRUB_PAGE_MASK constant and GRUB_PAGE_{UP, DOWN} macros

From: Krystian Hebel Subsequent patches will use those macros and constant. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- include/grub/i386/memory.h | 5 + 1 file changed, 5 insertions(+) diff --git a/include/grub/i386/memory.h b/include/grub/i386/memory.h index

[PATCH v2 2/8] i386/msr: Rename grub_msr_read() and grub_msr_write()

From: Daniel Kiper Use more obvious names which match corresponding instructions: * grub_msr_read() => grub_rdmsr() * grub_msr_write() => grub_wrmsr() Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/commands/i386/rdmsr.c | 2 +- grub-core/commands/i386/wrmsr

[PATCH v2 3/8] i386/msr: Extract and improve MSR support detection code

, use GRUB_ERR_BAD_DEVICE instead of GRUB_ERR_BUG to signal an error because errors encountered by this new routine are not bugs. Signed-off-by: Daniel Kiper Signed-off-by: Sergii Dmytruk --- grub-core/commands/i386/rdmsr.c | 21 + grub-core/commands/i386/wrmsr.c | 21

Re: [PATCH 00/24] i386: Intel TXT and AMD SKINIT secure launcher

Ping. Tip of the day: patches 01-07 and 18 are no-brainers. Initial submission with all the patches can be seen in the archive at https://lists.gnu.org/archive/html/grub-devel/2024-08/msg00088.html On Mon, Aug 26, 2024 at 03:44:10PM +0300, Sergii Dmytruk wrote: > Hello, > > [

[PATCH 19/24] multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size

GRUB_MULTIBOOT(get_mbi_size) doesn't look like an accurate source of the final size, more like a minimal memory buffer size. Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/multiboot_mbi.c | 4 +++- grub-core/loader/multiboot.c | 3 ++- grub-core/loader/multiboot_mbi2.c

[PATCH 13/24] i386/txt: Add Intel TXT core implementation

From: Ross Philipson Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Michał Żygowski Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- grub-core/loader/i386/txt/txt.c | 1052 +++ include/grub/i386/slaunch.h | 14 +- 2

  1   2   >