[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v3 13/19] i386/efi: Add DL stub as common DL event module
|
From: |
Sergii Dmytruk |
|
Subject: |
[PATCH v3 13/19] i386/efi: Add DL stub as common DL event module |
|
Date: |
Thu, 12 Dec 2024 15:41:41 +0200 |
From: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
grub-core/loader/efi/dltrampoline.S | 94 +++++++++++++++++++++++++++++
grub-core/loader/slaunch/dlstub.c | 93 ++++++++++++++++++++++++++++
2 files changed, 187 insertions(+)
create mode 100644 grub-core/loader/efi/dltrampoline.S
create mode 100644 grub-core/loader/slaunch/dlstub.c
diff --git a/grub-core/loader/efi/dltrampoline.S
b/grub-core/loader/efi/dltrampoline.S
new file mode 100644
index 000000000..461e14271
--- /dev/null
+++ b/grub-core/loader/efi/dltrampoline.S
@@ -0,0 +1,94 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2024, Oracle and/or its affiliates.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <grub/symbol.h>
+
+#define GRUB_SMX_LEAF_SENTER 4
+#define CS_SEL32 0x0008
+#define DS_SEL 0x0010
+
+#define CR0_PE 0x00000001
+#define CR0_MP 0x00000002
+#define CR0_TS 0x00000008
+#define CR0_NE 0x00000020
+
+ .file "dltrampoline.S"
+ .text
+
+ .code64
+ .globl dl_entry_trampoline
+dl_entry_trampoline:
+ /* %edi should contain dl_context pointer */
+ call EXT_C(dl_entry)
+ ud2
+
+ .globl dl_trampoline
+dl_trampoline:
+ cli
+ leaq dl_gdt_base(%rip), %rax
+ leaq dl_gdt(%rip), %rbx
+ movl %ebx, (%eax)
+ lgdt dl_gdtr(%rip)
+
+ /* Setup target to ret to compat mode */
+ leal 1f(%rip), %ecx
+ pushq $CS_SEL32
+ pushq %rcx
+ lretq
+
+ .code32
+1: /* Now in IA-32e compatibility mode load data segments and do senter */
+ movw $DS_SEL, %ax
+ movw %ax, %ds
+ movw %ax, %es
+ movw %ax, %ss
+ movw %ax, %fs
+ movw %ax, %gs
+
+ movl $GRUB_SMX_LEAF_SENTER, %eax
+ movl %edi, %ebx
+ movl %esi, %ecx
+ xorl %edx, %edx
+ getsec
+
+ .align 8
+dl_gdt:
+ /* Null Segment */
+ .quad 0
+ /* 32b Code Segment */
+ .word 0xffff /* Limit 1 */
+ .word 0x0000 /* Base 1 */
+ .byte 0x00 /* Base 2 */
+ .byte 0x9b /* P=1 DPL=0 S=1 Type=0010 C=0 W=1 A=1 */
+ .byte 0xcf /* G=1 D=1 L=0 AVL=0 Limit 2 */
+ .byte 0x00 /* Base 3 */
+ /* Data Segment, can be used both in 32b and 64b */
+ .word 0xffff /* Limit 1 */
+ .word 0x0000 /* Base 1 */
+ .byte 0x00 /* Base 2 */
+ .byte 0x93 /* P=1 DPL=0 S=1 Type=0010 C=0 W=1 A=1 */
+ .byte 0xcf /* G=1 D=1 L=0 AVL=0 Limit 2 */
+ .byte 0x00 /* Base 3 */
+
+ .word 0
+dl_gdtr:
+ .word 23 /* Limit */
+dl_gdt_base:
+ .long 0 /* Base */
+ .long 0
diff --git a/grub-core/loader/slaunch/dlstub.c
b/grub-core/loader/slaunch/dlstub.c
new file mode 100644
index 000000000..d3c28645e
--- /dev/null
+++ b/grub-core/loader/slaunch/dlstub.c
@@ -0,0 +1,93 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2024, Oracle and/or its affiliates.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/loader.h>
+#include <grub/normal.h>
+#include <grub/err.h>
+#include <grub/misc.h>
+#include <grub/types.h>
+#include <grub/dl.h>
+#include <grub/slr_table.h>
+#include <grub/slaunch.h>
+#include <grub/cpu/relocator.h>
+#include <grub/i386/msr.h>
+#include <grub/i386/mmio.h>
+#include <grub/i386/txt.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+extern void dl_trampoline(grub_uint32_t dce_base, grub_uint32_t dce_size);
+
+void dl_entry (grub_uint64_t dl_ctx)
+{
