Re: [PATCH v3 05/22] x86/boot/slaunch-early: early TXT checks and boot data retrieval

On Tue, Jul 08, 2025 at 06:00:13PM +0200, Jan Beulich wrote: > > +static inline int is_in_pmr(const struct txt_os_sinit_data *os_sinit, > > +uint64_t base, uint32_t size, int check_high) > > +{ > > +/* Check for size overflow. */ > > +if ( base + size < base ) >

Re: [PATCH v3 04/22] x86/boot/slaunch-early: implement early initialization

On Thu, Jul 03, 2025 at 12:50:39PM +0200, Jan Beulich wrote: > As indicated in reply to patch 3 - imo all code additions here want to be > under some CONFIG_xyz. I repeat this here, but I don't think I'll repeat it > any further. I'll add one. In case this is problematic for some reason I want to

Re: [PATCH v3 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions

On Mon, Jul 14, 2025 at 09:33:09AM +0200, Jan Beulich wrote: > On 13.07.2025 19:29, Sergii Dmytruk wrote: > > On Tue, Jul 08, 2025 at 08:52:36AM +0200, Jan Beulich wrote: > >> On 07.07.2025 19:31, Sergii Dmytruk wrote: > >>> On Mon, Jul 07, 2025 at 10:29

Re: [PATCH v3 03/22] x86/boot: add MLE header and Secure Launch entry point

On Tue, Jul 08, 2025 at 09:02:55AM +0200, Jan Beulich wrote: > >>> +.long 0x00020002 /* MLE version 2.2 */ > >>> +.long (slaunch_stub_entry - start) /* Linear entry point of > >>> MLE (SINIT virt. address) */ > >>> +.long 0x /* First valid page of MLE */ >

Re: [PATCH v3 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions

On Tue, Jul 08, 2025 at 08:52:36AM +0200, Jan Beulich wrote: > On 07.07.2025 19:31, Sergii Dmytruk wrote: > > On Mon, Jul 07, 2025 at 10:29:46AM +0200, Jan Beulich wrote: > >>>> ... then isn't used right here, instead requiring a cast somewhere > >>>>

Re: [PATCH v3 03/22] x86/boot: add MLE header and Secure Launch entry point

On Thu, Jul 03, 2025 at 12:25:27PM +0200, Jan Beulich wrote: > On 30.05.2025 15:17, Sergii Dmytruk wrote: > > From: Kacper Stojek > > > > Signed-off-by: Kacper Stojek > > Signed-off-by: Krystian Hebel > > Signed-off-by: Sergii Dmytruk > > Such a change

Re: [PATCH v3 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions

On Mon, Jul 07, 2025 at 10:29:46AM +0200, Jan Beulich wrote: > >> Btw, please don't forget to Cc maintainers of code you're changing / > >> adding. > > > > What do you mean? I'm running add_maintainers.pl on the patches. > > The Cc: list had none of the REST maintainers. (Whether there's a bug in

Re: [PATCH v3 08/22] x86/slaunch: restore boot MTRRs after Intel TXT DRTM

On Wed, Jul 02, 2025 at 05:11:26PM +0200, Jan Beulich wrote: > On 30.05.2025 15:17, Sergii Dmytruk wrote: > > @@ -442,6 +444,9 @@ static uint64_t __init mtrr_top_of_ram(void) > > ASSERT(paddr_bits); > > addr_mask = ((1ULL << paddr_bits) - 1) & PAGE_MASK; &

Re: [PATCH v3 07/22] x86/mtrr: expose functions for pausing caching

On Wed, Jul 02, 2025 at 04:57:12PM +0200, Jan Beulich wrote: > > @@ -440,9 +436,10 @@ static DEFINE_SPINLOCK(set_atomicity_lock); > > * has been called. > > */ > > > > -static bool prepare_set(void) > > +struct mtrr_pausing_state mtrr_pause_caching(void) > > These becoming non-static without be

Re: [PATCH v3 12/22] x86/hvm: check for VMX in SMX if Slaunch is active

On Wed, Jul 02, 2025 at 04:50:05PM +0200, Jan Beulich wrote: > On 30.05.2025 15:17, Sergii Dmytruk wrote: > > From: Michał Żygowski > > > > Check whther IA32_FEATURE_CONTROL has the proper bits enabled to run > > VMX in SMX when slaunch is active. > > > > Si

