[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v3 06/19] slaunch: Add Secure Launch Resource Table (SLRT) header
|
From: |
Sergii Dmytruk |
|
Subject: |
[PATCH v3 06/19] slaunch: Add Secure Launch Resource Table (SLRT) header file |
|
Date: |
Thu, 12 Dec 2024 15:41:34 +0200 |
From: Ross Philipson <ross.philipson@oracle.com>
Introduce the Secure Launch Resource Table which forms the formal
interface between the pre and post launch code.
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
grub-core/Makefile.am | 3 +
include/grub/slr_table.h | 296 +++++++++++++++++++++++++++++++++++++++
2 files changed, 299 insertions(+)
create mode 100644 include/grub/slr_table.h
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
index e50db8106..2a7be10ee 100644
--- a/grub-core/Makefile.am
+++ b/grub-core/Makefile.am
@@ -104,6 +104,7 @@ KERNEL_HEADER_FILES +=
$(top_builddir)/include/grub/machine/kernel.h
KERNEL_HEADER_FILES += $(top_builddir)/include/grub/machine/pxe.h
KERNEL_HEADER_FILES += $(top_builddir)/include/grub/machine/int.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/slr_table.h
endif
if COND_i386_xen_pvh
@@ -123,6 +124,7 @@ KERNEL_HEADER_FILES +=
$(top_builddir)/include/grub/machine/kernel.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/slr_table.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/pci.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/pmtimer.h
@@ -185,6 +187,7 @@ KERNEL_HEADER_FILES +=
$(top_builddir)/include/grub/machine/kernel.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/slr_table.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/pci.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h
KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/pmtimer.h
diff --git a/include/grub/slr_table.h b/include/grub/slr_table.h
new file mode 100644
index 000000000..9dff3d0d5
--- /dev/null
+++ b/include/grub/slr_table.h
@@ -0,0 +1,296 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2024, Oracle and/or its affiliates.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Secure Launch Resource Table definitions
+ */
+
+#ifndef GRUB_SLR_TABLE_H
+#define GRUB_SLR_TABLE_H 1
+
+#define GRUB_UEFI_SLR_TABLE_GUID \
+ { 0x877a9b2a, 0x0385, 0x45d1, { 0xa0, 0x34, 0x9d, 0xac, 0x9c, 0x9e, 0x56,
0x5f }}
+
+/* SLR table header values */
+#define GRUB_SLR_TABLE_MAGIC 0x4452544d
+#define GRUB_SLR_TABLE_REVISION 1
+
+/* Current revisions for the policy and UEFI config */
+#define GRUB_SLR_POLICY_REVISION 1
+#define GRUB_SLR_UEFI_CONFIG_REVISION 1
+
+/* SLR defined architectures */
+#define GRUB_SLR_INTEL_TXT 1
+#define GRUB_SLR_AMD_SKINIT 2
+
+/* SLR defined bootloaders */
+#define GRUB_SLR_BOOTLOADER_INVALID 0
+#define GRUB_SLR_BOOTLOADER_GRUB 1
+
+/* Log formats */
+#define GRUB_SLR_DRTM_TPM12_LOG 1
+#define GRUB_SLR_DRTM_TPM20_LOG 2
+
+/* DRTM Policy Entry Flags */
+#define GRUB_SLR_POLICY_FLAG_MEASURED 0x1
+#define GRUB_SLR_POLICY_IMPLICIT_SIZE 0x2
+
+/* Array Lengths */
+#define GRUB_TPM_EVENT_INFO_LENGTH 32
+#define GRUB_TXT_VARIABLE_MTRRS_LENGTH 32
+
+/* Tags */
+#define GRUB_SLR_ENTRY_INVALID 0x0000
+#define GRUB_SLR_ENTRY_DL_INFO 0x0001
+#define GRUB_SLR_ENTRY_LOG_INFO 0x0002
+#define GRUB_SLR_ENTRY_ENTRY_POLICY 0x0003
+#define GRUB_SLR_ENTRY_INTEL_INFO 0x0004
+#define GRUB_SLR_ENTRY_AMD_INFO 0x0005
+#define GRUB_SLR_ENTRY_ARM_INFO 0x0006
+#define GRUB_SLR_ENTRY_UEFI_INFO 0x0007
+#define GRUB_SLR_ENTRY_UEFI_CONFIG 0x0008
+#define GRUB_SLR_ENTRY_END 0xffff
