grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GRUB PATCH RFC 22/22] i386/slaunch: Add support for AMD SKINIT


From: Krystian Hebel
Subject: [GRUB PATCH RFC 22/22] i386/slaunch: Add support for AMD SKINIT
Date: Tue, 10 Nov 2020 15:45:00 +0100

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
---
 grub-core/Makefile.core.def      |  1 +
 grub-core/lib/i386/relocator32.S |  6 ++++++
 grub-core/loader/i386/linux.c    | 30 +++++++++++++++++++++++++++++-
 grub-core/loader/i386/slaunch.c  | 21 ++++++++++++++++++++-
 include/grub/i386/slaunch.h      | 11 +++++++++--
 5 files changed, 65 insertions(+), 4 deletions(-)

diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 204f9794dbce..68de5c07c060 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1829,6 +1829,7 @@ module = {
   x86 = loader/i386/txt/txt.c;
   x86 = loader/i386/txt/acmod.c;
   x86 = loader/i386/txt/verify.c;
+  x86 = loader/i386/skinit.c;
   enable = x86;
 };
 
diff --git a/grub-core/lib/i386/relocator32.S b/grub-core/lib/i386/relocator32.S
index a2b377197b16..2bdc07018a78 100644
--- a/grub-core/lib/i386/relocator32.S
+++ b/grub-core/lib/i386/relocator32.S
@@ -115,6 +115,9 @@ VARIABLE(grub_relocator32_edx)
        cmpl    $SLP_INTEL_TXT, %edi
        je      LOCAL(intel_txt)
 
+       cmpl    $SLP_AMD_SKINIT, %edi
+       je      LOCAL(amd_skinit)
+
        .byte   0xea
 VARIABLE(grub_relocator32_eip)
        .long   0
@@ -123,6 +126,9 @@ VARIABLE(grub_relocator32_eip)
 LOCAL(intel_txt):
        getsec
 
+LOCAL(amd_skinit):
+       skinit
+
        /* GDT. Copied from loader/i386/linux.c. */
        .p2align        4
 LOCAL(gdt):
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index d83912c17aad..dc4dcaa0a2ef 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -35,6 +35,7 @@
 #include <grub/i18n.h>
 #include <grub/lib/cmdline.h>
 #include <grub/i386/slaunch.h>
+#include <grub/i386/skinit.h>
 #include <grub/i386/txt.h>
 #include <grub/linux.h>
 #include <grub/machine/kernel.h>
@@ -233,7 +234,7 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align,
     prot_mode_mem = get_virtual_current_address (ch);
     prot_mode_target = get_physical_target_address (ch);
 
-    if (grub_slaunch_platform_type () == SLP_INTEL_TXT)
+    if (grub_slaunch_platform_type () != SLP_NONE)
       {
        slparams.mle_ptab_mem = prot_mode_mem;
        slparams.mle_ptab_target = prot_mode_target;
@@ -803,6 +804,33 @@ grub_linux_boot (void)
       state.ecx = slparams.sinit_acm_size;
       state.edx = 0;
     }
+  else if (state.edi == SLP_AMD_SKINIT)
+    {
+      grub_relocator_chunk_t ch;
+
+      slparams.params = ctx.real_mode_target;
+
+      /* Contrary to the TXT, on AMD we do not have vendor-provided blobs in
+       * reserved memory, we are using normal RAM */
+      err = grub_relocator_alloc_chunk_align (relocator, &ch,
+                                       0, (0xffffffff - GRUB_SKINIT_SLB_SIZE),
+                                       GRUB_SKINIT_SLB_SIZE,
+                                       GRUB_SKINIT_SLB_ALIGN,
+                                       GRUB_RELOCATOR_PREFERENCE_LOW, 1);
+
+      if (err != GRUB_ERR_NONE)
+       return err;
+
+      slparams.lz_base = (grub_uint32_t) get_virtual_current_address (ch);
+      slparams.lz_size = grub_skinit_get_sl_size ();
+
+      err = grub_skinit_boot_prepare (&slparams);
+
+      if (err != GRUB_ERR_NONE)
+       return err;
+
+      state.eax = get_physical_target_address (ch);
+    }
   else
     {
       /* FIXME.  */
diff --git a/grub-core/loader/i386/slaunch.c b/grub-core/loader/i386/slaunch.c
index 3acd177afd3b..9df04ff96538 100644
--- a/grub-core/loader/i386/slaunch.c
+++ b/grub-core/loader/i386/slaunch.c
@@ -57,7 +57,8 @@ grub_cmd_slaunch (grub_command_t cmd __attribute__ ((unused)),
                  char *argv[] __attribute__ ((unused)))
 {
   grub_uint32_t manufacturer[3];
-  grub_uint32_t eax;
+  grub_uint32_t eax, ebx, ecx, edx;
+  grub_uint64_t msr_value;
   grub_err_t err;
 