Re: [PATCH v3 17/22] x86/acpi: disallow S3 on Secure Launch boot

On Wed, Jul 02, 2025 at 04:48:38PM +0200, Jan Beulich wrote: > On 30.05.2025 15:17, Sergii Dmytruk wrote: > > @@ -356,6 +357,13 @@ int acpi_enter_sleep(const struct > > xenpf_enter_acpi_sleep *sleep) > > PAGE_SIZE - acpi_sinfo.vector_width / 8)) ) > >

Re: [PATCH v3 09/22] xen/lib: add implementation of SHA-1

On Wed, Jul 02, 2025 at 04:45:44PM +0200, Jan Beulich wrote: > On 30.05.2025 15:17, Sergii Dmytruk wrote: > > +static void sha1_init(struct sha1_state *sctx) > > +{ > > +sctx->state[0] = 0x67452301UL; > > +sctx->state[1] = 0xefcdab89UL; > > +sctx-

Re: [PATCH v3 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions

On Wed, Jul 02, 2025 at 04:36:27PM +0200, Jan Beulich wrote: > On 30.05.2025 15:17, Sergii Dmytruk wrote: > > The file provides constants, structures and several helper functions for > > parsing SLRT. > > > > The data described by the structures is passed to Xen by a boo

Re: [PATCH v3 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Thu, Jul 03, 2025 at 12:27:04PM +0200, Jan Beulich wrote: > On 30.05.2025 15:17, Sergii Dmytruk wrote: > > +#define SLAUNCH_BOOTLOADER_MAGIC 0x4c534254 > > Seeing how this is used in patch 3 - why does this live here? > According to the use there it's somethi

Re: [PATCH v3 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Wed, Jul 02, 2025 at 04:29:18PM +0200, Jan Beulich wrote: > Btw, a brief rev log would be nice here. I saw you have something in the > cover letter, but having to look in two places isn't very helpful. I don't really know how to effectively maintain 23 logs at the same time given that changing

Re: [PATCH v3 10/22] x86/tpm.c: code for early hashing and extending PCRs (for TPM1.2)

On Thu, Jun 05, 2025 at 10:43:10AM -0700, ross.philip...@oracle.com wrote: > > +static void send_cmd(unsigned loc, uint8_t *buf, unsigned i_size, > > + unsigned *o_size) > > +{ > > +/* > > + * Value of "data available" bit counts only when "valid" field is set > > as >

Re: [PATCH v3 08/22] x86/slaunch: restore boot MTRRs after Intel TXT DRTM

On Tue, Jun 03, 2025 at 12:43:30PM -0700, ross.philip...@oracle.com wrote: > On 5/30/25 6:17 AM, Sergii Dmytruk wrote: > > From: Krystian Hebel > > > > In preparation for TXT SENTER call, GRUB had to modify MTRR settings > > to be UC for everything except SINIT A

Re: [PATCH v3 04/22] x86/boot/slaunch-early: implement early initialization

On Thu, Jun 12, 2025 at 10:02:33AM +0200, Jan Beulich wrote: > On 12.06.2025 00:14, Sergii Dmytruk wrote: > > On Tue, Jun 03, 2025 at 09:17:29AM -0700, ross.philip...@oracle.com wrote: > >>> +static inline void *txt_init(void) > >>> +{ > >>> +void *

Re: [PATCH v3 04/22] x86/boot/slaunch-early: implement early initialization

On Thu, Jun 12, 2025 at 09:30:55AM -0700, ross.philip...@oracle.com wrote: > On 6/11/25 3:14 PM, Sergii Dmytruk wrote: > > On Tue, Jun 03, 2025 at 09:17:29AM -0700, ross.philip...@oracle.com wrote: > > > > +void asmlinkage slaunch_early_init(ui

Re: [PATCH v3 05/22] x86/boot/slaunch-early: early TXT checks and boot data retrieval

be validated early > > as it is used immediately after these tests to hold MBI measurements. > > See larger comment in txt_verify_pmr_ranges(). > > > > Signed-off-by: Krystian Hebel > > Signed-off-by: Sergii Dmytruk > > --- > > +static inline int is_in_pmr(co

Re: [PATCH v3 04/22] x86/boot/slaunch-early: implement early initialization

On Tue, Jun 03, 2025 at 09:17:29AM -0700, ross.philip...@oracle.com wrote: > > +void asmlinkage slaunch_early_init(uint32_t load_base_addr, > > + uint32_t tgt_base_addr, > > + uint32_t tgt_end_addr, > > +

Re: [PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Tue, Jun 03, 2025 at 10:52:09AM +0200, Jan Beulich wrote: > On 03.06.2025 10:50, Sergii Dmytruk wrote: > > On Tue, Jun 03, 2025 at 09:06:53AM +0200, Jan Beulich wrote: > >> On 03.06.2025 00:00, Sergii Dmytruk wrote: > >>> On Mon, Jun 02, 2025 at 09:17:37AM +0200