+
+/* Entity Types */
+#define GRUB_SLR_ET_UNSPECIFIED 0x0000
+#define GRUB_SLR_ET_SLRT 0x0001
+#define GRUB_SLR_ET_BOOT_PARAMS 0x0002
+#define GRUB_SLR_ET_SETUP_DATA 0x0003
+#define GRUB_SLR_ET_CMDLINE 0x0004
+#define GRUB_SLR_ET_UEFI_MEMMAP 0x0005
+#define GRUB_SLR_ET_RAMDISK 0x0006
+#define GRUB_SLR_ET_TXT_OS2MLE 0x0010
+#define GRUB_SLR_ET_UNUSED 0xffff
+
+/*
+ * Primary Secure Launch Resource Table Header
+ */
+struct grub_slr_table
+{
+ grub_uint32_t magic;
+ grub_uint16_t revision;
+ grub_uint16_t architecture;
+ grub_uint32_t size;
+ grub_uint32_t max_size;
+ /* table entries */
+} GRUB_PACKED;
+
+/*
+ * Common SLRT Table Header
+ */
+struct grub_slr_entry_hdr
+{
+ grub_uint32_t tag;
+ grub_uint32_t size;
+} GRUB_PACKED;
+
+/*
+ * Boot loader context
+ */
+struct grub_slr_bl_context
+{
+ grub_uint16_t bootloader;
+ grub_uint16_t reserved[3];
+ grub_uint64_t context;
+} GRUB_PACKED;
+
+/*
+ * Dynamic Launch Callback Function type
+ */
+typedef void (*grub_dl_handler_func)(struct grub_slr_bl_context *bl_context);
+
+/*
+ * DRTM Dynamic Launch Configuration
+ */
+struct grub_slr_entry_dl_info
+{
+ struct grub_slr_entry_hdr hdr;
+ grub_uint64_t dce_size;
+ grub_uint64_t dce_base;
+ grub_uint64_t dlme_size;
+ grub_uint64_t dlme_base;
+ grub_uint64_t dlme_entry;
+ struct grub_slr_bl_context bl_context;
+ grub_uint64_t dl_handler;
+} GRUB_PACKED;
+
+/*
+ * TPM Log Information
+ */
+struct grub_slr_entry_log_info
+{
+ struct grub_slr_entry_hdr hdr;
+ grub_uint16_t format;
+ grub_uint16_t reserved;
+ grub_uint32_t size;
+ grub_uint64_t addr;
+} GRUB_PACKED;
+
+/*
+ * DRTM Measurement Entry
+ */
+struct grub_slr_policy_entry
+{
+ grub_uint16_t pcr;
+ grub_uint16_t entity_type;
+ grub_uint16_t flags;
+ grub_uint16_t reserved;
+ grub_uint64_t size;
+ grub_uint64_t entity;
+ char evt_info[GRUB_TPM_EVENT_INFO_LENGTH];
+} GRUB_PACKED;
+
+/*
+ * DRTM Measurement Policy
+ */
+struct grub_slr_entry_policy
+{
+ struct grub_slr_entry_hdr hdr;
+ grub_uint16_t reserved[2];
+ grub_uint16_t revision;
+ grub_uint16_t nr_entries;
+ struct grub_slr_policy_entry policy_entries[];
+} GRUB_PACKED;
+
+/*
+ * Secure Launch defined MTRR saving structures
+ */
+struct grub_slr_txt_mtrr_pair
+{
+ grub_uint64_t mtrr_physbase;
+ grub_uint64_t mtrr_physmask;
+} GRUB_PACKED;
+
+struct grub_slr_txt_mtrr_state
+{
+ grub_uint64_t default_mem_type;
+ grub_uint64_t mtrr_vcnt;
+ struct grub_slr_txt_mtrr_pair mtrr_pair[GRUB_TXT_VARIABLE_MTRRS_LENGTH];
+} GRUB_PACKED;
+
+/*
+ * Intel TXT Info table
+ */
+struct grub_slr_entry_intel_info
+{
+ struct grub_slr_entry_hdr hdr;
+ grub_uint64_t txt_heap;
+ grub_uint64_t saved_misc_enable_msr;
+ struct grub_slr_txt_mtrr_state saved_bsp_mtrrs;
+} GRUB_PACKED;
+
+/*
+ * UEFI config measurement entry
+ */
+struct grub_slr_uefi_cfg_entry
+{
+ grub_uint16_t pcr;
+ grub_uint16_t reserved;
+ grub_uint32_t size;
+ grub_uint64_t cfg; /* address or value */
+ char evt_info[GRUB_TPM_EVENT_INFO_LENGTH];
+} GRUB_PACKED;
+
+/*
+ * UEFI config measurements
+ */
+struct grub_slr_entry_uefi_config
+{
+ struct grub_slr_entry_hdr hdr;
+ grub_uint16_t reserved[2];
+ grub_uint16_t revision;
+ grub_uint16_t nr_entries;
+ struct grub_slr_uefi_cfg_entry uefi_cfg_entries[];
+} GRUB_PACKED;
+
+static inline void *
+grub_slr_end_of_entries (struct grub_slr_table *table)
+{
+ return (void *)((grub_uint8_t *)table + table->size);
+}
+
+static inline void *
+grub_slr_next_entry (struct grub_slr_table *table,
