Menu
▾
▴
tboot-changelog — Notification and details of changes to the tboot code repository
You can subscribe to this list here.
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(4) |
Nov
|
Dec
(2) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2010 |
Jan
(8) |
Feb
(4) |
Mar
(3) |
Apr
(4) |
May
(4) |
Jun
|
Jul
(18) |
Aug
(2) |
Sep
(2) |
Oct
(2) |
Nov
(2) |
Dec
|
| 2011 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(9) |
May
(5) |
Jun
(1) |
Jul
(3) |
Aug
(5) |
Sep
(2) |
Oct
(6) |
Nov
(8) |
Dec
(5) |
| 2012 |
Jan
(10) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(9) |
Oct
(1) |
Nov
(3) |
Dec
(14) |
| 2013 |
Jan
|
Feb
|
Mar
(3) |
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(2) |
Dec
|
| 2014 |
Jan
(13) |
Feb
(9) |
Mar
(12) |
Apr
(5) |
May
(5) |
Jun
(1) |
Jul
(3) |
Aug
(1) |
Sep
(5) |
Oct
(2) |
Nov
|
Dec
(2) |
| 2015 |
Jan
|
Feb
(4) |
Mar
(5) |
Apr
|
May
(8) |
Jun
(3) |
Jul
|
Aug
(9) |
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
| 2016 |
Jan
|
Feb
(10) |
Mar
|
Apr
(2) |
May
(4) |
Jun
(3) |
Jul
(2) |
Aug
(6) |
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(9) |
| 2017 |
Jan
(5) |
Feb
(2) |
Mar
|
Apr
(3) |
May
(7) |
Jun
(6) |
Jul
(6) |
Aug
(1) |
Sep
(3) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
(1) |
Mar
(3) |
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
(8) |
Sep
(2) |
Oct
(6) |
Nov
(9) |
Dec
(2) |
| 2019 |
Jan
|
Feb
|
Mar
(2) |
Apr
(3) |
May
(6) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(7) |
| 2020 |
Jan
(1) |
Feb
(3) |
Mar
(3) |
Apr
(14) |
May
(5) |
Jun
(3) |
Jul
(1) |
Aug
(3) |
Sep
(4) |
Oct
(1) |
Nov
(6) |
Dec
(3) |
| 2021 |
Jan
(2) |
Feb
|
Mar
(4) |
Apr
|
May
(3) |
Jun
(3) |
Jul
(2) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
(3) |
| 2022 |
Jan
|
Feb
(8) |
Mar
(5) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(2) |
Sep
|
Oct
(1) |
Nov
|
Dec
(4) |
| 2023 |
Jan
(3) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
(3) |
Oct
(5) |
Nov
|
Dec
|
|
From: Mateusz M. <mat...@in...> - 2024-10-11 13:07:39
|
changeset e15574ca4f70 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=e15574ca4f70 description: Added tag v1.11.9 for changeset 93a7c3451154 diffstat: .hgtags | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (9 lines): diff -r b75d2ed4b54f -r e15574ca4f70 .hgtags --- a/.hgtags Fri Oct 11 15:00:43 2024 +0200 +++ b/.hgtags Fri Oct 11 15:00:47 2024 +0200 @@ -49,3 +49,5 @@ 656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9 656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9 0000000000000000000000000000000000000000 v1.11.9 +0000000000000000000000000000000000000000 v1.11.9 +93a7c34511548204c2921a5c427085d352e64eb7 v1.11.9 |
|
From: Mateusz M. <mat...@in...> - 2024-10-11 13:07:38
|
changeset b75d2ed4b54f in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=b75d2ed4b54f description: Removed tag v1.11.9 diffstat: .hgtags | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (9 lines): diff -r 93a7c3451154 -r b75d2ed4b54f .hgtags --- a/.hgtags Fri Oct 11 14:55:09 2024 +0200 +++ b/.hgtags Fri Oct 11 15:00:43 2024 +0200 @@ -47,3 +47,5 @@ 8a1423750815ecd495b089f78f85271db494ba8f v1.11.7 ba65f5eab8dcf4c7e82960d187d6789a3cfb8e19 v1.11.8 656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9 +656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9 +0000000000000000000000000000000000000000 v1.11.9 |
|
From: Mateusz M. <mat...@in...> - 2024-10-11 12:55:29
|
changeset 2021424028cc in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=2021424028cc description: Added tag v1.11.9 for changeset 656ba831c3bb diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 656ba831c3bb -r 2021424028cc .hgtags --- a/.hgtags Fri Oct 11 14:28:41 2024 +0200 +++ b/.hgtags Fri Oct 11 14:50:18 2024 +0200 @@ -46,3 +46,4 @@ 9b2748d651ee6b03161801e099748837c72e1baf v1.11.6 8a1423750815ecd495b089f78f85271db494ba8f v1.11.7 ba65f5eab8dcf4c7e82960d187d6789a3cfb8e19 v1.11.8 +656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9 |
|
From: Mateusz M. <mat...@in...> - 2024-10-11 12:55:29
|
changeset 93a7c3451154 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=93a7c3451154 description: Version 1.11.9. diffstat: CHANGELOG | 2 ++ tboot/20_linux_tboot | 2 +- tboot/20_linux_xen_tboot | 2 +- tboot/Config.mk | 4 ++-- 4 files changed, 6 insertions(+), 4 deletions(-) diffs (47 lines): diff -r 2021424028cc -r 93a7c3451154 CHANGELOG --- a/CHANGELOG Fri Oct 11 14:50:18 2024 +0200 +++ b/CHANGELOG Fri Oct 11 14:55:09 2024 +0200 @@ -1,3 +1,5 @@ +20241011: v1.11.9 + Restore call to configure_vtd. 20241004: v1.11.8 Increase DIRECTMAP size from 64 MB to 128 MB. During the last TBOOT MLE verification process for the Intel ARL-S (Arrowlake) CPUs, it was noticed diff -r 2021424028cc -r 93a7c3451154 tboot/20_linux_tboot --- a/tboot/20_linux_tboot Fri Oct 11 14:50:18 2024 +0200 +++ b/tboot/20_linux_tboot Fri Oct 11 14:55:09 2024 +0200 @@ -195,7 +195,7 @@ tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` # tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"` - tboot_version="1.11.8" + tboot_version="1.11.9" echo "submenu \"tboot ${tboot_version}\" {" while [ "x$list" != "x" ] ; do linux=`version_find_latest $list` diff -r 2021424028cc -r 93a7c3451154 tboot/20_linux_xen_tboot --- a/tboot/20_linux_xen_tboot Fri Oct 11 14:50:18 2024 +0200 +++ b/tboot/20_linux_xen_tboot Fri Oct 11 14:55:09 2024 +0200 @@ -230,7 +230,7 @@ tboot_basename=`basename ${current_tboot}` tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` - tboot_version="1.11.8" + tboot_version="1.11.9" list="${linux_list}" echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{" while [ "x$list" != "x" ] ; do diff -r 2021424028cc -r 93a7c3451154 tboot/Config.mk --- a/tboot/Config.mk Fri Oct 11 14:50:18 2024 +0200 +++ b/tboot/Config.mk Fri Oct 11 14:55:09 2024 +0200 @@ -6,8 +6,8 @@ # # tboot-specific build settings # -RELEASEVER := "1.11.8" -RELEASETIME := "2024-10-04 12:00 +0100" +RELEASEVER := "1.11.9" +RELEASETIME := "2024-10-11 12:00 +0100" ROOTDIR ?= $(CURDIR)/.. # tboot needs too many customized compiler settings to use system CFLAGS, |
|
From: Mateusz M. <mat...@in...> - 2024-10-11 12:28:54
|
changeset 656ba831c3bb in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=656ba831c3bb description: Restore call to configure_vtd. diffstat: tboot/txt/txt.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diffs (22 lines): diff -r 37917340e12f -r 656ba831c3bb tboot/txt/txt.c --- a/tboot/txt/txt.c Fri Oct 04 11:36:51 2024 +0200 +++ b/tboot/txt/txt.c Fri Oct 11 14:28:41 2024 +0200 @@ -531,7 +531,7 @@ __data acm_hdr_t *g_sinit = 0; __data bool g_tpr_support = 0; -__attribute__((unused)) static void configure_vtd(void) +static void configure_vtd(void) { uint32_t remap_length; struct dmar_remapping *dmar_remap = vtd_get_dmar_remap(&remap_length); @@ -869,8 +869,7 @@ if ( mle_ptab_base == NULL ) return TB_ERR_FATAL; - printk(TBOOT_INFO"DEBUG DEBUG DEBUG skip DMA remapping disable\n"); - //configure_vtd(); + configure_vtd(); /* initialize TXT heap */ txt_heap = init_txt_heap(mle_ptab_base, g_sinit, lctx); |
|
From: Mateusz M. <mat...@in...> - 2024-09-24 07:14:49
|
changeset d093b8438059 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=d093b8438059 description: Added tag v1.11.6 for changeset 9b2748d651ee diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 9b2748d651ee -r d093b8438059 .hgtags --- a/.hgtags Tue Sep 24 09:09:50 2024 +0200 +++ b/.hgtags Tue Sep 24 09:10:53 2024 +0200 @@ -43,3 +43,4 @@ 52979e1dd702a4bb65f98db34102906b1777cb6d v1.11.3 71ca80014ced6d82bb8997c7d441d081bf32b560 v1.11.4 8da449815519e2a78d8e93126c15d481c8d01b16 v1.11.5 +9b2748d651ee6b03161801e099748837c72e1baf v1.11.6 |
|
From: Mateusz M. <mat...@in...> - 2024-09-24 07:14:49
|
changeset b6f26b413095 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=b6f26b413095 description: Merge TBOOT_TPR_support branch into default. diffstat: include/mle.h | 15 ++- tboot/common/integrity.c | 8 +- tboot/common/tboot.c | 6 +- tboot/include/integrity.h | 10 +- tboot/include/txt/heap.h | 13 ++ tboot/include/txt/txt.h | 2 + tboot/include/txt/verify.h | 8 +- tboot/txt/heap.c | 67 +++++++++++++++ tboot/txt/txt.c | 44 ++++++++- tboot/txt/verify.c | 199 +++++++++++++++++++++++++++++++++----------- 10 files changed, 300 insertions(+), 72 deletions(-) diffs (truncated from 659 to 300 lines): diff -r 2b6385a730d0 -r b6f26b413095 include/mle.h --- a/include/mle.h Wed Sep 18 06:15:46 2024 -0400 +++ b/include/mle.h Tue Sep 24 09:04:53 2024 +0200 @@ -52,7 +52,9 @@ uint32_t max_phy_addr : 1; uint32_t tcg_event_log_format: 1; uint32_t cbnt_supported : 1; - uint32_t reserved1 : 21; + uint32_t reserved1 : 3; + uint32_t tpr_support : 1; + uint32_t reserved2 : 17; }; } txt_caps_t; @@ -80,10 +82,13 @@ /* * values supported by current version of tboot */ -#define MLE_HDR_VER 0x00020001 /* 2.1 */ -#define MLE_HDR_CAPS 0x000000627 /* rlp_wake_{getsec, monitor} = 1, - ecx_pgtbl = 1, nolg = 0, da = 1 - tcg_event_log_format = 1, cbnt_supported = 1 */ +#define MLE_HDR_VER 0x00020003 /* 2.3 */ + +#define MLE_HDR_CAPS 0x000004627 /* rlp_wake_{getsec, monitor} = 1 + * ecx_pgtbl = 1, nolg = 0, da = 1 + * tcg_event_log_format = 1, cbnt_supported = 1 + * tpr_supported = 1 + */ #endif /* __MLE_H__ */ diff -r 2b6385a730d0 -r b6f26b413095 tboot/common/integrity.c --- a/tboot/common/integrity.c Wed Sep 18 06:15:46 2024 -0400 +++ b/tboot/common/integrity.c Tue Sep 24 09:04:53 2024 +0200 @@ -108,10 +108,10 @@ struct tpm_if *tpm = get_tpm(); printk(TBOOT_DETA"pre_k_s3_state:\n"); - printk(TBOOT_DETA"\t vtd_pmr_lo_base: 0x%Lx\n", g_pre_k_s3_state.vtd_pmr_lo_base); - printk(TBOOT_DETA"\t vtd_pmr_lo_size: 