[RFC PATCH 0/7] x86: Trenchboot Secure Launch DRTM for AMD SKINIT (GRUB)

[Sergii Dmytruk]

NOTE: this patch set follows up on Intel TXT DRTM patches that are
currently under review in their 3rd version [v3]; therefore, it is not
standalone! This targets v11 of Linux patches [linux-v11] and
corresponding RFC patch set for AMD SKINIT on top of it [linux-amd-rfc].

The publication of the patches at this point pursues several goals:
 - Make anyone tracking upstream aware of the maturity of the support
   for AMD SKINIT.
 - Collect early feedback on the SKINIT implementation.
 - Finally, demonstrate the extensibility of Secure Launch for
   incorporating additional platforms.

As the RFC suggest, this series is temporal and will be updated based on
changes made to the initial Secure Launch series for Intel TXT. Review
comments are greatly welcomed and will be worked/addressed, but we would
caution that changes to the Secure Launch series for Intel TXT targeting
Linux and GRUB will take precedence over review comments. Once Intel TXT
Secure Launch series are merged, this series will transition from RFC to
a formally submitted one.

-----

These changes are based on those posted as part of [v1] and [v2], but
also support new [drtm-service] that is available for some CPU families
when PSP/ASP firmware is new enough.

The set of changes can also be viewed on GitHub at [TrenchBoot/grub].

-----

[v1]: https://lists.gnu.org/archive/html/grub-devel/2024-08/msg00088.html
[v2]: https://lists.gnu.org/archive/html/grub-devel/2024-11/msg00000.html
[v3]: https://lists.gnu.org/archive/html/grub-devel/2024-12/msg00028.html
[linux-v11]: https://lkml.org/lkml/2024/9/13/1396
[linux-amd-rfc]: 
https://lore.kernel.org/lkml/cover.1734008878.git.sergii.dmytruk@3mdeb.com/
[drtm-service]: 
https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/user-guides/58453.pdf
[TrenchBoot/grub]: 
https://github.com/TrenchBoot/grub/compare/tb-2.12-139-v3...tb-amd-2.12-139-rfc-v1

-----

Alec Brown (3):
  i386: Add PSP discovery code
  slaunch/psp: Add core PSP commands and get capability command
  slaunch/psp: Setup TMRs to protect RAM from DMA

Michał Żygowski (1):
  multiboot2: Support SKINIT Secure Launch

Ross Philipson (3):
  i386: Extra x86 definitions needed by AMD SKINIT Secure Launch
  slaunch/skinit: AMD SKINIT Secure Launch core implementation
  efi/slaunch: Add AMD Secure Launch support for Linux EFI stub boot

 grub-core/Makefile.core.def              |   3 +
 grub-core/lib/i386/relocator32.S         |   6 +
 grub-core/loader/efi/dltrampoline.S      |  35 +-
 grub-core/loader/efi/linux.c             |   9 +
 grub-core/loader/i386/linux.c            |  39 ++-
 grub-core/loader/multiboot_mbi2.c        |  14 +-
 grub-core/loader/slaunch/dlstub.c        |  60 +++-
 grub-core/loader/slaunch/i386_linux.c    |  41 +++
 grub-core/loader/slaunch/psp.c           | 420 +++++++++++++++++++++++
 grub-core/loader/slaunch/skinit.c        | 198 +++++++++++
 grub-core/loader/slaunch/skl.c           | 256 ++++++++++++++
 grub-core/loader/slaunch/slaunch.c       |  24 +-
 grub-core/loader/slaunch/x86_efi_linux.c |  72 ++++
 include/grub/i386/cpuid.h                |   7 +-
 include/grub/i386/msr.h                  |   6 +
 include/grub/i386/pci.h                  |   1 +
 include/grub/i386/psp.h                  |  91 +++++
 include/grub/i386/skinit.h               |  69 ++++
 include/grub/slaunch.h                   |   9 +
 include/grub/slr_table.h                 |  16 +
 20 files changed, 1351 insertions(+), 25 deletions(-)
 create mode 100644 grub-core/loader/slaunch/psp.c
 create mode 100644 grub-core/loader/slaunch/skinit.c
 create mode 100644 grub-core/loader/slaunch/skl.c
 create mode 100644 include/grub/i386/psp.h
 create mode 100644 include/grub/i386/skinit.h


base-commit: 5b86bec39d0de1851ddc46d4fc4a80e5a3c52683
prerequisite-patch-id: a4ef62a68c8e0db3ec468dc543ee62a3e6b99a6e
-- 
2.47.1