+ struct grub_slr_entry_hdr *curr)
+{
+ struct grub_slr_entry_hdr *next = (struct grub_slr_entry_hdr *)
+ ((grub_uint8_t *)curr + curr->size);
+
+ if ((void *)next >= grub_slr_end_of_entries(table))
+ return NULL;
+ if (next->tag == GRUB_SLR_ENTRY_END)
+ return NULL;
+
+ return next;
+}
+
+static inline void *
+grub_slr_next_entry_by_tag (struct grub_slr_table *table,
+ struct grub_slr_entry_hdr *entry,
+ grub_uint16_t tag)
+{
+ if (!entry) /* Start from the beginning */
+ entry = (struct grub_slr_entry_hdr *)(((grub_uint8_t *)table) +
sizeof(*table));
+
+ for ( ; ; )
+ {
+ if (entry->tag == tag)
+ return entry;
+
+ entry = grub_slr_next_entry (table, entry);
+ if (!entry)
+ return NULL;
+ }
+
+ return NULL;
+}
+
+static inline int
+grub_slr_add_entry (struct grub_slr_table *table,
+ struct grub_slr_entry_hdr *entry)
+{
+ struct grub_slr_entry_hdr *end;
+
+ if ((table->size + entry->size) > table->max_size)
+ return -1;
+
+ grub_memcpy((grub_uint8_t *)table + table->size - sizeof(*end), entry,
entry->size);
+ table->size += entry->size;
+
+ end = (struct grub_slr_entry_hdr *)((grub_uint8_t *)table + table->size -
sizeof(*end));
+ end->tag = GRUB_SLR_ENTRY_END;
+ end->size = sizeof(*end);
+
+ return 0;
+}
+
+static inline void
+grub_slr_init_table(struct grub_slr_table *slrt, grub_uint16_t architecture,
+ grub_uint32_t max_size)
+{
+ struct grub_slr_entry_hdr *end;
+
+ slrt->magic = GRUB_SLR_TABLE_MAGIC;
+ slrt->revision = GRUB_SLR_TABLE_REVISION;
+ slrt->architecture = architecture;
+ slrt->size = sizeof(*slrt) + sizeof(*end);
+ slrt->max_size = max_size;
+ end = (struct grub_slr_entry_hdr *)((grub_uint8_t *)slrt + sizeof(*slrt));
+ end->tag = GRUB_SLR_ENTRY_END;
+ end->size = sizeof(*end);
+}
+
+#endif /* GRUB_SLR_TABLE_H */
--
2.47.1
- [PATCH v3 00/19] x86: Trenchboot Secure Launch DRTM for Intel TXT (GRUB), Sergii Dmytruk, 2024/12/12
- [PATCH v3 03/19] efi/tpm: Replace tpm command, Sergii Dmytruk, 2024/12/12
- [PATCH v3 01/19] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest(), Sergii Dmytruk, 2024/12/12
- [PATCH v3 02/19] i386: Add CRx, MMIO, MSR and extend CPUID definitions, Sergii Dmytruk, 2024/12/12
- [PATCH v3 04/19] commands/tpm: Rename tpm module to tpm_verifier, Sergii Dmytruk, 2024/12/12
- [PATCH v3 08/19] slaunch: Add SLR table setup support module, Sergii Dmytruk, 2024/12/12
- [PATCH v3 06/19] slaunch: Add Secure Launch Resource Table (SLRT) header file,
Sergii Dmytruk <=
- [PATCH v3 07/19] slaunch: Add main Secure Launch definitions header, Sergii Dmytruk, 2024/12/12
- [PATCH v3 14/19] slaunch: Add Secure Launch framework and commands, Sergii Dmytruk, 2024/12/12
- [PATCH v3 05/19] commands/i386/tpm: Add TPM TIS and CRB driver, Sergii Dmytruk, 2024/12/12
- [PATCH v3 10/19] slaunch/txt: Add Intel TXT core implementation, Sergii Dmytruk, 2024/12/12
- [PATCH v3 09/19] i386/txt: Add Intel TXT definitions header file, Sergii Dmytruk, 2024/12/12
- [PATCH v3 12/19] slaunch/txt: Add Intel TXT verification routines, Sergii Dmytruk, 2024/12/12
- [PATCH v3 13/19] i386/efi: Add DL stub as common DL event module, Sergii Dmytruk, 2024/12/12
- [PATCH v3 15/19] efi: Add Secure Launch support for efi/linux boot through EFI stub, Sergii Dmytruk, 2024/12/12
- [PATCH v3 16/19] i386/txt: Initialize TPM 1.2 event log in TXT heap, Sergii Dmytruk, 2024/12/12
- [PATCH v3 18/19] slaunch: Introduce a hook for filling SLRT policy, Sergii Dmytruk, 2024/12/12