Re: [PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Tue, Jun 03, 2025 at 09:06:53AM +0200, Jan Beulich wrote: > On 03.06.2025 00:00, Sergii Dmytruk wrote: > > On Mon, Jun 02, 2025 at 09:17:37AM +0200, Jan Beulich wrote: > >> On 23.05.2025 21:51, Sergii Dmytruk wrote: > >>> On Wed, May 21, 2025 at 05:19

Re: [PATCH v2 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions

On Mon, Jun 02, 2025 at 09:31:11AM +0200, Jan Beulich wrote: > >>> +#define UEFI_SLR_TABLE_GUID \ > >>> +{ 0x877a9b2aU, 0x0385, 0x45d1, { 0xa0, 0x34, 0x9d, 0xac, 0x9c, 0x9e, > >>> 0x56, 0x5f } } > >> > >> I'm not sure this is a good place to put UEFI GUIDs. Considering e.g ... > > > > It's her

Re: [PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Mon, Jun 02, 2025 at 09:17:37AM +0200, Jan Beulich wrote: > On 23.05.2025 21:51, Sergii Dmytruk wrote: > > On Wed, May 21, 2025 at 05:19:57PM +0200, Jan Beulich wrote: > >>> +/* > >>> + * Secure Launch defined OS/MLE TXT Heap table > >>> + */ > &

[PATCH v3 08/22] x86/slaunch: restore boot MTRRs after Intel TXT DRTM

From: Krystian Hebel In preparation for TXT SENTER call, GRUB had to modify MTRR settings to be UC for everything except SINIT ACM. Old values are restored from SLRT where they were saved by the bootloader. Signed-off-by: Krystian Hebel Signed-off-by: Michał Żygowski Signed-off-by: Sergii

[PATCH v3 12/22] x86/hvm: check for VMX in SMX if Slaunch is active

From: Michał Żygowski Check whther IA32_FEATURE_CONTROL has the proper bits enabled to run VMX in SMX when slaunch is active. Signed-off-by: Michał Żygowski --- xen/arch/x86/hvm/vmx/vmcs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/a

[PATCH v3 00/22] x86: Trenchboot Secure Launch DRTM (Xen)

AP bringup Michał Żygowski (2): x86/hvm: check for VMX in SMX if Slaunch is active x86/cpu: report SMX, TXT and SKINIT capabilities Sergii Dmytruk (11): include/xen/slr-table.h: Secure Launch Resource Table definitions x86/boot/slaunch-early: implement early initialization x86/mtrr: expose

[PATCH v3 15/22] x86/smpboot.c: TXT AP bringup

when in start_secondary() in C they re-enter MONITOR/MWAIT iff they are not the AP that was asked to boot. The same address is reused for simplicity, and on next wakeup call APs don't have to go through assembly part again (GDT, paging, stack setting). Signed-off-by: Krystian Hebel Signed-off-by: S

[PATCH v3 10/22] x86/tpm.c: code for early hashing and extending PCRs (for TPM1.2)

take multiple minutes. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile | 1 + xen/arch/x86/boot/Makefile | 7 +- xen/arch/x86/boot/head.S | 3 + xen/arch/x86/include/asm/slaunch.h | 14 + xen/arch/x86/include/asm/tpm.h

[PATCH v3 18/22] x86/boot/slaunch-early: find MBI and SLRT on AMD

Use slr_entry_amd_info::boot_params_base on AMD with SKINIT to get MBI location. Another thing of interest is the location of SLRT which is bootloader's data after SKL. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/head.S

[PATCH v3 20/22] x86/slaunch: support EFI boot

ld execute as the next step without DRTM. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- .gitignore| 1 + .../eclair_analysis/ECLAIR/out_of_scope.ecl | 1 + docs/hypervisor-guide/x86/how-xen-boots.rst | 10 +- xen/arch/x8

[PATCH v3 04/22] x86/boot/slaunch-early: implement early initialization

Make head.S invoke a C function to retrieve MBI and SLRT addresses in a platform-specific way. This is also the place to perform sanity checks of DRTM. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile| 1 + xen/arch/x86/boot/Makefile

[PATCH v3 07/22] x86/mtrr: expose functions for pausing caching

This allows the functionality to be reused by other units that need to update MTRRs. This also gets rid of a static variable. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/cpu/mtrr/generic.c | 51 - xen/arch/x86/include/asm/mtrr.h | 8 ++ 2 files changed