0x%Lx\n", g_pre_k_s3_state.vtd_pmr_lo_size); - printk(TBOOT_DETA"\t vtd_pmr_hi_base: 0x%Lx\n", g_pre_k_s3_state.vtd_pmr_hi_base); - printk(TBOOT_DETA"\t vtd_pmr_hi_size: 0x%Lx\n", g_pre_k_s3_state.vtd_pmr_hi_size); + printk(TBOOT_DETA"\t dma_protection_lo_base: 0x%Lx\n", g_pre_k_s3_state.dma_protection_lo_base); + printk(TBOOT_DETA"\t dma_protection_lo_size: 0x%Lx\n", g_pre_k_s3_state.dma_protection_lo_size); + printk(TBOOT_DETA"\t dma_protection_hi_base: 0x%Lx\n", g_pre_k_s3_state.dma_protection_hi_base); + printk(TBOOT_DETA"\t dma_protection_hi_size: 0x%Lx\n", g_pre_k_s3_state.dma_protection_hi_size); printk(TBOOT_DETA"\t pol_hash: "); print_hash(&g_pre_k_s3_state.pol_hash, tpm->cur_alg); printk(TBOOT_DETA"\t VL measurements:\n"); diff -r 2b6385a730d0 -r b6f26b413095 tboot/common/tboot.c --- a/tboot/common/tboot.c Wed Sep 18 06:15:46 2024 -0400 +++ b/tboot/common/tboot.c Tue Sep 24 09:04:53 2024 +0200 @@ -385,7 +385,7 @@ } else { printk_init(false); } - + //TBOOT_CHANGESET is defined in CFLAGS in config.mk printk(TBOOT_INFO"*********************** TBOOT ***********************\n"); printk(TBOOT_INFO" %s\n", TBOOT_CHANGESET); printk(TBOOT_INFO"*****************************************************\n"); @@ -455,6 +455,10 @@ apply_policy(TB_ERR_ACMOD_VERIFY_FAILED); } + //We need to have g_sinit point to SINIT ACM before we can run is_tpr_supported + //This global variable decides whether PMR or TPR is used + g_tpr_support = is_tpr_supported(); + /* make TPM ready for measured launch */ if (!tpm_detect()) apply_policy(TB_ERR_TPM_NOT_READY); diff -r 2b6385a730d0 -r b6f26b413095 tboot/include/integrity.h --- a/tboot/include/integrity.h Wed Sep 18 06:15:46 2024 -0400 +++ b/tboot/include/integrity.h Tue Sep 24 09:04:53 2024 +0200 @@ -57,11 +57,11 @@ } hash_list_t; typedef struct { - /* low and high memory regions to protect w/ VT-d PMRs */ - uint64_t vtd_pmr_lo_base; - uint64_t vtd_pmr_lo_size; - uint64_t vtd_pmr_hi_base; - uint64_t vtd_pmr_hi_size; + /* low and high memory regions to protect w/ VT-d PMRs or TPRs*/ + uint64_t dma_protection_lo_base; + uint64_t dma_protection_lo_size; + uint64_t dma_protection_hi_base; + uint64_t dma_protection_hi_size; /* VL policy at time of sealing */ tb_hash_t pol_hash; /* verified launch measurements to be re-extended in DRTM PCRs diff -r 2b6385a730d0 -r b6f26b413095 tboot/include/txt/heap.h --- a/tboot/include/txt/heap.h Wed Sep 18 06:15:46 2024 -0400 +++ b/tboot/include/txt/heap.h Tue Sep 24 09:04:53 2024 +0200 @@ -233,6 +233,17 @@ uint32_t next_record_offset; } heap_event_log_ptr_elt2_1_t; +#define HEAP_EXTDATA_TYPE_TPR_REQ 13 +typedef struct __packed { + uint64_t tpr_range_base; //Physical address of the TPR base + uint64_t tpr_range_size; //Size of the requested TPR +} tpr_range_t; + +typedef struct __packed { + uint32_t tpr_cnt; //How many TPRs in the request area. Max value of tpr_cnt is HW-specific. + tpr_range_t tpr_req_arr[]; //array of tpr ranges (tpr_cnt * tpr_range_t) +} heap_tpr_req_element_t; + /* * data-passing structures contained in TXT heap: * - BIOS @@ -295,6 +306,7 @@ #define MIN_OS_SINIT_DATA_VER 4 #define MAX_OS_SINIT_DATA_VER 7 #define OS_SINIT_FLAGS_EXTPOL_MASK 0x00000001 +#define OS_SINIT_DATA_WITH_TPR_SIZE 144 //92 bytes for struct, 44 for tpr_req_elt, 8 for end elt /* * OS/loader to SINIT structure */ @@ -447,6 +459,7 @@ extern bool verify_bios_data(const txt_heap_t *txt_heap); extern void print_os_sinit_data(const os_sinit_data_t *os_sinit_data); extern void print_os_sinit_data_vtdpmr(const os_sinit_data_t *os_sinit_data); +extern heap_tpr_req_element_t *get_tpr_req_element(const os_sinit_data_t *os_sinit_data); #endif /* __TXT_HEAP_H__ */ diff -r 2b6385a730d0 -r b6f26b413095 tboot/include/txt/txt.h --- a/tboot/include/txt/txt.h Wed Sep 18 06:15:46 2024 -0400 +++ b/tboot/include/txt/txt.h Tue Sep 24 09:04:53 2024 +0200 @@ -61,8 +61,10 @@ extern bool txt_is_powercycle_required(void); extern void ap_wait(unsigned int cpuid); extern int get_evtlog_type(void); +extern bool is_tpr_supported(void); extern uint32_t g_using_da; +extern bool g_tpr_support; #endif /* __TXT_TXT_H__ */ diff -r 2b6385a730d0 -r b6f26b413095 tboot/include/txt/verify.h --- a/tboot/include/txt/verify.h Wed Sep 18 06:15:46 2024 -0400 +++ b/tboot/include/txt/verify.h Tue Sep 24 09:04:53 2024 +0200 @@ -36,13 +36,19 @@ #ifndef __TXT_VERIFY_H__ #define __TXT_VERIFY_H__ -extern void set_vtd_pmrs(os_sinit_data_t *os_sinit_data, +extern void set_dma_protection(os_sinit_data_t *os_sinit_data, uint64_t min_lo_ram, uint64_t max_lo_ram, uint64_t min_hi_ram, uint64_t max_hi_ram); extern bool verify_e820_map(sinit_mdr_t* mdrs_base, uint32_t num_mdrs); extern bool verify_stm(unsigned int cpuid); extern bool use_mwait(void); +typedef struct __packed { + uint64_t base; + uint64_t size; +} dma_protected_range_t; + + #endif /* __TXT_VERIFY_H__ */ diff -r 2b6385a730d0 -r b6f26b413095 tboot/txt/heap.c --- a/tboot/txt/heap.c Wed Sep 18 06:15:46 2024 -0400 +++ b/tboot/txt/heap.c Tue Sep 24 09:04:53 2024 +0200 @@ -371,6 +371,20 @@ } } +static void print_tpr_req_elt(const heap_ext_data_element_t *elt) +{ + if (elt == NULL) return; + const heap_tpr_req_element_t *tpr_req_elt = (const heap_tpr_req_element_t *) elt->data; + printk(TBOOT_DETA"\t TPR_REQ_ELEMENT:\n"); + printk(TBOOT_DETA"\t\t type: %d\n", elt->type); + printk(TBOOT_DETA"\t\t size: %u\n", elt->size); + printk(TBOOT_DETA"\t\t tpr_cnt: %u\n", tpr_req_elt->tpr_cnt); + for (uint16_t i = 0; i < tpr_req_elt->tpr_cnt; i++) { + printk(TBOOT_DETA"\t tpr_range[%u]:\n", i); + printk(TBOOT_DETA"\t\t range_base: 0x%Lx\n", tpr_req_elt->tpr_req_arr[i].tpr_range_base); + printk(TBOOT_DETA"\t\t range_size: 0x%Lx\n", tpr_req_elt->tpr_req_arr[i].tpr_range_size); + } +} static void print_ext_data_elts(const heap_ext_data_element_t elts[]) { @@ -397,6 +411,9 @@ case HEAP_EXTDATA_TYPE_TPM_EVENT_LOG_PTR_2_1: print_evt_log_ptr_elt_2_1(elt); break; + case HEAP_EXTDATA_TYPE_TPR_REQ: + print_tpr_req_elt(elt); + break; default: printk(TBOOT_WARN"\t\t unknown element: type: %u, size: %u\n", elt->type, elt->size); @@ -703,6 +720,7 @@ */ uint64_t calc_os_sinit_data_size(uint32_t version) { + uint64_t tpr_elt_size = 0; uint64_t size[] = { offsetof(os_sinit_data_t, efi_rsdt_ptr) + sizeof(uint64_t), sizeof(os_sinit_data_t) + sizeof(uint64_t), @@ -730,6 +748,14 @@ 2 * sizeof(heap_ext_data_element_t) + 4 + count*sizeof(heap_event_log_descr_t); } + //we need TPR for lo RAM and TPR for hi ram (2 TPR ranges) + //size of heap_ext_data_element_t.type and size, plus size of tpr_cnt in tpr eleemnt, + //plus size of tpr_range structure (twice) + if (g_tpr_support) { + tpr_elt_size = offsetof(heap_ext_data_element_t, data) + offsetof(heap_tpr_req_element_t, tpr_req_arr) + + (2 * sizeof(tpr_range_t)); + size[2] += tpr_elt_size; + } if ( version >= 6 ) return size[2]; @@ -745,6 +771,18 @@ printk(TBOOT_DETA"\t vtd_pmr_hi_size: 0x%Lx\n", os_sinit_data->vtd_pmr_hi_size); } +void print_os_sinit_data_tpr(const os_sinit_data_t *os_sinit_data) +{ + heap_tpr_req_element_t *tpr_elt = NULL; + if (os_sinit_data == NULL) return; + tpr_elt = get_tpr_req_element(os_sinit_data); + if (tpr_elt == NULL) return; + printk(TBOOT_DETA"\t tpr_lo_base: 0x%Lx\n", tpr_elt->tpr_req_arr[0].tpr_range_base); + printk(TBOOT_DETA"\t tpr_lo_size: 0x%Lx\n", tpr_elt->tpr_req_arr[0].tpr_range_size); + printk(TBOOT_DETA"\t tpr_hi_base: 0x%Lx\n", tpr_elt->tpr_req_arr[1].tpr_range_base); + printk(TBOOT_DETA"\t tpr_hi_size: 0x%Lx\n", tpr_elt->tpr_req_arr[1].tpr_range_size); +} + void print_os_sinit_data(const os_sinit_data_t *os_sinit_data) { printk(TBOOT_DETA"os_sinit_data (@%p, %Lx):\n", os_sinit_data, @@ -950,6 +988,35 @@ return true; } +heap_tpr_req_element_t *get_tpr_req_element(const os_sinit_data_t *os_sinit_data) { + heap_ext_data_element_t *elt = NULL; + heap_tpr_req_element_t *tpr_elt = NULL; + if (os_sinit_data == NULL) { + return NULL; + } + if (os_sinit_data->version < 6) { + //Old versions do not support heap_ext_elements + return NULL; + } + if (g_tpr_support == false) { + //TPR not supported + return NULL; + } + elt = (heap_ext_data_element_t *) &os_sinit_data->ext_data_elts; + //Walk elements to find TPR element + while (elt->type != HEAP_EXTDATA_TYPE_END) { + if (elt->type != HEAP_EXTDATA_TYPE_TPR_REQ) { + elt = (void *)elt + elt->size; + } + else { + printk(TBOOT_DETA"Found TPR req element\n"); + tpr_elt = (heap_tpr_req_element_t *) &elt->data; + break; + } + } + return tpr_elt; +} + #endif /* diff -r 2b6385a730d0 -r b6f26b413095 tboot/txt/txt.c --- a/tboot/txt/txt.c Wed Sep 18 06:15:46 2024 -0400 +++ b/tboot/txt/txt.c Tue Sep 24 09:04:53 2024 +0200 @@ -307,6 +307,7 @@ { heap_ext_data_element_t* elt = elts; heap_event_log_ptr_elt_t* evt_log; + heap_tpr_req_element_t* tpr_elt = NULL; struct tpm_if *tpm = get_tpm(); int log_type = get_evtlog_type(); @@ -334,7 +335,18 @@ g_elog_2->count * sizeof(heap_event_log_descr_t); printk(TBOOT_DETA"INTEL TXT LOG elt SIZE = %d \n", elt->size); } - + if (g_tpr_support) { + //Go to next elt + elt = (void *)elt + elt->size; + //Allocate space for 2 TPR ranges, one in LO RAM and the other in HI RAM |
|
From: Mateusz M. <mat...@in...> - 2024-09-24 07:14:49
|