   if (!grub_cpu_is_cpuid_supported ())
@@ -79,6 +80,20 @@ grub_cmd_slaunch (grub_command_t cmd __attribute__ 
((unused)),
 
       slp = SLP_INTEL_TXT;
     }
+  else if (!grub_memcmp (manufacturer, "AuthenticAMD", 12))
+    {
+
+      grub_cpuid (GRUB_AMD_CPUID_FEATURES, eax, ebx, ecx, edx);
+      if (! (ecx & GRUB_SVM_CPUID_FEATURE) )
+        return grub_error (GRUB_ERR_BAD_DEVICE, N_("CPU does not support AMD 
SVM"));
+
+      /* Check whether SVM feature is disabled in BIOS */
+      msr_value = grub_rdmsr (GRUB_MSR_AMD64_VM_CR);
+      if (msr_value & GRUB_MSR_SVM_VM_CR_SVM_DISABLE)
+        return grub_error (GRUB_ERR_BAD_DEVICE, N_("BIOS has AMD SVM 
disabled"));
+
+      slp = SLP_AMD_SKINIT;
+    }
   else
     return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("CPU is unsupported"));
 
@@ -170,6 +185,10 @@ grub_cmd_slaunch_state (grub_command_t cmd __attribute__ 
((unused)),
       grub_printf ("Secure launcher: Intel TXT\n");
       grub_txt_state_show ();
     }
+  else if (slp == SLP_AMD_SKINIT)
+    {
+      grub_printf ("Secure launcher: AMD SKINIT\n");
+    }
 
   return GRUB_ERR_NONE;
 }
diff --git a/include/grub/i386/slaunch.h b/include/grub/i386/slaunch.h
index e5c32152d285..18e10d82ffc7 100644
--- a/include/grub/i386/slaunch.h
+++ b/include/grub/i386/slaunch.h
@@ -24,6 +24,7 @@
 /* Secure launch platform types. */
 #define SLP_NONE       0
 #define SLP_INTEL_TXT  1
+#define SLP_AMD_SKINIT 2
 
 #define GRUB_SLAUNCH_TPM_EVT_LOG_SIZE  (8 * GRUB_PAGE_SIZE)
 
@@ -42,8 +43,14 @@ struct grub_slaunch_params
   grub_uint32_t mle_ptab_size;
   grub_uint32_t mle_header_offset;
   grub_uint64_t ap_wake_block;
-  grub_uint32_t sinit_acm_base;
-  grub_uint32_t sinit_acm_size;
+  union {
+    grub_uint32_t sinit_acm_base;
+    grub_uint32_t lz_base;
+  };
+  union {
+    grub_uint32_t sinit_acm_size;
+    grub_uint32_t lz_size;
+  };
   grub_uint64_t tpm_evt_log_base;
   grub_uint32_t tpm_evt_log_size;
 };
-- 
2.17.1




reply via email to

[Prev in Thread] Current Thread [Next in Thread]