[PATCH v3 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

change in tboot_protect_mem_regions() there is caused by going from NR_TXT_CONFIG_PAGES to TXT_CONFIG_SPACE_SIZE which avoids multiplying number of pages by page size on every use. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/intel-txt.h | 297

[PATCH v3 19/22] x86/slaunch: support AMD SKINIT

stored inside of vendor data field within TCG header) Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/e820.c| 2 +- xen/arch/x86/slaunch.c | 90 ++ xen/arch/x86/tpm.c | 68 ++- 3 files

[PATCH v3 17/22] x86/acpi: disallow S3 on Secure Launch boot

Secure Launch won't initiate DRTM on S3 resume (the code for starting DRTM is not part of Xen), so abort a request to perform S3 suspend to not lose the state of DRTM PCRs. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/acpi/power.c | 8 1 file changed, 8 insertions(+) diff --

[PATCH v3 22/22] MAINTAINERS: add a section for TrenchBoot Slaunch

Signed-off-by: Sergii Dmytruk --- MAINTAINERS | 15 +++ 1 file changed, 15 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index c11b82eca9..5b1e67401a 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -542,6 +542,21 @@ F: */configure F: */*.ac F: tools/ +TRENCHBOOT

[PATCH v3 16/22] x86/slaunch: process DRTM policy

bootloader, firmware or user doing something differently or just if GRUB gets bigger in size due to inclusion of more modules and ends up offsetting newly allocated memory. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/slaunch.h | 14 ++ xen/arch/x86

[PATCH v3 13/22] x86/tpm.c: implement event log for TPM2.0

Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/intel-txt.h | 33 ++ xen/arch/x86/tpm.c | 169 ++- 2 files changed, 175 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/asm/intel

[PATCH v3 21/22] x86/cpu: report SMX, TXT and SKINIT capabilities

From: Michał Żygowski Report TXT capabilities so that dom0 can query the Intel TXT or AMD SKINIT support information using xl dmesg. Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- xen/arch/x86/cpu/amd.c | 16 ++ xen/arch/x86/cpu/cpu.h

[PATCH v3 09/22] xen/lib: add implementation of SHA-1

://github.com/torvalds/linux/tree/afdab700f65e14070d8ab92175544b1c62b8bf03 Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/include/xen/sha1.h | 14 +++ xen/lib/Makefile | 1 + xen/lib/sha1.c | 190 + 3 files changed, 205

[PATCH v3 11/22] x86/tpm.c: support extending PCRs of TPM2.0

SHA1 and SHA256 are hard-coded here, but their support by the TPM is checked. Addition of event log for TPM2.0 will generalize the code further. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/tpm.c | 464 +++-- 1 file changed, 452 insertions(+), 12

[PATCH v3 06/22] xen/arch/x86: reserve TXT memory during Slaunch

From: Kacper Stojek TXT heap, SINIT and TXT private space are marked as reserved or unused in e820 to protect from unintended uses. Signed-off-by: Kacper Stojek Signed-off-by: Krystian Hebel Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile

[PATCH v3 14/22] x86/boot: choose AP stack based on APIC ID

them) required to start all logical processors. This results in significant reduction of boot time, even when DRTM is not used, with performance gain growing with the number of logical CPUs. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/head.S | 1

[PATCH v3 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions

The file provides constants, structures and several helper functions for parsing SLRT. The data described by the structures is passed to Xen by a bootloader which initiated DRTM. Signed-off-by: Daniel P. Smith Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- xen/include/xen

[PATCH v3 05/22] x86/boot/slaunch-early: early TXT checks and boot data retrieval

Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/slaunch-early.c| 6 ++ xen/arch/x86/include/asm/intel-txt.h | 112 +++ 2 files changed, 118 insertions(+) diff --git a/xen/arch/x86/boot/slaunch-early.c b/xen/arch/x86/boot/slaunch-early.c index c9d364bcd5

[PATCH v3 03/22] x86/boot: add MLE header and Secure Launch entry point

From: Kacper Stojek Signed-off-by: Kacper Stojek Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- docs/hypervisor-guide/x86/how-xen-boots.rst | 5 ++ xen/arch/x86/boot/head.S| 53 + 2 files changed, 58 insertions(+) diff --git a/docs

Re: [PATCH v2 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions

On Wed, May 21, 2025 at 05:45:04PM +0200, Jan Beulich wrote: > > +/* SPDX-License-Identifier: GPL-2.0 */ > > GPL-2.0-only is, I think, the one to use for new code. Right. > > +/* > > + * Copyright (c) 2025 Apertus Solutions, LLC > > + * Copyright (c) 2025 Oracle and/or its affiliates. > > + *