changeset 9b2748d651ee in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=9b2748d651ee description: Version 1.11.6 diffstat: CHANGELOG | 8 +++++--- tboot/20_linux_tboot | 2 +- tboot/20_linux_xen_tboot | 2 +- tboot/Config.mk | 4 ++-- 4 files changed, 9 insertions(+), 7 deletions(-) diffs (54 lines): diff -r b6f26b413095 -r 9b2748d651ee CHANGELOG --- a/CHANGELOG Tue Sep 24 09:04:53 2024 +0200 +++ b/CHANGELOG Tue Sep 24 09:09:50 2024 +0200 @@ -1,7 +1,9 @@ +20240924: v1.11.6 + Merge TXT Protected Range support branch. 20240918: v1.11.5 - Add TXT Protected Range support. Remove unncessary OPENSSL_free from lcputils.c - and add a functionality to move ACM modules from the address range below TBOOT - to above TBOOT, to allow the usage of ACMs bigger than 256KB. + Remove unncessary OPENSSL_free from lcputils.c and add a functionality + to move ACM modules from the address range below TBOOT to above TBOOT, + to allow the usage of ACMs bigger than 256KB. 20240405: v1.11.4 Increase the TBOOT log size from 32 KB to 64 KB. For some Intel server platforms, it was noticed that TBOOT_SERIAL_LOG memory section was too diff -r b6f26b413095 -r 9b2748d651ee tboot/20_linux_tboot --- a/tboot/20_linux_tboot Tue Sep 24 09:04:53 2024 +0200 +++ b/tboot/20_linux_tboot Tue Sep 24 09:09:50 2024 +0200 @@ -195,7 +195,7 @@ tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` # tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"` - tboot_version="1.11.5" + tboot_version="1.11.6" echo "submenu \"tboot ${tboot_version}\" {" while [ "x$list" != "x" ] ; do linux=`version_find_latest $list` diff -r b6f26b413095 -r 9b2748d651ee tboot/20_linux_xen_tboot --- a/tboot/20_linux_xen_tboot Tue Sep 24 09:04:53 2024 +0200 +++ b/tboot/20_linux_xen_tboot Tue Sep 24 09:09:50 2024 +0200 @@ -230,7 +230,7 @@ tboot_basename=`basename ${current_tboot}` tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` - tboot_version="1.11.5" + tboot_version="1.11.6" list="${linux_list}" echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{" while [ "x$list" != "x" ] ; do diff -r b6f26b413095 -r 9b2748d651ee tboot/Config.mk --- a/tboot/Config.mk Tue Sep 24 09:04:53 2024 +0200 +++ b/tboot/Config.mk Tue Sep 24 09:09:50 2024 +0200 @@ -6,8 +6,8 @@ # # tboot-specific build settings # -RELEASEVER := "1.11.5" -RELEASETIME := "2024-09-18 16:00 +0100" +RELEASEVER := "1.11.6" +RELEASETIME := "2024-09-18 09:00 +0100" ROOTDIR ?= $(CURDIR)/.. # tboot needs too many customized compiler settings to use system CFLAGS, |
|
From: Mateusz M. <mat...@in...> - 2024-06-27 07:19:02
|
changeset 038263f46151 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=038263f46151 description: Remove unnecessary OPENSSL_free from lcputils.c Signed-off-by: Mateusz Mowka <mat...@in...> diffstat: lcptools-v2/lcputils.c | 3 --- 1 files changed, 0 insertions(+), 3 deletions(-) diffs (13 lines): diff -r caa503a4d551 -r 038263f46151 lcptools-v2/lcputils.c --- a/lcptools-v2/lcputils.c Fri Apr 05 11:44:16 2024 +0200 +++ b/lcptools-v2/lcputils.c Wed Jun 26 17:18:56 2024 +0200 @@ -1003,9 +1003,6 @@ if (point_buffer != NULL) { OPENSSL_free((void *) point_buffer); } - if (curveName != NULL) { - OPENSSL_free((void *) curveName); - } #else if (ec_key != NULL) { OPENSSL_free((void *) ec_key); |
|
From: Mateusz M. <mat...@in...> - 2024-04-17 10:21:44
|
changeset 9e73e01ac748 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=9e73e01ac748 description: Add TPR (TXT Protected Range) support. diffstat: include/mle.h | 15 ++- tboot/common/integrity.c | 8 +- tboot/common/tboot.c | 6 +- tboot/include/integrity.h | 10 +- tboot/include/txt/heap.h | 13 ++ tboot/include/txt/txt.h | 2 + tboot/include/txt/verify.h | 8 +- tboot/txt/heap.c | 67 +++++++++++++++ tboot/txt/txt.c | 44 ++++++++- tboot/txt/verify.c | 199 +++++++++++++++++++++++++++++++++----------- 10 files changed, 300 insertions(+), 72 deletions(-) diffs (truncated from 659 to 300 lines): diff -r 909398b4916b -r 9e73e01ac748 include/mle.h --- a/include/mle.h Mon Feb 12 17:26:09 2024 +0100 +++ b/include/mle.h Thu Mar 28 13:35:25 2024 +0100 @@ -52,7 +52,9 @@ uint32_t max_phy_addr : 1; uint32_t tcg_event_log_format: 1; uint32_t cbnt_supported : 1; - uint32_t reserved1 : 21; + uint32_t reserved1 : 3; + uint32_t tpr_support : 1; + uint32_t reserved2 : 17; }; } txt_caps_t; @@ -80,10 +82,13 @@ /* * values supported by current version of tboot */ -#define MLE_HDR_VER 0x00020001 /* 2.1 */ -#define MLE_HDR_CAPS 0x000000627 /* rlp_wake_{getsec, monitor} = 1, - ecx_pgtbl = 1, nolg = 0, da = 1 - tcg_event_log_format = 1, cbnt_supported = 1 */ +#define MLE_HDR_VER 0x00020003 /* 2.3 */ + +#define MLE_HDR_CAPS 0x000004627 /* rlp_wake_{getsec, monitor} = 1 + * ecx_pgtbl = 1, nolg = 0, da = 1 + * tcg_event_log_format = 1, cbnt_supported = 1 + * tpr_supported = 1 + */ #endif /* __MLE_H__ */ diff -r 909398b4916b -r 9e73e01ac748 tboot/common/integrity.c --- a/tboot/common/integrity.c Mon Feb 12 17:26:09 2024 +0100 +++ b/tboot/common/integrity.c Thu Mar 28 13:35:25 2024 +0100 @@ -108,10 +108,10 @@ struct tpm_if *tpm = get_tpm(); printk(TBOOT_DETA"pre_k_s3_state:\n"); - printk(TBOOT_DETA"\t vtd_pmr_lo_base: 0x%Lx\n", g_pre_k_s3_state.vtd_pmr_lo_base); - printk(TBOOT_DETA"\t vtd_pmr_lo_size: 0x%Lx\n", g_pre_k_s3_state.vtd_pmr_lo_size); - printk(TBOOT_DETA"\t vtd_pmr_hi_base: 0x%Lx\n", g_pre_k_s3_state.vtd_pmr_hi_base); - printk(TBOOT_DETA"\t vtd_pmr_hi_size: 0x%Lx\n", g_pre_k_s3_state.vtd_pmr_hi_size); + printk(TBOOT_DETA"\t dma_protection_lo_base: 0x%Lx\n", g_pre_k_s3_state.dma_protection_lo_base); + printk(TBOOT_DETA"\t dma_protection_lo_size: 0x%Lx\n", g_pre_k_s3_state.dma_protection_lo_size); + printk(TBOOT_DETA"\t dma_protection_hi_base: 0x%Lx\n", g_pre_k_s3_state.dma_protection_hi_base); + printk(TBOOT_DETA"\t dma_protection_hi_size: 0x%Lx\n", g_pre_k_s3_state.dma_protection_hi_size); printk(TBOOT_DETA"\t pol_hash: "); print_hash(&g_pre_k_s3_state.pol_hash, tpm->cur_alg); printk(TBOOT_DETA"\t VL measurements:\n"); diff -r 909398b4916b -r 9e73e01ac748 tboot/common/tboot.c --- a/tboot/common/tboot.c Mon Feb 12 17:26:09 2024 +0100 +++ b/tboot/common/tboot.c Thu Mar 28 13:35:25 2024 +0100 @@ -375,7 +375,7 @@ } else { printk_init(false); } - + //TBOOT_CHANGESET is defined in CFLAGS in config.mk printk(TBOOT_INFO"*********************** TBOOT ***********************\n"); printk(TBOOT_INFO" %s\n", TBOOT_CHANGESET); printk(TBOOT_INFO"*****************************************************\n"); @@ -428,6 +428,10 @@ apply_policy(TB_ERR_ACMOD_VERIFY_FAILED); } + //We need to have g_sinit point to SINIT ACM before we can run is_tpr_supported + //This global variable decides whether PMR or TPR is used + g_tpr_support = is_tpr_supported(); + /* make TPM ready for measured launch */ if (!tpm_detect()) apply_policy(TB_ERR_TPM_NOT_READY); diff -r 909398b4916b -r 9e73e01ac748 tboot/include/integrity.h --- a/tboot/include/integrity.h Mon Feb 12 17:26:09 2024 +0100 +++ b/tboot/include/integrity.h Thu Mar 28 13:35:25 2024 +0100 @@ -57,11 +57,11 @@ } hash_list_t; typedef struct { - /* low and high memory regions to protect w/ VT-d PMRs */ - uint64_t vtd_pmr_lo_base; - uint64_t vtd_pmr_lo_size; - uint64_t vtd_pmr_hi_base; - uint64_t vtd_pmr_hi_size; + /* low and high memory regions to protect w/ VT-d PMRs or TPRs*/ + uint64_t dma_protection_lo_base; + uint64_t dma_protection_lo_size; + uint64_t dma_protection_hi_base; + uint64_t dma_protection_hi_size; /* VL policy at time of sealing */ tb_hash_t pol_hash; /* verified launch measurements to be re-extended in DRTM PCRs diff -r 909398b4916b -r 9e73e01ac748 tboot/include/txt/heap.h --- a/tboot/include/txt/heap.h Mon Feb 12 17:26:09 2024 +0100 +++ b/tboot/include/txt/heap.h Thu Mar 28 13:35:25 2024 +0100 @@ -233,6 +233,17 @@ uint32_t next_record_offset; } heap_event_log_ptr_elt2_1_t; +#define HEAP_EXTDATA_TYPE_TPR_REQ 13 +typedef struct __packed { + uint64_t tpr_range_base; //Physical address of the TPR base + uint64_t tpr_range_size; //Size of the requested TPR +} tpr_range_t; + +typedef struct __packed { + uint32_t tpr_cnt; //How many TPRs in the request area. Max value of tpr_cnt is HW-specific. + tpr_range_t tpr_req_arr[]; //array of tpr ranges (tpr_cnt * tpr_range_t) +} heap_tpr_req_element_t; + /* * data-passing structures contained in TXT heap: * - BIOS @@ -295,6 +306,7 @@ #define MIN_OS_SINIT_DATA_VER 4 #define MAX_OS_SINIT_DATA_VER 7 #define OS_SINIT_FLAGS_EXTPOL_MASK 0x00000001 +#define OS_SINIT_DATA_WITH_TPR_SIZE 144 //92 bytes for struct, 44 for tpr_req_elt, 8 for end elt /* * OS/loader to SINIT structure */ @@ -447,6 +459,7 @@ extern bool verify_bios_data(const txt_heap_t *txt_heap); extern void print_os_sinit_data(const os_sinit_data_t *os_sinit_data); extern void print_os_sinit_data_vtdpmr(const os_sinit_data_t *os_sinit_data); +extern heap_tpr_req_element_t *get_tpr_req_element(const os_sinit_data_t *os_sinit_data); #endif /* __TXT_HEAP_H__ */ diff -r 909398b4916b -r 9e73e01ac748 tboot/include/txt/txt.h --- a/tboot/include/txt/txt.h Mon Feb 12 17:26:09 2024 +0100 +++ b/tboot/include/txt/txt.h Thu Mar 28 13:35:25 2024 +0100 @@ -61,8 +61,10 @@ extern bool txt_is_powercycle_required(void); extern void ap_wait(unsigned int cpuid); extern int get_evtlog_type(void); +extern bool is_tpr_supported(void); extern uint32_t g_using_da; +extern bool g_tpr_support; #endif /* __TXT_TXT_H__ */ diff -r 909398b4916b -r 9e73e01ac748 tboot/include/txt/verify.h --- a/tboot/include/txt/verify.h Mon Feb 12 17:26:09 2024 +0100 +++ b/tboot/include/txt/verify.h Thu Mar 28 13:35:25 2024 +0100 @@ -36,13 +36,19 @@ #ifndef __TXT_VERIFY_H__ #define __TXT_VERIFY_H__ -extern void set_vtd_pmrs(os_sinit_data_t *os_sinit_data, +extern void set_dma_protection(os_sinit_data_t *os_sinit_data, uint64_t min_lo_ram, uint64_t max_lo_ram, uint64_t min_hi_ram, uint64_t max_hi_ram); extern bool verify_e820_map(sinit_mdr_t* mdrs_base, uint32_t num_mdrs); extern bool verify_stm(unsigned int cpuid); extern bool use_mwait(void); +typedef struct __packed { + uint64_t base; + uint64_t size; +} dma_protected_range_t; + + #endif /* __TXT_VERIFY_H__ */ diff -r 909398b4916b -r 9e73e01ac748 tboot/txt/heap.c --- a/tboot/txt/heap.c Mon Feb 12 