+ struct grub_slr_bl_context *bl_ctx = (struct grub_slr_bl_context
*)(grub_addr_t)dl_ctx;
+ struct grub_slaunch_params *slparams = (struct grub_slaunch_params
*)(grub_addr_t)bl_ctx->context;
+ struct grub_relocator32_state state = {0};
+ grub_err_t err;
+
+ state.edi = slparams->platform_type;
+
+ if (slparams->platform_type == SLP_INTEL_TXT)
+ {
+ if (slparams->boot_type == GRUB_SL_BOOT_TYPE_EFI)
+ grub_update_slrt_policy (slparams);
+
+ err = grub_set_mtrrs_for_acmod ((void *)(grub_addr_t)slparams->dce_base);
+ if (err)
+ {
+ grub_error (GRUB_ERR_BAD_DEVICE, N_("setting MTRRs for TXT SINIT
failed"));
+ return;
+ }
+
+ err = grub_txt_prepare_cpu ();
+ if ( err )
+ {
+ grub_error (GRUB_ERR_BAD_DEVICE, N_("prepare CPU for TXT SENTER
failed"));
+ return;
+ }
+ }
+ else
+ {
+ grub_error (GRUB_ERR_BUG, N_("unknown dynamic launch platform: %d"),
slparams->platform_type);
+ return;
+ }
+
+ if (!(grub_rdmsr (GRUB_MSR_X86_APICBASE) & GRUB_MSR_X86_APICBASE_BSP))
+ {
+ grub_error (GRUB_ERR_BAD_DEVICE, N_("x86 dynamic launch event must be
performed on the BSP"));
+ return;
+ }
+
+ if (slparams->boot_type == GRUB_SL_BOOT_TYPE_LINUX)
+ {
+ /* Configure relocator GETSEC[SENTER] call. */
+ state.eax = GRUB_SMX_LEAF_SENTER;
+ state.ebx = slparams->dce_base;
+ state.ecx = slparams->dce_size;
+ state.edx = 0;
+ grub_relocator32_boot (slparams->relocator, state, 0);
+ }
+ else if (slparams->boot_type == GRUB_SL_BOOT_TYPE_EFI)
+ {
+ dl_trampoline (slparams->dce_base, slparams->dce_size);
+ }
+ else
+ {
+ grub_error (GRUB_ERR_BUG, N_("unknown dynamic launch boot type: %d"),
slparams->boot_type);
+ }
+}
--
2.47.1
- [PATCH v3 02/19] i386: Add CRx, MMIO, MSR and extend CPUID definitions, (continued)
- [PATCH v3 02/19] i386: Add CRx, MMIO, MSR and extend CPUID definitions, Sergii Dmytruk, 2024/12/12
- [PATCH v3 04/19] commands/tpm: Rename tpm module to tpm_verifier, Sergii Dmytruk, 2024/12/12
- [PATCH v3 08/19] slaunch: Add SLR table setup support module, Sergii Dmytruk, 2024/12/12
- [PATCH v3 06/19] slaunch: Add Secure Launch Resource Table (SLRT) header file, Sergii Dmytruk, 2024/12/12
- [PATCH v3 07/19] slaunch: Add main Secure Launch definitions header, Sergii Dmytruk, 2024/12/12
- [PATCH v3 14/19] slaunch: Add Secure Launch framework and commands, Sergii Dmytruk, 2024/12/12
- [PATCH v3 05/19] commands/i386/tpm: Add TPM TIS and CRB driver, Sergii Dmytruk, 2024/12/12
- [PATCH v3 10/19] slaunch/txt: Add Intel TXT core implementation, Sergii Dmytruk, 2024/12/12
- [PATCH v3 09/19] i386/txt: Add Intel TXT definitions header file, Sergii Dmytruk, 2024/12/12
- [PATCH v3 12/19] slaunch/txt: Add Intel TXT verification routines, Sergii Dmytruk, 2024/12/12
- [PATCH v3 13/19] i386/efi: Add DL stub as common DL event module,
Sergii Dmytruk <=
- [PATCH v3 15/19] efi: Add Secure Launch support for efi/linux boot through EFI stub, Sergii Dmytruk, 2024/12/12
- [PATCH v3 16/19] i386/txt: Initialize TPM 1.2 event log in TXT heap, Sergii Dmytruk, 2024/12/12
- [PATCH v3 18/19] slaunch: Introduce a hook for filling SLRT policy, Sergii Dmytruk, 2024/12/12
- [PATCH v3 17/19] multiboot: Make GRUB_MULTIBOOT(make_mbi) return MBI's size, Sergii Dmytruk, 2024/12/12
- [PATCH v3 11/19] slaunch/txt: Add Intel TXT ACM module support, Sergii Dmytruk, 2024/12/12
- [PATCH v3 19/19] multiboot2: Support TXT Secure Launch, Sergii Dmytruk, 2024/12/12