Re: [PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Wed, May 21, 2025 at 05:19:57PM +0200, Jan Beulich wrote: > > +/* > > + * The same set of registers is exposed twice (with different permissions) > > and > > + * they are allocated continuously with page alignment. > > + */ > > +#define NR_TXT_CONFIG_SIZE \ > > +(TXT_PUB_CONFIG_REGS_BASE -

Re: [PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Sun, May 18, 2025 at 07:31:49PM -0400, Rich Persaud wrote: > If there's no stable URL for the TXT spec, can we mirror the relevant > doc(s) somewhere in the Xen docs tree? A trusted archive of the spec > for trusted execution. > > Rich By "unversioned link to Software Development Guide" I meant

Re: [PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

On Wed, May 14, 2025 at 03:55:51PM +0100, Andrew Cooper wrote: > Please have at least a one-liner introduction to what TXT is.  Is there > a stable URL for the TXT spec?  (I can't spot an obvious one, googling > around) In addition to a short definition I'll add: * https://www.intel.com/content/

Re: [PATCH v2 09/22] xen/lib: add implementation of SHA-1

On Sun, May 18, 2025 at 10:34:07AM +0200, Jan Beulich wrote: > On 17.05.2025 20:17, Sergii Dmytruk wrote: > > On Wed, May 14, 2025 at 05:58:59PM +0100, Andrew Cooper wrote: > >> Please crib from sha2.h as much as you can.  Use xen/types.h, drop the > >> double underscor

Re: [PATCH v2 09/22] xen/lib: add implementation of SHA-1

On Wed, May 14, 2025 at 05:58:59PM +0100, Andrew Cooper wrote: > Please crib from sha2.h as much as you can.  Use xen/types.h, drop the > double underscore in the guard, and provide a link to the spec. Until yesterday CODING_STYLE instructed to have 2 underscores, so I thought sha2.h is outdated.

Re: [PATCH v2 20/22] x86/slaunch: support EFI boot

On Wed, May 14, 2025 at 11:58:49AM -0400, Demi Marie Obenour wrote: > On 5/14/25 10:24 AM, Sergii Dmytruk wrote: > > On Tue, May 13, 2025 at 09:25:44PM -0400, Demi Marie Obenour wrote: > >> On 5/13/25 1:05 PM, Sergii Dmytruk wrote: > > That sentence in the commit message i

Re: [PATCH v2 20/22] x86/slaunch: support EFI boot

On Tue, May 13, 2025 at 09:25:44PM -0400, Demi Marie Obenour wrote: > On 5/13/25 1:05 PM, Sergii Dmytruk wrote: > > When running on an EFI-enabled system, Xen needs to have access to Boot > > Services in order to initialize itself properly and reach a state in > > which a do

[PATCH v2 06/22] xen/arch/x86: reserve TXT memory during Slaunch

From: Kacper Stojek TXT heap, SINIT and TXT private space are marked as reserved or unused in e820 to protect from unintended uses. Signed-off-by: Kacper Stojek Signed-off-by: Krystian Hebel Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile

[PATCH v2 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap

From: Krystian Hebel The file contains TXT register spaces base address, registers offsets, error codes and inline functions for accessing structures stored on TXT heap. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/intel-txt.h | 277

[PATCH v2 17/22] x86/acpi: disallow S3 on Secure Launch boot

Secure Launch won't initiate DRTM on S3 resume (the code for starting DRTM is not part of Xen), so abort a request to perform S3 suspend to not lose the state of DRTM PCRs. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/acpi/power.c | 8 1 file changed, 8 insertions(+) diff --

[PATCH v2 21/22] x86/cpu: report SMX, TXT and SKINIT capabilities

From: Michał Żygowski Report TXT capabilities so that dom0 can query the Intel TXT or AMD SKINIT support information using xl dmesg. Signed-off-by: Michał Żygowski Signed-off-by: Sergii Dmytruk --- xen/arch/x86/cpu/amd.c | 16 ++ xen/arch/x86/cpu/cpu.h

[PATCH v2 11/22] x86/tpm.c: support extending PCRs of TPM2.0

SHA1 and SHA256 are hard-coded here, but their support by the TPM is checked. Addition of event log for TPM2.0 will generalize the code further. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/tpm.c | 464 +++-- 1 file changed, 452 insertions(+), 12