17:26:09 2024 +0100 +++ b/tboot/txt/heap.c Thu Mar 28 13:35:25 2024 +0100 @@ -371,6 +371,20 @@ } } +static void print_tpr_req_elt(const heap_ext_data_element_t *elt) +{ + if (elt == NULL) return; + const heap_tpr_req_element_t *tpr_req_elt = (const heap_tpr_req_element_t *) elt->data; + printk(TBOOT_DETA"\t TPR_REQ_ELEMENT:\n"); + printk(TBOOT_DETA"\t\t type: %d\n", elt->type); + printk(TBOOT_DETA"\t\t size: %u\n", elt->size); + printk(TBOOT_DETA"\t\t tpr_cnt: %u\n", tpr_req_elt->tpr_cnt); + for (uint16_t i = 0; i < tpr_req_elt->tpr_cnt; i++) { + printk(TBOOT_DETA"\t tpr_range[%u]:\n", i); + printk(TBOOT_DETA"\t\t range_base: 0x%Lx\n", tpr_req_elt->tpr_req_arr[i].tpr_range_base); + printk(TBOOT_DETA"\t\t range_size: 0x%Lx\n", tpr_req_elt->tpr_req_arr[i].tpr_range_size); + } +} static void print_ext_data_elts(const heap_ext_data_element_t elts[]) { @@ -397,6 +411,9 @@ case HEAP_EXTDATA_TYPE_TPM_EVENT_LOG_PTR_2_1: print_evt_log_ptr_elt_2_1(elt); break; + case HEAP_EXTDATA_TYPE_TPR_REQ: + print_tpr_req_elt(elt); + break; default: printk(TBOOT_WARN"\t\t unknown element: type: %u, size: %u\n", elt->type, elt->size); @@ -703,6 +720,7 @@ */ uint64_t calc_os_sinit_data_size(uint32_t version) { + uint64_t tpr_elt_size = 0; uint64_t size[] = { offsetof(os_sinit_data_t, efi_rsdt_ptr) + sizeof(uint64_t), sizeof(os_sinit_data_t) + sizeof(uint64_t), @@ -730,6 +748,14 @@ 2 * sizeof(heap_ext_data_element_t) + 4 + count*sizeof(heap_event_log_descr_t); } + //we need TPR for lo RAM and TPR for hi ram (2 TPR ranges) + //size of heap_ext_data_element_t.type and size, plus size of tpr_cnt in tpr eleemnt, + //plus size of tpr_range structure (twice) + if (g_tpr_support) { + tpr_elt_size = offsetof(heap_ext_data_element_t, data) + offsetof(heap_tpr_req_element_t, tpr_req_arr) + + (2 * sizeof(tpr_range_t)); + size[2] += tpr_elt_size; + } if ( version >= 6 ) return size[2]; @@ -745,6 +771,18 @@ printk(TBOOT_DETA"\t vtd_pmr_hi_size: 0x%Lx\n", os_sinit_data->vtd_pmr_hi_size); } +void print_os_sinit_data_tpr(const os_sinit_data_t *os_sinit_data) +{ + heap_tpr_req_element_t *tpr_elt = NULL; + if (os_sinit_data == NULL) return; + tpr_elt = get_tpr_req_element(os_sinit_data); + if (tpr_elt == NULL) return; + printk(TBOOT_DETA"\t tpr_lo_base: 0x%Lx\n", tpr_elt->tpr_req_arr[0].tpr_range_base); + printk(TBOOT_DETA"\t tpr_lo_size: 0x%Lx\n", tpr_elt->tpr_req_arr[0].tpr_range_size); + printk(TBOOT_DETA"\t tpr_hi_base: 0x%Lx\n", tpr_elt->tpr_req_arr[1].tpr_range_base); + printk(TBOOT_DETA"\t tpr_hi_size: 0x%Lx\n", tpr_elt->tpr_req_arr[1].tpr_range_size); +} + void print_os_sinit_data(const os_sinit_data_t *os_sinit_data) { printk(TBOOT_DETA"os_sinit_data (@%p, %Lx):\n", os_sinit_data, @@ -950,6 +988,35 @@ return true; } +heap_tpr_req_element_t *get_tpr_req_element(const os_sinit_data_t *os_sinit_data) { + heap_ext_data_element_t *elt = NULL; + heap_tpr_req_element_t *tpr_elt = NULL; + if (os_sinit_data == NULL) { + return NULL; + } + if (os_sinit_data->version < 6) { + //Old versions do not support heap_ext_elements + return NULL; + } + if (g_tpr_support == false) { + //TPR not supported + return NULL; + } + elt = (heap_ext_data_element_t *) &os_sinit_data->ext_data_elts; + //Walk elements to find TPR element + while (elt->type != HEAP_EXTDATA_TYPE_END) { + if (elt->type != HEAP_EXTDATA_TYPE_TPR_REQ) { + elt = (void *)elt + elt->size; + } + else { + printk(TBOOT_DETA"Found TPR req element\n"); + tpr_elt = (heap_tpr_req_element_t *) &elt->data; + break; + } + } + return tpr_elt; +} + #endif /* diff -r 909398b4916b -r 9e73e01ac748 tboot/txt/txt.c --- a/tboot/txt/txt.c Mon Feb 12 17:26:09 2024 +0100 +++ b/tboot/txt/txt.c Thu Mar 28 13:35:25 2024 +0100 @@ -307,6 +307,7 @@ { heap_ext_data_element_t* elt = elts; heap_event_log_ptr_elt_t* evt_log; + heap_tpr_req_element_t* tpr_elt = NULL; struct tpm_if *tpm = get_tpm(); int log_type = get_evtlog_type(); @@ -334,7 +335,18 @@ g_elog_2->count * sizeof(heap_event_log_descr_t); printk(TBOOT_DETA"INTEL TXT LOG elt SIZE = %d \n", elt->size); } - + if (g_tpr_support) { + //Go to next elt + elt = (void *)elt + elt->size; + //Allocate space for 2 TPR ranges, one in LO RAM and the other in HI RAM |
|
From: Pawel R. <paw...@in...> - 2023-01-25 09:42:43
|
changeset 20d51110b8e6 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=20d51110b8e6 description: Added tag v1.11.1 for changeset c0fc38b9d2a9 diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r c0fc38b9d2a9 -r 20d51110b8e6 .hgtags --- a/.hgtags Wed Jan 25 10:42:00 2023 +0100 +++ b/.hgtags Wed Jan 25 10:42:23 2023 +0100 @@ -35,3 +35,4 @@ 89db8ce6884c7763fd1e0bbf9d940cba9f33ee2b v1.10.4 9c406d761d2ebb51ef7e762a7ed37a0664c65370 v1.10.5 4af1bd83b21b8b1c45bb676f8ce314221f8ffa4e v1.11.0 +c0fc38b9d2a9cdf6eb879462efc0c1c62b38ae99 v1.11.1 |
|
From: Pawel R. <paw...@in...> - 2023-01-25 09:42:42
|
changeset c0fc38b9d2a9 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=c0fc38b9d2a9 description: Version v1.11.1 diffstat: CHANGELOG | 2 ++ tboot/20_linux_tboot | 2 +- tboot/20_linux_xen_tboot | 2 +- tboot/Config.mk | 4 ++-- 4 files changed, 6 insertions(+), 4 deletions(-) diffs (47 lines): diff -r dcc226f98508 -r c0fc38b9d2a9 CHANGELOG --- a/CHANGELOG Wed Jan 25 10:20:43 2023 +0100 +++ b/CHANGELOG Wed Jan 25 10:42:00 2023 +0100 @@ -1,3 +1,5 @@ +20230125: v1.11.1 + Revert log memory range extension (caused memory overlaps and boot failures) 20221223: v1.11.0 Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations) Exteded low memory range for logs (HCC CPUs had issue with not enough memory) diff -r dcc226f98508 -r c0fc38b9d2a9 tboot/20_linux_tboot --- a/tboot/20_linux_tboot Wed Jan 25 10:20:43 2023 +0100 +++ b/tboot/20_linux_tboot Wed Jan 25 10:42:00 2023 +0100 @@ -195,7 +195,7 @@ tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` # tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"` - tboot_version="1.11.0" + tboot_version="1.11.1" echo "submenu \"tboot ${tboot_version}\" {" while [ "x$list" != "x" ] ; do linux=`version_find_latest $list` diff -r dcc226f98508 -r c0fc38b9d2a9 tboot/20_linux_xen_tboot --- a/tboot/20_linux_xen_tboot Wed Jan 25 10:20:43 2023 +0100 +++ b/tboot/20_linux_xen_tboot Wed Jan 25 10:42:00 2023 +0100 @@ -230,7 +230,7 @@ tboot_basename=`basename ${current_tboot}` tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` - tboot_version="1.11.0" + tboot_version="1.11.1" list="${linux_list}" echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{" while [ "x$list" != "x" ] ; do diff -r dcc226f98508 -r c0fc38b9d2a9 tboot/Config.mk --- a/tboot/Config.mk Wed Jan 25 10:20:43 2023 +0100 +++ b/tboot/Config.mk Wed Jan 25 10:42:00 2023 +0100 @@ -6,8 +6,8 @@ # # tboot-specific build settings # -RELEASEVER := "1.11.0" -RELEASETIME := "2022-12-23 11:00 +0100" +RELEASEVER := "1.11.1" +RELEASETIME := "2023-01-25 11:00 +0100" ROOTDIR ?= $(CURDIR)/.. # tboot needs too many customized compiler settings to use system CFLAGS, |
|
From: Pawel R. <paw...@in...> - 2023-01-25 09:25:25
|
changeset dcc226f98508 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=dcc226f98508 description: Revert change for log memory extension As mentioned in an e-mail from Łukasz Hawryłko changeset b06289220ef8 introduced memory overlaps that I was not aware of. Unfortunately, setups that I tested on did not have any issues and so I was not anticipating any. This revert should fix it to at previous correct state. diffstat: include/config.h | 2 +- include/tboot.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diffs (24 lines): diff -r 4a904a608c70 -r dcc226f98508 include/config.h --- a/include/config.h Fri Dec 23 10:15:47 2022 +0100 +++ b/include/config.h Wed Jan 25 10:20:43 2023 +0100 @@ -56,7 +56,7 @@ /* address/size for memory-resident serial log (when enabled) */ #define TBOOT_SERIAL_LOG_ADDR TBOOT_LOWMEM_START -#define TBOOT_SERIAL_LOG_SIZE 0x32000 +#define TBOOT_SERIAL_LOG_SIZE 0x08000 /* address/size for modified e820 table */ #define TBOOT_E820_COPY_ADDR (TBOOT_SERIAL_LOG_ADDR + \ diff -r 4a904a608c70 -r dcc226f98508 include/tboot.h --- a/include/tboot.h Fri Dec 23 10:15:47 2022 +0100 +++ b/include/tboot.h Wed Jan 25 10:20:43 2023 +0100 @@ -131,7 +131,7 @@ #define ZIP_COUNT_MAX 10 typedef struct { uuid_t uuid; - uint32_t max_size; + uint16_t max_size; uint16_t curr_pos; uint16_t zip_pos[ZIP_COUNT_MAX]; uint16_t zip_size[ZIP_COUNT_MAX]; |
|
From: Pawel R. <paw...@in...> - 2022-12-23 09:21:03
|
changeset 4a904a608c70 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=4a904a608c70 description: Added tag v1.11.0 for changeset 4af1bd83b21b diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 4af1bd83b21b -r 4a904a608c70 .hgtags --- a/.hgtags Fri Dec 23 10:15:42 2022 +0100 +++ b/.hgtags Fri Dec 23 10:15:47 2022 +0100 @@ -34,3 +34,4 @@ 513125987ff7aab93451b87da3fd504eeb9cfd69 v1.10.3 89db8ce6884c7763fd1e0bbf9d940cba9f33ee2b v1.10.4 9c406d761d2ebb51ef7e762a7ed37a0664c65370 v1.10.5 +4af1bd83b21b8b1c45bb676f8ce314221f8ffa4e v1.11.0 |
|
From: Pawel R. <paw...@in...> - 2022-12-23 09:21:03
|
