[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH 4/7] slaunch/psp: Setup TMRs to protect RAM from DMA
|
From: |
Sergii Dmytruk |
|
Subject: |
[RFC PATCH 4/7] slaunch/psp: Setup TMRs to protect RAM from DMA |
|
Date: |
Wed, 18 Dec 2024 21:08:00 +0200 |
From: Alec Brown <alec.r.brown@oracle.com>
TMRs are setup and used to protect ranges of memory from outside
access like DMA. Setting them up to cover all memory protects from
DMA during the establishment of the DRTM environment.
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
---
grub-core/loader/slaunch/psp.c | 56 ++++++++++++++++++++++++++++++++++
include/grub/i386/psp.h | 1 +
2 files changed, 57 insertions(+)
diff --git a/grub-core/loader/slaunch/psp.c b/grub-core/loader/slaunch/psp.c
index 2bbb4c685..553e53ed4 100644
--- a/grub-core/loader/slaunch/psp.c
+++ b/grub-core/loader/slaunch/psp.c
@@ -36,6 +36,9 @@
#include <grub/mm.h>
#include <grub/time.h>
#include <grub/pci.h>
+#include <grub/efi/efi.h>
+#include <grub/efi/api.h>
+#include <grub/i386/linux.h>
#include <grub/i386/pci.h>
#include <grub/i386/psp.h>
@@ -362,3 +365,56 @@ grub_drtm_get_capability (void)
return GRUB_ERR_NONE;
}
+
+/**
+ * Setup Trusted Memory Region (TMR). The PSP supports only
+ * 1 TMR - as such all of the sysmem region is covered in
+ * a single TMR.
+ *
+ * Walk the E820 MB2 memory map table to figure out the end
+ * of the memory addresses. Setup the TMR to cover address
+ * ranges from 0x0 to the end calculated during the walk.
+ */
+int
+grub_drtm_setup_tmrs (grub_uint64_t tmr_end)
+{
+ grub_uint64_t tmr_count = 0;
+ grub_uint64_t rem = 0;
+ grub_uint32_t status = 0;
+
+ tmr_count = grub_divmod64 (tmr_end, drtm_capability.tmr_alignment, &rem);
+ if (rem != 0)
+ tmr_count++;
+
+ if (tmr_count > GRUB_UINT_MAX)
+ {
+ grub_error (GRUB_ERR_BAD_DEVICE, N_("DRTM: %s: memory region bigger than
TMR\n"), __func__);
+ return -1;
+ }
+
+ /*
+ * Setup TMR for address range 0x0 to tmr_end. Size is in
+ * multiples of tmr_alignment.
+ */
+ *psp_drtm.c2pmsg_93 = (grub_uint32_t)tmr_count;
+ *psp_drtm.c2pmsg_94 = 0;
+ *psp_drtm.c2pmsg_95 = 0;
+
+ *psp_drtm.c2pmsg_72 = (DRTM_TMR_INDEX_0 << 24) |
+ (DRTM_CMD_TMR_SETUP << DRTM_MBOX_CMD_SHIFT);
+
+ if (!drtm_wait_for_psp_ready (&status))
+ {
+ grub_error (GRUB_ERR_TIMEOUT, N_("DRTM: %s: failed to get a response
from PSP\n"), __func__);
+ return -1;
+ }
+
+ if (status != DRTM_NO_ERROR)
+ {
+ grub_error (GRUB_ERR_BAD_DEVICE, N_("DRTM: %s: failed to setup TMRs -
%s\n"),
+ __func__, drtm_status_string (status));
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/include/grub/i386/psp.h b/include/grub/i386/psp.h
index 915435311..4df31735d 100644
--- a/include/grub/i386/psp.h
+++ b/include/grub/i386/psp.h
@@ -86,5 +86,6 @@ extern grub_err_t grub_psp_discover (void);
extern grub_uint16_t grub_psp_version (void);
extern void grub_drtm_kick_psp (void);
extern grub_err_t grub_drtm_get_capability (void);
+extern int grub_drtm_setup_tmrs (grub_uint64_t tmr_end);
#endif /* __PSP_H__ */
--
2.47.1
- [RFC PATCH 0/7] x86: Trenchboot Secure Launch DRTM for AMD SKINIT (GRUB), Sergii Dmytruk, 2024/12/18
- [RFC PATCH 4/7] slaunch/psp: Setup TMRs to protect RAM from DMA,
Sergii Dmytruk <=
- [RFC PATCH 1/7] i386: Extra x86 definitions needed by AMD SKINIT Secure Launch, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 7/7] multiboot2: Support SKINIT Secure Launch, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 5/7] slaunch/skinit: AMD SKINIT Secure Launch core implementation, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 6/7] efi/slaunch: Add AMD Secure Launch support for Linux EFI stub boot, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 2/7] i386: Add PSP discovery code, Sergii Dmytruk, 2024/12/18
- [RFC PATCH 3/7] slaunch/psp: Add core PSP commands and get capability command, Sergii Dmytruk, 2024/12/18