[PATCH v2 07/22] x86/mtrr: expose functions for pausing caching

This allows the functionality to be reused by other units that need to update MTRRs. This also gets rid of a static variable. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/cpu/mtrr/generic.c | 51 - xen/arch/x86/include/asm/mtrr.h | 8 ++ 2 files changed

[PATCH v2 10/22] x86/tpm.c: code for early hashing and extending PCRs (for TPM1.2)

take multiple minutes. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile | 1 + xen/arch/x86/boot/Makefile | 7 +- xen/arch/x86/boot/head.S | 3 + xen/arch/x86/include/asm/slaunch.h | 14 + xen/arch/x86/include/asm/tpm.h

[PATCH v2 14/22] x86/boot: choose AP stack based on APIC ID

them) required to start all logical processors. This results in significant reduction of boot time, even when DRTM is not used, with performance gain growing with the number of logical CPUs. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/head.S | 1

[PATCH v2 20/22] x86/slaunch: support EFI boot

next step without DRTM. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- .gitignore| 1 + .../eclair_analysis/ECLAIR/out_of_scope.ecl | 1 + docs/hypervisor-guide/x86/how-xen-boots.rst | 10 +- xen/arch/x86/Makefile

[PATCH v2 08/22] x86/slaunch: restore boot MTRRs after Intel TXT DRTM

From: Krystian Hebel In preparation for TXT SENTER call, GRUB had to modify MTRR settings to be UC for everything except SINIT ACM. Old values are restored from SLRT where they were saved by the bootloader. Signed-off-by: Krystian Hebel Signed-off-by: Michał Żygowski Signed-off-by: Sergii

[PATCH v2 09/22] xen/lib: add implementation of SHA-1

/afdab700f65e14070d8ab92175544b1c62b8bf03 Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/include/xen/sha1.h | 12 +++ xen/lib/Makefile | 1 + xen/lib/sha1.c | 218 + 3 files changed, 231 insertions(+) create mode 100644 xen/include/xen

[PATCH v2 13/22] x86/tpm.c: implement event log for TPM2.0

Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/intel-txt.h | 33 ++ xen/arch/x86/tpm.c | 169 ++- 2 files changed, 175 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/include/asm/intel-txt.h b/xen/arch/x86/include/asm/intel

[PATCH v2 15/22] x86/smpboot.c: TXT AP bringup

when in start_secondary() in C they re-enter MONITOR/MWAIT iff they are not the AP that was asked to boot. The same address is reused for simplicity, and on next wakeup call APs don't have to go through assembly part again (GDT, paging, stack setting). Signed-off-by: Krystian Hebel Signed-off-by: S

[PATCH v2 12/22] x86/hvm: check for VMX in SMX if Slaunch is active

From: Michał Żygowski Check whther IA32_FEATURE_CONTROL has the proper bits enabled to run VMX in SMX when slaunch is active. Signed-off-by: Michał Żygowski --- xen/arch/x86/hvm/vmx/vmcs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/a

[PATCH v2 18/22] x86/boot/slaunch-early: find MBI and SLRT on AMD

Use slr_entry_amd_info::boot_params_base on AMD with SKINIT to get MBI location. Another thing of interest is the location of SLRT which is bootloader's data after SKL. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/head.S

[PATCH v2 16/22] x86/slaunch: process DRTM policy

bootloader, firmware or user doing something differently or just if GRUB gets bigger in size due to inclusion of more modules and ends up offsetting newly allocated memory. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/slaunch.h | 14 ++ xen/arch/x86

[PATCH v2 19/22] x86/slaunch: support AMD SKINIT

stored inside of vendor data field within TCG header) Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/e820.c| 2 +- xen/arch/x86/slaunch.c | 90 ++ xen/arch/x86/tpm.c | 68 ++- 3 files

[PATCH v2 22/22] MAINTAINERS: add a section for TrenchBoot Slaunch

Signed-off-by: Sergii Dmytruk --- MAINTAINERS | 15 +++ 1 file changed, 15 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index c11b82eca9..347b3bcbb0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -542,6 +542,21 @@ F: */configure F: */*.ac F: tools/ +TRENCHBOOT

[PATCH v2 05/22] x86/boot/slaunch-early: early TXT checks and boot data retrieval

Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/slaunch-early.c| 6 ++ xen/arch/x86/include/asm/intel-txt.h | 111 +++ 2 files changed, 117 insertions(+) diff --git a/xen/arch/x86/boot/slaunch-early.c b/xen/arch/x86/boot/slaunch-early.c index 48776ef559