changeset 4af1bd83b21b in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=4af1bd83b21b description: Version v1.11.0 diffstat: CHANGELOG | 10 ++++++++++ tboot/20_linux_tboot | 2 +- tboot/20_linux_xen_tboot | 2 +- tboot/Config.mk | 4 ++-- 4 files changed, 14 insertions(+), 4 deletions(-) diffs (55 lines): diff -r be0a892edfc8 -r 4af1bd83b21b CHANGELOG --- a/CHANGELOG Mon Dec 12 11:35:49 2022 +0100 +++ b/CHANGELOG Fri Dec 23 10:15:42 2022 +0100 @@ -1,3 +1,13 @@ +20221223: v1.11.0 + Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations) + Exteded low memory range for logs (HCC CPUs had issue with not enough memory) + "agile" removed from PCR Extend policy options (requested deprecation) + Added handling for flexible ACM Info Table format + lcptools: CPPFLAGS use by environment in build + lcptools: removed __DATE__ refs to make build reproducible + Only platform-matchin SINIT modules can be selected + txt-acminfo: Map TXT heap using mmap + Typo fix in man page 20220304: v1.10.5 Fixed mlehash.c to bring back functionality and make it GCC12 compliant Reverted change for replacing EFI memory to bring back Tboot in-memory logs diff -r be0a892edfc8 -r 4af1bd83b21b tboot/20_linux_tboot --- a/tboot/20_linux_tboot Mon Dec 12 11:35:49 2022 +0100 +++ b/tboot/20_linux_tboot Fri Dec 23 10:15:42 2022 +0100 @@ -195,7 +195,7 @@ tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` # tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"` - tboot_version="1.10.5" + tboot_version="1.11.0" echo "submenu \"tboot ${tboot_version}\" {" while [ "x$list" != "x" ] ; do linux=`version_find_latest $list` diff -r be0a892edfc8 -r 4af1bd83b21b tboot/20_linux_xen_tboot --- a/tboot/20_linux_xen_tboot Mon Dec 12 11:35:49 2022 +0100 +++ b/tboot/20_linux_xen_tboot Fri Dec 23 10:15:42 2022 +0100 @@ -230,7 +230,7 @@ tboot_basename=`basename ${current_tboot}` tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` - tboot_version="1.10.5" + tboot_version="1.11.0" list="${linux_list}" echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{" while [ "x$list" != "x" ] ; do diff -r be0a892edfc8 -r 4af1bd83b21b tboot/Config.mk --- a/tboot/Config.mk Mon Dec 12 11:35:49 2022 +0100 +++ b/tboot/Config.mk Fri Dec 23 10:15:42 2022 +0100 @@ -6,8 +6,8 @@ # # tboot-specific build settings # -RELEASEVER := "1.10.5" -RELEASETIME := "2022-03-04 12:00 +0100" +RELEASEVER := "1.11.0" +RELEASETIME := "2022-12-23 11:00 +0100" ROOTDIR ?= $(CURDIR)/.. # tboot needs too many customized compiler settings to use system CFLAGS, |
|
From: Pawel R. <paw...@in...> - 2022-12-22 15:13:09
|
changeset b06289220ef8 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=b06289220ef8 description: Extend low memory range reserved for logs Some platforms with higher core count had the issue of logs overflowing the memory range reserved for them, and thus overwriting themselves, leaving just a bit of last lines of logs to be later read. Before range was 32KB, now it is 200KB which HOPEFULLY won't need further extensions WARNING: This patch causes logs to be unreadable with older versions of txt-stat. If you're using TBOOT with this patch, please swap your txt-stat for the one built with this patch too. diffstat: include/config.h | 2 +- include/tboot.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diffs (24 lines): diff -r 5780c959ab11 -r b06289220ef8 include/config.h --- a/include/config.h Wed Oct 05 14:23:58 2022 +0200 +++ b/include/config.h Mon Dec 12 11:31:41 2022 +0100 @@ -56,7 +56,7 @@ /* address/size for memory-resident serial log (when enabled) */ #define TBOOT_SERIAL_LOG_ADDR TBOOT_LOWMEM_START -#define TBOOT_SERIAL_LOG_SIZE 0x08000 +#define TBOOT_SERIAL_LOG_SIZE 0x32000 /* address/size for modified e820 table */ #define TBOOT_E820_COPY_ADDR (TBOOT_SERIAL_LOG_ADDR + \ diff -r 5780c959ab11 -r b06289220ef8 include/tboot.h --- a/include/tboot.h Wed Oct 05 14:23:58 2022 +0200 +++ b/include/tboot.h Mon Dec 12 11:31:41 2022 +0100 @@ -131,7 +131,7 @@ #define ZIP_COUNT_MAX 10 typedef struct { uuid_t uuid; - uint16_t max_size; + uint32_t max_size; uint16_t curr_pos; uint16_t zip_pos[ZIP_COUNT_MAX]; uint16_t zip_size[ZIP_COUNT_MAX]; |
|
From: Pawel R. <paw...@in...> - 2022-12-22 15:13:09
|
changeset be0a892edfc8 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=be0a892edfc8 description: Flush TPM context after loading objects for integrity verification This change is due to Intel PTT limitations. TPM's object memory capacity varies, but Intel PTT has been implemented according to minimum TPM requirements, which means that it has only enough memory slots to contain three objects. TBOOT might run into an issue of overflowing PTT's object memory and thus failing to verify memory integrity in S3 cycles - which would be quite a security flaw. Since those objects could be removed from TPM's object memory right after they're loaded into TBOOT's space - just that has been added into the flow. diffstat: tboot/common/tpm_20.c | 48 +++++++++++++++++++++++++++--------------------- 1 files changed, 27 insertions(+), 21 deletions(-) diffs (72 lines): diff -r b06289220ef8 -r be0a892edfc8 tboot/common/tpm_20.c --- a/tboot/common/tpm_20.c Mon Dec 12 11:31:41 2022 +0100 +++ b/tboot/common/tpm_20.c Mon Dec 12 11:35:49 2022 +0100 @@ -2096,6 +2096,27 @@ } +static bool tpm20_context_flush(struct tpm_if *ti, u32 locality, TPM_HANDLE handle) +{ + tpm_flushcontext_in in; + u32 ret; + + if ( ti == NULL || locality >= TPM_NR_LOCALITIES ) + return false; + if ( handle == 0 ) + return false; + in.flushHandle = handle; + ret = _tpm20_context_flush(locality, &in); + if ( ret != TPM_RC_SUCCESS ) { + printk(TBOOT_WARN"TPM: tpm2 context flush returned , return value = %08X\n", ret); + ti->error = ret; + return false; + } + else + printk(TBOOT_WARN"TPM: tpm2 context flush successful, return value = %08X\n", ret); + return true; +} + TPM_CMD_SESSION_DATA_IN pw_session; static void create_pw_session(TPM_CMD_SESSION_DATA_IN *ses) @@ -2513,6 +2534,12 @@ *secret_size = unseal_out.data.t.size; tb_memcpy(secret, &(unseal_out.data.t.buffer[0]), *secret_size); + if ( !tpm20_context_flush(ti, locality, load_out.obj_handle) ) { + printk(TBOOT_WARN"TPM: Failed to flush context\n"); + ti->error = ret; + return false; + } + return true; } @@ -2693,27 +2720,6 @@ return true; } -static bool tpm20_context_flush(struct tpm_if *ti, u32 locality, TPM_HANDLE handle) -{ - tpm_flushcontext_in in; - u32 ret; - - if ( ti == NULL || locality >= TPM_NR_LOCALITIES ) - return false; - if ( handle == 0 ) - return false; - in.flushHandle = handle; - ret = _tpm20_context_flush(locality, &in); - if ( ret != TPM_RC_SUCCESS ) { - printk(TBOOT_WARN"TPM: tpm2 context flush returned , return value = %08X\n", ret); - ti->error = ret; - return false; - } - else - printk(TBOOT_WARN"TPM: tpm2 context flush successful, return value = %08X\n", ret); - return true; -} - static bool tpm20_init(struct tpm_if *ti) { u32 ret; |
|
From: Pawel R. <paw...@in...> - 2022-10-10 11:20:37
|
changeset 5780c959ab11 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=5780c959ab11 description: Removal of "agile" option for Extending PCR Policy As mentioned in earlier commit "agile" option is from now on unavailable. If you've chosen it through commandline TBOOT will use default option. diffstat: tboot/common/cmdline.c | 5 ++--- tboot/common/policy.c | 48 +----------------------------------------------- tboot/include/tpm.h | 2 +- tboot/txt/txt.c | 21 ++++----------------- 4 files changed, 8 insertions(+), 68 deletions(-) diffs (152 lines): diff -r 7ab3f002cc04 -r 5780c959ab11 tboot/common/cmdline.c --- a/tboot/common/cmdline.c Wed Aug 31 15:20:39 2022 +0200 +++ b/tboot/common/cmdline.c Wed Oct 05 14:23:58 2022 +0200 @@ -516,9 +516,8 @@ if ( tb_strcmp(extpol, "agile") == 0 ) { printk(TBOOT_WARN"Warning: \"agile\" selected in extpol, " - "this option is set to be deprecated\n" - "(see tboot-devel mailing list archive)\n"); - tpm->extpol = TB_EXTPOL_AGILE; + "this option is deprecated\n"); + tpm->extpol = TB_EXTPOL_FIXED; tpm->cur_alg = TB_HALG_SHA256; } else if ( tb_strcmp(extpol, "embedded") == 0 ) { tpm->extpol = TB_EXTPOL_EMBEDDED; diff -r 7ab3f002cc04 -r 5780c959ab11 tboot/common/policy.c --- a/tboot/common/policy.c Wed Aug 31 15:20:39 2022 +0200 +++ b/tboot/common/policy.c Wed Oct 05 14:23:58 2022 +0200 @@ -507,7 +507,6 @@ size_t size) { struct tpm_if *tpm = get_tpm(); - const struct tpm_if_fp *tpm_fp = get_tpm_fp(); if ( hl == NULL ) { printk(TBOOT_ERR"Error: input parameter is wrong.\n"); @@ -541,46 +540,7 @@ return false; break; - - case TB_EXTPOL_AGILE: - { - hash_list_t img_hl, final_hl; - if ( !tpm_fp->hash(tpm, 2, (const unsigned char *)cmdline, - tb_strlen(cmdline), hl) ) - return false; - - uint8_t buf[2*sizeof(tb_hash_t)]; - - if ( !tpm_fp->hash(tpm, 2, base, size, &img_hl) ) - return false; - for (unsigned int i=0; i<hl->count; i++) { - for (unsigned int j=0; j<img_hl.count; j++) { - if (hl->entries[i].alg == img_hl.entries[j].alg) { - copy_hash((tb_hash_t *)buf, &hl->entries[i].hash, - hl->entries[i].alg); - copy_hash((tb_hash_t *)(buf + get_hash_size(hl->entries[i].alg)), - &img_hl.entries[j].hash, hl->entries[i].alg); - if ( !tpm_fp->hash(tpm, 2, buf, - 2*get_hash_size(hl->entries[i].alg), &final_hl) ) - return false; - - for (unsigned int k=0; k<final_hl.count; k++) { - if (hl->entries[i].alg == final_hl.entries[k].alg) { - copy_hash(&hl->entries[i].hash, - &final_hl.entries[k].hash, - hl->entries[i].alg); - break; - } - } - - break; - } - } - } - - break; - } - + case TB_EXTPOL_EMBEDDED: { tb_hash_t img_hash; @@ -772,7 +732,6 @@ static void verify_g_policy(void) { struct tpm_if *tpm = get_tpm(); - const struct tpm_if_fp *tpm_fp = get_tpm_fp(); /* assumes mbi is valid */ printk(TBOOT_INFO"verifying policy \n"); @@ -802,11 +761,6 @@ break; - case TB_EXTPOL_AGILE: - if ( !tpm_fp->hash(tpm, 2, buf, size, &VL_ENTRIES(NUM_VL_ENTRIES).hl) ) - apply_policy(TB_ERR_MODULE_VERIFICATION_FAILED); - break; - case TB_EXTPOL_EMBEDDED: { VL_ENTRIES(NUM_VL_ENTRIES).hl.count = tpm->alg_count; diff -r 7ab3f002cc04 -r 5780c959ab11 tboot/include/tpm.h --- a/tboot/include/tpm.h Wed Aug 31 15:20:39 2022 +0200 +++ b/tboot/include/tpm.h Wed Oct 05 14:23:58 2022 +0200 @@ -442,7 +442,7 @@ /* * Only for version>=2. PCR extend policy. */ -#define TB_EXTPOL_AGILE 0 +#define TB_EXTPOL_AGILE 0 // deprecated #define TB_EXTPOL_EMBEDDED 1 #define TB_EXTPOL_FIXED 2 u8 extpol; diff -r 7ab3f002cc04 -r 5780c959ab11 tboot/txt/txt.c --- a/tboot/txt/txt.c Wed Aug 31 15:20:39 2022 +0200 +++ b/tboot/txt/txt.c Wed Oct 05 14:23:58 2022 +0200 @@ -253,16 +253,6 @@ os_mle_data_t *os_mle_data = get_os_mle_data_start(get_txt_heap()); struct tpm_if *tpm = get_tpm(); switch (tpm->extpol) { - case TB_EXTPOL_AGILE: - for (i=0; i<evt_log->count; i++) { - evt_log->event_log_descr[i].alg = tpm->algs_banks[i]; - evt_log->event_log_descr[i].phys_addr = - (uint64_t)(unsigned long)(os_mle_data->event_log_buffer + i*4096); - evt_log->event_log_descr[i].size = 4096; - evt_log->event_log_descr[i].pcr_events_offset = 0; - evt_log->event_log_descr[i].next_event_offset = 0; - } - break; case TB_EXTPOL_EMBEDDED: for (i=0; i<evt_log->count; i++) { evt_log->event_log_descr[i].alg = tpm->algs[i]; @@ -334,13 +324,10 @@ printk(TBOOT_DETA"heap_ext_data_element SIZE = %d \n", elt->size); } else if ( log_type == EVTLOG_TPM2_LEGACY ) { g_elog_2 = (heap_event_log_ptr_elt2_t *)elt->data; - if ( tpm->extpol == TB_EXTPOL_AGILE ) - g_elog_2->count = tpm->banks; + if ( tpm->extpol == TB_EXTPOL_EMBEDDED ) + g_elog_2->count = tpm->alg_count; else - if ( tpm->extpol == TB_EXTPOL_EMBEDDED ) - g_elog_2->count = tpm->alg_count; - else - g_elog_2->count = 1; + g_elog_2->count = 1; init_evtlog_desc(g_elog_2); elt->type = HEAP_EXTDATA_TYPE_TPM_EVENT_LOG_PTR_2; elt->size = sizeof(*elt) + sizeof(u32) + @@ -711,7 +698,7 @@ /* PCR mapping selection MUST be zero in TPM2.0 mode * since D/A mapping is the only supported by TPM2.0 */ if ( tpm->major >= TPM20_VER_MAJOR ) { - os_sinit_data->flags = (tpm->extpol == TB_EXTPOL_AGILE) ? 0 : 1; + os_sinit_data->flags = 1; os_sinit_data->capabilities.pcr_map_no_legacy = 0; os_sinit_data->capabilities.pcr_map_da = 0; g_using_da = 1; |
|
From: Pawel R. <paw...@in...> - 2022-08-31 13:29:42
|
changeset 7ab3f002cc04 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=7ab3f002cc04 description: Add deprecation warning for "agile" extend policy option As has been requested about 8 months ago by Alex Eydelberg, the "agile" option for extending policies will be deprecated to limit the use of TPM hashing algorithms. For now I'm only leaving a warning about soon deprecation of this option. Change definitely removing this option and making it go into default setting will appear around October this year. By chance also adding VS Code files into .hgignore for my own petty convenience... diffstat: .hgignore | 1 + tboot/common/cmdline.c | 3 +++ 2 files changed, 4 insertions(+), 0 deletions(-) diffs (21 lines): diff -r d3c68d34fad8 -r 7ab3f002cc04 .hgignore --- a/.hgignore Fri Aug 19 14:27:42 2022 +0200 +++ b/.hgignore Wed Aug 31 15:20:39 2022 +0200 @@ -50,3 +50,4 @@ ^utils/txt-parse_err$ ^cov-int/.*$ ^doxygen/.*$ +.vscode/ diff -r d3c68d34fad8 -r 7ab3f002cc04 tboot/common/cmdline.c --- a/tboot/common/cmdline.c Fri Aug 19 14:27:42 2022 +0200 +++ b/tboot/common/cmdline.c Wed Aug 31 15:20:39 2022 +0200 @@ -515,6 +515,9 @@ } if ( tb_strcmp(extpol, "agile") == 0 ) { + printk(TBOOT_WARN"Warning: \"agile\" selected in extpol, " + "this option is set to be deprecated\n" + "(see tboot-devel mailing list archive)\n"); tpm->extpol = TB_EXTPOL_AGILE; tpm->cur_alg = TB_HALG_SHA256; } else if ( tb_strcmp(extpol, "embedded") == 0 ) { |
|
From: Pawel R. <paw...@in...> - 2022-08-19 12:37:17
|
changeset d3c68d34fad8 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=d3c68d34fad8 description: Add prints for ACM Info Table ver 9+ By mistake I've omitted updating ACM Info Table prints while introducing handling for versions 9 and above of the table. This handling is intially tested, but not yet proven to be 100% correct. diffstat: tboot/txt/acmod.c | 181 ++++++++++++++++++++++++++++++++++++++--------------- 1 files changed, 129 insertions(+), 52 deletions(-) diffs (204 lines): diff -r 0b0cc108b412 -r d3c68d34fad8 tboot/txt/acmod.c --- a/tboot/txt/acmod.c Thu Jul 21 16:15:55 2022 +0200 +++ b/tboot/txt/acmod.c Fri Aug 19 14:27:42 2022 +0200 @@ -368,58 +368,141 @@ } /* chipset list */ - printk(TBOOT_DETA"\t chipset list:\n"); - acm_chipset_id_list_t *chipset_id_list = get_acmod_chipset_list(hdr); - if ( chipset_id_list == NULL ) { - printk(TBOOT_ERR"\t\t <invalid>\n"); - return; - } - printk(TBOOT_DETA"\t\t count: %u\n", chipset_id_list->count); - for ( unsigned int i = 0; i < chipset_id_list->count; i++ ) { - printk(TBOOT_DETA"\t\t entry %u:\n", i); - acm_chipset_id_t *chipset_id = &(chipset_id_list->chipset_ids[i]); - printk(TBOOT_DETA"\t\t flags: 0x%x\n", chipset_id->flags); - printk(TBOOT_DETA"\t\t vendor_id: 0x%x\n", (uint32_t)chipset_id->vendor_id); - printk(TBOOT_DETA"\t\t device_id: 0x%x\n", (uint32_t)chipset_id->device_id); - printk(TBOOT_DETA"\t\t revision_id: 0x%x\n", - (uint32_t)chipset_id->revision_id); - printk(TBOOT_DETA"\t\t extended_id: 0x%x\n", chipset_id->extended_id); - } - - if ( info_table->version >= 4 ) { - /* processor list */ - printk(TBOOT_DETA"\t processor list:\n"); - acm_processor_id_list_t *proc_id_list = get_acmod_processor_list(hdr); - if ( proc_id_list == NULL ) { + if (info_table->version < 9) { + printk(TBOOT_DETA"\t chipset list:\n"); + acm_chipset_id_list_t *chipset_id_list = get_acmod_chipset_list(hdr); + if ( chipset_id_list == NULL ) { printk(TBOOT_ERR"\t\t <invalid>\n"); return; } - printk(TBOOT_DETA"\t\t count: %u\n", proc_id_list->count); - for ( unsigned int i = 0; i < proc_id_list->count; i++ ) { + printk(TBOOT_DETA"\t\t count: %u\n", chipset_id_list->count); + for ( unsigned int i = 0; i < chipset_id_list->count; i++ ) { printk(TBOOT_DETA"\t\t entry %u:\n", i); - acm_processor_id_t *proc_id = &(proc_id_list->processor_ids[i]); - printk(TBOOT_DETA"\t\t fms: 0x%x\n", proc_id->fms); - printk(TBOOT_DETA"\t\t fms_mask: 0x%x\n", proc_id->fms_mask); - printk(TBOOT_DETA"\t\t platform_id: 0x%Lx\n", (unsigned long long)proc_id->platform_id); - printk(TBOOT_DETA"\t\t platform_mask: 0x%Lx\n", (unsigned long long)proc_id->platform_mask); + acm_chipset_id_t *chipset_id = &(chipset_id_list->chipset_ids[i]); + printk(TBOOT_DETA"\t\t flags: 0x%x\n", chipset_id->flags); + printk(TBOOT_DETA"\t\t vendor_id: 0x%x\n", (uint32_t)chipset_id->vendor_id); + printk(TBOOT_DETA"\t\t device_id: 0x%x\n", (uint32_t)chipset_id->device_id); + printk(TBOOT_DETA"\t\t revision_id: 0x%x\n", + (uint32_t)chipset_id->revision_id); + printk(TBOOT_DETA"\t\t extended_id: 0x%x\n", chipset_id->extended_id); } - } + + if ( info_table->version >= 4 ) { + /* processor list */ + printk(TBOOT_DETA"\t processor list:\n"); + acm_processor_id_list_t *proc_id_list = get_acmod_processor_list(hdr); + if ( proc_id_list == NULL ) { + printk(TBOOT_ERR"\t\t <invalid>\n"); + return; + } + printk(TBOOT_DETA"\t\t count: %u\n", proc_id_list->count); + for ( unsigned int i = 0; i < proc_id_list->count; i++ ) { + printk(TBOOT_DETA"\t\t entry %u:\n", i); + acm_processor_id_t *proc_id = &(proc_id_list->processor_ids[i]); + printk(TBOOT_DETA"\t\t fms: 0x%x\n", proc_id->fms); + printk(TBOOT_DETA"\t\t fms_mask: 0x%x\n", proc_id->fms_mask); + printk(TBOOT_DETA"\t\t platform_id: 0x%Lx\n", (unsigned long long)proc_id->platform_id); + printk(TBOOT_DETA"\t\t platform_mask: 0x%Lx\n", (unsigned long long)proc_id->platform_mask); + } + } + + if ( info_table->version >= 5 ){ + /* tpm infor list */ + printk(TBOOT_DETA"\t TPM info list:\n"); + tpm_info_list_t *info_list = get_tpm_info_list(hdr); + if ( info_list == NULL ) { + printk(TBOOT_ERR"\t\t <invalid>\n"); + return; + } + printk(TBOOT_DETA"\t\t TPM capability:\n"); + printk(TBOOT_DETA"\t\t ext_policy: 0x%x\n", info_list->capabilities.ext_policy); + printk(TBOOT_DETA"\t\t tpm_family : 0x%x\n", info_list->capabilities.tpm_family); + printk(TBOOT_DETA"\t\t tpm_nv_index_set : 0x%x\n", info_list->capabilities.tpm_nv_index_set); + printk(TBOOT_DETA"\t\t alg count: %u\n", info_list->count); + for ( unsigned int i = 0; i < info_list->count; i++ ) { + printk(TBOOT_DETA"\t\t alg_id: 0x%x\n", info_list->alg_id[i]); + } + } + } else { + list_header_t *info_list_ptr = (list_header_t *)((void *)info_table + info_table->length); - if ( info_table->version >= 5 ){ - /* tpm infor list */ - printk(TBOOT_DETA"\t TPM info list:\n"); - tpm_info_list_t *info_list = get_tpm_info_list(hdr); - if ( info_list == NULL ) { - printk(TBOOT_ERR"\t\t <invalid>\n"); - return; - } - printk(TBOOT_DETA"\t\t TPM capability:\n"); - printk(TBOOT_DETA"\t\t ext_policy: 0x%x\n", info_list->capabilities.ext_policy); - printk(TBOOT_DETA"\t\t tpm_family : 0x%x\n", info_list->capabilities.tpm_family); - printk(TBOOT_DETA"\t\t tpm_nv_index_set : 0x%x\n", info_list->capabilities.tpm_nv_index_set); - printk(TBOOT_DETA"\t\t alg count: %u\n", info_list->count); - for ( unsigned int i = 0; i < info_list->count; i++ ) { - printk(TBOOT_DETA"\t\t alg_id: 0x%x\n", info_list->alg_id[i]); + while (info_list_ptr->id != TERM) { + switch (info_list_ptr->id) { + case CS1L: + { + acm_chipset_id_list_t *chipset_id_list = (acm_chipset_id_list_t *)(info_list_ptr + 1); + + printk(TBOOT_DETA"\t chipset list:\n"); + printk(TBOOT_DETA"\t\t count: %u\n", chipset_id_list->count); + for ( unsigned int i = 0; i < chipset_id_list->count; i++ ) { + printk(TBOOT_DETA"\t\t entry %u:\n", i); + acm_chipset_id_t *chipset_id = &(chipset_id_list->chipset_ids[i]); + printk(TBOOT_DETA"\t\t flags: 0x%x\n", chipset_id->flags); + printk(TBOOT_DETA"\t\t vendor_id: 0x%x\n", (uint32_t)chipset_id->vendor_id); + printk(TBOOT_DETA"\t\t device_id: 0x%x\n", (uint32_t)chipset_id->device_id); + printk(TBOOT_DETA"\t\t revision_id: 0x%x\n", (uint32_t)chipset_id->revision_id); + printk(TBOOT_DETA"\t\t