[PATCH v2 03/22] x86/boot: add MLE header and Secure Launch entry point

From: Kacper Stojek Signed-off-by: Kacper Stojek Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- docs/hypervisor-guide/x86/how-xen-boots.rst | 5 ++ xen/arch/x86/boot/head.S| 53 + 2 files changed, 58 insertions(+) diff --git a/docs

[PATCH v2 04/22] x86/boot/slaunch-early: implement early initialization

Make head.S invoke a C function to retrieve MBI and SLRT addresses in a platform-specific way. This is also the place to perform sanity checks of DRTM. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile| 1 + xen/arch/x86/boot/Makefile

[PATCH v2 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions

The file provides constants, structures and several helper functions for parsing SLRT. Signed-off-by: Ross Philipson Signed-off-by: Sergii Dmytruk --- xen/include/xen/slr-table.h | 268 1 file changed, 268 insertions(+) create mode 100644 xen/include/xen

[PATCH v2 00/22] x86: Trenchboot Secure Launch DRTM (Xen)

TPM1.2) x86/boot: choose AP stack based on APIC ID x86/smpboot.c: TXT AP bringup Michał Żygowski (2): x86/hvm: check for VMX in SMX if Slaunch is active x86/cpu: report SMX, TXT and SKINIT capabilities Sergii Dmytruk (11): include/xen/slr-table.h: Secure Launch Resource Table definitions

Re: [PATCH 00/21] x86: Trenchboot Secure Launch DRTM (Xen)

On Thu, Apr 24, 2025 at 07:51:21PM +0100, Andrew Cooper wrote: > On 24/04/2025 7:47 pm, Sergii Dmytruk wrote: > >> Alignment that large is unexpected, and I suspect we want to fix it.  Is > >> it pre-existing, or something introduced by your series? > >> > >&g

Re: [PATCH 00/21] x86: Trenchboot Secure Launch DRTM (Xen)

On Wed, Apr 23, 2025 at 11:43:15PM +0100, Andrew Cooper wrote: > On 23/04/2025 7:45 pm, Sergii Dmytruk wrote: > > On Wed, Apr 23, 2025 at 02:38:37PM +0100, Andrew Cooper wrote: > >> On 22/04/2025 6:14 pm, Andrew Cooper wrote: > >>> I've stripped out the sha2 pat

Re: [PATCH 00/21] x86: Trenchboot Secure Launch DRTM (Xen)

On Thu, Apr 24, 2025 at 12:54:41PM +0200, Nicola Vetrini wrote: > > On 4/23/25 23:53, Sergii Dmytruk wrote: > > On Wed, Apr 23, 2025 at 10:11:35PM +0200, Nicola Vetrini wrote: > > > On 2025-04-23 20:45, Sergii Dmytruk wrote: > > > > On Wed, Apr 23, 2025 at 02:3

Re: [PATCH 00/21] x86: Trenchboot Secure Launch DRTM (Xen)

On Wed, Apr 23, 2025 at 10:11:35PM +0200, Nicola Vetrini wrote: > On 2025-04-23 20:45, Sergii Dmytruk wrote: > > On Wed, Apr 23, 2025 at 02:38:37PM +0100, Andrew Cooper wrote: > > > On 22/04/2025 6:14 pm, Andrew Cooper wrote: > > > > I've stripped out the

Re: [PATCH 00/21] x86: Trenchboot Secure Launch DRTM (Xen)

On Wed, Apr 23, 2025 at 02:38:37PM +0100, Andrew Cooper wrote: > On 22/04/2025 6:14 pm, Andrew Cooper wrote: > > I've stripped out the sha2 patch and fixed up to use the existing sha2, > > then kicked off some CI testing: > > > > https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/17802

Re: [PATCH 02/21] include/xen/slr_table.h: Secure Launch Resource Table definitions

On Tue, Apr 22, 2025 at 01:46:14PM -0700, ross.philip...@oracle.com wrote: > > + > > +/* > > + * ARM DRTM Info table > > + */ > > +struct slr_entry_arm_info > > +{ > > +struct slr_entry_hdr hdr; > > +} __packed; > > You can probably ditch this for now. Right, it has no value at this point. >

Re: [PATCH 02/21] include/xen/slr_table.h: Secure Launch Resource Table definitions

On Tue, Apr 22, 2025 at 09:23:02PM +0100, Andrew Cooper wrote: > On 22/04/2025 4:06 pm, Sergii Dmytruk wrote: > > diff --git a/xen/include/xen/slr_table.h b/xen/include/xen/slr_table.h > > new file mode 100644 > > index 00..e9dbac5d0a > > --- /dev/null > >