extended_id: 0x%x\n", chipset_id->extended_id); + } + + break; + } + case CS2L: + { + acm_chipset_id_list_t *chipset_2_id_list = (acm_chipset_id_list_t *)(info_list_ptr + 1); + + printk(TBOOT_DETA"\t chipset 2 list:\n"); + printk(TBOOT_DETA"\t\t count: %u\n", chipset_2_id_list->count); + for ( unsigned int i = 0; i < chipset_2_id_list->count; i++ ) { + printk(TBOOT_DETA"\t\t entry %u:\n", i); + acm_chipset_id_t *chipset_id = &(chipset_2_id_list->chipset_ids[i]); + printk(TBOOT_DETA"\t\t flags: 0x%x\n", chipset_id->flags); + printk(TBOOT_DETA"\t\t vendor_id: 0x%x\n", (uint32_t)chipset_id->vendor_id); + printk(TBOOT_DETA"\t\t device_id: 0x%x\n", (uint32_t)chipset_id->device_id); + printk(TBOOT_DETA"\t\t revision_id: 0x%x\n", (uint32_t)chipset_id->revision_id); + printk(TBOOT_DETA"\t\t register_mask: 0x%x\n", (uint32_t)chipset_id->register_mask); + printk(TBOOT_DETA"\t\t extended_id: 0x%x\n", chipset_id->extended_id); + } + + break; + } + case CPUL: + { + acm_processor_id_list_t *proc_id_list = (acm_processor_id_list_t *)(info_list_ptr + 1); + + printk(TBOOT_DETA"\t processor list:\n"); + printk(TBOOT_DETA"\t\t count: %u\n", proc_id_list->count); + for ( unsigned int i = 0; i < proc_id_list->count; i++ ) { + printk(TBOOT_DETA"\t\t entry %u:\n", i); + acm_processor_id_t *proc_id = &(proc_id_list->processor_ids[i]); + printk(TBOOT_DETA"\t\t fms: 0x%x\n", proc_id->fms); + printk(TBOOT_DETA"\t\t fms_mask: 0x%x\n", proc_id->fms_mask); + printk(TBOOT_DETA"\t\t platform_id: 0x%Lx\n", (unsigned long long)proc_id->platform_id); + printk(TBOOT_DETA"\t\t platform_mask: 0x%Lx\n", (unsigned long long)proc_id->platform_mask); + } + + break; + } + case TPML: + { + tpm_info_list_t *tpm_info_list = (tpm_info_list_t *)(info_list_ptr + 1); + printk(TBOOT_DETA"\t TPM info list:\n"); + printk(TBOOT_DETA"\t\t TPM capability:\n"); + printk(TBOOT_DETA"\t\t ext_policy: 0x%x\n", tpm_info_list->capabilities.ext_policy); + printk(TBOOT_DETA"\t\t tpm_family : 0x%x\n", tpm_info_list->capabilities.tpm_family); + printk(TBOOT_DETA"\t\t tpm_nv_index_set : 0x%x\n", tpm_info_list->capabilities.tpm_nv_index_set); + printk(TBOOT_DETA"\t\t alg count: %u\n", tpm_info_list->count); + for ( unsigned int i = 0; i < tpm_info_list->count; i++ ) { + printk(TBOOT_DETA"\t\t alg_id: 0x%x\n", tpm_info_list->alg_id[i]); + } + + break; + } + default: + printk(TBOOT_DETA"Unrecognized entry in ACM info table. Skipping...\n"); + break; + } + + info_list_ptr = (list_header_t *)((void *)info_list_ptr + info_list_ptr->size); } } } @@ -530,12 +613,6 @@ (uint32_t)info_table->version); return false; } - /* there is forward compatibility, so this is just a warning */ - else if ( info_table->version > 7 ) { - if ( !quiet ) - printk(TBOOT_WARN"\t ACM info_table version mismatch (%u)\n", - (uint32_t)info_table->version); - } return true; } |
|
From: Pawel R. <paw...@in...> - 2022-07-21 14:27:23
|
changeset 0b0cc108b412 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=0b0cc108b412 description: Implement ACM flexible info table handling ACM Header v5 introduces ACM Info Table v9 in which chipset ID, processor ID, TPM info lists are moved from their original place and there is a second chipset ID list added. This patch adds handling for these lists. (This is a first draft based on TXT MLE Dev Guide and is subject to changes since it is not yet possible to fully test it. It does not break current functionality.) diffstat: tboot/include/txt/acmod.h | 16 +++- tboot/txt/acmod.c | 198 ++++++++++++++++++++++++++++++++++----------- 2 files changed, 164 insertions(+), 50 deletions(-) diffs (252 lines): diff -r 4806895c30a4 -r 0b0cc108b412 tboot/include/txt/acmod.h --- a/tboot/include/txt/acmod.h Mon Jul 11 12:01:31 2022 -0500 +++ b/tboot/include/txt/acmod.h Thu Jul 21 16:15:55 2022 +0200 @@ -150,12 +150,26 @@ #define ACM_CHIPSET_TYPE_BIOS_REVOC 0x08 #define ACM_CHIPSET_TYPE_SINIT_REVOC 0x09 +/* flexible ACM info table list IDs */ +#define CPUL 0x4350554C +#define CS1L 0x4353314C +#define CS2L 0x4353324C +#define TERM 0x4E554C4C +#define TPML 0x54504D4C +#define VERL 0x5645524C + +typedef struct __packed { + uint32_t id; + uint32_t size; + uint32_t rev; +} list_header_t; + typedef struct __packed { uint32_t flags; uint16_t vendor_id; uint16_t device_id; uint16_t revision_id; - uint16_t reserved; + uint16_t register_mask; // reserved if ACM info table version < 9 uint32_t extended_id; } acm_chipset_id_t; diff -r 4806895c30a4 -r 0b0cc108b412 tboot/txt/acmod.c --- a/tboot/txt/acmod.c Mon Jul 11 12:01:31 2022 -0500 +++ b/tboot/txt/acmod.c Thu Jul 21 16:15:55 2022 +0200 @@ -576,6 +576,90 @@ return true; } +static bool find_matching_chipset_id(acm_chipset_id_list_t *chipset_id_list, txt_didvid_t didvid) +{ + unsigned int i; + + for ( i = 0; i < chipset_id_list->count; i++ ) { + acm_chipset_id_t *chipset_id = &(chipset_id_list->chipset_ids[i]); + + printk(TBOOT_DETA"\t vendor: 0x%x, device: 0x%x, flags: 0x%x, " + "revision: 0x%x, extended: 0x%x\n", + (uint32_t)chipset_id->vendor_id, + (uint32_t)chipset_id->device_id, chipset_id->flags, + (uint32_t)chipset_id->revision_id, chipset_id->extended_id); + + if ( (didvid.vendor_id == chipset_id->vendor_id ) && + (didvid.device_id == chipset_id->device_id ) && + ( ( ( (chipset_id->flags & 0x1) == 0) && + (didvid.revision_id == chipset_id->revision_id) ) || + ( ( (chipset_id->flags & 0x1) == 1) && + ( (didvid.revision_id & chipset_id->revision_id) != 0 ) ) ) ) + break; + } + + if ( i >= chipset_id_list->count ) { + printk(TBOOT_ERR"\t chipset id mismatch\n"); + return false; + } + + return true; +} + +static bool find_matching_chipset_2_id(acm_chipset_id_list_t *chipset_id_list, txt_didvid_t didvid) +{ + unsigned int i; + + for (i = 0; i < chipset_id_list->count; i++) { + acm_chipset_id_t *chipset_id = &(chipset_id_list->chipset_ids[i]); + + printk(TBOOT_DETA"\t vendor: 0x%x, device: 0x%x, flags: 0x%x, " + "revision: 0x%x, register_mask: 0x%x, extended: 0x%x\n", + (uint32_t)chipset_id->vendor_id, + (uint32_t)chipset_id->device_id, chipset_id->flags, + (uint32_t)chipset_id->revision_id, chipset_id->register_mask, + chipset_id->extended_id); + + if ( (didvid.vendor_id == chipset_id->vendor_id) && + ((didvid.device_id & chipset_id->register_mask) == chipset_id->device_id) ) + break; + } + + if (i >= chipset_id_list->count) { + printk(TBOOT_ERR"\t chipset id mismatch\n"); + return false; + } + + return true; +} + +static bool find_matching_processor_id(acm_processor_id_list_t *proc_id_list, uint32_t fms, uint64_t platform_id) +{ + unsigned int i; + + for ( i = 0; i < proc_id_list->count; i++ ) { + acm_processor_id_t *proc_id = &(proc_id_list->processor_ids[i]); + + printk(TBOOT_DETA"\t fms: 0x%x, fms_mask: 0x%x, platform_id: 0x%Lx, " + "platform_mask: 0x%Lx\n", + proc_id->fms, proc_id->fms_mask, + (unsigned long long)proc_id->platform_id, + (unsigned long long)proc_id->platform_mask); + + if ( (proc_id->fms == (fms & proc_id->fms_mask)) && + (proc_id->platform_id == (platform_id & proc_id->platform_mask)) + ) + break; + } + + if ( i >= proc_id_list->count ) { + printk(TBOOT_ERR"\t processor mismatch\n"); + return false; + } + + return true; +} + bool does_acmod_match_platform(const acm_hdr_t* hdr, const txt_heap_t *txt_heap) { /* used to ensure we don't print chipset/proc info for each module */ @@ -637,61 +721,77 @@ return false; } - /* - * check if chipset vendor/device/revision IDs match - */ - acm_chipset_id_list_t *chipset_id_list = get_acmod_chipset_list(hdr); - if ( chipset_id_list == NULL ) - return false; - - printk(TBOOT_DETA"\t %x ACM chipset id entries:\n", chipset_id_list->count); - unsigned int i; - for ( i = 0; i < chipset_id_list->count; i++ ) { - acm_chipset_id_t *chipset_id = &(chipset_id_list->chipset_ids[i]); - printk(TBOOT_DETA"\t vendor: 0x%x, device: 0x%x, flags: 0x%x, " - "revision: 0x%x, extended: 0x%x\n", - (uint32_t)chipset_id->vendor_id, - (uint32_t)chipset_id->device_id, chipset_id->flags, - (uint32_t)chipset_id->revision_id, chipset_id->extended_id); + if (info_table->version < 9) { + /* + * check if chipset vendor/device/revision IDs match + */ + acm_chipset_id_list_t *chipset_id_list = get_acmod_chipset_list(hdr); + if ( chipset_id_list == NULL ) + return false; - if ( (didvid.vendor_id == chipset_id->vendor_id ) && - (didvid.device_id == chipset_id->device_id ) && - ( ( ( (chipset_id->flags & 0x1) == 0) && - (didvid.revision_id == chipset_id->revision_id) ) || - ( ( (chipset_id->flags & 0x1) == 1) && - ( (didvid.revision_id & chipset_id->revision_id) != 0 ) ) ) ) - break; - } - if ( i >= chipset_id_list->count ) { - printk(TBOOT_ERR"\t chipset id mismatch\n"); - return false; - } + printk(TBOOT_DETA"\t %x ACM chipset id entries:\n", chipset_id_list->count); - /* - * check if processor family/model/stepping and platform IDs match - */ - if ( info_table->version >= 4 ) { - acm_processor_id_list_t *proc_id_list = get_acmod_processor_list(hdr); - if ( proc_id_list == NULL ) + if (!find_matching_chipset_id(chipset_id_list, didvid)) return false; - printk(TBOOT_DETA"\t %x ACM processor id entries:\n", proc_id_list->count); - for ( i = 0; i < proc_id_list->count; i++ ) { - acm_processor_id_t *proc_id = &(proc_id_list->processor_ids[i]); - printk(TBOOT_DETA"\t fms: 0x%x, fms_mask: 0x%x, platform_id: 0x%Lx, " - "platform_mask: 0x%Lx\n", - proc_id->fms, proc_id->fms_mask, - (unsigned long long)proc_id->platform_id, - (unsigned long long)proc_id->platform_mask); + /* + * check if processor family/model/stepping and platform IDs match + */ + if ( info_table->version >= 4 ) { + acm_processor_id_list_t *proc_id_list = get_acmod_processor_list(hdr); + if ( proc_id_list == NULL ) + return false; + + printk(TBOOT_DETA"\t %x ACM processor id entries:\n", proc_id_list->count); + if (!find_matching_processor_id(proc_id_list, fms, platform_id)) + return false; + } + } else { + list_header_t *info_list_ptr = (list_header_t *)((void *)info_table + info_table->length); + + while (info_list_ptr->id != TERM) { + switch(info_list_ptr->id) { + case CS1L: + { + acm_chipset_id_list_t *chipset_id_list = (acm_chipset_id_list_t *)(info_list_ptr + 1); + + if (chipset_id_list == NULL) + return false; + + if (!find_matching_chipset_id(chipset_id_list, didvid)) + return false; - if ( (proc_id->fms == (fms & proc_id->fms_mask)) && - (proc_id->platform_id == (platform_id & proc_id->platform_mask)) - ) + break; + } + case CS2L: + { + acm_chipset_id_list_t *chipset_id_list = (acm_chipset_id_list_t *)(info_list_ptr + 1); + + if (chipset_id_list == NULL) + return false; + + if (!find_matching_chipset_2_id(chipset_id_list, didvid)) + return false; + break; - } - if ( i >= proc_id_list->count ) { - printk(TBOOT_ERR"\t processor mismatch\n"); - return false; + } + case CPUL: + { + acm_processor_id_list_t *proc_id_list = (acm_processor_id_list_t *)(info_list_ptr + 1); + + if (proc_id_list == NULL) + return false; + + if (!find_matching_processor_id(proc_id_list, fms, platform_id)) + return false; + + break; + } + default: + break; + } + + info_list_ptr = (list_header_t *)((void *)info_list_ptr + info_list_ptr->size); } } |
|
From: Pawel R. <paw...@in...> - 2022-03-09 14:53:38
|
changeset 9cda8c127b0a in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=9cda8c127b0a description: Fixed a typo in man page for lcp2_crtpollist diffstat: docs/man/lcp2_crtpollist.8 | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r 5941842afb66 -r 9cda8c127b0a docs/man/lcp2_crtpollist.8 --- a/docs/man/lcp2_crtpollist.8 Fri Mar 04 11:14:35 2022 +0100 +++ b/docs/man/lcp2_crtpollist.8 Wed Mar 09 15:53:24 2022 +0100 @@ -36,7 +36,7 @@ support rsapss and ecdsa. .TP \w'\fB--hashalg\ \fI<sha1|sha256|sha384|sha512|sm2>\fP'u+1n \fB--hashalg\ \fI<sha1|sha256|sha384|sha512|sm2>\fP -Hash algorightm used for signing a list. Lists version 0x100 only support SHA1. +Hash algorithm used for signing a list. Lists version 0x100 only support SHA1. .TP \fB--pub\ \fIfile\fP Public key to use, must be in PEM format. |
|
From: Pawel R. <paw...@in...> - 2022-03-04 10:20:23
|
changeset 5941842afb66 in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=5941842afb66 description: Added tag v1.10.5 for changeset 9c406d761d2e diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 9c406d761d2e -r 5941842afb66 .hgtags --- a/.hgtags Fri Mar 04 11:14:21 2022 +0100 +++ b/.hgtags Fri Mar 04 11:14:35 2022 +0100 @@ -33,3 +33,4 @@ 4ae5658592ca01bb1a400a9edccbc73092b6c5f3 v1.10.2 513125987ff7aab93451b87da3fd504eeb9cfd69 v1.10.3 89db8ce6884c7763fd1e0bbf9d940cba9f33ee2b v1.10.4 +9c406d761d2ebb51ef7e762a7ed37a0664c65370 v1.10.5 |
|
From: Pawel R. <paw...@in...> - 2022-03-04 10:20:22
|
changeset 9c406d761d2e in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=9c406d761d2e description: Version v1.10.5 diffstat: CHANGELOG | 3 +++ tboot/20_linux_tboot | 2 +- tboot/20_linux_xen_tboot | 2 +- tboot/Config.mk | 4 ++-- 4 files changed, 7 insertions(+), 4 deletions(-) diffs (48 lines): diff -r a478a9c1096a -r 9c406d761d2e CHANGELOG --- a/CHANGELOG Fri Mar 04 10:23:55 2022 +0100 +++ b/CHANGELOG Fri Mar 04 11:14:21 2022 +0100 @@ -1,3 +1,6 @@ +20220304: v1.10.5 + Fixed mlehash.c to bring back functionality and make it GCC12 compliant + Reverted change for replacing EFI memory to bring back Tboot in-memory logs 20220224: v1.10.4 Fix hash printing for SHA384, SHA512 and SM3 Touch ups for GCC12 diff -r a478a9c1096a -r 9c406d761d2e tboot/20_linux_tboot --- a/tboot/20_linux_tboot Fri Mar 04 10:23:55 2022 +0100 +++ b/tboot/20_linux_tboot Fri Mar 04 11:14:21 2022 +0100 @@ -181,7 +181,7 @@ tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` # tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"` - tboot_version="1.10.4" + tboot_version="1.10.5" echo "submenu \"tboot ${tboot_version}\" {" while [ "x$list" != "x" ] ; do linux=`version_find_latest $list` diff -r a478a9c1096a -r 9c406d761d2e tboot/20_linux_xen_tboot --- a/tboot/20_linux_xen_tboot Fri Mar 04 10:23:55 2022 +0100 +++ b/tboot/20_linux_xen_tboot Fri Mar 04 11:14:21 2022 +0100 @@ -216,7 +216,7 @@ tboot_basename=`basename ${current_tboot}` tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` - tboot_version="1.10.4" + tboot_version="1.10.5" list="${linux_list}" echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{" while [ "x$list" != "x" ] ; do diff -r a478a9c1096a -r 9c406d761d2e tboot/Config.mk --- a/tboot/Config.mk Fri Mar 04 10:23:55 2022 +0100 +++ b/tboot/Config.mk Fri Mar 04 11:14:21 2022 +0100 @@ -6,8 +6,8 @@ # # tboot-specific build settings # -RELEASEVER := "1.10.4" -RELEASETIME := "2022-02-24 12:00 +0100" +RELEASEVER := "1.10.5" +RELEASETIME := "2022-03-04 12:00 +0100" ROOTDIR ?= $(CURDIR)/.. # tboot needs too many customized compiler settings to use system CFLAGS, |
|
From: Pawel R. <paw...@in...> - 2022-03-04 09:25:24
|
changeset a478a9c1096a in /hg/p/tboot/code details: http://hg.code.sf.net/p/tboot/code/code?cmd=changeset;node=a478a9c1096a description: Reverted changeset [f90511] due to Tboot losing its in-memory logs Changes made by the above-mentioned changeset broke Tboot's functionality of saving logs into memory - txt-stat was unable to find & display them. This went unnoticed and I apologize for that. diffstat: tboot/common/efi_memmap.c | 6 ---- tboot/common/loader.c | 66 +--------------------------------------------- tboot/include/efi_memmap.h | 1 - tboot/include/loader.h | 1 - 4 files changed, 1 insertions(+), 73 deletions(-) diffs (131 lines): diff -r ec3c0f5b7447 -r a478a9c1096a tboot/common/efi_memmap.c --- a/tboot/common/efi_memmap.c Tue Mar 01 11:05:35 2022 +0100 +++ b/tboot/common/efi_memmap.c Fri Mar 04 10:23:55 2022 +0100 @@ -335,12 +335,6 @@ } } - -bool efi_memmap_present(void) -{ - return efi_mmap_available; -} - static bool insert_after_region(uint32_t pos, uint64_t addr, uint64_t size, uint32_t type, uint64_t attr) { diff -r ec3c0f5b7447 -r a478a9c1096a tboot/common/loader.c --- a/tboot/common/loader.c Tue Mar 01 11:05:35 2022 +0100 +++ b/tboot/common/loader.c Fri Mar 04 10:23:55 2022 +0100 @@ -331,18 +331,6 @@ return true; } - -static bool remove_mb2_tag_by_type(loader_ctx *lctx, uint32_t tag_type) -{ - struct mb2_tag *start = next_mb2_tag(NULL); - struct mb2_tag *victim = find_mb2_tag_type(start, tag_type); - - if (victim != NULL) { - return remove_mb2_tag(lctx,victim); - } - return false; -} - static bool grow_mb2_tag(loader_ctx *lctx, struct mb2_tag *which, uint32_t how_much) { @@ -1414,22 +1402,11 @@ } /* replace map in loader context with copy */ - if ( is_loader_launch_efi(g_ldr_ctx) && efi_memmap_present() ) { - /* for EFI, reclaim MB2 space by deleting the E820 map, - this ensures grow_mb2_tag() has enough slack available. - Due to the growth of each, there can only be one... - */ - remove_mb2_tag_by_type(g_ldr_ctx, MB2_TAG_TYPE_MMAP); - replace_efi_map(g_ldr_ctx); - } else { - remove_mb2_tag_by_type(g_ldr_ctx, MB2_TAG_TYPE_EFI_MMAP); - replace_e820_map(g_ldr_ctx); - } + replace_e820_map(g_ldr_ctx); if (get_tboot_dump_memmap()) { printk(TBOOT_DETA"adjusted e820 map:\n"); print_e820_map(); - efi_memmap_dump(); } if ( !verify_loader_context(g_ldr_ctx) ) @@ -1931,47 +1908,6 @@ return; } -void -replace_efi_map(loader_ctx *lctx) -{ - /* currently must be MBI type 2 */ - if ( LOADER_CTX_BAD(lctx) || lctx->type == MB1_ONLY ){ - return; - } - - struct mb2_tag *start = (struct mb2_tag *)(lctx->addr + 8); - struct mb2_tag_efi_mmap *tag; - tag = (struct mb2_tag_efi_mmap *)find_mb2_tag_type(start, MB2_TAG_TYPE_EFI_MMAP); - - if ( !tag ) { - printk(TBOOT_INFO"MB2 EFI map not found\n"); - return; - } - - const uint32_t old_mmap_size = tag->size - sizeof(struct mb2_tag_efi_mmap); - uint32_t new_descr_size=0; - uint32_t new_descr_vers=0; - uint32_t new_mmap_size=0; - void *new_mmap; - - new_mmap = (void *)efi_memmap_get_addr(&new_descr_size, &new_descr_vers, &new_mmap_size); - - if ( old_mmap_size < new_mmap_size ) { - /* we have to grow */ - if (false == - grow_mb2_tag(lctx, (struct mb2_tag *)tag, (new_mmap_size-old_mmap_size))) { - printk(TBOOT_ERR"MB2 failed to grow EFI map tag\n"); - return; - } - } else { - tag->size = sizeof(struct mb2_tag_efi_mmap) + new_mmap_size; - } - /* copy in new data */ - tag->descr_size = new_descr_size; - tag->descr_vers = new_descr_vers; - tb_memcpy(tag->efi_mmap, new_mmap, new_mmap_size); -} - void print_loader_ctx(loader_ctx *lctx) { if (lctx->type != MB2_ONLY){ diff -r ec3c0f5b7447 -r a478a9c1096a tboot/include/efi_memmap.h --- a/tboot/include/efi_memmap.h Tue Mar 01 11:05:35 2022 +0100 +++ b/tboot/include/efi_memmap.h Fri Mar 04 10:23:55 2022 +0100 @@ -98,5 +98,4 @@ uint64_t *ram_base, uint64_t *ram_size); void efi_memmap_dump(void); -bool efi_memmap_present(void); #endif \ No newline at end of file diff -r ec3c0f5b7447 -r a478a9c1096a tboot/include/loader.h --- a/tboot/include/loader.h Tue Mar 01 11:05:35 2022 +0100 +++ b/tboot/include/loader.h Fri Mar 04 10:23:55 2022 +0100 @@ -97,7 +97,6 @@ extern void determine_loader_type(void *addr, uint32_t magic); extern unsigned long get_loader_ctx_end(loader_ctx *lctx); extern void replace_e820_map(loader_ctx *lctx); -extern void replace_efi_map(loader_ctx *lctx); extern uint8_t *get_loader_rsdp(loader_ctx *lctx, uint32_t *length); extern bool is_loader_launch_efi(loader_ctx *lctx); extern bool get_loader_efi_ptr(loader_ctx *lctx, uint32_t *address, |