Re: [PATCH 10/21] lib/sha256.c: add file

On Tue, Apr 22, 2025 at 04:37:10PM +0100, Andrew Cooper wrote: > On 22/04/2025 4:06 pm, Sergii Dmytruk wrote: > > xen/include/xen/sha256.h | 12 ++ > > xen/lib/Makefile | 1 + > > xen/lib/sha256.c | 238 +++ >

Re: [PATCH 09/21] lib/sha1.c: add file

On Tue, Apr 22, 2025 at 05:36:22PM +0200, Jan Beulich wrote: > On 22.04.2025 17:06, Sergii Dmytruk wrote: > > From: Krystian Hebel > > > > The code comes from [1] and is licensed under GPL-2.0 license. > > It's a combination of: > > - include/crypto/sh

Re: [PATCH 00/21] x86: Trenchboot Secure Launch DRTM (Xen)

On Tue, Apr 22, 2025 at 05:23:30PM +0200, Jan Beulich wrote: > Just one basic nit right here: In the names of new files you add, please > prefer dashes over underscores. I wasn't aware of this preference, will be updated in the next version. > Jan

[PATCH 10/21] lib/sha256.c: add file

ivial functions that are called once - dropping of `int` return values (only zero was ever returned) - getting rid of references to `struct shash_desc` [1]: https://github.com/torvalds/linux/tree/afdab700f65e14070d8ab92175544b1c62b8bf03 Signed-off-by: Sergii Dmytruk Signed-off-by: Krystian

[PATCH 18/21] x86/boot: find MBI and SLRT on AMD

Use slr_entry_amd_info::boot_params_base on AMD with SKINIT to get MBI location. Another thing of interest is the location of SLRT which is bootloader's data after SKL. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/head.S

[PATCH 14/21] x86/tpm.c: implement event log for TPM2.0

Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/intel_txt.h | 33 ++ xen/arch/x86/tpm.c | 169 ++- 2 files changed, 175 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/include/asm/intel_txt.h b/xen/arch/x86/include/asm

[PATCH 13/21] x86/hvm: Check for VMX in SMX when slaunch active

From: Michał Żygowski Check whther IA32_FEATURE_CONTROL has the proper bits enabled to run VMX in SMX when slaunch is active. Signed-off-by: Michał Żygowski --- xen/arch/x86/hvm/vmx/vmcs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/a

[PATCH 08/21] x86/intel_txt.c: restore boot MTRRs

From: Krystian Hebel In preparation for TXT SENTER call, GRUB had to modify MTRR settings to be UC for everything except SINIT ACM. Old values are restored from SLRT where they were saved by the bootloader. Signed-off-by: Krystian Hebel Signed-off-by: Michał Żygowski Signed-off-by: Sergii

[PATCH 20/21] x86/slaunch: support EFI boot

next step without DRTM. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- .gitignore | 1 + docs/hypervisor-guide/x86/how-xen-boots.rst | 10 +- xen/arch/x86/Makefile | 9 +- xen/arch/x86/boot/head.S

[PATCH 11/21] x86/tpm.c: code for early hashing and extending PCRs (for TPM1.2)

take multiple minutes. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/Makefile | 1 + xen/arch/x86/boot/Makefile | 7 +- xen/arch/x86/boot/head.S | 3 + xen/arch/x86/include/asm/slaunch.h | 14 + xen/arch/x86/include/asm/tpm.h

[PATCH 19/21] arch/x86: support slaunch with AMD SKINIT

stored inside of vendor data field within TCG header) Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/e820.c| 2 +- xen/arch/x86/slaunch.c | 90 ++ xen/arch/x86/tpm.c | 68 ++- 3 files

[PATCH 15/21] x86/boot: choose AP stack based on APIC ID

them) required to start all logical processors. This results in significant reduction of boot time, even when DRTM is not used, with performance gain growing with the number of logical CPUs. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/boot/head.S | 1

[PATCH 17/21] arch/x86: process DRTM policy

bootloader, firmware or user doing something differently or just if GRUB gets bigger in size due to inclusion of more modules and ends up offsetting newly allocated memory. Signed-off-by: Krystian Hebel Signed-off-by: Sergii Dmytruk --- xen/arch/x86/include/asm/slaunch.h | 14 ++ xen/arch/x86

[PATCH 12/21] x86/tpm.c: support extending PCRs of TPM2.0

SHA1 and SHA256 are hard-coded here, but their support by the TPM is checked. Addition of event log for TPM2.0 will generalize the code further. Signed-off-by: Sergii Dmytruk --- xen/arch/x86/tpm.c | 465 +++-- 1 file changed, 453 insertions(+), 12

  1   2   >